From aa49143da16ba400f709e4190b172d249492194d Mon Sep 17 00:00:00 2001
From: gar <garlandk@gmail.com>
Date: Sun, 12 Apr 2020 14:50:41 -0700
Subject: [PATCH] Adding prometheus firewall rules

Signed-off-by: gar <garlandk@gmail.com>
---
 .../firewall-rules/prometheus/terragrunt.hcl  | 17 ++++++++++++++
 .../gcp/firewall-rules/prometheus/main.tf     | 22 +++++++++++++++++++
 .../gcp/firewall-rules/prometheus/vars.tf     | 20 +++++++++++++++++
 .../gcp/firewall-rules/prometheus/version.tf  |  4 ++++
 4 files changed, 63 insertions(+)
 create mode 100644 tf-environments/gcp/dev/firewall-rules/prometheus/terragrunt.hcl
 create mode 100644 tf-modules/gcp/firewall-rules/prometheus/main.tf
 create mode 100644 tf-modules/gcp/firewall-rules/prometheus/vars.tf
 create mode 100644 tf-modules/gcp/firewall-rules/prometheus/version.tf

diff --git a/tf-environments/gcp/dev/firewall-rules/prometheus/terragrunt.hcl b/tf-environments/gcp/dev/firewall-rules/prometheus/terragrunt.hcl
new file mode 100644
index 000000000..153701153
--- /dev/null
+++ b/tf-environments/gcp/dev/firewall-rules/prometheus/terragrunt.hcl
@@ -0,0 +1,17 @@
+include {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../../../tf-modules/gcp/firewall-rules/prometheus"
+
+}
+
+inputs = {
+  region = "us-central1-a"
+  project_name = "managedkube"
+
+  network_name = trimspace(run_cmd("terragrunt", "output", "network_name", "--terragrunt-working-dir", "../../vpc"))
+
+  source_range_list = ["10.0.0.0/8"]
+}
diff --git a/tf-modules/gcp/firewall-rules/prometheus/main.tf b/tf-modules/gcp/firewall-rules/prometheus/main.tf
new file mode 100644
index 000000000..0c3ff6a11
--- /dev/null
+++ b/tf-modules/gcp/firewall-rules/prometheus/main.tf
@@ -0,0 +1,22 @@
+terraform {
+  backend "gcs" {}
+}
+
+provider "google" {
+  region      = var.region
+  project     = var.project_name
+  credentials = file(var.credentials_file_path)
+  version     = "~> 2.10.0"
+}
+
+resource "google_compute_firewall" "default" {
+  name    = "prometheus-adapter"
+  network = var.network_name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["6443", "8443"]
+  }
+
+  source_ranges = var.source_range_list
+}
diff --git a/tf-modules/gcp/firewall-rules/prometheus/vars.tf b/tf-modules/gcp/firewall-rules/prometheus/vars.tf
new file mode 100644
index 000000000..bffe8b075
--- /dev/null
+++ b/tf-modules/gcp/firewall-rules/prometheus/vars.tf
@@ -0,0 +1,20 @@
+variable "project_name" {
+  description = "The GCP project name"
+}
+
+variable "region" {
+  description = "The region to launch the vpc in."
+}
+
+variable "credentials_file_path" {
+  description = "A local path to a service account json credentials file."
+}
+
+variable "network_name" {
+  description = "The name of this network"
+}
+
+variable "source_range_list" {
+    type = list
+    description = "The source range list of IPs"
+}
diff --git a/tf-modules/gcp/firewall-rules/prometheus/version.tf b/tf-modules/gcp/firewall-rules/prometheus/version.tf
new file mode 100644
index 000000000..ac97c6ac8
--- /dev/null
+++ b/tf-modules/gcp/firewall-rules/prometheus/version.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}