locals { application_name_prefixed = format("%s-application", var.application_name) service_name_prefixed = format("%s-service", var.application_name) secret_cert_prefixed = format("%s-secret", var.application_name) } resource "kubernetes_deployment" "application" { metadata { name = local.application_name_prefixed labels = { app = local.deployment_match_label env = var.environment } namespace = var.kubernetes_namespace.id } spec { dynamic strategy { for_each = var.expose_application ? [1] : [] content { type = "Recreate" } } replicas = 1 revision_history_limit = 0 selector { match_labels = { app = local.deployment_match_label } } template { metadata { labels = { app = local.deployment_match_label env = var.environment } } spec { volume { name = local.config_volume_name config_map { name = var.kubernetes_config_map.name } } volume { name = local.log_volume_name persistent_volume_claim { claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name } } container { image = var.application_image name = local.application_name_prefixed args = var.application_args volume_mount { mount_path = "/conf" name = local.config_volume_name } volume_mount { mount_path = "/logs" name = local.log_volume_name } resources { limits = { cpu = "0.5" memory = "512Mi" } requests = { cpu = "250m" memory = "50Mi" } } dynamic port { for_each = var.expose_application ? [1] : [] content { container_port = 8080 host_port = 8080 } } dynamic liveness_probe { for_each = var.expose_application ? [1] : [] content { http_get { path = "/api/health" port = 8080 scheme = "HTTPS" http_header { name = "X-Custom-Header" value = "kube-liveness-probe" } } } } } } } } timeouts { create = "5m" delete = "5m" update = "5m" } } resource "kubernetes_persistent_volume_claim" "log_volume_claim" { metadata { namespace = var.kubernetes_namespace.id name = format("log-%s-pvc", var.application_name) } spec { storage_class_name = "dx30-nfs" access_modes = ["ReadWriteMany"] resources { requests = { storage = "2Gi" } } } } resource "kubernetes_service" "service" { count = var.expose_application ? 1 : 0 metadata { namespace = var.kubernetes_namespace.id name = local.service_name_prefixed labels = { app = local.service_match_label env = var.environment } annotations = { "traefik.ingress.kubernetes.io/service.serversscheme" = "https" } } spec { selector = { app = local.deployment_match_label } session_affinity = "ClientIP" port { name = format("%s-port", var.application_name) protocol = "TCP" port = 8080 target_port = 8080 } } } resource "kubernetes_ingress" "ingress" { count = var.expose_application ? 1 : 0 metadata { namespace = var.kubernetes_namespace.id name = format("%s-ingress", var.application_name) annotations = { "traefik.ingress.kubernetes.io/router.middlewares" = "traefik-gzip-compress@kubernetescrd" "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure" } } spec { tls { secret_name = local.secret_cert_prefixed } rule { host = var.application_dns http { path { path = "/" backend { service_name = local.service_name_prefixed service_port = 8080 } } } } } } resource "kubernetes_secret" "secret_cert" { count = var.expose_application ? 1 : 0 metadata { name = local.secret_cert_prefixed namespace = var.kubernetes_namespace.id } data = { "tls.key" = file("${path.root}/../certs/out/weather-key.pem") "tls.crt" = file("${path.root}/../certs/out/weather.pem") } }