0c18a86a7b
- meshcentral: rename port from "https" to "http" — MeshCentral serves plain HTTP when REVERSE_PROXY=true, but Traefik inferred HTTPS from the port name, causing 100% 5xx errors - osm-routing/otp: scale to 0 — TfL GTFS data expired, OTP crash-loops trying to build graph with no valid transit trips - wireguard: add prometheus.io/port=9586 annotation — without it, Prometheus tried scraping all container ports (51820 UDP, 80) - travel-blog: remove stale prometheus.io annotations and dead port 9113 — nginx-exporter sidecar was commented out but annotations remained - dawarich: remove prometheus.io annotations — exporter env vars are commented out so nothing listens on port 9394 - monitoring: raise CPU temp threshold 60°C→75°C (E5-2699 v4 Tcase is 79°C), lower registry cache threshold 50%→25%, add minimum traffic floor (>0.1 req/s) to 4xx/5xx rate alerts to prevent false positives on low-traffic services
106 lines
2.3 KiB
HCL
106 lines
2.3 KiB
HCL
variable "tls_secret_name" {}
|
|
variable "tier" { type = string }
|
|
|
|
resource "kubernetes_namespace" "travel-blog" {
|
|
metadata {
|
|
name = "travel-blog"
|
|
labels = {
|
|
"istio-injection" : "disabled"
|
|
}
|
|
}
|
|
}
|
|
|
|
module "tls_secret" {
|
|
source = "../setup_tls_secret"
|
|
namespace = kubernetes_namespace.travel-blog.metadata[0].name
|
|
tls_secret_name = var.tls_secret_name
|
|
}
|
|
|
|
# module "dockerhub_creds" {
|
|
# source = "../dockerhub_secret"
|
|
# namespace = kubernetes_namespace.travel.metadata[0].name
|
|
# password = var.dockerhub_password
|
|
# }
|
|
|
|
resource "kubernetes_deployment" "blog" {
|
|
metadata {
|
|
name = "travel-blog"
|
|
namespace = kubernetes_namespace.travel-blog.metadata[0].name
|
|
labels = {
|
|
app = "travel-blog"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
spec {
|
|
replicas = 3
|
|
selector {
|
|
match_labels = {
|
|
app = "travel-blog"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "travel-blog"
|
|
}
|
|
}
|
|
spec {
|
|
container {
|
|
image = "viktorbarzin/travel_blog:latest"
|
|
name = "travel-blog"
|
|
resources {
|
|
limits = {
|
|
cpu = "0.5"
|
|
memory = "512Mi"
|
|
}
|
|
requests = {
|
|
cpu = "250m"
|
|
memory = "50Mi"
|
|
}
|
|
}
|
|
port {
|
|
container_port = 80
|
|
}
|
|
}
|
|
|
|
# container {
|
|
# image = "nginx/nginx-prometheus-exporter"
|
|
# name = "nginx-exporter"
|
|
# args = ["-nginx.scrape-uri", "http://127.0.0.1:8080/nginx_status"]
|
|
# port {
|
|
# container_port = 9113
|
|
# }
|
|
# }
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service" "travel-blog" {
|
|
metadata {
|
|
name = "travel-blog"
|
|
namespace = kubernetes_namespace.travel-blog.metadata[0].name
|
|
labels = {
|
|
app = "travel-blog"
|
|
}
|
|
}
|
|
|
|
spec {
|
|
selector = {
|
|
app = "travel-blog"
|
|
}
|
|
port {
|
|
name = "http"
|
|
port = "80"
|
|
target_port = "80"
|
|
}
|
|
}
|
|
}
|
|
|
|
module "ingress" {
|
|
source = "../ingress_factory"
|
|
namespace = kubernetes_namespace.travel-blog.metadata[0].name
|
|
name = "travel"
|
|
tls_secret_name = var.tls_secret_name
|
|
service_name = "travel-blog"
|
|
}
|