make it possible to open additional ports on master nodes (#6547)

2f8fc921 · Hugo Blom · GitHub · f59d3fc4 · 2f8fc921 · 2f8fc921
Unverified Commit 2f8fc921 authored 4 years ago by Hugo Blom Committed by GitHub 4 years ago
--- a/contrib/terraform/openstack/kubespray.tf
+++ b/contrib/terraform/openstack/kubespray.tf
@@ -74,6 +74,7 @@ module "compute" {
  k8s_allowed_egress_ips                       = var.k8s_allowed_egress_ips
  supplementary_master_groups                  = var.supplementary_master_groups
  supplementary_node_groups                    = var.supplementary_node_groups
+  master_allowed_ports                         = var.master_allowed_ports
  worker_allowed_ports                         = var.worker_allowed_ports
  wait_for_floatingip                          = var.wait_for_floatingip
  use_access_ip                                = var.use_access_ip

--- a/contrib/terraform/openstack/modules/compute/main.tf
+++ b/contrib/terraform/openstack/modules/compute/main.tf
@@ -28,6 +28,17 @@ resource "openstack_networking_secgroup_rule_v2" "k8s_master" {
  security_group_id = openstack_networking_secgroup_v2.k8s_master.id
 }

+resource "openstack_networking_secgroup_rule_v2" "k8s_master_ports" {
+  count             = length(var.master_allowed_ports)
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = lookup(var.master_allowed_ports[count.index], "protocol", "tcp")
+  port_range_min    = lookup(var.master_allowed_ports[count.index], "port_range_min")
+  port_range_max    = lookup(var.master_allowed_ports[count.index], "port_range_max")
+  remote_ip_prefix  = lookup(var.master_allowed_ports[count.index], "remote_ip_prefix", "0.0.0.0/0")
+  security_group_id = openstack_networking_secgroup_v2.k8s_master.id
+}
+
 resource "openstack_networking_secgroup_v2" "bastion" {
  name                 = "${var.cluster_name}-bastion"
  count                = var.number_of_bastions != "" ? 1 : 0

--- a/contrib/terraform/openstack/modules/compute/variables.tf
+++ b/contrib/terraform/openstack/modules/compute/variables.tf
@@ -114,6 +114,10 @@ variable "supplementary_node_groups" {
  default = ""
 }

+variable "master_allowed_ports" {
+  type = list
+}
+
 variable "worker_allowed_ports" {
  type = list
 }

--- a/contrib/terraform/openstack/variables.tf
+++ b/contrib/terraform/openstack/variables.tf
@@ -204,6 +204,12 @@ variable "k8s_allowed_egress_ips" {
  default     = ["0.0.0.0/0"]
 }

+variable "master_allowed_ports" {
+  type = list
+
+  default = []
+}
+
 variable "worker_allowed_ports" {
  type = list