Skip to content

Commit

Permalink
Merge pull request #48 from GSA-TTS/connect-egress-proxy
Browse files Browse the repository at this point in the history
Connect egress proxy
  • Loading branch information
rahearn authored Oct 11, 2024
2 parents 181b7a1 + 18fac66 commit a9bcc97
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 26 deletions.
18 changes: 18 additions & 0 deletions .github/workflows/deploy-staging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,24 @@ jobs:
access_key=${{ secrets.TERRAFORM_STATE_ACCESS_KEY }}
secret_key=${{ secrets.TERRAFORM_STATE_SECRET_ACCESS_KEY }}
- name: Set restricted egress
uses: cloud-gov/cg-cli-tools@main
with:
cf_username: ${{ secrets.CF_USERNAME }}
cf_password: ${{ secrets.CF_PASSWORD }}
cf_org: gsa-tts-devtools-prototyping
cf_space: rahearn
cf_command: bind-security-group trusted_local_networks_egress $INPUT_CF_ORG --space $INPUT_CF_SPACE

- name: Set public egress
uses: cloud-gov/cg-cli-tools@main
with:
cf_username: ${{ secrets.CF_USERNAME }}
cf_password: ${{ secrets.CF_PASSWORD }}
cf_org: gsa-tts-devtools-prototyping
cf_space: rahearn-egress
cf_command: bind-security-group public_networks_egress $INPUT_CF_ORG --space $INPUT_CF_SPACE

- name: Deploy app
uses: cloud-gov/cg-cli-tools@main
with:
Expand Down
2 changes: 1 addition & 1 deletion Procfile.dev
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
web: env RUBY_DEBUG_OPEN=true bin/rails server
js: yarn build --watch
css: yarn build:css --verbose --watch
worker: bundle exec sidekiq
#worker: bundle exec sidekiq
10 changes: 5 additions & 5 deletions manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ applications:
RAILS_LOG_TO_STDOUT: true
RAILS_SERVE_STATIC_FILES: true
processes:
- type: worker
instances: ((worker_instances))
memory: ((worker_memory))
command: bundle exec sidekiq
# - type: worker
# instances: ((worker_instances))
# memory: ((worker_memory))
# command: bundle exec sidekiq
- type: web
instances: ((web_instances))
memory: ((web_memory))
command: bundle exec rake cf:on_first_instance db:migrate && bundle exec rails s -b 0.0.0.0 -p $PORT -e $RAILS_ENV
services:
- continuous_monitoring-redis-((env))
# - continuous_monitoring-redis-((env))
- continuous_monitoring-rds-((env))
- tfm-egress-proxy-((env))-creds
34 changes: 14 additions & 20 deletions terraform/staging/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,16 @@ locals {
}

module "app_space" {
source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=cg-space-asg"
source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v1.1.0"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
allow_ssh = false
# deployers should include any user or service account ID that will deploy the app
deployers = ["[email protected]"]
developers = [var.cf_user]
asg_names = ["trusted_local_networks_egress"]
deployers = ["[email protected]", var.cf_user]
}

module "database" {
source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.0.0"
source = "github.com/gsa-tts/terraform-cloudgov//database?ref=v1.1.0"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
Expand All @@ -27,30 +24,27 @@ module "database" {
depends_on = [module.app_space]
}

module "redis" {
source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.0.0"
# module "redis" {
# source = "github.com/gsa-tts/terraform-cloudgov//redis?ref=v1.1.0"

cf_org_name = local.cf_org_name
cf_space_name = local.cf_space_name
name = "${local.app_name}-redis-${local.env}"
redis_plan_name = "redis-dev"
depends_on = [module.app_space]
}
# cf_org_name = local.cf_org_name
# cf_space_name = local.cf_space_name
# name = "${local.app_name}-redis-${local.env}"
# redis_plan_name = "redis-dev"
# depends_on = [module.app_space]
# }

module "egress_space" {
source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=cg-space-asg"
source = "github.com/gsa-tts/terraform-cloudgov//cg_space?ref=v1.1.0"

cf_org_name = local.cf_org_name
cf_space_name = "${local.cf_space_name}-egress"
allow_ssh = false
# deployers should include any user or service account ID that will deploy the egress proxy
deployers = ["[email protected]"]
developers = [var.cf_user]
asg_names = ["public_networks_egress"]
deployers = ["[email protected]", var.cf_user]
}

module "egress_proxy" {
source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=main"
source = "github.com/gsa-tts/terraform-cloudgov//egress_proxy?ref=v1.1.0"

cf_org_name = local.cf_org_name
cf_space_name = module.egress_space.space_name
Expand Down

0 comments on commit a9bcc97

Please sign in to comment.