github.com/SUSE/skuba@v1.4.17/ci/infra/openstack/security-groups-load-balancer.tf (about) 1 resource "openstack_networking_secgroup_v2" "load_balancer" { 2 name = "${var.stack_name}-caasp_lb_secgroup" 3 description = "Common security group for CaaSP load balancer" 4 } 5 6 resource "openstack_networking_secgroup_rule_v2" "lb_api_server" { 7 direction = "ingress" 8 ethertype = "IPv4" 9 protocol = "tcp" 10 port_range_min = 6443 11 port_range_max = 6443 12 remote_ip_prefix = "0.0.0.0/0" 13 security_group_id = openstack_networking_secgroup_v2.load_balancer.id 14 } 15 16 # Needed to allow access from the LB to dex (32000) and gangway (32001) 17 resource "openstack_networking_secgroup_rule_v2" "lb_k8s_auth_svcs" { 18 direction = "ingress" 19 ethertype = "IPv4" 20 protocol = "tcp" 21 port_range_min = 32000 22 port_range_max = 32001 23 remote_ip_prefix = "0.0.0.0/0" 24 security_group_id = openstack_networking_secgroup_v2.load_balancer.id 25 } 26