Kubernetes Ingress Bastion
This launches an SSH bastion that utilizes Vault for authenticating the present SSH certificates. Shell sessions cannot be started directly in the bastion, but the bastion can be used as a proxy to private network resources.
Providers
The following providers are needed by this module:
-
aws (5.39.1)
-
kubernetes (2.27.0)
-
random (3.6.0)
-
tls (4.0.5)
-
vault (3.25.0)
Required Inputs
The following input variables are required:
bastion_domains
Description: The domain names of the bastion
Type: list(string)
Optional Inputs
The following input variables are optional (have default values):
bastion_image_version
Description: The version of the image to use for the deployment
Type: string
Default: "alpha"
bastion_port
Description: The port the bastion should use for the ssh server
Type: number
Default: 45459
pull_through_cache_enabled
Description: Whether to use the ECR pull through cache for the deployed images
Type: bool
Default: false
ssh_cert_lifetime_seconds
Description: The lifetime of SSH certs provisioned by Vault
Type: number
Default: 28800
vpa_enabled
Description: Whether the VPA resources should be enabled
Type: bool
Default: false
Outputs
The following outputs are exported:
bastion_domains
Description: The domains the SSH server is available on
bastion_host_public_key
Description: The bastion host's public key for mutual verification
bastion_port
Description: The port the SSH server is available on in each domain
Usage
No notes