EXO-5: [OPTIMIZE] refactor security_group, disable letsencrypt

vgn-mab · vgn-mab · commit 0eaa405a5d89 · 2022-08-07T00:24:25.000+02:00
diff --git a/exoscale/security_group/main.tf b/exoscale/security_group/main.tf
@@ -0,0 +1,5 @@
+resource "exoscale_security_group" "sks-security-group" {
+  name = var.name
+  description = var.description
+  external_sources = var.external_sources
+}
diff --git a/exoscale/security_group/output.tf b/exoscale/security_group/output.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = exoscale_security_group.sks-security-group.id
+}
diff --git a/exoscale/security_group/variables.tf b/exoscale/security_group/variables.tf
@@ -0,0 +1,15 @@
+variable "name" {
+  description = "(Required) The security group name."
+  type        = string
+}
+
+variable "description" {
+  description = "A free-form text describing the group."
+  type        = string
+}
+
+variable "external_sources" {
+  description = "A list of external network sources, in CIDR notation."
+  type        = list(string)
+  default     = []
+}
diff --git a/exoscale/security_group/versions.tf b/exoscale/security_group/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    exoscale = {
+      source  = "exoscale/exoscale"
+    }
+  }
+}
diff --git a/exoscale/security_group_rule/main.tf b/exoscale/security_group_rule/main.tf
@@ -0,0 +1,39 @@
+resource "exoscale_security_group_rule" "nodeport-services-ipv4" {
+  security_group_id = var.security_group_id
+  description       = "NodePort services IPv4 - Managed by Terraform"
+  type              = "INGRESS"
+  protocol          = "TCP"
+  cidr              = "0.0.0.0/0"
+  start_port        = 30000
+  end_port          = 32767
+}
+
+resource "exoscale_security_group_rule" "nodeport-services-ipv6" {
+  security_group_id = var.security_group_id
+  description       = "NodePort services IPv6 - Managed by Terraform"
+  type              = "INGRESS"
+  protocol          = "TCP"
+  cidr              = "::/0"
+  start_port        = 30000
+  end_port          = 32767
+}
+
+resource "exoscale_security_group_rule" "sks-kubelet" {
+  security_group_id      = var.security_group_id
+  description            = "SKS kubelet - Managed by Terraform"
+  type                   = "INGRESS"
+  protocol               = "TCP"
+  start_port             = 10250
+  end_port               = 10250
+  user_security_group_id = var.security_group_id
+}
+
+resource "exoscale_security_group_rule" "calico" {
+  security_group_id      = var.security_group_id
+  description            = "Calico traffic - Managed by Terraform"
+  type                   = "INGRESS"
+  protocol               = "UDP"
+  start_port             = 4789
+  end_port               = 4789
+  user_security_group_id = var.security_group_id
+}
diff --git a/exoscale/security_group_rule/output.tf b/exoscale/security_group_rule/output.tf
@@ -0,0 +1,15 @@
+output "nodeport-services-ipv4" {
+  value = exoscale_security_group_rule.nodeport-services-ipv4.id
+}
+
+output "nodeport-services-ipv6" {
+  value = exoscale_security_group_rule.nodeport-services-ipv6.id
+}
+
+output "sks-kubelet" {
+  value = exoscale_security_group_rule.sks-kubelet.id
+}
+
+output "calico_id" {
+  value = exoscale_security_group_rule.calico.id
+}
diff --git a/exoscale/security_group_rule/variables.tf b/exoscale/security_group_rule/variables.tf
@@ -0,0 +1,4 @@
+variable "security_group_id" {
+  description = "(Required) The parent exoscale_security_group ID."
+  type        = string
+}
diff --git a/exoscale/security_group_rule/versions.tf b/exoscale/security_group_rule/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    exoscale = {
+      source  = "exoscale/exoscale"
+    }
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+output "id" {`
	`2`	`+ value = exoscale_security_group.sks-security-group.id`
	`3`	`+}`