Creating simple bastion host for testing deployment setup scripts

infra/vultr-kubernetes/bastion.tf

@@ -0,0 +1,27 @@
+resource tls_private_key bastion {
+  algorithm = "ED25519"
+}
+
+resource vultr_ssh_key bastion {
+  name = "bastion"
+  ssh_key = tls_private_key.bastion.public_key_openssh
+}
+
+resource vultr_instance bastion {
+  region  = var.cluster.region
+  vpc_ids = [ vultr_vpc.athens.id ]
+  plan    = var.bastion.plan
+  os_id   = var.bastion.os
+  label   = var.bastion.label
+
+  ssh_key_ids = [ vultr_ssh_key.bastion.id ]
+
+  enable_ipv6         = true
+  disable_public_ipv4 = false
+  activation_email    = false
+}
+
+output bastion_ssh {
+  value = tls_private_key.bastion.private_key_pem
+  sensitive = true
+}

infra/vultr-kubernetes/firewall.tf

@@ -1,9 +1,23 @@
-resource vultr_firewall_rule web_inbound {
-  for_each = toset([for port in [80, 443, 6443] : tostring(port) ])
-  firewall_group_id = vultr_kubernetes.athens.firewall_group_id
+# resource vultr_firewall_rule web_inbound {
+#   for_each = toset([for port in [80, 443, 6443] : tostring(port) ])
+#   firewall_group_id = vultr_kubernetes.athens.firewall_group_id
+#   protocol = "tcp"
+#   ip_type = "v4"
+#   subnet = "0.0.0.0"
+#   subnet_size = 0
+#   port = each.value
+# }
+
+resource vultr_firewall_group bastion {
+  description = "For connections into and out of the bastion host"
+}
+
+resource vultr_firewall_rule bastion_inbound {
+  firewall_group_id = vultr_firewall_group.bastion.id
   protocol = "tcp"
   ip_type = "v4"
   subnet = "0.0.0.0"
   subnet_size = 0
-  port = each.value
+  port = 22
 }
+