allow making bastions highly available

lbrlabs · Feb 20, 2024 · d8e8c01 · d8e8c01
1 parent fb099e4
commit d8e8c01
Show file tree

Hide file tree

Showing 16 changed files with 197 additions and 14 deletions.
diff --git a/provider/pkg/provider/aws/bastion.go b/provider/pkg/provider/aws/bastion.go
@@ -25,12 +25,13 @@ var (
 
 // The set of arguments for creating a Bastion component resource.
 type BastionArgs struct {
-	VpcID         pulumi.StringInput      `pulumi:"vpcId"`
-	SubnetIds     pulumi.StringArrayInput `pulumi:"subnetIds"`
-	TailscaleTags pulumi.StringArrayInput `pulumi:"tailscaleTags"`
-	Route         pulumi.StringInput      `pulumi:"route"`
-	Region        pulumi.StringInput      `pulumi:"region"`
-	InstanceType  pulumi.StringInput      `pulumi:"instanceType"`
+	VpcID            pulumi.StringInput      `pulumi:"vpcId"`
+	SubnetIds        pulumi.StringArrayInput `pulumi:"subnetIds"`
+	TailscaleTags    pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+	Route            pulumi.StringInput      `pulumi:"route"`
+	Region           pulumi.StringInput      `pulumi:"region"`
+	InstanceType     pulumi.StringInput      `pulumi:"instanceType"`
+	HighAvailability bool                    `pulumi:"highAvailability"`
 }
 
 type UserDataArgs struct {
@@ -291,10 +292,18 @@ func NewBastion(ctx *pulumi.Context,
 		return nil, fmt.Errorf("error creating launch configuration: %v", err)
 	}
 
+	var size int
+
+	if args.HighAvailability {
+		size = 2
+	} else {
+		size = 1
+	}
+
 	asg, err := autoscaling.NewGroup(ctx, name, &autoscaling.GroupArgs{
 		LaunchConfiguration:    launchConfiguration.ID(),
-		MaxSize:                pulumi.Int(1),
-		MinSize:                pulumi.Int(1),
+		MaxSize:                pulumi.Int(size),
+		MinSize:                pulumi.Int(size),
 		HealthCheckType:        pulumi.String("EC2"),
 		HealthCheckGracePeriod: pulumi.Int(30),
 		VpcZoneIdentifiers:     args.SubnetIds,

diff --git a/provider/pkg/provider/azure/bastion.go b/provider/pkg/provider/azure/bastion.go
@@ -27,6 +27,7 @@ type BastionArgs struct {
 	Route             pulumi.StringInput      `pulumi:"route"`
 	InstanceSku       pulumi.StringInput      `pulumi:"instanceSku"`
 	TailscaleTags     pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+	HighAvailability  bool                    `pulumi:"highAvailability"`
 }
 
 type UserDataArgs struct {
@@ -113,12 +114,20 @@ func NewBastion(ctx *pulumi.Context,
 		return nil, err
 	}
 
+	var size int
+
+	if args.HighAvailability {
+		size = 2
+	} else {
+		size = 1
+	}
+
 	scaleset, err := compute.NewLinuxVirtualMachineScaleSet(ctx, name, &compute.LinuxVirtualMachineScaleSetArgs{
 		ResourceGroupName: args.ResourceGroupName,
 		Location:          args.Location,
 		UpgradeMode:       pulumi.String("Manual"),
 		Sku:               sku,
-		Instances:         pulumi.Int(1),
+		Instances:         pulumi.Int(size),
 		SourceImageReference: &compute.LinuxVirtualMachineScaleSetSourceImageReferenceArgs{
 			Publisher: pulumi.String("Canonical"),
 			Offer:     pulumi.String("0001-com-ubuntu-server-focal"),

diff --git a/provider/pkg/provider/kubernetes/bastion.go b/provider/pkg/provider/kubernetes/bastion.go
@@ -14,10 +14,11 @@ import (
 
 // The set of arguments for creating a Bastion component resource.
 type BastionArgs struct {
-	CreateNamespace bool                    `pulumi:"createNamespace"`
-	Namespace       *corev1.Namespace       `pulumi:"namespace"`
-	Routes          pulumi.StringArrayInput `pulumi:"routes"`
-	TailscaleTags   pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+	CreateNamespace  bool                    `pulumi:"createNamespace"`
+	Namespace        *corev1.Namespace       `pulumi:"namespace"`
+	Routes           pulumi.StringArrayInput `pulumi:"routes"`
+	TailscaleTags    pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+	HighAvailability bool                    `pulumi:"highAvailability"`
 }
 
 // The Bastion component resource.
@@ -149,12 +150,20 @@ func NewBastion(ctx *pulumi.Context,
 		},
 	).(pulumi.StringOutput)
 
+	var size int
+
+	if args.HighAvailability {
+		size = 2
+	} else {
+		size = 1
+	}
+
 	deployment, err := appsv1.NewDeployment(ctx, name, &appsv1.DeploymentArgs{
 		Metadata: &metav1.ObjectMetaArgs{
 			Namespace: namespace.Metadata.Name(),
 		},
 		Spec: &appsv1.DeploymentSpecArgs{
-			Replicas: pulumi.Int(1),
+			Replicas: pulumi.Int(size),
 			Selector: &metav1.LabelSelectorArgs{
 				MatchLabels: pulumi.StringMap{
 					"name":        pulumi.String(name),

diff --git a/schema.yaml b/schema.yaml
@@ -25,12 +25,17 @@ resources:
       instanceSku:
         type: string
         description: "The Azure instance SKU to use for the bastion."
+      highAvailability:
+        type: boolean
+        description: "Whether the bastion should be highly available."
+        default: false
       tailscaleTags:
         type: array
         items:
           type: string
         description: "The tags to apply to the tailnet device andauth key. This tag should be added to your oauth key and ACL."
     requiredInputs:
+      - highAvailability
       - resourceGroupName
       - subnetId
       - route
@@ -49,6 +54,10 @@ resources:
   tailscale-bastion:aws:Bastion:
     isComponent: true
     inputProperties:
+      highAvailability:
+        type: boolean
+        description: "Whether the bastion should be highly available."
+        default: false
       vpcId:
         type: string
         description: "The VPC the Bastion should be created in."
@@ -72,6 +81,7 @@ resources:
         type: string
         description: "The EC2 instance type to use for the bastion."
     requiredInputs:
+      - highAvailability
       - vpcId
       - subnetIds
       - route
@@ -90,6 +100,10 @@ resources:
   tailscale-bastion:kubernetes:Bastion:
     isComponent: true
     inputProperties:
+      highAvailability:
+        type: boolean
+        description: "Whether the bastion should be highly available."
+        default: false
       tailscaleTags:
         type: array
         items:
@@ -108,6 +122,7 @@ resources:
           type: string
         description: "The routes to advertise to tailscale. This is likely the Pod and Service CIDR."
     requiredInputs:
+      - highAvailability
       - createNamespace
       - routes
       - tailscaleTags

diff --git a/sdk/dotnet/TailscaleBastion/Aws/Bastion.cs b/sdk/dotnet/TailscaleBastion/Aws/Bastion.cs
@@ -54,6 +54,12 @@ private static ComponentResourceOptions MakeResourceOptions(ComponentResourceOpt
 
     public sealed class BastionArgs : global::Pulumi.ResourceArgs
     {
+        /// <summary>
+        /// Whether the bastion should be highly available.
+        /// </summary>
+        [Input("highAvailability", required: true)]
+        public Input<bool> HighAvailability { get; set; } = null!;
+
         /// <summary>
         /// The EC2 instance type to use for the bastion.
         /// </summary>
@@ -104,6 +110,7 @@ public InputList<string> TailscaleTags
 
         public BastionArgs()
         {
+            HighAvailability = false;
         }
         public static new BastionArgs Empty => new BastionArgs();
     }

diff --git a/sdk/dotnet/TailscaleBastion/Azure/Bastion.cs b/sdk/dotnet/TailscaleBastion/Azure/Bastion.cs
@@ -54,6 +54,12 @@ private static ComponentResourceOptions MakeResourceOptions(ComponentResourceOpt
 
     public sealed class BastionArgs : global::Pulumi.ResourceArgs
     {
+        /// <summary>
+        /// Whether the bastion should be highly available.
+        /// </summary>
+        [Input("highAvailability", required: true)]
+        public Input<bool> HighAvailability { get; set; } = null!;
+
         /// <summary>
         /// The Azure instance SKU to use for the bastion.
         /// </summary>
@@ -98,6 +104,7 @@ public InputList<string> TailscaleTags
 
         public BastionArgs()
         {
+            HighAvailability = false;
         }
         public static new BastionArgs Empty => new BastionArgs();
     }

diff --git a/sdk/dotnet/TailscaleBastion/Kubernetes/Bastion.cs b/sdk/dotnet/TailscaleBastion/Kubernetes/Bastion.cs
@@ -54,6 +54,12 @@ public sealed class BastionArgs : global::Pulumi.ResourceArgs
         [Input("createNamespace", required: true)]
         public bool CreateNamespace { get; set; }
 
+        /// <summary>
+        /// Whether the bastion should be highly available.
+        /// </summary>
+        [Input("highAvailability", required: true)]
+        public Input<bool> HighAvailability { get; set; } = null!;
+
         /// <summary>
         /// The bucket resource.
         /// </summary>
@@ -86,6 +92,7 @@ public InputList<string> TailscaleTags
 
         public BastionArgs()
         {
+            HighAvailability = false;
         }
         public static new BastionArgs Empty => new BastionArgs();
     }

diff --git a/sdk/go/bastion/aws/bastion.go b/sdk/go/bastion/aws/bastion.go
diff --git a/sdk/go/bastion/azure/bastion.go b/sdk/go/bastion/azure/bastion.go
diff --git a/sdk/go/bastion/kubernetes/bastion.go b/sdk/go/bastion/kubernetes/bastion.go
diff --git a/sdk/nodejs/aws/bastion.ts b/sdk/nodejs/aws/bastion.ts
@@ -39,6 +39,9 @@ export class Bastion extends pulumi.ComponentResource {
         let resourceInputs: pulumi.Inputs = {};
         opts = opts || {};
         if (!opts.id) {
+            if ((!args || args.highAvailability === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'highAvailability'");
+            }
             if ((!args || args.region === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'region'");
             }
@@ -54,6 +57,7 @@ export class Bastion extends pulumi.ComponentResource {
             if ((!args || args.vpcId === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'vpcId'");
             }
+            resourceInputs["highAvailability"] = (args ? args.highAvailability : undefined) ?? false;
             resourceInputs["instanceType"] = args ? args.instanceType : undefined;
             resourceInputs["region"] = args ? args.region : undefined;
             resourceInputs["route"] = args ? args.route : undefined;
@@ -75,6 +79,10 @@ export class Bastion extends pulumi.ComponentResource {
  * The set of arguments for constructing a Bastion resource.
  */
 export interface BastionArgs {
+    /**
+     * Whether the bastion should be highly available.
+     */
+    highAvailability: pulumi.Input<boolean>;
     /**
      * The EC2 instance type to use for the bastion.
      */

diff --git a/sdk/nodejs/azure/bastion.ts b/sdk/nodejs/azure/bastion.ts
@@ -39,6 +39,9 @@ export class Bastion extends pulumi.ComponentResource {
         let resourceInputs: pulumi.Inputs = {};
         opts = opts || {};
         if (!opts.id) {
+            if ((!args || args.highAvailability === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'highAvailability'");
+            }
             if ((!args || args.location === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'location'");
             }
@@ -54,6 +57,7 @@ export class Bastion extends pulumi.ComponentResource {
             if ((!args || args.tailscaleTags === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'tailscaleTags'");
             }
+            resourceInputs["highAvailability"] = (args ? args.highAvailability : undefined) ?? false;
             resourceInputs["instanceSku"] = args ? args.instanceSku : undefined;
             resourceInputs["location"] = args ? args.location : undefined;
             resourceInputs["resourceGroupName"] = args ? args.resourceGroupName : undefined;
@@ -75,6 +79,10 @@ export class Bastion extends pulumi.ComponentResource {
  * The set of arguments for constructing a Bastion resource.
  */
 export interface BastionArgs {
+    /**
+     * Whether the bastion should be highly available.
+     */
+    highAvailability: pulumi.Input<boolean>;
     /**
      * The Azure instance SKU to use for the bastion.
      */

diff --git a/sdk/nodejs/kubernetes/bastion.ts b/sdk/nodejs/kubernetes/bastion.ts
@@ -40,13 +40,17 @@ export class Bastion extends pulumi.ComponentResource {
             if ((!args || args.createNamespace === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'createNamespace'");
             }
+            if ((!args || args.highAvailability === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'highAvailability'");
+            }
             if ((!args || args.routes === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'routes'");
             }
             if ((!args || args.tailscaleTags === undefined) && !opts.urn) {
                 throw new Error("Missing required property 'tailscaleTags'");
             }
             resourceInputs["createNamespace"] = args ? args.createNamespace : undefined;
+            resourceInputs["highAvailability"] = (args ? args.highAvailability : undefined) ?? false;
             resourceInputs["namespace"] = args ? args.namespace : undefined;
             resourceInputs["routes"] = args ? args.routes : undefined;
             resourceInputs["tailscaleTags"] = args ? args.tailscaleTags : undefined;
@@ -67,6 +71,10 @@ export interface BastionArgs {
      * Whether we should create a new namespace.
      */
     createNamespace: boolean;
+    /**
+     * Whether the bastion should be highly available.
+     */
+    highAvailability: pulumi.Input<boolean>;
     /**
      * The bucket resource.
      */