0c18a86a7b
- meshcentral: rename port from "https" to "http" — MeshCentral serves plain HTTP when REVERSE_PROXY=true, but Traefik inferred HTTPS from the port name, causing 100% 5xx errors - osm-routing/otp: scale to 0 — TfL GTFS data expired, OTP crash-loops trying to build graph with no valid transit trips - wireguard: add prometheus.io/port=9586 annotation — without it, Prometheus tried scraping all container ports (51820 UDP, 80) - travel-blog: remove stale prometheus.io annotations and dead port 9113 — nginx-exporter sidecar was commented out but annotations remained - dawarich: remove prometheus.io annotations — exporter env vars are commented out so nothing listens on port 9394 - monitoring: raise CPU temp threshold 60°C→75°C (E5-2699 v4 Tcase is 79°C), lower registry cache threshold 50%→25%, add minimum traffic floor (>0.1 req/s) to 4xx/5xx rate alerts to prevent false positives on low-traffic services
227 lines
4.6 KiB
HCL
227 lines
4.6 KiB
HCL
variable "tls_secret_name" {}
|
|
variable "tier" { type = string }
|
|
|
|
resource "kubernetes_namespace" "osm-routing" {
|
|
metadata {
|
|
name = "osm-routing"
|
|
labels = {
|
|
"istio-injection" : "disabled"
|
|
}
|
|
}
|
|
}
|
|
|
|
# --- OSRM Foot ---
|
|
resource "kubernetes_deployment" "osrm-foot" {
|
|
metadata {
|
|
name = "osrm-foot"
|
|
namespace = kubernetes_namespace.osm-routing.metadata[0].name
|
|
labels = {
|
|
app = "osrm-foot"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
spec {
|
|
replicas = 1
|
|
strategy {
|
|
type = "Recreate"
|
|
}
|
|
selector {
|
|
match_labels = {
|
|
app = "osrm-foot"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "osrm-foot"
|
|
}
|
|
}
|
|
spec {
|
|
container {
|
|
name = "osrm-foot"
|
|
image = "ghcr.io/project-osrm/osrm-backend:latest"
|
|
command = ["osrm-routed", "--algorithm", "MLD", "/data/foot/greater-london-latest.osrm"]
|
|
port {
|
|
name = "http"
|
|
container_port = 5000
|
|
protocol = "TCP"
|
|
}
|
|
volume_mount {
|
|
name = "osrm-data"
|
|
mount_path = "/data"
|
|
}
|
|
}
|
|
volume {
|
|
name = "osrm-data"
|
|
nfs {
|
|
server = "10.0.10.15"
|
|
path = "/mnt/main/osm-routing/osrm-data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service" "osrm-foot" {
|
|
metadata {
|
|
name = "osrm-foot"
|
|
namespace = kubernetes_namespace.osm-routing.metadata[0].name
|
|
labels = {
|
|
app = "osrm-foot"
|
|
}
|
|
}
|
|
spec {
|
|
selector = {
|
|
app = "osrm-foot"
|
|
}
|
|
port {
|
|
port = 5000
|
|
target_port = 5000
|
|
}
|
|
}
|
|
}
|
|
|
|
# --- OSRM Bicycle ---
|
|
resource "kubernetes_deployment" "osrm-bicycle" {
|
|
metadata {
|
|
name = "osrm-bicycle"
|
|
namespace = kubernetes_namespace.osm-routing.metadata[0].name
|
|
labels = {
|
|
app = "osrm-bicycle"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
spec {
|
|
replicas = 1
|
|
strategy {
|
|
type = "Recreate"
|
|
}
|
|
selector {
|
|
match_labels = {
|
|
app = "osrm-bicycle"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "osrm-bicycle"
|
|
}
|
|
}
|
|
spec {
|
|
container {
|
|
name = "osrm-bicycle"
|
|
image = "ghcr.io/project-osrm/osrm-backend:latest"
|
|
command = ["osrm-routed", "--algorithm", "MLD", "/data/bicycle/greater-london-latest.osrm"]
|
|
port {
|
|
name = "http"
|
|
container_port = 5000
|
|
protocol = "TCP"
|
|
}
|
|
volume_mount {
|
|
name = "osrm-data"
|
|
mount_path = "/data"
|
|
}
|
|
}
|
|
volume {
|
|
name = "osrm-data"
|
|
nfs {
|
|
server = "10.0.10.15"
|
|
path = "/mnt/main/osm-routing/osrm-data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service" "osrm-bicycle" {
|
|
metadata {
|
|
name = "osrm-bicycle"
|
|
namespace = kubernetes_namespace.osm-routing.metadata[0].name
|
|
labels = {
|
|
app = "osrm-bicycle"
|
|
}
|
|
}
|
|
spec {
|
|
selector = {
|
|
app = "osrm-bicycle"
|
|
}
|
|
port {
|
|
port = 5000
|
|
target_port = 5000
|
|
}
|
|
}
|
|
}
|
|
|
|
# --- OTP (OpenTripPlanner) ---
|
|
resource "kubernetes_deployment" "otp" {
|
|
metadata {
|
|
name = "otp"
|
|
namespace = kubernetes_namespace.osm-routing.metadata[0].name
|
|
labels = {
|
|
app = "otp"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
spec {
|
|
replicas = 0 # Scaled down: TfL GTFS data expired, OTP crash-loops on build
|
|
strategy {
|
|
type = "Recreate"
|
|
}
|
|
selector {
|
|
match_labels = {
|
|
app = "otp"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "otp"
|
|
}
|
|
}
|
|
spec {
|
|
container {
|
|
name = "otp"
|
|
image = "opentripplanner/opentripplanner:2.6.0"
|
|
args = ["--build", "--save"]
|
|
port {
|
|
name = "http"
|
|
container_port = 8080
|
|
protocol = "TCP"
|
|
}
|
|
volume_mount {
|
|
name = "otp-data"
|
|
mount_path = "/var/opentripplanner"
|
|
}
|
|
}
|
|
volume {
|
|
name = "otp-data"
|
|
nfs {
|
|
server = "10.0.10.15"
|
|
path = "/mnt/main/osm-routing/otp-data"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service" "otp" {
|
|
metadata {
|
|
name = "otp"
|
|
namespace = kubernetes_namespace.osm-routing.metadata[0].name
|
|
labels = {
|
|
app = "otp"
|
|
}
|
|
}
|
|
spec {
|
|
selector = {
|
|
app = "otp"
|
|
}
|
|
port {
|
|
port = 8080
|
|
target_port = 8080
|
|
}
|
|
}
|
|
}
|