add security groups for traffic to 30000-32767/tcp

This will make NodePort services work out of the box
pull/3033/head
rguichard 2018-07-27 14:57:29 +02:00
parent 329e97c4d3
commit 1a38a9df88
1 changed files with 13 additions and 0 deletions

View File

@ -59,6 +59,17 @@ resource "openstack_compute_secgroup_v2" "k8s" {
self = true
}
}
resource "openstack_compute_secgroup_v2" "worker" {
name = "${var.cluster_name}-k8s-worker"
description = "${var.cluster_name} - Kubernetes worker nodes"
rule {
ip_protocol = "tcp"
from_port = "30000"
to_port = "32767"
cidr = "0.0.0.0/0"
}
}
resource "openstack_compute_instance_v2" "bastion" {
name = "${var.cluster_name}-bastion-${count.index+1}"
@ -226,6 +237,7 @@ resource "openstack_compute_instance_v2" "k8s_node" {
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
"${openstack_compute_secgroup_v2.bastion.name}",
"${openstack_compute_secgroup_v2.worker.name}",
"default",
]
@ -253,6 +265,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
}
security_groups = ["${openstack_compute_secgroup_v2.k8s.name}",
"${openstack_compute_secgroup_v2.worker.name}",
"default",
]