feat: expose weather server application with traefik

Makefile

@@ -11,6 +11,7 @@ DOCKER_BUILDKIT=1
 CGO_ENABLED=0
 WEATHER_VERSION=latest
 POLLER_VERSION=latest
+DOMAIN_ALIAS=weather.localdomain
 
 build: build-poller build-weather
 
@@ -23,7 +24,7 @@ build-poller: dependencies
 	go build -o bin/poller-$(GOOS)-$(GOARCH) -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) cmd/poller/main.go
 
 gen-cert:
-	cfssl gencert -config certs/client-config.json -profile server -hostname weather.localdomain certs/client-csr.json | cfssljson -bare certs/out/weather
+	cfssl gencert -config certs/client-config.json -profile server -hostname $(DOMAIN_ALIAS) certs/client-csr.json | cfssljson -bare certs/out/weather
 
 dependencies:
 	go mod download
@@ -58,4 +59,7 @@ docker-build-weather:
 
 docker-push:
 	docker push docker.registry:5000/weather/poller:$(POLLER_VERSION)
-	docker push docker.registry:5000/weather/server:$(WEATHER_VERSION)
+	docker push docker.registry:5000/weather/server:$(WEATHER_VERSION)
+
+change-log-level:
+	curl https://127.0.0.1:8080/api/log -k -X PUT -d '{"level": "debug"}'

cmd/weather/main.go

@@ -25,7 +25,7 @@ func main() {
 	defer defaultLogger.Sync()
 
 	//http
-	addr := web.NewListenAddr("127.0.0.1", 8080)
+	addr := web.NewListenAddr("0.0.0.0", 8080)
 
 	defaultLogger.Sugar().Infof("Weather server is listening on %s", addr)
 	server := web.New(defaultLogger, addr, version.String()).

manifests/application/application.tf

@@ -1,5 +1,7 @@
 locals {
   application_name_prefixed = format("%s-application", var.application_name)
+  service_name_prefixed = format("%s-service", var.application_name)
+  secret_cert_prefixed = format("%s-secret", var.application_name)
 }
 resource "kubernetes_deployment" "application" {
   metadata {
@@ -114,3 +116,74 @@ resource "kubernetes_persistent_volume_claim" "log_volume_claim" {
     }
   }
 }
+
+resource "kubernetes_service" "service" {
+  count = var.expose_application ? 1 : 0
+
+  metadata {
+    namespace = var.kubernetes_namespace.id
+    name = local.service_name_prefixed
+    labels = {
+      app = local.deployment_match_label
+      env = var.environment
+    }
+    annotations = {
+      "traefik.ingress.kubernetes.io/service.serversscheme" = "https"
+    }
+  }
+  spec {
+    selector = {
+      app = local.deployment_match_label
+    }
+    session_affinity = "ClientIP"
+    port {
+      name = format("%s-port", var.application_name)
+      protocol = "TCP"
+      port = 8080
+      target_port = 8080
+    }
+  }
+}
+
+resource "kubernetes_ingress" "ingress" {
+  count = var.expose_application ? 1 : 0
+
+  metadata {
+    namespace = var.kubernetes_namespace.id
+    name = format("%s-ingress", var.application_name)
+    annotations = {
+      "traefik.ingress.kubernetes.io/router.middlewares" = "traefik-gzip-compress@kubernetescrd"
+      "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
+    }
+  }
+  spec {
+    tls {
+      secret_name = local.secret_cert_prefixed
+    }
+    rule {
+      host = var.application_dns
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = local.service_name_prefixed
+            service_port = 8080
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_secret" "secret_cert" {
+  count = var.expose_application ? 1 : 0
+
+  metadata {
+    name = local.secret_cert_prefixed
+    namespace = var.kubernetes_namespace.id
+  }
+  data = {
+    "tls.key" = file("${path.root}/../certs/out/weather-key.pem")
+    "tls.crt" = file("${path.root}/../certs/out/weather.pem")
+  }
+}

manifests/application/variables.tf

@@ -25,6 +25,11 @@ variable "application_args" {
   type = list(string)
   default = []
 }
+variable "application_dns" {
+  description = "application dns name used by ingress rules"
+  type = string
+  default = ""
+}
 variable "expose_application" {
   default = false
   type = bool

manifests/common.tf

@@ -41,4 +41,5 @@ module "weather_server_application" {
   application_image = format("docker.registry/weather/server:%s", var.poller_version)
   kubernetes_config_map = kubernetes_config_map.weather_config.metadata.0
   expose_application = true
+  application_dns = "weather.localdomain"
 }