admin services namespace, pods, and services

Fire wall rules for admin-services
2024-12-18 20:42:40 -08:00 · 2024-12-18 20:42:10 -08:00
4 changed files with 107 additions and 1 deletions
--- a/infra/vultr-kubernetes/admin-services.tf
+++ b/infra/vultr-kubernetes/admin-services.tf
@ -0,0 +1,58 @@
+resource kubernetes_namespace admin-servers {
+    metadata {
+        name = var.admin_services.namespace
+    }
+}
+
+resource kubernetes_pod admin {
+    for_each = var.admin_services.configs
+
+    metadata {
+        name = each.key
+        namespace = var.admin_services.namespace
+        labels = {
+            app = each.key
+        }
+    }
+    spec {
+        container {
+            image = each.value.image
+            name  = coalesce(each.value.name, each.key)
+            resources {
+                limits = {
+                    cpu    = each.value.cpu
+                    memory = each.value.mem
+                }
+            }
+            port {
+                container_port = each.value.port.internal
+                protocol       = coalesce(each.value.proto, "TCP")
+            }
+        }
+    }
+}
+
+resource kubernetes_service admin {
+    for_each = var.admin_services.configs
+    metadata {
+        name = each.key
+        namespace = var.admin_services.namespace
+        labels = {
+            app = each.key
+        }
+    }
+    # TODO: don't make these NodePorts since we're gonna want them
+    # to be purely internal to the Cluster.
+    # WHY? Because we want to keep dashboards as unexposed as possible
+    spec {
+        selector = {
+            app = each.key
+        }
+        port {
+            target_port        = each.value.port.internal
+            port               = each.value.port.expose
+        }
+        type = "NodePort"
+    }
+}
+
--- a/infra/vultr-kubernetes/firewall.tf
+++ b/infra/vultr-kubernetes/firewall.tf
@ -17,3 +17,16 @@ resource vultr_firewall_rule game-server-inbound {
  subnet_size = 0
  port = each.value.port.expose
 }
+
+
+resource vultr_firewall_rule admin-service-inbound {
+  for_each = var.admin_services.configs
+  firewall_group_id = vultr_kubernetes.athens.firewall_group_id
+  protocol = "tcp"
+  ip_type = "v4"
+  subnet = "0.0.0.0"
+  subnet_size = 0
+  notes = each.value.port.notes
+  port = each.value.port.expose
+}
+
--- a/infra/vultr-kubernetes/variables.tf
+++ b/infra/vultr-kubernetes/variables.tf
@ -52,3 +52,21 @@ variable game_servers {
  })
 }

+variable admin_services {
+  type = object({
+    namespace = string
+    configs = map(object({
+      name  = string
+      image = string
+      cpu   = string
+      mem   = string
+      port  = object({
+        notes = optional(string)
+        internal = number
+        expose   = number
+      })
+      proto = optional(string)
+    }))
+  })
+}
+
--- a/infra/vultr-kubernetes/variables.tfvars
+++ b/infra/vultr-kubernetes/variables.tfvars
@ -23,4 +23,21 @@ game_servers = {
    #   }
    # }
  }
-}
+}
+
+admin_services = {
+  namespace = "admin-services"
+  configs = {
+    health = {
+      image = "nginx:latest"
+      name  = "health"
+      cpu   = "200m"
+      mem   = "64Mi"
+      port  = {
+        notes    = "Basic nginx sanity check service"
+        expose   = 30800
+        internal = 80
+      }
+    }
+  }
+}
Author	SHA1	Message	Date
shockrah	ee23406f49	admin services namespace, pods, and services Some checks failed Ansible Linting / ansible-lint (push) Failing after 4s Details Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 14s Details	2024-12-18 20:42:40 -08:00
shockrah	6e4982fffd	Fire wall rules for admin-services	2024-12-18 20:42:10 -08:00