Merge pull request #21 from nimbolus/add-port-allowed-address-cidrs

allow setting allowed address cidrs for port
nimbolus · Jul 13, 2022 · 70b431d · 70b431d
2 parents e40c8ce + 61f93c5
commit 70b431d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/k3s-openstack/main.tf b/k3s-openstack/main.tf
@@ -123,6 +123,12 @@ resource "openstack_networking_port_v2" "mgmt" {
     ip_address = var.k3s_ip
   }
 
+  dynamic "allowed_address_pairs" {
+    for_each = var.allowed_address_cidrs
+    content {
+      ip_address = allowed_address_pairs.value
+    }
+  }
 }
 
 resource "openstack_networking_floatingip_v2" "node" {

diff --git a/k3s-openstack/variables.tf b/k3s-openstack/variables.tf
@@ -44,6 +44,12 @@ variable "security_group_ids" {
   default = []
 }
 
+variable "allowed_address_cidrs" {
+  type        = list(string)
+  default     = []
+  description = "list of CIDRs which will be whitelisted by the anti-spoofing rules"
+}
+
 variable "config_drive" {
   default = false
 }