provides an API, Scheduler, UI, controller and a KV store, all information and state is stored in -> etcd
control plane
Calum Hunter calum-github
calum-github
/ firewall_bonus.tf
Created
May 20, 2021 05:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Allow incoming access to our instance via | |
| ## port 22, from the IAP servers | |
| resource "google_compute_firewall" "inbound-ip-ssh" { | |
| name = "allow-incoming-access-from-iap" | |
| project = var.project_id | |
| network = "default" | |
| direction = "INGRESS" | |
| allow { | |
| protocol = "tcp" |
calum-github
/ iam_compute.tf
Created
May 20, 2021 05:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define the required roles to access the VM | |
| locals { | |
| compute_roles = [ | |
| "roles/compute.viewer", | |
| "roles/compute.osLogin", | |
| ] | |
| } | |
| # Apply the roles to a user account | |
| resource "google_project_iam_member" "assign-roles" { |
calum-github
/ iam.tf
Created
May 20, 2021 04:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a conditional IAM rule that grants access to establish an IAP tunnel | |
| # IF the user is connecting from an authorised network defined in the access | |
| # list | |
| resource "google_iap_tunnel_iam_member" "allow-remote-access-to-iap" { | |
| project = "<your-project-id>" | |
| role = "roles/iap.tunnelResourceAccessor" | |
| member = "user:[email protected]" | |
| condition { | |
| title = "allow_remote_access_to_iap" |
calum-github
/ access_level.tf
Created
May 20, 2021 04:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Creates an Access Level | |
| # This access level will be used in | |
| # a conditional IAM policy to restrict access | |
| # to authorised users coming from authorised networks | |
| resource "google_access_context_manager_access_level" "access-level" { | |
| parent = "accessPolicies/<access-policy-id>" | |
| name = "accessPolicies/<access-policy-id>/accessLevels/<my_access_level_name>" | |
| title = "secure-iap-access-level" | |
| description = "This access level lists the authorised network addresses" |
calum-github
/ firewall.tf
Created
May 20, 2021 04:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Allow incoming access to our instance via | |
| ## port 22, from the IAP servers | |
| resource "google_compute_firewall" "inbound-ip-ssh" { | |
| name = "allow-incoming-ssh-from-iap" | |
| project = var.project_id | |
| network = "default" | |
| direction = "INGRESS" | |
| allow { | |
| protocol = "tcp" |
calum-github
/ vm.tf
Created
May 20, 2021 04:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an instance | |
| resource "google_compute_instance" "my-instance" { | |
| project = var.project_id | |
| name = "my-instance-01" | |
| machine_type = "e2-standard-2" | |
| zone = var.zone | |
| boot_disk { | |
| initialize_params { | |
| image = "debian-cloud/debian-9" |
calum-github
/ gist:6ea1c80d31568dcd114367e864c3f3f1
Created
February 28, 2019 23:26
Route53 Terraform example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Manage DNS | |
| // Create a private route53 zone | |
| resource "aws_route53_zone" "this" { | |
| name = "${var.dns_zone_name}" | |
| vpc_id = "${var.vpc_id}" | |
| } | |
| // Create a dns record for the jenkins master private ip | |
| resource "aws_route53_record" "master" { | |
| zone_id = "${aws_route53_zone.this.id}" |
calum-github
/ k8s_notes.md
Last active
February 11, 2019 04:46
calum-github
/ gist:866487f370bed4e6e0bf1bc2157b8a14
Created
November 30, 2018 02:36
example using count in TF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # define the network interfaces in a count block for the vm's you want to assign them to | |
| resource "azurerm_network_interface" "network-interface" { | |
| name = "interface-number-${count.index}" | |
| count = 3 | |
| # ... | |
| } | |
| # The above resource will generate three network interfaces |
calum-github
/ get_ami_codes.sh
Last active
September 27, 2018 03:44
Get a list of AWS AMI codes for CentOS 7 Linux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get latest AMI codes for CentOS 7 from AWS | |
| region="ap-southeast-2" | |
| product_code="aw0evgkw8e5c1q413zgy5pjce" | |
| aws ec2 describe-images \ | |
| --region "$region" \ | |
| --owners aws-marketplace \ |
NewerOlder