Skip to content
Snippets Groups Projects
Commit 49500282 authored by František Dvořák's avatar František Dvořák
Browse files

Enable remote access for k8s API server 3rd-party sites

parent 81937821
No related branches found
No related tags found
No related merge requests found
......@@ -51,6 +51,36 @@ resource "openstack_compute_secgroup_v2" "ssh" {
}
}
resource "openstack_compute_secgroup_v2" "admin_http" {
name = "admin http"
description = "admin http/https"
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "78.128.128.0/17"
}
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "2001:718:ff05::/48"
}
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "147.228.0.0/16"
}
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "2001:718:1801::/48"
}
}
resource "openstack_compute_secgroup_v2" "http" {
name = "http"
description = "http/https"
......@@ -134,7 +164,7 @@ resource "openstack_compute_instance_v2" "ingress" {
name = "k8s-${var.site_name}-w-ingress"
image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.http.name]
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.admin_http.name, openstack_compute_secgroup_v2.http.name]
user_data = file("cloud-init.yaml")
tags = ["worker"]
network {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment