Define kubenode security groups and assign it to kube nodes

kube.tf

@@ -5,7 +5,11 @@ resource "openstack_networking_port_v2" "kubeport" {
   count               =  var.kubesize # size of cluster
   network_id          = data.openstack_networking_network_v2.public.id
   # A list of security group ID
-  security_group_ids  = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.id, data.openstack_networking_secgroup_v2.allegress.id ]
+  security_group_ids  = [ 
+                          data.openstack_networking_secgroup_v2.sshfromjumphosts.id, 
+                          data.openstack_networking_secgroup_v2.allegress.id,
+                          resource.openstack_networking_secgroup_v2.kubenode.id
+                        ]
   admin_state_up      = "true"
 }
 
@@ -32,7 +36,11 @@ resource "openstack_compute_instance_v2" "kube" {
   count           = var.kubesize
   flavor_id       = data.openstack_compute_flavor_v2.b2c4r16.id
   key_pair        = data.openstack_compute_keypair_v2.manderssonpub.id
-  security_groups = [ data.openstack_networking_secgroup_v2.sshfromjumphosts.name, data.openstack_networking_secgroup_v2.allegress.name ]
+  security_groups = [ 
+                      data.openstack_networking_secgroup_v2.sshfromjumphosts.name, 
+                      data.openstack_networking_secgroup_v2.allegress.name,
+                      resource.openstack_networking_secgroup_v2.kubenode.name
+                    ]
 
   network {
     port   = resource.openstack_networking_port_v2.kubeport[count.index].id

securitygroups.tf

@@ -1,3 +1,5 @@
+# Data sources for existing groups
+
 # Datasource of sunet ssh-from-jumphost security group.
 data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
   name = "ssh-from-jumphost"
@@ -6,3 +8,40 @@ data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
 data "openstack_networking_secgroup_v2" "allegress" {
   name = "allegress"
 }
+
+# Resources to define new security groups
+
+# Securitygroup to allow kubernetes nodes 
+resource "openstack_networking_secgroup_v2" "kubenode" {
+  name                 = "kubenode"
+  description          = "Securitygroup for microk8s nodes"
+  delete_default_rules = true
+}
+
+resource "openstack_networking_secgroup_rule_v2" "kubeingressv4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
+  security_group_id = openstack_networking_secgroup_v2.kubenode.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "kubeingressv6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
+  security_group_id = openstack_networking_secgroup_v2.kubenode.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "kubeegressv4" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
+  security_group_id = openstack_networking_secgroup_v2.kubenode.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {
+  direction         = "egress"
+  ethertype         = "IPv6"
+  remote_group_id   = openstack_networking_secgroup_v2.kubenode.id
+  security_group_id = openstack_networking_secgroup_v2.kubenode.id
+}