weather/manifests/application/application.tf

189 lines
4.5 KiB
HCL

locals {
application_name_prefixed = format("%s-application", var.application_name)
service_name_prefixed = format("%s-service", var.application_name)
secret_cert_prefixed = format("%s-secret", var.application_name)
}
resource "kubernetes_deployment" "application" {
metadata {
name = local.application_name_prefixed
labels = {
app = local.deployment_match_label
env = var.environment
}
namespace = var.kubernetes_namespace.id
}
spec {
dynamic strategy {
for_each = var.expose_application ? [1] : []
content {
type = "Recreate"
}
}
replicas = 1
revision_history_limit = 0
selector {
match_labels = {
app = local.deployment_match_label
}
}
template {
metadata {
labels = {
app = local.deployment_match_label
env = var.environment
}
}
spec {
volume {
name = local.config_volume_name
config_map {
name = var.kubernetes_config_map.name
}
}
volume {
name = local.log_volume_name
persistent_volume_claim {
claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name
}
}
container {
image = var.application_image
name = local.application_name_prefixed
args = var.application_args
volume_mount {
mount_path = "/conf"
name = local.config_volume_name
}
volume_mount {
mount_path = "/logs"
name = local.log_volume_name
}
resources {
limits = {
cpu = "0.5"
memory = "512Mi"
}
requests = {
cpu = "250m"
memory = "50Mi"
}
}
dynamic port {
for_each = var.expose_application ? [1] : []
content {
container_port = 8080
host_port = 8080
}
}
dynamic liveness_probe {
for_each = var.expose_application ? [1] : []
content {
http_get {
path = "/api/health"
port = 8080
scheme = "HTTPS"
http_header {
name = "X-Custom-Header"
value = "kube-liveness-probe"
}
}
}
}
}
}
}
}
timeouts {
create = "5m"
delete = "5m"
update = "5m"
}
}
resource "kubernetes_persistent_volume_claim" "log_volume_claim" {
metadata {
namespace = var.kubernetes_namespace.id
name = format("log-%s-pvc", var.application_name)
}
spec {
storage_class_name = "dx30-nfs"
access_modes = ["ReadWriteMany"]
resources {
requests = {
storage = "2Gi"
}
}
}
}
resource "kubernetes_service" "service" {
count = var.expose_application ? 1 : 0
metadata {
namespace = var.kubernetes_namespace.id
name = local.service_name_prefixed
labels = {
app = local.service_match_label
env = var.environment
}
annotations = {
"traefik.ingress.kubernetes.io/service.serversscheme" = "https"
}
}
spec {
selector = {
app = local.deployment_match_label
}
session_affinity = "ClientIP"
port {
name = format("%s-port", var.application_name)
protocol = "TCP"
port = 8080
target_port = 8080
}
}
}
resource "kubernetes_ingress" "ingress" {
count = var.expose_application ? 1 : 0
metadata {
namespace = var.kubernetes_namespace.id
name = format("%s-ingress", var.application_name)
annotations = {
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-gzip-compress@kubernetescrd"
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
}
}
spec {
tls {
secret_name = local.secret_cert_prefixed
}
rule {
host = var.application_dns
http {
path {
path = "/"
backend {
service_name = local.service_name_prefixed
service_port = 8080
}
}
}
}
}
}
resource "kubernetes_secret" "secret_cert" {
count = var.expose_application ? 1 : 0
metadata {
name = local.secret_cert_prefixed
namespace = var.kubernetes_namespace.id
}
data = {
"tls.key" = file("${path.root}/../certs/out/weather-key.pem")
"tls.crt" = file("${path.root}/../certs/out/weather.pem")
}
}