Skip to content

Commit 105d848

Browse files
openshift-merge-robotopenshift-merge-robot
authored
Merge pull request openshift#7099 from shiftstack/enable-ipv6-traffic
OpenStack: enable ingress traffic for dual-stack installations
2 parents ed661cc + ea83f3f commit 105d848

File tree

2 files changed

+60
-0
lines changed

2 files changed

+60
-0
lines changed

data/data/openstack/masters/sg-master.tf

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,18 @@ resource "openstack_networking_secgroup_rule_v2" "master_ingress_api" {
7878
description = local.description
7979
}
8080

81+
resource "openstack_networking_secgroup_rule_v2" "master_ingress_api_v6" {
82+
count = length(var.machine_v6_cidrs)
83+
direction = "ingress"
84+
ethertype = "IPv6"
85+
protocol = "tcp"
86+
port_range_min = 6443
87+
port_range_max = 6443
88+
remote_ip_prefix = "::/0"
89+
security_group_id = openstack_networking_secgroup_v2.master.id
90+
description = local.description
91+
}
92+
8193
resource "openstack_networking_secgroup_rule_v2" "master_ingress_vxlan" {
8294
count = length(var.machine_v4_cidrs)
8395
direction = "ingress"
@@ -280,6 +292,30 @@ resource "openstack_networking_secgroup_rule_v2" "master_ingress_https" {
280292
description = local.description
281293
}
282294

295+
resource "openstack_networking_secgroup_rule_v2" "master_ingress_http_v6" {
296+
count = (var.masters_schedulable && length(var.machine_v6_cidrs) > 0) ? 1 : 0
297+
direction = "ingress"
298+
ethertype = "IPv6"
299+
protocol = "tcp"
300+
port_range_min = 80
301+
port_range_max = 80
302+
remote_ip_prefix = "::/0"
303+
security_group_id = openstack_networking_secgroup_v2.master.id
304+
description = local.description
305+
}
306+
307+
resource "openstack_networking_secgroup_rule_v2" "master_ingress_https_v6" {
308+
count = (var.masters_schedulable && length(var.machine_v6_cidrs) > 0) ? 1 : 0
309+
direction = "ingress"
310+
ethertype = "IPv6"
311+
protocol = "tcp"
312+
port_range_min = 443
313+
port_range_max = 443
314+
remote_ip_prefix = "::/0"
315+
security_group_id = openstack_networking_secgroup_v2.master.id
316+
description = local.description
317+
}
318+
283319
resource "openstack_networking_secgroup_rule_v2" "master_ingress_router" {
284320
count = var.masters_schedulable ? length(var.machine_v4_cidrs) : 0
285321
direction = "ingress"

data/data/openstack/masters/sg-worker.tf

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,18 @@ resource "openstack_networking_secgroup_rule_v2" "worker_ingress_http" {
4141
description = local.description
4242
}
4343

44+
resource "openstack_networking_secgroup_rule_v2" "worker_ingress_http_v6" {
45+
count = length(var.machine_v6_cidrs)
46+
direction = "ingress"
47+
ethertype = "IPv6"
48+
protocol = "tcp"
49+
port_range_min = 80
50+
port_range_max = 80
51+
remote_ip_prefix = "::/0"
52+
security_group_id = openstack_networking_secgroup_v2.worker.id
53+
description = local.description
54+
}
55+
4456
resource "openstack_networking_secgroup_rule_v2" "worker_ingress_https" {
4557
direction = "ingress"
4658
ethertype = "IPv4"
@@ -52,6 +64,18 @@ resource "openstack_networking_secgroup_rule_v2" "worker_ingress_https" {
5264
description = local.description
5365
}
5466

67+
resource "openstack_networking_secgroup_rule_v2" "worker_ingress_https_v6" {
68+
count = length(var.machine_v6_cidrs)
69+
direction = "ingress"
70+
ethertype = "IPv6"
71+
protocol = "tcp"
72+
port_range_min = 443
73+
port_range_max = 443
74+
remote_ip_prefix = "::/0"
75+
security_group_id = openstack_networking_secgroup_v2.worker.id
76+
description = local.description
77+
}
78+
5579
resource "openstack_networking_secgroup_rule_v2" "worker_ingress_router" {
5680
count = length(var.machine_v4_cidrs)
5781
direction = "ingress"

0 commit comments

Comments
 (0)