138 lines
3.3 KiB
HCL
138 lines
3.3 KiB
HCL
resource "proxmox_virtual_environment_container" "monitoring" {
|
|
node_name = "pve"
|
|
|
|
vm_id = 6020
|
|
|
|
tags = ["dev", "prod", "common", "monitoring"]
|
|
|
|
unprivileged = true
|
|
|
|
cpu {
|
|
cores = 1
|
|
}
|
|
|
|
memory {
|
|
dedicated = 3072
|
|
}
|
|
|
|
disk {
|
|
datastore_id = var.datastore_id
|
|
size = 64
|
|
}
|
|
|
|
network_interface {
|
|
bridge = var.development_network_bridge_name
|
|
name = "eth-dev"
|
|
firewall = true
|
|
enabled = true
|
|
}
|
|
|
|
initialization {
|
|
hostname = "monitoring"
|
|
ip_config {
|
|
ipv4 {
|
|
address = "192.168.0.252/24"
|
|
gateway = "192.168.0.1"
|
|
}
|
|
}
|
|
user_account {
|
|
keys = [var.ssh_public_key]
|
|
}
|
|
}
|
|
|
|
operating_system {
|
|
template_file_id = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
|
|
type = "debian"
|
|
}
|
|
|
|
started = true
|
|
|
|
startup {
|
|
order = 0
|
|
up_delay = 0
|
|
down_delay = 0
|
|
}
|
|
|
|
features {
|
|
nesting = true
|
|
}
|
|
}
|
|
|
|
resource "proxmox_virtual_environment_firewall_options" "monitoring" {
|
|
depends_on = [proxmox_virtual_environment_container.monitoring]
|
|
|
|
node_name = proxmox_virtual_environment_container.monitoring.node_name
|
|
vm_id = proxmox_virtual_environment_container.monitoring.vm_id
|
|
|
|
enabled = true
|
|
dhcp = true
|
|
input_policy = "DROP"
|
|
output_policy = "ACCEPT"
|
|
}
|
|
|
|
resource "proxmox_virtual_environment_firewall_rules" "monitoring" {
|
|
depends_on = [proxmox_virtual_environment_container.monitoring]
|
|
|
|
node_name = proxmox_virtual_environment_container.monitoring.node_name
|
|
vm_id = proxmox_virtual_environment_container.monitoring.vm_id
|
|
|
|
rule {
|
|
type = "in"
|
|
source = split("/", proxmox_virtual_environment_container.bastion.initialization[0].ip_config[1].ipv4[0].address)[0]
|
|
proto = "tcp"
|
|
dport = "22"
|
|
action = "ACCEPT"
|
|
comment = "SSH from Bastion."
|
|
}
|
|
|
|
rule {
|
|
type = "in"
|
|
proto = "icmp"
|
|
dport = "8"
|
|
action = "ACCEPT"
|
|
comment = "Ping."
|
|
}
|
|
|
|
rule {
|
|
type = "in"
|
|
source = split("/", proxmox_virtual_environment_container.load_balancer.initialization[0].ip_config[1].ipv4[0].address)[0]
|
|
proto = "tcp"
|
|
dport = "3000"
|
|
action = "ACCEPT"
|
|
comment = "Grafana Server from Load Balancer."
|
|
}
|
|
|
|
rule {
|
|
type = "in"
|
|
source = split("/", proxmox_virtual_environment_container.load_balancer.initialization[0].ip_config[1].ipv4[0].address)[0]
|
|
proto = "tcp"
|
|
dport = "9090"
|
|
action = "ACCEPT"
|
|
comment = "Prometheus Server from Load Balancer."
|
|
}
|
|
|
|
rule {
|
|
security_group = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_node_exporter.name
|
|
comment = "Allow Prometheus server to pull Prometheus node exporter from Monitoring Node."
|
|
}
|
|
|
|
rule {
|
|
security_group = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_server_exporter.name
|
|
comment = "Allow Prometheus server to pull Prometheus default exporter from Monitoring Node."
|
|
}
|
|
|
|
rule {
|
|
security_group = proxmox_virtual_environment_cluster_firewall_security_group.prometheus_alertmanager.name
|
|
comment = "Access Prometheus Alertmanager from Monitoring Node."
|
|
}
|
|
|
|
rule {
|
|
type = "in"
|
|
source = "+${proxmox_virtual_environment_firewall_ipset.dev_loggers.name}"
|
|
proto = "tcp"
|
|
dport = "3100"
|
|
action = "ACCEPT"
|
|
comment = "Access Grafana Loki from logging nodes."
|
|
}
|
|
}
|