From 49500282ceebb09f89c7b8c81420705829d8d5b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz> Date: Thu, 29 Feb 2024 18:03:00 +0000 Subject: [PATCH] Enable remote access for k8s API server 3rd-party sites --- cesnet-mcc/terraform/vms.tf | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/cesnet-mcc/terraform/vms.tf b/cesnet-mcc/terraform/vms.tf index 2f8d2e9..00ddae5 100644 --- a/cesnet-mcc/terraform/vms.tf +++ b/cesnet-mcc/terraform/vms.tf @@ -51,6 +51,36 @@ resource "openstack_compute_secgroup_v2" "ssh" { } } +resource "openstack_compute_secgroup_v2" "admin_http" { + name = "admin http" + description = "admin http/https" + + rule { + from_port = 6443 + to_port = 6443 + ip_protocol = "tcp" + cidr = "78.128.128.0/17" + } + rule { + from_port = 6443 + to_port = 6443 + ip_protocol = "tcp" + cidr = "2001:718:ff05::/48" + } + rule { + from_port = 6443 + to_port = 6443 + ip_protocol = "tcp" + cidr = "147.228.0.0/16" + } + rule { + from_port = 6443 + to_port = 6443 + ip_protocol = "tcp" + cidr = "2001:718:1801::/48" + } +} + resource "openstack_compute_secgroup_v2" "http" { name = "http" description = "http/https" @@ -134,7 +164,7 @@ resource "openstack_compute_instance_v2" "ingress" { name = "k8s-${var.site_name}-w-ingress" image_id = data.openstack_images_image_v2.ubuntu.id flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id - security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.http.name] + security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.admin_http.name, openstack_compute_secgroup_v2.http.name] user_data = file("cloud-init.yaml") tags = ["worker"] network { -- GitLab