From 08d44370318c511f5a06f8448d9e905c427a05ba Mon Sep 17 00:00:00 2001
From: Simon Gerber <simon.gerber@vshn.ch>
Date: Thu, 15 Feb 2024 13:53:24 +0100
Subject: [PATCH] vshn-lbaas-exoscale: Update LB security group to allow SSH to
 the LBs from anywhere

We add explicit rules for SSH to the LBs in the LB security group as
preparation for removing the SSH from anywhere rule from the
`all_machines` security group in terraform-openshift4-exoscale.
---
 .../vshn-lbaas-exoscale/security_groups.tf    | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/modules/vshn-lbaas-exoscale/security_groups.tf b/modules/vshn-lbaas-exoscale/security_groups.tf
index 05e14a8..5fa042a 100644
--- a/modules/vshn-lbaas-exoscale/security_groups.tf
+++ b/modules/vshn-lbaas-exoscale/security_groups.tf
@@ -14,6 +14,28 @@ resource "exoscale_security_group" "load_balancers" {
   description = "${var.cluster_id} load balancer VMs"
 }
 
+resource "exoscale_security_group_rule" "load_balancers_ssh_v4" {
+  security_group_id = exoscale_security_group.load_balancers.id
+
+  description = "SSH Access from anywhere on the LBs"
+  type        = "INGRESS"
+  protocol    = "TCP"
+  start_port  = "22"
+  end_port    = "22"
+  cidr        = "0.0.0.0/0"
+}
+
+resource "exoscale_security_group_rule" "load_balancers_ssh_v6" {
+  security_group_id = exoscale_security_group.load_balancers.id
+
+  description = "SSH Access from anywhere on the LBs"
+  type        = "INGRESS"
+  protocol    = "TCP"
+  start_port  = "22"
+  end_port    = "22"
+  cidr        = "::/0"
+}
+
 resource "exoscale_security_group_rule" "load_balancers_tcp4" {
   for_each = local.open_ports_tcp