From 6e4982fffd6682bd34d05b6b4ad98b3d8dfd5cc1 Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Wed, 18 Dec 2024 20:42:10 -0800
Subject: [PATCH] Fire wall rules for admin-services

---
 infra/vultr-kubernetes/firewall.tf      | 13 +++++++++++++
 infra/vultr-kubernetes/variables.tf     | 18 ++++++++++++++++++
 infra/vultr-kubernetes/variables.tfvars | 19 ++++++++++++++++++-
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/infra/vultr-kubernetes/firewall.tf b/infra/vultr-kubernetes/firewall.tf
index ff296f8..caf86ca 100644
--- a/infra/vultr-kubernetes/firewall.tf
+++ b/infra/vultr-kubernetes/firewall.tf
@@ -17,3 +17,16 @@ resource vultr_firewall_rule game-server-inbound {
   subnet_size = 0
   port = each.value.port.expose
 }
+
+
+resource vultr_firewall_rule admin-service-inbound {
+  for_each = var.admin_services.configs
+  firewall_group_id = vultr_kubernetes.athens.firewall_group_id
+  protocol = "tcp"
+  ip_type = "v4"
+  subnet = "0.0.0.0"
+  subnet_size = 0
+  notes = each.value.port.notes
+  port = each.value.port.expose
+}
+
diff --git a/infra/vultr-kubernetes/variables.tf b/infra/vultr-kubernetes/variables.tf
index f54b901..fdeffc4 100644
--- a/infra/vultr-kubernetes/variables.tf
+++ b/infra/vultr-kubernetes/variables.tf
@@ -52,3 +52,21 @@ variable game_servers {
   })
 }
 
+variable admin_services {
+  type = object({
+    namespace = string
+    configs = map(object({
+      name  = string
+      image = string
+      cpu   = string
+      mem   = string
+      port  = object({
+        notes = optional(string)
+        internal = number
+        expose   = number
+      })
+      proto = optional(string)
+    }))
+  })
+}
+
diff --git a/infra/vultr-kubernetes/variables.tfvars b/infra/vultr-kubernetes/variables.tfvars
index 6bd258d..75011ff 100644
--- a/infra/vultr-kubernetes/variables.tfvars
+++ b/infra/vultr-kubernetes/variables.tfvars
@@ -23,4 +23,21 @@ game_servers = {
     #   }
     # }
   }
-}
\ No newline at end of file
+}
+
+admin_services = {
+  namespace = "admin-services"
+  configs = {
+    health = {
+      image = "nginx:latest"
+      name  = "health"
+      cpu   = "200m"
+      mem   = "64Mi"
+      port  = {
+        notes    = "Basic nginx sanity check service"
+        expose   = 30800
+        internal = 80
+      }
+    }
+  }
+}