Merge pull request #1 from montblu/add-base

Add base

README.md

@@ -1 +1,46 @@
-# my_jumpserver
+# my_jumpserver
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_config_map.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource |
+| [kubernetes_deployment.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_secret.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_service.main](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_image_repository"></a> [image\_repository](#input\_image\_repository) | Repository of the image used to deploy the jumpserver. | `string` | `"linuxserver/openssh-server"` | no |
+| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Tag of the image used to deploy the jumpserver. | `string` | `"9.3_p2-r0-ls133"` | no |
+| <a name="input_motd_name"></a> [motd\_name](#input\_motd\_name) | Name of the place where the user joined. Defaults to 'jumpserver', so it shows: 'Welcome to jumpserver' | `string` | `"jumpserver"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the resource. Defaults to 'jumpserver' | `string` | `"jumpserver"` | no |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix of the resource. If not specified it won't add a prefix. | `string` | `""` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where the resource will be deployed. If not specified it will be deployed in 'default' namespace. | `string` | `"default"` | no |
+| <a name="input_ssh_host_rsa_key"></a> [ssh\_host\_rsa\_key](#input\_ssh\_host\_rsa\_key) | Private key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved. | `string` | `""` | no |
+| <a name="input_ssh_host_rsa_key_public"></a> [ssh\_host\_rsa\_key\_public](#input\_ssh\_host\_rsa\_key\_public) | Public key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved. | `string` | `""` | no |
+| <a name="input_ssh_keys"></a> [ssh\_keys](#input\_ssh\_keys) | List of SSH keys to be added to the authorized keys list. | `string` | n/a | yes |
+| <a name="input_sshd_config"></a> [sshd\_config](#input\_sshd\_config) | Configuration file for SSH. If not defined it will use the default. | `string` | `""` | no |
+| <a name="input_svc_annotations"></a> [svc\_annotations](#input\_svc\_annotations) | Map of annotations for the service. | `map(any)` | `{}` | no |
+| <a name="input_svc_type"></a> [svc\_type](#input\_svc\_type) | Type of LoadBalancer. | `string` | `"LoadBalancer"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

main.tf

@@ -0,0 +1,216 @@
+locals {
+  resource_name = var.name_prefix == "" ? var.name : "${var.name_prefix}-${var.name}"
+
+  # Default SSH config
+  sshd_config = <<-EOT
+AllowTcpForwarding yes
+AuthorizedKeysFile      .ssh/authorized_keys
+ClientAliveCountMax 100
+ClientAliveInterval 30
+GatewayPorts clientspecified
+PasswordAuthentication no
+PermitTunnel yes
+PidFile /config/sshd.pid
+TCPKeepAlive no
+X11Forwarding no
+HostKey /config/ssh_host_keys/ssh_host_rsa_key
+    EOT
+}
+
+resource "kubernetes_config_map" "main" {
+  metadata {
+    name      = local.resource_name
+    namespace = var.namespace
+  }
+
+  data = {
+    "authorized_keys" = var.ssh_keys
+    "motd"            = "Welcome to ${var.motd_name}"
+    "sshd_config"     = var.sshd_config == "" ? local.sshd_config : var.sshd_config
+  }
+}
+
+resource "kubernetes_secret" "main" {
+  count = (var.ssh_host_rsa_key != "") && (var.ssh_host_rsa_key_public != "") ? 1 : 0
+
+  metadata {
+    name      = local.resource_name
+    namespace = var.namespace
+  }
+
+  data = {
+    "ssh_host_rsa_key"        = var.ssh_host_rsa_key
+    "ssh_host_rsa_key_public" = var.ssh_host_rsa_key_public
+  }
+}
+
+resource "kubernetes_deployment" "main" {
+  metadata {
+    name      = local.resource_name
+    namespace = var.namespace
+  }
+
+  spec {
+    replicas = 1
+
+    selector {
+      match_labels = {
+        app = local.resource_name
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = local.resource_name
+        }
+      }
+
+      spec {
+        volume {
+          name = "motd"
+
+          config_map {
+            name = local.resource_name
+
+            items {
+              key  = "motd"
+              path = "motd"
+            }
+          }
+        }
+
+        volume {
+          name = "authorized_keys"
+
+          config_map {
+            name = local.resource_name
+
+            items {
+              key  = "authorized_keys"
+              path = "authorized_keys"
+            }
+          }
+        }
+
+        volume {
+          name = "sshd_config"
+
+          config_map {
+            name = local.resource_name
+
+            items {
+              key  = "sshd_config"
+              path = "sshd_config"
+            }
+          }
+        }
+
+        volume {
+          name = "ssh_host_rsa_key"
+
+          secret {
+            secret_name = local.resource_name
+
+            items {
+              key  = "ssh_host_rsa_key"
+              path = "ssh_host_rsa_key"
+            }
+          }
+        }
+
+        volume {
+          name = "ssh_host_rsa_key_public"
+
+          secret {
+            secret_name = local.resource_name
+
+            items {
+              key  = "ssh_host_rsa_key_public"
+              path = "ssh_host_rsa_key_public"
+            }
+          }
+        }
+
+        container {
+          name  = local.resource_name
+          image = "${var.image_repository}:${var.image_tag}"
+
+          env {
+            name  = "USER_NAME"
+            value = "user"
+          }
+
+          volume_mount {
+            name       = "motd"
+            mount_path = "/etc/motd"
+            sub_path   = "motd"
+          }
+
+          volume_mount {
+            name       = "authorized_keys"
+            mount_path = "/config/.ssh/authorized_keys"
+            sub_path   = "authorized_keys"
+          }
+
+          volume_mount {
+            name       = "sshd_config"
+            mount_path = "/config/ssh_host_keys/sshd_config"
+            sub_path   = "sshd_config"
+          }
+
+          volume_mount {
+            name       = "ssh_host_rsa_key"
+            mount_path = "/config/ssh_host_keys/ssh_host_rsa_key"
+            sub_path   = "ssh_host_rsa_key"
+          }
+
+          volume_mount {
+            name       = "ssh_host_rsa_key_public"
+            mount_path = "/config/ssh_host_keys/ssh_host_rsa_key_public"
+            sub_path   = "ssh_host_rsa_key_public"
+          }
+        }
+      }
+    }
+
+    strategy {
+      type = "RollingUpdate"
+
+      rolling_update {
+        max_surge       = 0
+        max_unavailable = 1
+      }
+    }
+  }
+
+  depends_on = [
+    kubernetes_config_map.main,
+    kubernetes_secret.main
+  ]
+}
+
+resource "kubernetes_service" "main" {
+  metadata {
+    name      = local.resource_name
+    namespace = var.namespace
+
+    annotations = var.svc_annotations
+  }
+
+  spec {
+    selector = {
+      app = local.resource_name
+    }
+    port {
+      port        = 22
+      target_port = 2222
+    }
+
+    type = var.svc_type
+  }
+
+  depends_on = [
+    kubernetes_deployment.main
+  ]
+}

variables.tf

@@ -0,0 +1,71 @@
+variable "motd_name" {
+  type        = string
+  default     = "jumpserver"
+  description = "Name of the place where the user joined. Defaults to 'jumpserver', so it shows: 'Welcome to jumpserver'"
+}
+
+variable "name" {
+  type        = string
+  default     = "jumpserver"
+  description = "Name of the resource. Defaults to 'jumpserver'"
+}
+
+variable "name_prefix" {
+  type        = string
+  default     = ""
+  description = "Prefix of the resource. If not specified it won't add a prefix."
+}
+
+variable "namespace" {
+  type        = string
+  default     = "default"
+  description = "Namespace where the resource will be deployed. If not specified it will be deployed in 'default' namespace."
+}
+
+variable "ssh_keys" {
+  type        = string
+  description = "List of SSH keys to be added to the authorized keys list. Should be in the same format as the 'authorized_keys' file, represented in Heredoc style as a multi-line string value."
+}
+
+variable "sshd_config" {
+  type        = string
+  default     = ""
+  description = "Configuration file for SSH. If not defined it will use the default."
+}
+
+
+variable "ssh_host_rsa_key" {
+  type        = string
+  default     = ""
+  description = "Private key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved."
+}
+
+variable "ssh_host_rsa_key_public" {
+  type        = string
+  default     = ""
+  description = "Public key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved."
+}
+
+variable "image_repository" {
+  type        = string
+  default     = "linuxserver/openssh-server"
+  description = "Repository of the image used to deploy the jumpserver."
+}
+
+variable "image_tag" {
+  type        = string
+  default     = "9.3_p2-r0-ls133"
+  description = "Tag of the image used to deploy the jumpserver."
+}
+
+variable "svc_annotations" {
+  type        = map(any)
+  default     = {}
+  description = "Map of annotations for the service."
+}
+
+variable "svc_type" {
+  type        = string
+  default     = "LoadBalancer"
+  description = "Type of LoadBalancer."
+}