Merge pull request #3033 from rguichard/remotes/fork/master
add openstack security group for traffic to 30000-32767/tcp on worker nodes
This commit is contained in:
commit
a5c165bb13
1 changed files with 13 additions and 0 deletions
|
@ -59,6 +59,17 @@ resource "openstack_compute_secgroup_v2" "k8s" {
|
||||||
self = true
|
self = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
resource "openstack_compute_secgroup_v2" "worker" {
|
||||||
|
name = "${var.cluster_name}-k8s-worker"
|
||||||
|
description = "${var.cluster_name} - Kubernetes worker nodes"
|
||||||
|
|
||||||
|
rule {
|
||||||
|
ip_protocol = "tcp"
|
||||||
|
from_port = "30000"
|
||||||
|
to_port = "32767"
|
||||||
|
cidr = "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "openstack_compute_instance_v2" "bastion" {
|
resource "openstack_compute_instance_v2" "bastion" {
|
||||||
name = "${var.cluster_name}-bastion-${count.index+1}"
|
name = "${var.cluster_name}-bastion-${count.index+1}"
|
||||||
|
@ -226,6 +237,7 @@ resource "openstack_compute_instance_v2" "k8s_node" {
|
||||||
|
|
||||||
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
||||||
"${openstack_compute_secgroup_v2.bastion.name}",
|
"${openstack_compute_secgroup_v2.bastion.name}",
|
||||||
|
"${openstack_compute_secgroup_v2.worker.name}",
|
||||||
"default",
|
"default",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -253,6 +265,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
|
||||||
}
|
}
|
||||||
|
|
||||||
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
|
||||||
|
"${openstack_compute_secgroup_v2.worker.name}",
|
||||||
"default",
|
"default",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue