added zure changes for port 22

rajeshkio · rajeshkio · commit 552ead43b8cf · 2026-05-04T11:14:26.000+05:30
diff --git a/modules/azure/virtual-machine/main.tf b/modules/azure/virtual-machine/main.tf
@@ -146,15 +146,15 @@ resource "azurerm_network_security_group" "nsg" {
 
 resource "azurerm_network_security_rule" "allow_inbound" {
   for_each = toset([
-    "22", "68", "443", "2379", "2380", "2381", "10010", "2112", "30000-32767",
+    "68", "443", "2379", "2380", "2381", "10010", "2112", "30000-32767",
     "3260", "5900", "6080", "6443", "6444", "8181", "8443", "8444", "8472",
     "9091", "9099", "9345", "9796", "10245", "10246-10249", "10250", "10251",
     "10252", "10256", "10257", "10258", "10259"
   ])
 
   name = "${var.prefix}-allow-inbound-${each.key}"
   priority = 100 + index([
-    "22", "68", "443", "2379", "2380", "2381", "10010", "2112", "30000-32767",
+    "68", "443", "2379", "2380", "2381", "10010", "2112", "30000-32767",
     "3260", "5900", "6080", "6443", "6444", "8181", "8443", "8444", "8472",
     "9091", "9099", "9345", "9796", "10245", "10246-10249", "10250", "10251",
     "10252", "10256", "10257", "10258", "10259"
@@ -170,6 +170,20 @@ resource "azurerm_network_security_rule" "allow_inbound" {
   network_security_group_name = azurerm_network_security_group.nsg.name
 }
 
+resource "azurerm_network_security_rule" "allow_ssh" {
+  name                        = "${var.prefix}-allow-inbound-22"
+  priority                    = 134
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = "22"
+  source_address_prefixes     = var.ssh_public_ip_source_addresses
+  destination_address_prefix  = "*"
+  resource_group_name         = azurerm_resource_group.rg.name
+  network_security_group_name = azurerm_network_security_group.nsg.name
+}
+
 resource "azurerm_network_security_rule" "allow_outbound" {
   name                        = "${var.prefix}-allow-outbound"
   priority                    = 100
diff --git a/modules/azure/virtual-machine/variables.tf b/modules/azure/virtual-machine/variables.tf
@@ -153,3 +153,9 @@ variable "startup_script" {
   type        = string
   default     = null
 }
+
+variable "ssh_public_ip_source_addresses" {
+  description = "List of CIDRs allowed to reach port 22 (SSH). Defaults to the public IP of the machine running Terraform."
+  type        = list(string)
+  default     = []
+}
diff --git a/projects/azure/main.tf b/projects/azure/main.tf
@@ -1,3 +1,7 @@
+data "http" "my_public_ip_address" {
+  url = "https://ipv4.icanhazip.com/"
+}
+
 locals {
   sles_startup_script_template_file      = "../../modules/harvester/deployment-script/sles_startup_script_sh.tpl"
   sles_startup_script_file               = "${path.cwd}/sles_startup_script.sh"
@@ -21,6 +25,7 @@ locals {
   ssh_public_key_path                    = var.ssh_public_key_path == null ? "${path.cwd}/${var.prefix}-ssh_public_key.pem" : var.ssh_public_key_path
   ssh_username                           = "opensuse"
   kubeconfig_file                        = "${path.cwd}/${var.prefix}_kube_config.yml"
+  caller_ip_cidr                         = "${chomp(data.http.my_public_ip_address.response_body)}/32"
   instance_type = (
     var.harvester_node_count == 1 ? (local.harvester_cluster_size == "small" ? "Standard_D16s_v5" : "Standard_D32s_v5") :
     var.harvester_node_count == 3 ? (local.harvester_cluster_size == "small" ? "Standard_D32s_v5" : "Standard_D64s_v5") :
@@ -115,6 +120,7 @@ module "harvester_node" {
   data_disk_type       = var.data_disk_type
   data_disk_size       = var.data_disk_size
   startup_script       = data.local_file.sles_startup_script.content
+  ssh_public_ip_source_addresses = length(var.ssh_public_ip_source_addresses) > 0 ? var.ssh_public_ip_source_addresses : [local.caller_ip_cidr]
 }
 
 data "local_file" "ssh_private_key" {
diff --git a/projects/azure/providers.tf b/projects/azure/providers.tf
@@ -20,6 +20,10 @@ terraform {
       source  = "rancher/rancher2"
       version = "14.1.0"
     }
+    http = {
+      source  = "hashicorp/http"
+      version = "~> 3.5"
+    }
   }
 }
 
diff --git a/projects/azure/variables.tf b/projects/azure/variables.tf
@@ -239,3 +239,9 @@ variable "rancher_insecure" {
   type        = bool
   default     = false
 }
+
+variable "ssh_public_ip_source_addresses" {
+  description = "List of CIDRs allowed to reach port 22 (SSH). Defaults to the public IP of the machine running Terraform."
+  type        = list(string)
+  default     = []
+}

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,10 @@ terraform {`
`20`	`20`	`source = "rancher/rancher2"`
`21`	`21`	`version = "14.1.0"`
`22`	`22`	`}`
	`23`	`+ http = {`
	`24`	`+ source = "hashicorp/http"`
	`25`	`+ version = "~> 3.5"`
	`26`	`+ }`
`23`	`27`	`}`
`24`	`28`	`}`
`25`	`29`