Browse Source
make it possible to open additional ports on master nodes (#6547)
pull/6409/head
Hugo Blom
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with
22 additions and
0 deletions
-
contrib/terraform/openstack/kubespray.tf
-
contrib/terraform/openstack/modules/compute/main.tf
-
contrib/terraform/openstack/modules/compute/variables.tf
-
contrib/terraform/openstack/variables.tf
|
|
|
@ -74,6 +74,7 @@ module "compute" { |
|
|
|
k8s_allowed_egress_ips = var.k8s_allowed_egress_ips |
|
|
|
supplementary_master_groups = var.supplementary_master_groups |
|
|
|
supplementary_node_groups = var.supplementary_node_groups |
|
|
|
master_allowed_ports = var.master_allowed_ports |
|
|
|
worker_allowed_ports = var.worker_allowed_ports |
|
|
|
wait_for_floatingip = var.wait_for_floatingip |
|
|
|
use_access_ip = var.use_access_ip |
|
|
|
|
|
|
|
@ -28,6 +28,17 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_master" { |
|
|
|
security_group_id = openstack_networking_secgroup_v2.k8s_master.id |
|
|
|
} |
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_rule_v2" "k8s_master_ports" { |
|
|
|
count = length(var.master_allowed_ports) |
|
|
|
direction = "ingress" |
|
|
|
ethertype = "IPv4" |
|
|
|
protocol = lookup(var.master_allowed_ports[count.index], "protocol", "tcp") |
|
|
|
port_range_min = lookup(var.master_allowed_ports[count.index], "port_range_min") |
|
|
|
port_range_max = lookup(var.master_allowed_ports[count.index], "port_range_max") |
|
|
|
remote_ip_prefix = lookup(var.master_allowed_ports[count.index], "remote_ip_prefix", "0.0.0.0/0") |
|
|
|
security_group_id = openstack_networking_secgroup_v2.k8s_master.id |
|
|
|
} |
|
|
|
|
|
|
|
resource "openstack_networking_secgroup_v2" "bastion" { |
|
|
|
name = "${var.cluster_name}-bastion" |
|
|
|
count = var.number_of_bastions != "" ? 1 : 0 |
|
|
|
|
|
|
|
@ -114,6 +114,10 @@ variable "supplementary_node_groups" { |
|
|
|
default = "" |
|
|
|
} |
|
|
|
|
|
|
|
variable "master_allowed_ports" { |
|
|
|
type = list |
|
|
|
} |
|
|
|
|
|
|
|
variable "worker_allowed_ports" { |
|
|
|
type = list |
|
|
|
} |
|
|
|
|
|
|
|
@ -204,6 +204,12 @@ variable "k8s_allowed_egress_ips" { |
|
|
|
default = ["0.0.0.0/0"] |
|
|
|
} |
|
|
|
|
|
|
|
variable "master_allowed_ports" { |
|
|
|
type = list |
|
|
|
|
|
|
|
default = [] |
|
|
|
} |
|
|
|
|
|
|
|
variable "worker_allowed_ports" { |
|
|
|
type = list |
|
|
|
|
|
|
|
|
