257 lines
6.7 KiB
HCL
257 lines
6.7 KiB
HCL
resource "kubernetes_namespace" "mijn-365zon" {
|
|
metadata {
|
|
name = "mijn-365zon"
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [metadata]
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_config_map" "mijn-365zon-config" {
|
|
metadata {
|
|
name = "mijn-365zon-config"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
}
|
|
|
|
data = {
|
|
AUTH_ORIGIN = "https://mijn.365zon.nl"
|
|
AUTH_SECRET = "nRm0dT_SD{H<3%Z!"
|
|
HOST = "0.0.0.0"
|
|
NEXTAUTH_URL = "https://mijn.365zon.nl"
|
|
NODE_ENV = "production"
|
|
NUXT_AUTH_ORIGIN = "https://mijn.365zon.nl"
|
|
NUXT_AUTH0_AUDIENCE = "https://365zon-prod.giddix.io"
|
|
NUXT_AUTH0_AUTHORITY = "https://giddix-365zon.eu.auth0.com"
|
|
NUXT_AUTH0_CLIENT_ID = "z2k0ajnrbqDhPRgiqZxW7ODq9aU9jmLG"
|
|
NUXT_AUTH0_CLIENT_SECRET = "oIxleJ9QktIRhN3GhGOozVS0ot8HxWCA1eNeZclSu-MQxD0KvtL0H9rsElO9-tnD"
|
|
NUXT_PUBLIC_API_BASE_URL = "https://365zon-api.giddix.io"
|
|
NUXT_PUBLIC_APP_DEBUG = false
|
|
NUXT_PUBLIC_APP_INSIGHTS_ENABLED = true
|
|
NUXT_PUBLIC_APP_INSIGHTS_INSTRUMENTATION_KEY = "b852a92c-dfbb-4c47-9431-afb9db86d669"
|
|
NUXT_PUBLIC_APP_INSIGHTS_ROLE_NAME = "px-app-365zon-prod"
|
|
NUXT_PUBLIC_BRAND_API_SLUG = "365zon"
|
|
NUXT_PUBLIC_BRAND_SLUG = "365zon"
|
|
NUXT_PUBLIC_FLOW_DEBUG = false
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "mijn-365zon-tls" {
|
|
manifest = {
|
|
apiVersion = "cert-manager.io/v1"
|
|
kind = "Certificate"
|
|
metadata = {
|
|
name = "mijn-365zon-tls"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
}
|
|
|
|
spec = {
|
|
secretName = "mijn-365zon-tls"
|
|
issuerRef = {
|
|
name = "letsencrypt"
|
|
kind = "ClusterIssuer"
|
|
}
|
|
dnsNames = [
|
|
"app.365zon.fourlights.dev",
|
|
]
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "mijn-365zon-deployment" {
|
|
manifest = {
|
|
apiVersion = "apps/v1"
|
|
kind = "Deployment"
|
|
metadata = {
|
|
name = "mijn-365zon"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
}
|
|
|
|
spec = {
|
|
replicas = 1
|
|
selector = {
|
|
matchLabels = {
|
|
app = "mijn-365zon"
|
|
}
|
|
}
|
|
template = {
|
|
metadata = {
|
|
labels = {
|
|
app = "mijn-365zon"
|
|
}
|
|
}
|
|
spec = {
|
|
imagePullSecrets = [
|
|
{
|
|
name = "github"
|
|
}
|
|
]
|
|
containers = [
|
|
{
|
|
name = "mijn-365zon"
|
|
image = "ghcr.io/four-lights-nl/mijn-365zon-frontend-365zon:latest"
|
|
ports = [
|
|
{
|
|
containerPort = 80
|
|
}
|
|
]
|
|
envFrom = [
|
|
{ configMapRef = { name = kubernetes_config_map.mijn-365zon-config.metadata[0].name } }
|
|
]
|
|
resources = {
|
|
requests = {
|
|
cpu = "200m"
|
|
memory = "256Mi"
|
|
}
|
|
limits = {
|
|
cpu = "1"
|
|
memory = "1Gi"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "mijn-365zon-service" {
|
|
manifest = {
|
|
apiVersion = "v1"
|
|
kind = "Service"
|
|
metadata = {
|
|
name = "mijn-365zon"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
}
|
|
|
|
spec = {
|
|
selector = {
|
|
app = "mijn-365zon"
|
|
}
|
|
ports = [
|
|
{
|
|
name = "mijn-365zon"
|
|
port = 80
|
|
protocol = "TCP"
|
|
targetPort = 80
|
|
}
|
|
]
|
|
type = "ClusterIP"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "mijn-365zon-preserve-host-middleware" {
|
|
manifest = {
|
|
apiVersion = "traefik.io/v1alpha1"
|
|
kind = "Middleware"
|
|
metadata = {
|
|
name = "preserve-host-headers"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
}
|
|
spec = {
|
|
headers = {
|
|
customRequestHeaders = {
|
|
"X-Forwarded-Proto" = "https"
|
|
"X-Forwarded-Port" = "443"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "mijn-365zon-https-redirect-middleware" {
|
|
manifest = {
|
|
apiVersion = "traefik.io/v1alpha1"
|
|
kind = "Middleware"
|
|
metadata = {
|
|
name = "redirect-to-https"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
}
|
|
spec = {
|
|
redirectScheme = {
|
|
permanent = true
|
|
scheme = "https"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "mijn-365zon-ingress" {
|
|
depends_on = [
|
|
kubernetes_manifest.mijn-365zon-service,
|
|
kubernetes_manifest.mijn-365zon-tls,
|
|
kubernetes_manifest.mijn-365zon-preserve-host-middleware,
|
|
kubernetes_manifest.mijn-365zon-https-redirect-middleware
|
|
]
|
|
|
|
manifest = {
|
|
apiVersion = "networking.k8s.io/v1"
|
|
kind = "Ingress"
|
|
metadata = {
|
|
name = "mijn-365zon"
|
|
namespace = kubernetes_namespace.mijn-365zon.metadata[0].name
|
|
annotations = {
|
|
"kubernetes.io/ingress.class" = "traefik"
|
|
"traefik.ingress.kubernetes.io/router.entrypoints" = "web,websecure"
|
|
"traefik.ingress.kubernetes.io/router.middlewares" = "mijn-365zon-redirect-to-https@kubernetescrd,mijn-365zon-preserve-host-headers@kubernetescrd"
|
|
}
|
|
}
|
|
|
|
spec = {
|
|
ingressClassName = "traefik"
|
|
rules = [
|
|
{
|
|
host = "mijn.365zon.nl"
|
|
http = {
|
|
paths = [
|
|
{
|
|
path = "/"
|
|
pathType = "Prefix"
|
|
backend = {
|
|
service = {
|
|
name = "mijn-365zon"
|
|
port = {
|
|
number = 80
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
host = "app.365zon.fourlights.dev"
|
|
http = {
|
|
paths = [
|
|
{
|
|
path = "/"
|
|
pathType = "Prefix"
|
|
backend = {
|
|
service = {
|
|
name = "mijn-365zon"
|
|
port = {
|
|
number = 80
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
tls = [
|
|
{
|
|
hosts = ["app.365zon.fourlights.dev"],
|
|
secretName = "mijn-365zon-tls"
|
|
},
|
|
{
|
|
hosts = ["mijn.365zon.nl"],
|
|
secretName = "mijn-365zon-nl"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|