149 lines
3.1 KiB
HCL
149 lines
3.1 KiB
HCL
variable "project" {
|
|
type = string
|
|
}
|
|
|
|
variable "region" {
|
|
type = string
|
|
}
|
|
|
|
variable "cluster" {
|
|
}
|
|
|
|
variable "node_pool" {
|
|
}
|
|
|
|
variable "dns_managed_zone" {
|
|
}
|
|
|
|
variable "public_ingress" {
|
|
description = "Set to true to make the kubernetes ingresses exposed to the public internet."
|
|
type = bool
|
|
}
|
|
|
|
variable "ingress_type" {
|
|
description = "What controller should we use to handle incoming http(s) connections."
|
|
type = string
|
|
}
|
|
|
|
variable "main_k8s_namespace" {
|
|
type = string
|
|
}
|
|
|
|
variable "enable_snat" {
|
|
description = "Whether we should enable source network address translation to the node IP address."
|
|
type = bool
|
|
}
|
|
|
|
# Provide time for Service cleanup
|
|
resource "time_sleep" "wait_service_cleanup" {
|
|
depends_on = [var.cluster]
|
|
|
|
destroy_duration = "180s"
|
|
}
|
|
|
|
|
|
resource "kubernetes_deployment_v1" "default" {
|
|
count = 12
|
|
metadata {
|
|
name = "deployment${count.index + 1}"
|
|
}
|
|
|
|
spec {
|
|
replicas = 2
|
|
|
|
selector {
|
|
match_labels = {
|
|
app = "hello-app-${count.index + 1}"
|
|
}
|
|
}
|
|
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "hello-app-${count.index + 1}"
|
|
}
|
|
}
|
|
|
|
spec {
|
|
container {
|
|
image = "us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0"
|
|
name = "hello-app-container"
|
|
|
|
port {
|
|
container_port = 8080
|
|
name = "hello-app-svc"
|
|
}
|
|
|
|
security_context {
|
|
allow_privilege_escalation = false
|
|
privileged = false
|
|
read_only_root_filesystem = false
|
|
|
|
capabilities {
|
|
add = []
|
|
drop = ["NET_RAW"]
|
|
}
|
|
}
|
|
|
|
liveness_probe {
|
|
http_get {
|
|
path = "/"
|
|
port = "hello-app-svc"
|
|
}
|
|
|
|
initial_delay_seconds = 3
|
|
period_seconds = 3
|
|
}
|
|
}
|
|
|
|
security_context {
|
|
run_as_non_root = true
|
|
|
|
seccomp_profile {
|
|
type = "RuntimeDefault"
|
|
}
|
|
}
|
|
|
|
# Toleration is currently required to prevent perpetual diff:
|
|
# https://github.com/hashicorp/terraform-provider-kubernetes/pull/2380
|
|
toleration {
|
|
effect = "NoSchedule"
|
|
key = "kubernetes.io/arch"
|
|
operator = "Equal"
|
|
value = "amd64"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
depends_on = [var.node_pool]
|
|
}
|
|
|
|
resource "kubernetes_service_v1" "default" {
|
|
count = 12
|
|
metadata {
|
|
name = "service${count.index + 1}"
|
|
annotations = {
|
|
# TODO: Revisit this, is this needed with the gateway API?
|
|
"networking.gke.io/load-balancer-type" = "Internal" # Remove to create an external loadbalancer
|
|
}
|
|
}
|
|
|
|
spec {
|
|
selector = {
|
|
app = kubernetes_deployment_v1.default[count.index].spec[0].selector[0].match_labels.app
|
|
}
|
|
|
|
ip_family_policy = "SingleStack"
|
|
|
|
port {
|
|
port = 80
|
|
target_port = kubernetes_deployment_v1.default[count.index].spec[0].template[0].spec[0].container[0].port[0].name
|
|
}
|
|
|
|
type = "ClusterIP"
|
|
}
|
|
|
|
depends_on = [var.node_pool, time_sleep.wait_service_cleanup]
|
|
}
|