Merge pull request #117 from lbrlabs/router_failover

allow making bastions highly available

.github/workflows/main.yml

@@ -94,7 +94,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  prerequisites:
@@ -161,7 +161,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  publish:
@@ -202,7 +202,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  publish_sdk:
@@ -280,7 +280,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  test:
@@ -365,7 +365,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
 name: main

.github/workflows/prerelease.yml

@@ -94,7 +94,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  prerequisites:
@@ -162,7 +162,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  publish:
@@ -203,7 +203,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  publish_sdk:
@@ -281,7 +281,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  test:
@@ -366,7 +366,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
 name: prerelease

.github/workflows/release.yml

@@ -94,7 +94,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  prerequisites:
@@ -161,7 +161,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  publish:
@@ -202,7 +202,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  publish_sdk:
@@ -280,7 +280,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  test:
@@ -365,7 +365,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
 name: release

.github/workflows/run-acceptance-tests.yml

@@ -98,7 +98,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  comment-notification:
@@ -187,7 +187,7 @@ jobs:
  goversion:
  - 1.21.x
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
  test:
@@ -276,7 +276,7 @@ jobs:
  - dotnet
  - go
  nodeversion:
- - 16.x
+ - 18.x
  pythonversion:
  - "3.7"
 name: run-acceptance-tests

provider/pkg/provider/aws/bastion.go

@@ -25,12 +25,13 @@ var (
 
 // The set of arguments for creating a Bastion component resource.
 type BastionArgs struct {
- VpcID pulumi.StringInput `pulumi:"vpcId"`
- SubnetIds pulumi.StringArrayInput `pulumi:"subnetIds"`
- TailscaleTags pulumi.StringArrayInput `pulumi:"tailscaleTags"`
- Route pulumi.StringInput `pulumi:"route"`
- Region pulumi.StringInput `pulumi:"region"`
- InstanceType pulumi.StringInput `pulumi:"instanceType"`
+ VpcID pulumi.StringInput `pulumi:"vpcId"`
+ SubnetIds pulumi.StringArrayInput `pulumi:"subnetIds"`
+ TailscaleTags pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+ Route pulumi.StringInput `pulumi:"route"`
+ Region pulumi.StringInput `pulumi:"region"`
+ InstanceType pulumi.StringInput `pulumi:"instanceType"`
+ HighAvailability bool `pulumi:"highAvailability"`
 }
 
 type UserDataArgs struct {
@@ -291,10 +292,18 @@ func NewBastion(ctx *pulumi.Context,
  return nil, fmt.Errorf("error creating launch configuration: %v", err)
  }
 
+ var size int
+
+ if args.HighAvailability {
+ size = 2
+ } else {
+ size = 1
+ }
+
  asg, err := autoscaling.NewGroup(ctx, name, &autoscaling.GroupArgs{
  LaunchConfiguration: launchConfiguration.ID(),
- MaxSize: pulumi.Int(1),
- MinSize: pulumi.Int(1),
+ MaxSize: pulumi.Int(size),
+ MinSize: pulumi.Int(size),
  HealthCheckType: pulumi.String("EC2"),
  HealthCheckGracePeriod: pulumi.Int(30),
  VpcZoneIdentifiers: args.SubnetIds,

provider/pkg/provider/azure/bastion.go

@@ -27,6 +27,7 @@ type BastionArgs struct {
  Route pulumi.StringInput `pulumi:"route"`
  InstanceSku pulumi.StringInput `pulumi:"instanceSku"`
  TailscaleTags pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+ HighAvailability bool `pulumi:"highAvailability"`
 }
 
 type UserDataArgs struct {
@@ -113,12 +114,20 @@ func NewBastion(ctx *pulumi.Context,
  return nil, err
  }
 
+ var size int
+
+ if args.HighAvailability {
+ size = 2
+ } else {
+ size = 1
+ }
+
  scaleset, err := compute.NewLinuxVirtualMachineScaleSet(ctx, name, &compute.LinuxVirtualMachineScaleSetArgs{
  ResourceGroupName: args.ResourceGroupName,
  Location: args.Location,
  UpgradeMode: pulumi.String("Manual"),
  Sku: sku,
- Instances: pulumi.Int(1),
+ Instances: pulumi.Int(size),
  SourceImageReference: &compute.LinuxVirtualMachineScaleSetSourceImageReferenceArgs{
  Publisher: pulumi.String("Canonical"),
  Offer: pulumi.String("0001-com-ubuntu-server-focal"),

provider/pkg/provider/kubernetes/bastion.go

@@ -14,10 +14,11 @@ import (
 
 // The set of arguments for creating a Bastion component resource.
 type BastionArgs struct {
- CreateNamespace bool `pulumi:"createNamespace"`
- Namespace *corev1.Namespace `pulumi:"namespace"`
- Routes pulumi.StringArrayInput `pulumi:"routes"`
- TailscaleTags pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+ CreateNamespace bool `pulumi:"createNamespace"`
+ Namespace *corev1.Namespace `pulumi:"namespace"`
+ Routes pulumi.StringArrayInput `pulumi:"routes"`
+ TailscaleTags pulumi.StringArrayInput `pulumi:"tailscaleTags"`
+ HighAvailability bool `pulumi:"highAvailability"`
 }
 
 // The Bastion component resource.
@@ -149,12 +150,20 @@ func NewBastion(ctx *pulumi.Context,
  },
  ).(pulumi.StringOutput)
 
+ var size int
+
+ if args.HighAvailability {
+ size = 2
+ } else {
+ size = 1
+ }
+
  deployment, err := appsv1.NewDeployment(ctx, name, &appsv1.DeploymentArgs{
  Metadata: &metav1.ObjectMetaArgs{
  Namespace: namespace.Metadata.Name(),
  },
  Spec: &appsv1.DeploymentSpecArgs{
- Replicas: pulumi.Int(1),
+ Replicas: pulumi.Int(size),
  Selector: &metav1.LabelSelectorArgs{
  MatchLabels: pulumi.StringMap{
  "name": pulumi.String(name),

schema.yaml

@@ -25,12 +25,17 @@ resources:
  instanceSku:
  type: string
  description: "The Azure instance SKU to use for the bastion."
+ highAvailability:
+ type: boolean
+ description: "Whether the bastion should be highly available."
+ default: false
  tailscaleTags:
  type: array
  items:
  type: string
  description: "The tags to apply to the tailnet device andauth key. This tag should be added to your oauth key and ACL."
  requiredInputs:
+ - highAvailability
  - resourceGroupName
  - subnetId
  - route
@@ -49,6 +54,10 @@ resources:
  tailscale-bastion:aws:Bastion:
  isComponent: true
  inputProperties:
+ highAvailability:
+ type: boolean
+ description: "Whether the bastion should be highly available."
+ default: false
  vpcId:
  type: string
  description: "The VPC the Bastion should be created in."
@@ -72,6 +81,7 @@ resources:
  type: string
  description: "The EC2 instance type to use for the bastion."
  requiredInputs:
+ - highAvailability
  - vpcId
  - subnetIds
  - route
@@ -90,6 +100,10 @@ resources:
  tailscale-bastion:kubernetes:Bastion:
  isComponent: true
  inputProperties:
+ highAvailability:
+ type: boolean
+ description: "Whether the bastion should be highly available."
+ default: false
  tailscaleTags:
  type: array
  items:
@@ -108,6 +122,7 @@ resources:
  type: string
  description: "The routes to advertise to tailscale. This is likely the Pod and Service CIDR."
  requiredInputs:
+ - highAvailability
  - createNamespace
  - routes
  - tailscaleTags

sdk/dotnet/TailscaleBastion/Aws/Bastion.cs

@@ -54,6 +54,12 @@ private static ComponentResourceOptions MakeResourceOptions(ComponentResourceOpt
 
  public sealed class BastionArgs : global::Pulumi.ResourceArgs
  {
+ /// <summary>
+ /// Whether the bastion should be highly available.
+ /// </summary>
+ [Input("highAvailability", required: true)]
+ public Input<bool> HighAvailability { get; set; } = null!;
+
  /// <summary>
  /// The EC2 instance type to use for the bastion.
  /// </summary>
@@ -104,6 +110,7 @@ public InputList<string> TailscaleTags
 
  public BastionArgs()
  {
+ HighAvailability = false;
  }
  public static new BastionArgs Empty => new BastionArgs();
  }

sdk/dotnet/TailscaleBastion/Azure/Bastion.cs

@@ -54,6 +54,12 @@ private static ComponentResourceOptions MakeResourceOptions(ComponentResourceOpt
 
  public sealed class BastionArgs : global::Pulumi.ResourceArgs
  {
+ /// <summary>
+ /// Whether the bastion should be highly available.
+ /// </summary>
+ [Input("highAvailability", required: true)]
+ public Input<bool> HighAvailability { get; set; } = null!;
+
  /// <summary>
  /// The Azure instance SKU to use for the bastion.
  /// </summary>
@@ -98,6 +104,7 @@ public InputList<string> TailscaleTags
 
  public BastionArgs()
  {
+ HighAvailability = false;
  }
  public static new BastionArgs Empty => new BastionArgs();
  }

sdk/dotnet/TailscaleBastion/Kubernetes/Bastion.cs

@@ -54,6 +54,12 @@ public sealed class BastionArgs : global::Pulumi.ResourceArgs
  [Input("createNamespace", required: true)]
  public bool CreateNamespace { get; set; }
 
+ /// <summary>
+ /// Whether the bastion should be highly available.
+ /// </summary>
+ [Input("highAvailability", required: true)]
+ public Input<bool> HighAvailability { get; set; } = null!;
+
  /// <summary>
  /// The bucket resource.
  /// </summary>
@@ -86,6 +92,7 @@ public InputList<string> TailscaleTags
 
  public BastionArgs()
  {
+ HighAvailability = false;
  }
  public static new BastionArgs Empty => new BastionArgs();
  }