Skip to content
Snippets Groups Projects
Commit 49500282 authored by František Dvořák's avatar František Dvořák
Browse files

Enable remote access for k8s API server 3rd-party sites

parent 81937821
No related branches found
No related tags found
No related merge requests found
...@@ -51,6 +51,36 @@ resource "openstack_compute_secgroup_v2" "ssh" { ...@@ -51,6 +51,36 @@ resource "openstack_compute_secgroup_v2" "ssh" {
} }
} }
resource "openstack_compute_secgroup_v2" "admin_http" {
name = "admin http"
description = "admin http/https"
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "78.128.128.0/17"
}
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "2001:718:ff05::/48"
}
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "147.228.0.0/16"
}
rule {
from_port = 6443
to_port = 6443
ip_protocol = "tcp"
cidr = "2001:718:1801::/48"
}
}
resource "openstack_compute_secgroup_v2" "http" { resource "openstack_compute_secgroup_v2" "http" {
name = "http" name = "http"
description = "http/https" description = "http/https"
...@@ -134,7 +164,7 @@ resource "openstack_compute_instance_v2" "ingress" { ...@@ -134,7 +164,7 @@ resource "openstack_compute_instance_v2" "ingress" {
name = "k8s-${var.site_name}-w-ingress" name = "k8s-${var.site_name}-w-ingress"
image_id = data.openstack_images_image_v2.ubuntu.id image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.http.name] security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.admin_http.name, openstack_compute_secgroup_v2.http.name]
user_data = file("cloud-init.yaml") user_data = file("cloud-init.yaml")
tags = ["worker"] tags = ["worker"]
network { network {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment