admin services namespace, pods, and services

infra/vultr-kubernetes/admin-services.tf

@@ -0,0 +1,58 @@
+resource kubernetes_namespace admin-servers {
+    metadata {
+        name = var.admin_services.namespace
+    }
+}
+
+resource kubernetes_pod admin {
+    for_each = var.admin_services.configs
+
+    metadata {
+        name = each.key
+        namespace = var.admin_services.namespace
+        labels = {
+            app = each.key
+        }
+    }
+    spec {
+        container {
+            image = each.value.image
+            name  = coalesce(each.value.name, each.key)
+            resources {
+                limits = {
+                    cpu    = each.value.cpu
+                    memory = each.value.mem
+                }
+            }
+            port {
+                container_port = each.value.port.internal
+                protocol       = coalesce(each.value.proto, "TCP")
+            }
+        }
+    }
+}
+
+resource kubernetes_service admin {
+    for_each = var.admin_services.configs
+    metadata {
+        name = each.key
+        namespace = var.admin_services.namespace
+        labels = {
+            app = each.key
+        }
+    }
+    # TODO: don't make these NodePorts since we're gonna want them
+    # to be purely internal to the Cluster.
+    # WHY? Because we want to keep dashboards as unexposed as possible
+    spec {
+        selector = {
+            app = each.key
+        }
+        port {
+            target_port        = each.value.port.internal
+            port               = each.value.port.expose
+        }
+        type = "NodePort"
+    }
+}
+

infra/vultr-kubernetes/firewall.tf

@@ -17,3 +17,16 @@ resource vultr_firewall_rule game-server-inbound {
   subnet_size = 0
   port = each.value.port.expose
 }
+
+
+resource vultr_firewall_rule admin-service-inbound {
+  for_each = var.admin_services.configs
+  firewall_group_id = vultr_kubernetes.athens.firewall_group_id
+  protocol = "tcp"
+  ip_type = "v4"
+  subnet = "0.0.0.0"
+  subnet_size = 0
+  notes = each.value.port.notes
+  port = each.value.port.expose
+}
+

infra/vultr-kubernetes/variables.tf

@@ -52,3 +52,21 @@ variable game_servers {
   })
 }
 
+variable admin_services {
+  type = object({
+    namespace = string
+    configs = map(object({
+      name  = string
+      image = string
+      cpu   = string
+      mem   = string
+      port  = object({
+        notes = optional(string)
+        internal = number
+        expose   = number
+      })
+      proto = optional(string)
+    }))
+  })
+}
+

infra/vultr-kubernetes/variables.tfvars

@@ -23,4 +23,21 @@ game_servers = {
     #   }
     # }
   }
-}
+}
+
+admin_services = {
+  namespace = "admin-services"
+  configs = {
+    health = {
+      image = "nginx:latest"
+      name  = "health"
+      cpu   = "200m"
+      mem   = "64Mi"
+      port  = {
+        notes    = "Basic nginx sanity check service"
+        expose   = 30800
+        internal = 80
+      }
+    }
+  }
+}