Skip to content
This repository was archived by the owner on Oct 31, 2019. It is now read-only.

Commit 13dff9c

Browse files
jlamillanjlamillan
authored
Merge pull request #161 from bsmoyers/master
add variable for master_nodeport_ingress. Defaults to 10.0.0.0/16 (p…
2 parents ac81347 + 2386e11 commit 13dff9c

File tree

6 files changed

+21
-0
lines changed

6 files changed

+21
-0
lines changed

docs/input-variables.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,7 @@ master_ssh_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation
118118
master_https_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to access the HTTPs port on the master(s). Must be a subset of the VCN CIDR.
119119
worker_ssh_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to SSH to worker(s). Must be a subset of the VCN CIDR.
120120
worker_nodeport_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to access NodePorts (30000-32767) on the worker(s). Must be a subset of the VCN CIDR.
121+
master_nodeport_ingress | 10.0.0.0/16 (VCN only) | A CIDR notation IP range that is allowed to access NodePorts (30000-32767) on the masters(s). Must be a subset of the VCN CIDR.
121122

122123

123124
#### _Private_ Network Access

k8s-oci.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ module "vcn" {
5858
dedicated_nat_subnets = "${var.dedicated_nat_subnets}"
5959
worker_ssh_ingress = "${var.worker_ssh_ingress}"
6060
worker_nodeport_ingress = "${var.worker_nodeport_ingress}"
61+
master_nodeport_ingress = "${var.master_nodeport_ingress}"
6162
external_icmp_ingress = "${var.external_icmp_ingress}"
6263
internal_icmp_ingress = "${var.internal_icmp_ingress}"
6364
}

network/vcn/securitylists.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,15 @@ resource "oci_core_security_list" "K8SMasterSubnet" {
138138
protocol = "6"
139139
source = "${var.master_https_ingress}"
140140
},
141+
{
142+
tcp_options {
143+
"min" = 30000
144+
"max" = 32767
145+
}
146+
147+
protocol = "6"
148+
source = "${var.master_nodeport_ingress}"
149+
},
141150
]
142151

143152
provisioner "local-exec" {

network/vcn/variables.tf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,10 @@ variable "worker_nodeport_ingress" {
101101
default = "10.0.0.0/16"
102102
}
103103

104+
variable "master_nodeport_ingress" {
105+
default = "10.0.0.0/16"
106+
}
107+
104108
# For optional NAT instance (when control_plane_subnet_access = "private")
105109

106110
variable "public_subnet_ssh_ingress" {

terraform.example.tfvars

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
#worker_ssh_ingress = "0.0.0.0/0"
3737
#master_https_ingress = "0.0.0.0/0"
3838
#worker_nodeport_ingress = "0.0.0.0/0"
39+
#worker_nodeport_ingress = "10.0.0.0/16"
3940

4041
#control_plane_subnet_access = "public"
4142
#k8s_master_lb_access = "public"

variables.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,11 @@ variable "worker_nodeport_ingress" {
181181
default = "10.0.0.0/16"
182182
}
183183

184+
variable "master_nodeport_ingress" {
185+
description = "A CIDR notation IP range that is allowed to access service ports to the instances on the master subnet"
186+
default = "10.0.0.0/16"
187+
}
188+
184189
variable "public_subnet_ssh_ingress" {
185190
description = "A CIDR notation IP range that is allowed to SSH to instances on the public subnet"
186191
default = "0.0.0.0/0"

0 commit comments

Comments
 (0)