diff --git a/roles/infrastructure/tasks/security_groups.yml b/roles/infrastructure/tasks/security_groups.yml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..6f5bae3a35849d0b7affe5f2807ea1c3546f53fb 100644
--- a/roles/infrastructure/tasks/security_groups.yml
+++ b/roles/infrastructure/tasks/security_groups.yml
@@ -0,0 +1,268 @@
+# # Creating Openstack security groups
+# resource "openstack_networking_secgroup_v2" "k8s_secgroup" {
+#   name        = "sg-os-k8s-sbx"
+#   description = "k8s security group"
+# }
+
+# # Creating Openstack security group rule for etcd 2379-2380
+# resource "openstack_networking_secgroup_rule_v2" "etcd" {
+#   description       = "etcd"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 2379
+#   port_range_max    = 2380
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for k8s-api 6443
+# resource "openstack_networking_secgroup_rule_v2" "k8s-api-mgmt" {
+#   description       = "k8s-api"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 6443
+#   port_range_max    = 6443
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+# resource "openstack_networking_secgroup_rule_v2" "k8s-api-agent" {
+#   description       = "k8s-api"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 6443
+#   port_range_max    = 6443
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for rke2-api 9345
+# resource "openstack_networking_secgroup_rule_v2" "rke2-api-mgmt" {
+#   description       = "rke2-api"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 9345
+#   port_range_max    = 9345
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+# resource "openstack_networking_secgroup_rule_v2" "rke2-api-agent" {
+#   description       = "rke2-api"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 9345
+#   port_range_max    = 9345
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+
+
+# ######## CNI
+
+
+# # Creating Openstack security group rule for vxlan
+# resource "openstack_networking_secgroup_rule_v2" "vxlan-mgmt" {
+#   description       = "vxlan-mgmt"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "udp"
+#   port_range_min    = 8472
+#   port_range_max    = 8472
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for vxlan
+# resource "openstack_networking_secgroup_rule_v2" "vxlan-agent" {
+#   description       = "vxlan-agent"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "udp"
+#   port_range_min    = 8472
+#   port_range_max    = 8472
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+
+# # Creating Openstack security group rule for vxlan
+# resource "openstack_networking_secgroup_rule_v2" "cni-health-tcp-mgmt" {
+#   description       = "cni-health-tcp-mgmt"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 4240
+#   port_range_max    = 4240
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for vxlan
+# resource "openstack_networking_secgroup_rule_v2" "cni-health-tcp-agent" {
+#   description       = "cni-health-tcp-agent"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 4240
+#   port_range_max    = 4240
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for vxlan
+# resource "openstack_networking_secgroup_rule_v2" "cni-health-icmp-mgmt" {
+#   description       = "cni-health-icmp-mgmt"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "icmp"
+#   port_range_min    = 8
+#   port_range_max    = 8
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for vxlan
+# resource "openstack_networking_secgroup_rule_v2" "cni-health-icmp-agent" {
+#   description       = "cni-health-icmp-agent"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "icmp"
+#   port_range_min    = 8
+#   port_range_max    = 8
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+
+
+# ###########
+
+
+
+
+# # Creating Openstack security group rule for kubelet metrics
+# resource "openstack_networking_secgroup_rule_v2" "kubelet-metrics-api-mgmt" {
+#   description       = "metrics-api-mgmt"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 10250
+#   port_range_max    = 10250
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for kubelet metrics
+# resource "openstack_networking_secgroup_rule_v2" "kubelet-metrics-api-agent" {
+#   description       = "metrics-api-agent"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 10250
+#   port_range_max    = 10250
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+# # Creating Openstack security group rule for NodePort port range
+# resource "openstack_networking_secgroup_rule_v2" "nodeport-range-mgmt" {
+#   description       = "nodeports-mgmt"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 30000
+#   port_range_max    = 32767
+#   remote_ip_prefix  = var.network.k8s_mgmt_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for NodePort port range
+# resource "openstack_networking_secgroup_rule_v2" "nodeport-range-agent" {
+#   description       = "nodeports-agent"
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 30000
+#   port_range_max    = 32767
+#   remote_ip_prefix  = var.network.k8s_agent_subnet_cidr
+#   #remote_group_id   = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for https 8443
+# resource "openstack_networking_secgroup_rule_v2" "rancher-ui" {
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 8443
+#   port_range_max    = 8443
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for https 443
+# resource "openstack_networking_secgroup_rule_v2" "http" {
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 80
+#   port_range_max    = 80
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for https 443
+# resource "openstack_networking_secgroup_rule_v2" "https" {
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 443
+#   port_range_max    = 443
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
+
+# # Creating Openstack security group rule for ssh 22
+# resource "openstack_networking_secgroup_rule_v2" "ssh" {
+#   direction         = "ingress"
+#   ethertype         = "IPv4"
+#   protocol          = "tcp"
+#   port_range_min    = 22
+#   port_range_max    = 22
+#   remote_ip_prefix  = var.network.ssh_access_subnet_cidr
+#   security_group_id = openstack_networking_secgroup_v2.k8s_secgroup.id
+#   depends_on        = [openstack_networking_secgroup_v2.k8s_secgroup]
+# }
\ No newline at end of file