Merge pull request #3 from DevOpsPlayground/feature/wetty

Added WeTTY to each workstation

workstations/templates/custom_data.sh.tpl

@@ -60,4 +60,89 @@ contexts:
 
 # Define current context
 current-context: ${namespace}
-EOF
+EOF
+
+# Install web terminal - WeTTY
+echo "--> Installing nodejs and nginx"
+curl -sL https://deb.nodesource.com/setup_15.x | sudo -E bash -
+sudo apt-get install -y nginx nodejs gcc g++ make
+echo "--> Installing yarn"
+curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+sudo apt-get update && sudo apt-get install yarn
+echo "--> Installing Wetty web terminal"
+sudo yarn global add wetty
+echo "--> Configuring Nginx proxy for Wetty web terminal"
+sudo tee /etc/nginx/nginx.conf > /dev/null <<"EOF"
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+events {
+    worker_connections 768;
+}
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+    ssl_prefer_server_ciphers on;
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+  server {
+      listen 80 default_server;
+      listen [::]:80 default_server;
+      server_name _;
+      location / {
+        proxy_pass http://127.0.0.1:3000/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 43200000;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+      }
+      location /apache {
+          proxy_pass http://127.0.0.1:8080;
+          proxy_set_header Host $host;
+          proxy_set_header   X-Real-IP         $remote_addr;
+          proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+          proxy_set_header   X-Forwarded-Proto $scheme;
+      }
+  }
+}
+EOF
+echo "--> Create wetty service account"
+sudo useradd wetty \
+   --shell /bin/bash \
+   --create-home
+echo 'wetty:${wetty_pw}' | sudo chpasswd
+sudo tee /etc/sudoers.d/wetty > /dev/null <<"EOF"
+wetty ALL=(ALL:ALL) ALL
+EOF
+sudo chmod 0440 /etc/sudoers.d/wetty
+sudo usermod -a -G sudo wetty
+echo "--> Installing systemd script for Wetty web terminal"
+sudo tee /etc/systemd/system/wetty.service > /dev/null <<"SERVICE"
+[Unit]
+Description=Wetty Web Terminal
+After=network.target
+[Service]
+User=wetty
+Group=wetty
+ExecStart=/usr/local/bin/wetty -p 3000 --host 127.0.0.1 --ssh-user ${wetty_user}
+[Install]
+WantedBy=multi-user.target
+SERVICE
+sudo chmod 0755 /etc/systemd/system/wetty.service
+echo "--> Enable Nginx and Wetty web terminal services"
+sudo systemctl daemon-reload
+sudo systemctl enable wetty
+sudo systemctl start wetty
+sudo systemctl enable nginx
+sudo systemctl restart nginx

workstations/workstations.tf

@@ -172,7 +172,9 @@ resource "azurerm_virtual_machine" "main" {
         namespace   = kubernetes_namespace.ns[each.key].metadata[0].name,
         sa          = kubernetes_service_account.sa[each.key].metadata[0].name,
         ca_cert     = data.terraform_remote_state.aks-cluster.outputs.cluster_ca_certificate,
-        token = data.kubernetes_secret.secret[each.key].data["token"] 
+        token       = data.kubernetes_secret.secret[each.key].data["token"] 
+        wetty_user  = var.workstation_username
+        wetty_pw    = var.workstation_password
       }
     )
   }