Adding scaling capabilities and jumpserver

aws/jumpserver/main.tf

@@ -0,0 +1,81 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+    }
+  } 
+}
+provider "aws" {
+    region = var.region
+    access_key = var.AWS_ACCESS_KEY
+    secret_key = var.AWS_SECRET_KEY
+}
+
+resource "aws_vpc" "jumpservervpc" {
+  cidr_block = "10.0.0.0/16"
+}
+# Create a public subnet
+resource "aws_subnet" "public_subnet" {
+  vpc_id     = aws_vpc.jumpservervpc.id
+  cidr_block = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+}
+
+# Create an internet gateway
+resource "aws_internet_gateway" "jumpserver_igw" {
+  vpc_id = aws_vpc.jumpservervpc.id
+}
+
+resource "aws_route_table" "jumpserverrt" {
+  vpc_id = aws_vpc.jumpservervpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.jumpserver_igw.id
+  }
+
+  tags = {
+    Name = "jumpserverrt"
+  }
+}
+
+# Associate the route table with the public subnet
+resource "aws_route_table_association" "public_subnet_association" {
+  subnet_id      = aws_subnet.public_subnet.id
+  route_table_id = aws_route_table.jumpserverrt.id
+}
+
+# Create a security group allowing SSH only from your IP
+resource "aws_security_group" "ssh_sg" {
+  vpc_id = aws_vpc.jumpservervpc.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["${var.localserverip}/32"] # Replace your_ip with your actual IP address
+  }
+}
+
+# Create an EC2 instance
+resource "aws_instance" "my_instance" {
+  ami           = "ami-0a283ac1aafe112d5" # Replace with your AMI ID
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.public_subnet.id
+  key_name      = aws_key_pair.jumpserverkey.key_name
+  security_groups = [aws_security_group.ssh_sg.name]
+
+  tags = {
+    Name = "talosJumpserver"
+  }
+}
+
+# Generate SSH key pair
+resource "aws_key_pair" "jumpserverkey" {
+  key_name   = "jumpserverkey"
+  public_key = file("~/.ssh/id_rsa.pub")
+}
+
+output "ssh_key" {
+  value = aws_key_pair.jumpserverkey.key_name
+}

aws/jumpserver/vars.tf

@@ -0,0 +1,15 @@
+variable "AWS_ACCESS_KEY" {
+  description = "AWS Access key"
+}
+
+variable "AWS_SECRET_KEY" {
+  description = "AWS Secret key"
+}
+
+variable "region" {
+  description = "AWS Region to deploy the resources"
+}
+
+variable "localserverip" {
+  description = "AWS Region to deploy the resources"
+}

aws/talos/main.tf

@@ -125,68 +125,126 @@ data "local_file" "workerfile" {
   depends_on = [ null_resource.createtalosconfig ]
 }
 
-resource "aws_instance" talos_master_instance {
+resource "aws_placement_group" "talosplacemnentgroup" {
+  name     = "talosplacemnentgroup"
+  strategy = "cluster"
+}
 
-    count = var.mastercount
+resource "aws_launch_configuration" "talosmaster" {
+  name = "talos-master"
+  image_id = data.aws_ami.talos.id
+  instance_type = var.instance_type
+}
 
-    ami = data.aws_ami.talos.id
-    instance_type = var.instance_type
-    monitoring  = var.nodemonitoringenabled
-    vpc_security_group_ids = [ module.security_group.security_group_id ]
-    subnet_id              = "${element(module.vpc.private_subnets, 0)}"
+resource "aws_lb" "talosapi" {
+  name               = "talosapi"
+  internal           = false
+  load_balancer_type = "network"
+  subnets            = [for subnet in aws_subnet.public : subnet.id]
 
-    user_data = data.local_file.controllerfile.content
-    associate_public_ip_address = true
+  enable_deletion_protection = true
 
-    root_block_device {
-       volume_size = 200
-    }
+}
 
-    depends_on = [ data.local_file.controllerfile ]
+resource "aws_autoscaling_group" "talosmaster-static" {
+  name                      = "talosmaster-static"
+  max_size                  = 20
+  min_size                  = var.mastercount
+  health_check_grace_period = 300
+  health_check_type         = "ELB"
+  desired_capacity          = 4
+  force_delete              = true
+  placement_group           = aws_placement_group.talosplacemnentgroup.id
+  launch_configuration      = aws_launch_configuration.talosmaster.name
+  load_balancers = aws_lb.talosapi.arn
+
+
+  timeouts {
+    delete = "15m"
+  }
 
-    tags = {
-       Name = "talosmaster"
-    }
+}
 
+resource "aws_autoscaling_group" "talosmaster-scalable" {
+  name                      = "talosmaster-scalable"
+  max_size                  = 20
+  min_size                  = var.mastercount
+  health_check_grace_period = 300
+  health_check_type         = "ELB"
+  desired_capacity          = 4
+  force_delete              = true
+  placement_group           = aws_placement_group.talosplacemnentgroup.id
+  launch_configuration      = aws_launch_configuration.talosmaster.name
+
+
+  timeouts {
+    delete = "15m"
+  }
 
 }
-resource "aws_instance" talos_worker_instance {
+
+# resource "aws_instance" talos_master_instance {
+
+#     count = var.mastercount
+
+#     ami = data.aws_ami.talos.id
+#     instance_type = var.instance_type
+#     monitoring  = var.nodemonitoringenabled
+#     vpc_security_group_ids = [ module.security_group.security_group_id ]
+#     subnet_id              = "${element(module.vpc.private_subnets, 0)}"
+
+#     user_data = data.local_file.controllerfile.content
+#     associate_public_ip_address = true
+
+#     root_block_device {
+#        volume_size = 200
+#     }
+
+#     depends_on = [ data.local_file.controllerfile ]
+
+#     tags = {
+#        Name = "talosmaster"
+#     }
+
+
+# }
+# resource "aws_instance" talos_worker_instance {
 
-    count = var.workercount
+#     count = var.workercount
 
-    ami = data.aws_ami.talos.id
-    instance_type = var.instance_type
-    monitoring  = var.nodemonitoringenabled
-    vpc_security_group_ids = [ module.security_group.security_group_id ]
-    subnet_id              = "${element(module.vpc.private_subnets, 0)}"
+#     ami = data.aws_ami.talos.id
+#     instance_type = var.instance_type
+#     monitoring  = var.nodemonitoringenabled
+#     vpc_security_group_ids = [ module.security_group.security_group_id ]
+#     subnet_id              = "${element(module.vpc.private_subnets, 0)}"
 
-    user_data = data.local_file.workerfile.content
-    associate_public_ip_address = true
+#     user_data = data.local_file.workerfile.content
+#     associate_public_ip_address = true
 
-    depends_on = [ data.local_file.workerfile ]
+#     depends_on = [ data.local_file.workerfile ]
 
-    root_block_device {
-       volume_size = 200
-    }
-    tags = {
-       Name = "talosworker"
-    }
+#     root_block_device {
+#        volume_size = 200
+#     }
+#     tags = {
+#        Name = "talosworker"
+#     }
 
 
-}
+# }
 
-resource "aws_ebs_volume" "ebs_volume" {
-  count             = "${var.workercount}"
-  availability_zone = "${element(aws_instance.talos_master_instance.*.availability_zone, count.index)}"
-  size              = "200"
-}
+# resource "aws_ebs_volume" "ebs_volume" {
+#   count             = "${var.workercount}"
+#   availability_zone = "${element(aws_instance.talos_master_instance.*.availability_zone, count.index)}"
+#   size              = "200"
+# }
 
-resource "aws_volume_attachment" "volume_attachement" {
-  count       = "${var.workercount}"
-  volume_id   = "${aws_ebs_volume.ebs_volume.*.id[count.index]}"
-  device_name = "/dev/sdd"
-  instance_id = "${element(aws_instance.talos_worker_instance.*.id, count.index)}"
-}
+# resource "aws_volume_attachment" "volume_attachement" {
+#   count       = "${var.workercount}"
+#   volume_id   = "${aws_ebs_volume.ebs_volume.*.id[count.index]}"
+#   device_name = "/dev/sdd"
+#   instance_id = "${element(aws_instance.talos_worker_instance.*.id, count.index)}"
+# }
 
 resource "aws_lb_target_group" "talos-tg" {
     name = var.talostg
@@ -197,15 +255,24 @@ resource "aws_lb_target_group" "talos-tg" {
 
 }
 
-resource "aws_lb_target_group" "traefik-tg-80" {
-    name = var.traefik_tg_80_name
-    port = var.traefikhttpport
+resource "aws_lb_target_group" "talos-api" {
+    name = "talosapi"
+    port = 500000
     protocol = "TCP"
     target_type = "ip"
     vpc_id = module.vpc.vpc_id
 
 }
 
+# resource "aws_lb_target_group" "traefik-tg-80" {
+#     name = var.traefik_tg_80_name
+#     port = var.traefikhttpport
+#     protocol = "TCP"
+#     target_type = "ip"
+#     vpc_id = module.vpc.vpc_id
+
+# }
+
 resource "aws_lb_target_group" "traefik-tg-443" {
     name = var.traefik_tg_443_name
     port = var.traefikhttpsport
@@ -234,14 +301,22 @@ resource "aws_lb_target_group_attachment" "registertarget" {
 
 }
 
-resource "aws_lb_target_group_attachment" "registertarget-traefik-80" {
+resource "aws_lb_target_group_attachment" "talosapi" {
 
-    count = var.workercount
-    target_group_arn = aws_lb_target_group.traefik-tg-80.arn
-    target_id = "${element(split(",", join(",", aws_instance.talos_worker_instance.*.private_ip)), count.index)}" 
-    depends_on = [ aws_instance.talos_worker_instance ]  
+    count = var.mastercount
+    target_group_arn = aws_lb_target_group.talos-tg.arn
+    target_id = "${element(split(",", join(",", aws_instance.talos_master_instance.*.private_ip)), count.index)}" 
+    depends_on = [ aws_instance.talos_master_instance ]  
 
 }
+# resource "aws_lb_target_group_attachment" "registertarget-traefik-80" {
+
+#     count = var.workercount
+#     target_group_arn = aws_lb_target_group.traefik-tg-80.arn
+#     target_id = "${element(split(",", join(",", aws_instance.talos_worker_instance.*.private_ip)), count.index)}" 
+#     depends_on = [ aws_instance.talos_worker_instance ]  
+
+# }
 
 resource "aws_lb_target_group_attachment" "registertarget-traefik-443" {
 
@@ -301,7 +376,7 @@ resource "aws_alb_listener" "traefik-listener-443" {
   }
 
 }
-
+ 
 resource "aws_alb_listener" "nats-listener-4222" {
     load_balancer_arn = aws_lb.traefik.arn
     port = 4222
@@ -313,16 +388,6 @@ resource "aws_alb_listener" "nats-listener-4222" {
 
 }
 
-resource "aws_alb_listener" "traefik-listener-80" {
-    load_balancer_arn = aws_lb.traefik.arn
-    port = 80
-    protocol = "TCP"
-    default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.traefik-tg-80.arn
-  }
-
-}
 
 resource "null_resource" "bootstrap_etcd" {
     provisioner "local-exec" {