[ci skip] Add tier labels to all namespace resources for Kyverno resource governance

Added `tier = var.tier` to kubernetes_namespace labels in ~73 service modules. This enables Kyverno to generate LimitRange defaults, ResourceQuotas, and PriorityClass injection for all namespaces. Previously only 11 namespaces had tier labels; now all 80 active namespaces are labeled. All pods restarted in rolling waves to pick up the new policies.
2026-02-21 23:38:05 +00:00 · 2026-02-21 23:38:05 +00:00 · d345841ef2
commit d345841ef2
parent 517f5d6a6c
66 changed files with 135 additions and 12 deletions
--- a/modules/kubernetes/coturn/main.tf
+++ b/modules/kubernetes/coturn/main.tf
@ -1,6 +1,7 @@
 variable "tls_secret_name" {}
 variable "tier" { type = string }
 variable "turn_secret" { type = string }
+variable "public_ip" { type = string }

 locals {
  turn_realm = "viktorbarzin.me"
@ -44,6 +45,7 @@ resource "kubernetes_config_map" "coturn_config" {

      # Network — use 0.0.0.0, coturn auto-detects pod IP
      listening-ip=0.0.0.0
+      external-ip=${var.public_ip}

      # Media relay port range (narrow — 100 ports)
      min-port=${local.min_port}
@ -153,7 +155,7 @@ resource "kubernetes_service" "coturn" {
    name      = "coturn"
    namespace = kubernetes_namespace.coturn.metadata[0].name
    annotations = {
-      "metallb.universe.tf/loadBalancerIPs"  = "10.0.20.200"
+      "metallb.universe.tf/loadBalancerIPs" = "10.0.20.200"
      "metallb.universe.tf/allow-shared-ip" = "shared"
    }
  }