diff --git a/contrib/terraform/openstack/kubespray.tf b/contrib/terraform/openstack/kubespray.tf
index f19885ca8c1bb0952cf4c6dfef74ce67cf31971b..e4f302f611e940f2ecd405dd7ffbcbdd60e3ff60 100644
--- a/contrib/terraform/openstack/kubespray.tf
+++ b/contrib/terraform/openstack/kubespray.tf
@@ -97,6 +97,7 @@ module "compute" {
network_router_id = module.network.router_id
network_id = module.network.network_id
use_existing_network = var.use_existing_network
+ private_subnet_id = module.network.subnet_id
depends_on = [
module.network.subnet_id
diff --git a/contrib/terraform/openstack/modules/compute/main.tf b/contrib/terraform/openstack/modules/compute/main.tf
index 430ed1857dce427177d8e1b867c3c6fd56248be1..bf28d27586e1c141541387335cff46d1abc70e2c 100644
--- a/contrib/terraform/openstack/modules/compute/main.tf
+++ b/contrib/terraform/openstack/modules/compute/main.tf
@@ -206,6 +206,9 @@ resource "openstack_networking_port_v2" "bastion_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.bastion_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -256,6 +259,9 @@ resource "openstack_networking_port_v2" "k8s_master_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -316,6 +322,9 @@ resource "openstack_networking_port_v2" "k8s_masters_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -374,6 +383,9 @@ resource "openstack_networking_port_v2" "k8s_master_no_etcd_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -434,6 +446,9 @@ resource "openstack_networking_port_v2" "etcd_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.etcd_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -488,6 +503,9 @@ resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -542,6 +560,9 @@ resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_no_etcd_port"
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.master_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -597,6 +618,9 @@ resource "openstack_networking_port_v2" "k8s_node_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -657,6 +681,9 @@ resource "openstack_networking_port_v2" "k8s_node_no_floating_ip_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -712,6 +739,9 @@ resource "openstack_networking_port_v2" "k8s_nodes_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.worker_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
@@ -771,6 +801,9 @@ resource "openstack_networking_port_v2" "glusterfs_node_no_floating_ip_port" {
port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
security_group_ids = var.port_security_enabled ? local.gfs_sec_groups : null
no_security_groups = var.port_security_enabled ? null : false
+ fixed_ip {
+ subnet_id = var.private_subnet_id
+ }
depends_on = [
var.network_router_id
diff --git a/contrib/terraform/openstack/modules/compute/variables.tf b/contrib/terraform/openstack/modules/compute/variables.tf
index 7f8ee50036e1288d144004a6217fa5c259aab344..9259fd967cc9489b18d67444f1ff79bf0ca9e432 100644
--- a/contrib/terraform/openstack/modules/compute/variables.tf
+++ b/contrib/terraform/openstack/modules/compute/variables.tf
@@ -189,3 +189,7 @@ variable "port_security_enabled" {
variable "force_null_port_security" {
type = bool
}
+
+variable "private_subnet_id" {
+ type = string
+}