Define kubenode security groups and assign it to kube nodes
This commit is contained in:
parent
72f54d7e7f
commit
fabbcf192c
GPG key ID:
19CB2C58E1F19B16
12
kube.tf
12
kube.tf
|
|
@ -5,7 +5,11 @@ resource "openstack_networking_port_v2" "kubeport" {
|
|||
count = var.kubesize # size of cluster
|
||||
network_id = data.openstack_networking_network_v2.public.id
|
||||
# A list of security group ID
|
||||
security_group_ids = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.id, data.openstack_networking_secgroup_v2.allegress.id ]
|
||||
security_group_ids = [
|
||||
data.openstack_networking_secgroup_v2.sshfromjumphosts.id,
|
||||
data.openstack_networking_secgroup_v2.allegress.id,
|
||||
resource.openstack_networking_secgroup_v2.kubenode.id
|
||||
]
|
||||
admin_state_up = "true"
|
||||
}
|
||||
|
||||
|
|
@ -32,7 +36,11 @@ resource "openstack_compute_instance_v2" "kube" {
|
|||
count = var.kubesize
|
||||
flavor_id = data.openstack_compute_flavor_v2.b2c4r16.id
|
||||
key_pair = data.openstack_compute_keypair_v2.manderssonpub.id
|
||||
security_groups = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.name, data.openstack_networking_secgroup_v2.allegress.name ]
|
||||
security_groups = [
|
||||
data.openstack_networking_secgroup_v2.sshfromjumphosts.name,
|
||||
data.openstack_networking_secgroup_v2.allegress.name,
|
||||
resource.openstack_networking_secgroup_v2.kubenode.name
|
||||
]
|
||||
|
||||
network {
|
||||
port = resource.openstack_networking_port_v2.kubeport[count.index].id
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
# Data sources for existing groups
|
||||
|
||||
# Datasource of sunet ssh-from-jumphost security group.
|
||||
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
|
||||
name = "ssh-from-jumphost"
|
||||
|
|
@ -6,3 +8,40 @@ data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
|
|||
data "openstack_networking_secgroup_v2" "allegress" {
|
||||
name = "allegress"
|
||||
}
|
||||
|
||||
# Resources to define new security groups
|
||||
|
||||
# Securitygroup to allow kubernetes nodes
|
||||
resource "openstack_networking_secgroup_v2" "kubenode" {
|
||||
name = "kubenode"
|
||||
description = "Securitygroup for microk8s nodes"
|
||||
delete_default_rules = true
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "kubeingressv4" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv4"
|
||||
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
security_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "kubeingressv6" {
|
||||
direction = "ingress"
|
||||
ethertype = "IPv6"
|
||||
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
security_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "kubeegressv4" {
|
||||
direction = "egress"
|
||||
ethertype = "IPv4"
|
||||
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
security_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
}
|
||||
|
||||
resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {
|
||||
direction = "egress"
|
||||
ethertype = "IPv6"
|
||||
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
security_group_id = openstack_networking_secgroup_v2.kubenode.id
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue