-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathjumphost.tf
114 lines (98 loc) · 4.08 KB
/
jumphost.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
resource "azurerm_subnet" "jumphost-subnet" {
count = var.api_server_profile == "Private" || var.ingress_profile == "Private" ? 1 : 0
name = "${local.name_prefix}-jumphost-subnet"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = [var.aro_jumphost_subnet_cidr_block]
service_endpoints = ["Microsoft.ContainerRegistry"]
}
# Due to remote-exec issue Static allocation needs
# to be used - https://github.com/hashicorp/terraform/issues/21665
resource "azurerm_public_ip" "jumphost-pip" {
count = var.api_server_profile == "Private" || var.ingress_profile == "Private" ? 1 : 0
name = "${local.name_prefix}-jumphost-pip"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
allocation_method = "Static"
tags = var.tags
}
resource "azurerm_network_interface" "jumphost-nic" {
count = var.api_server_profile == "Private" || var.ingress_profile == "Private" ? 1 : 0
name = "${local.name_prefix}-jumphost-nic"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.jumphost-subnet.0.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.jumphost-pip.0.id
}
tags = var.tags
}
resource "azurerm_network_security_group" "jumphost-nsg" {
count = var.api_server_profile == "Private" || var.ingress_profile == "Private" ? 1 : 0
name = "${local.name_prefix}-jumphost-nsg"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
security_rule {
name = "allow_ssh_sg"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_network_interface_security_group_association" "association" {
count = var.api_server_profile == "Private" || var.ingress_profile == "Private" ? 1 : 0
network_interface_id = azurerm_network_interface.jumphost-nic.0.id
network_security_group_id = azurerm_network_security_group.jumphost-nsg.0.id
}
resource "azurerm_linux_virtual_machine" "jumphost-vm" {
count = var.api_server_profile == "Private" || var.ingress_profile == "Private" ? 1 : 0
name = "${local.name_prefix}-jumphost"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
size = "Standard_D2s_v3"
admin_username = "aro"
network_interface_ids = [
azurerm_network_interface.jumphost-nic.0.id,
]
admin_ssh_key {
username = "aro"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "RedHat"
offer = "RHEL"
sku = "8.2"
version = "8.2.2021040911"
}
provisioner "remote-exec" {
connection {
type = "ssh"
host = azurerm_public_ip.jumphost-pip.0.ip_address
user = "aro"
private_key = file("~/.ssh/id_rsa")
}
inline = [
"sudo dnf install telnet wget bash-completion -y",
"wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${var.aro_version}/openshift-client-linux.tar.gz",
"tar -xvf openshift-client-linux.tar.gz",
"sudo mv oc kubectl /usr/bin/",
"oc completion bash > oc_bash_completion",
"sudo cp oc_bash_completion /etc/bash_completion.d/"
]
}
tags = var.tags
}
output "public_ip" {
value = try(azurerm_public_ip.jumphost-pip.0.ip_address, null)
}