From abac2b9e32503d3d0daded459fc802be27cc936f Mon Sep 17 00:00:00 2001 From: Artiom Diomin Date: Wed, 22 Sep 2021 18:01:40 +0300 Subject: [PATCH] openstack-terraform: open nodeports SG (#1530) Signed-off-by: Artiom Diomin --- examples/terraform/openstack/main.tf | 11 +++++++++++ examples/terraform/openstack/output.tf | 5 +++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/examples/terraform/openstack/main.tf b/examples/terraform/openstack/main.tf index 4a7023774..273ab5ade 100644 --- a/examples/terraform/openstack/main.tf +++ b/examples/terraform/openstack/main.tf @@ -81,6 +81,17 @@ resource "openstack_networking_secgroup_rule_v2" "secgroup_ssh" { security_group_id = openstack_networking_secgroup_v2.securitygroup.id } +resource "openstack_networking_secgroup_rule_v2" "nodeports" { + description = "Allow NodePorts" + direction = "ingress" + ethertype = "IPv4" + protocol = "tcp" + port_range_min = 30000 + port_range_max = 32767 + remote_ip_prefix = "0.0.0.0/0" + security_group_id = openstack_networking_secgroup_v2.securitygroup.id +} + resource "openstack_networking_secgroup_rule_v2" "secgroup_apiserver" { description = "Allow kube-apiserver" direction = "ingress" diff --git a/examples/terraform/openstack/output.tf b/examples/terraform/openstack/output.tf index e2ddd7301..5719bb64f 100644 --- a/examples/terraform/openstack/output.tf +++ b/examples/terraform/openstack/output.tf @@ -65,10 +65,11 @@ output "kubeone_workers" { securityGroups = [openstack_networking_secgroup_v2.securitygroup.name] network = openstack_networking_network_v2.network.name subnet = openstack_networking_subnet_v2.subnet.name - # Optional: If set, the rootDisk will be a volume. + floatingIpPool = var.external_network_name + # Optional: If set, the rootDisk will be a volume. # Otherwise, the rootDisk will be on ephemeral storage and its size will # be derived from the flavor - rootDiskSizeGB = 50 + # rootDiskSizeGB = 50 # Optional: limit how many volumes can be attached to a node # nodeVolumeAttachLimit = 25 tags = {