Skip to content

Commit

Permalink
feat(infra): auto-create dev tunnel & public ip
Browse files Browse the repository at this point in the history
  • Loading branch information
NathanFlurry committed Jul 3, 2024
1 parent 136b789 commit 26afe97
Show file tree
Hide file tree
Showing 23 changed files with 178 additions and 106 deletions.
6 changes: 0 additions & 6 deletions Taskfile.yaml

This file was deleted.

21 changes: 0 additions & 21 deletions infra/dev-tunnel/Taskfile.yaml

This file was deleted.

3 changes: 0 additions & 3 deletions infra/dev-tunnel/providers.tf

This file was deleted.

4 changes: 0 additions & 4 deletions infra/dev-tunnel/vars.tf

This file was deleted.

1 change: 1 addition & 0 deletions infra/tf/dev_tunnel/dev_tunnel
9 changes: 7 additions & 2 deletions infra/dev-tunnel/main.tf → infra/tf/dev_tunnel/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ terraform {
}
}

output "ip" {
value = linode_instance.tunnel.ip_address
module "secrets" {
source = "../modules/secrets"

keys = [
"linode/token",
]
}

3 changes: 3 additions & 0 deletions infra/tf/dev_tunnel/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
output "tunnel_public_ip" {
value = linode_instance.tunnel.ip_address
}
3 changes: 3 additions & 0 deletions infra/tf/dev_tunnel/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
provider "linode" {
token = module.secrets.values["linode/token"]
}
52 changes: 29 additions & 23 deletions infra/dev-tunnel/server.tf → infra/tf/dev_tunnel/server.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
dev_tunnel_name = "dev-tunnel-${random_string.tunnel_suffix.result}"
dev_tunnel_name = "${var.namespace}-dev-tunnel"
}

resource "random_string" "tunnel_suffix" {
Expand All @@ -11,9 +11,9 @@ resource "random_string" "tunnel_suffix" {
}

resource "random_password" "password" {
length = 16
special = true
override_special = "_%@"
length = 16
special = true
override_special = "_%@"
}

resource "linode_instance" "tunnel" {
Expand All @@ -23,7 +23,7 @@ resource "linode_instance" "tunnel" {
type = "g6-nanode-1"
authorized_keys = [trimspace(tls_private_key.ssh_key.public_key_openssh)]
root_pass = random_password.password.result
tags = ["dev-tunnel"]
tags = ["rivet-${var.namespace}", "${var.namespace}-dev-tunnel"]
}

resource "linode_firewall" "tunnel_firewall" {
Expand All @@ -45,38 +45,44 @@ resource "linode_firewall" "tunnel_firewall" {
label = "http"
action = "ACCEPT"
protocol = "TCP"
ports = "80"
ports = var.api_http_port
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
}

inbound {
label = "https"
action = "ACCEPT"
protocol = "TCP"
ports = "443"
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
dynamic "inbound" {
for_each = var.api_https_port != null ? [1] : []
content {
label = "https"
action = "ACCEPT"
protocol = "TCP"
ports = var.api_https_port
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
}
}

inbound {
label = "tunnel"
action = "ACCEPT"
protocol = "TCP"
ports = "5000"
ports = var.tunnel_port
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
}

inbound {
label = "minio"
action = "ACCEPT"
protocol = "TCP"
ports = "9000"
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
dynamic "inbound" {
for_each = var.minio_port != null ? [1] : []
content {
label = "minio"
action = "ACCEPT"
protocol = "TCP"
ports = var.minio_port
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
}
}

linodes = [linode_instance.tunnel.id]
linodes = [linode_instance.tunnel.id]
}

File renamed without changes.
13 changes: 12 additions & 1 deletion infra/dev-tunnel/tunnel.tf → infra/tf/dev_tunnel/tunnel.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
locals {
fwd_ports = flatten([
var.api_http_port,
var.api_https_port != null ? [var.api_https_port] : [],
var.tunnel_port,
var.minio_port != null ? [var.minio_port] : [],
])

ssh_fwd_flags = join(" ", [for x in local.fwd_ports: "-R 0.0.0.0:${x}:127.0.0.1:${x}"])
}

resource "null_resource" "update_sshd_config" {
depends_on = [linode_instance.tunnel]
triggers = {
Expand Down Expand Up @@ -47,7 +58,7 @@ resource "docker_container" "ssh_tunnel" {
apt-get install -y openssh-client
while true; do
echo 'Connecting...'
ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa -vNT -R 0.0.0.0:80:127.0.0.1:80 -R 0.0.0.0:443:127.0.0.1:443 -R 0.0.0.0:5000:127.0.0.1:5000 -R 0.0.0.0:9000:127.0.0.1:9000 root@${linode_instance.tunnel.ip_address}
ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa -vNT ${local.ssh_fwd_flags} root@${linode_instance.tunnel.ip_address}
sleep 5
done
EOF
Expand Down
22 changes: 22 additions & 0 deletions infra/tf/dev_tunnel/vars.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
variable "namespace" {
type = string
}

variable "api_http_port" {
type = number
}

variable "api_https_port" {
type = number
nullable = true
}

variable "minio_port" {
type = number
nullable = true
}

variable "tunnel_port" {
type = number
}

4 changes: 0 additions & 4 deletions infra/tf/k8s_cluster_k3d/output.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
output "traefik_external_ip" {
value = var.public_ip
}

output "repo_host" {
value = local.repo_host
}
Expand Down
4 changes: 0 additions & 4 deletions infra/tf/k8s_cluster_k3d/vars.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,6 @@ variable "cargo_target_dir" {
type = string
}

variable "public_ip" {
type = string
}

variable "api_http_port" {
type = number
}
Expand Down
10 changes: 6 additions & 4 deletions infra/tf/k8s_infra/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,16 @@ output "traefik_external_ip" {
value = (
var.deploy_method_cluster ?
data.kubernetes_service.traefik.status[0].load_balancer[0].ingress[0].hostname :
var.public_ip
var.dev_public_ip
)
}

output "traefik_tunnel_external_ip" {
value = (
var.deploy_method_cluster && var.edge_enabled ?
data.kubernetes_service.traefik_tunnel.0.status[0].load_balancer[0].ingress[0].hostname :
var.public_ip
var.edge_enabled
? var.deploy_method_cluster
? data.kubernetes_service.traefik_tunnel.0.status[0].load_balancer[0].ingress[0].hostname
: var.dev_public_ip
: null
)
}
2 changes: 1 addition & 1 deletion infra/tf/k8s_infra/vars.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ variable "deploy_method_cluster" {
type = bool
}

variable "public_ip" {
variable "dev_public_ip" {
type = string
nullable = true
default = null
Expand Down
12 changes: 11 additions & 1 deletion lib/bolt/config/src/ns.rs
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,9 @@ pub struct Cluster {
pub enum ClusterKind {
#[serde(rename = "single_node")]
SingleNode {
public_ip: String,
#[serde(default)]
public_ip: Option<String>,

/// Port to expose API HTTP interface. Exposed on public IP.
#[serde(default = "default_api_http_port")]
api_http_port: u16,
Expand All @@ -85,11 +87,19 @@ pub enum ClusterKind {
/// Disabled by default since this doesn't play well with development machines.
#[serde(default)]
limit_resources: bool,

/// Create a dev tunnel for this server.
#[serde(default)]
dev_tunnel: Option<DevTunnel>,
},
#[serde(rename = "distributed")]
Distributed {},
}

#[derive(Default, Serialize, Deserialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct DevTunnel {}

#[derive(Default, Serialize, Deserialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Secrets {
Expand Down
Loading

0 comments on commit 26afe97

Please sign in to comment.