infrastructure/k8s.tjo.cloud/modules/cluster-components/gateway.tf

137 lines
3.4 KiB
Terraform
Raw Normal View History

resource "kubernetes_manifest" "tjo-cloud-issuer" {
manifest = {
apiVersion = "cert-manager.io/v1"
kind = "Issuer"
metadata = {
name = "tjo-cloud"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
acme = {
email = "tine@tjo.space"
server = "https://acme-staging-v02.api.letsencrypt.org/directory"
privateKeySecretRef = {
name = "tjo-cloud-acme-account"
}
solvers = [
{
dns01 = {
digitalocean = {
tokenSecretRef = {
name = kubernetes_secret.digitalocean-token.metadata[0].name
key = "token"
}
}
}
2024-08-04 17:50:50 +00:00
selector : {
dnsZones : [
"tjo.cloud"
]
}
}
]
}
}
}
}
2024-07-23 18:42:22 +00:00
resource "kubernetes_manifest" "gateway_class_config" {
manifest = {
apiVersion = "gateway.envoyproxy.io/v1alpha1"
kind = "EnvoyProxy"
metadata = {
name = "daemonset"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
2024-07-26 21:40:38 +00:00
mergeGateways = true
2024-07-23 18:42:22 +00:00
provider = {
type = "Kubernetes"
kubernetes = {
2024-07-26 21:40:38 +00:00
envoyService = {
annotations = {
2024-08-04 17:50:50 +00:00
"external-dns.alpha.kubernetes.io/internal-hostname" = "envoy.internal.k8s.tjo.cloud"
2024-07-26 21:40:38 +00:00
}
}
2024-07-23 18:42:22 +00:00
}
}
}
}
}
2024-07-19 20:48:07 +00:00
resource "kubernetes_manifest" "gateway_class" {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "GatewayClass"
metadata = {
name = "envoy"
}
spec = {
2024-07-25 15:42:08 +00:00
controllerName = "gateway.envoyproxy.io/gatewayclass-controller"
parametersRef = {
group = "gateway.envoyproxy.io"
kind = "EnvoyProxy"
name = kubernetes_manifest.gateway_class_config.object.metadata.name
namespace = kubernetes_manifest.gateway_class_config.object.metadata.namespace
2024-07-23 18:42:22 +00:00
}
}
}
}
resource "kubernetes_manifest" "gateway" {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "Gateway"
metadata = {
name = "gateway"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
annotations = {
2024-07-25 15:42:08 +00:00
"cert-manager.io/issuer" = "tjo-cloud"
}
}
spec = {
2024-07-19 20:48:07 +00:00
gatewayClassName = kubernetes_manifest.gateway_class.object.metadata.name
listeners = [
{
2024-07-25 15:42:08 +00:00
name = "http"
2024-12-22 12:32:22 +00:00
hostname = "*.${var.cluster_domain}"
2024-07-25 15:42:08 +00:00
protocol = "HTTPS"
port = 443
allowedRoutes = {
namespaces = {
from = "Same"
}
}
2024-07-25 15:42:08 +00:00
tls = {
mode = "Terminate"
certificateRefs = [
{
2024-07-25 15:42:08 +00:00
name = "tjo-cloud-tls"
}
]
}
}
]
}
}
}
2024-12-22 12:32:22 +00:00
resource "kubernetes_manifest" "enable-proxy-protocol-policy" {
manifest = {
apiVersion = "gateway.envoyproxy.io/v1alpha1"
kind = "ClientTrafficPolicy"
metadata = {
name = "enable-proxy-protocol-policy"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
targetRef = {
group = "gateway.networking.k8s.io"
kind = "Gateway"
name = kubernetes_manifest.gateway.object.metadata.name
}
enableProxyProtocol = false
}
}
}