vshn-lbaas-exoscale: Update LB security group to allow SSH to the LBs…

… from anywhere We add explicit rules for SSH to the LBs in the LB security group as preparation for removing the SSH from anywhere rule from the `all_machines` security group in terraform-openshift4-exoscale.
appuio · Feb 15, 2024 · b14ba17 · b14ba17
1 parent f694423
commit b14ba17
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/modules/vshn-lbaas-exoscale/security_groups.tf b/modules/vshn-lbaas-exoscale/security_groups.tf
@@ -14,6 +14,28 @@ resource "exoscale_security_group" "load_balancers" {
   description = "${var.cluster_id} load balancer VMs"
 }
 
+resource "exoscale_security_group_rule" "load_balancers_ssh_v4" {
+  security_group_id = exoscale_security_group.load_balancers.id
+
+  description = "SSH Access from anywhere on the LBs"
+  type        = "INGRESS"
+  protocol    = "TCP"
+  start_port  = "22"
+  end_port    = "22"
+  cidr        = "0.0.0.0/0"
+}
+
+resource "exoscale_security_group_rule" "load_balancers_ssh_v6" {
+  security_group_id = exoscale_security_group.load_balancers.id
+
+  description = "SSH Access from anywhere on the LBs"
+  type        = "INGRESS"
+  protocol    = "TCP"
+  start_port  = "22"
+  end_port    = "22"
+  cidr        = "::/0"
+}
+
 resource "exoscale_security_group_rule" "load_balancers_tcp4" {
   for_each = local.open_ports_tcp