Fire wall rules for admin-services

infra/vultr-kubernetes/firewall.tf

@@ -17,3 +17,16 @@ resource vultr_firewall_rule game-server-inbound {
   subnet_size = 0
   port = each.value.port.expose
 }
+
+
+resource vultr_firewall_rule admin-service-inbound {
+  for_each = var.admin_services.configs
+  firewall_group_id = vultr_kubernetes.athens.firewall_group_id
+  protocol = "tcp"
+  ip_type = "v4"
+  subnet = "0.0.0.0"
+  subnet_size = 0
+  notes = each.value.port.notes
+  port = each.value.port.expose
+}
+

infra/vultr-kubernetes/variables.tf

@@ -52,3 +52,21 @@ variable game_servers {
   })
 }
 
+variable admin_services {
+  type = object({
+    namespace = string
+    configs = map(object({
+      name  = string
+      image = string
+      cpu   = string
+      mem   = string
+      port  = object({
+        notes = optional(string)
+        internal = number
+        expose   = number
+      })
+      proto = optional(string)
+    }))
+  })
+}
+

infra/vultr-kubernetes/variables.tfvars

@@ -23,4 +23,21 @@ game_servers = {
     #   }
     # }
   }
-}
+}
+
+admin_services = {
+  namespace = "admin-services"
+  configs = {
+    health = {
+      image = "nginx:latest"
+      name  = "health"
+      cpu   = "200m"
+      mem   = "64Mi"
+      port  = {
+        notes    = "Basic nginx sanity check service"
+        expose   = 30800
+        internal = 80
+      }
+    }
+  }
+}