viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/shadowsocks/module/main.tf
Viktor Barzin e225e81ebf
[ci skip] Move Terraform modules into stack directories 
Move all 88 service modules (66 individual + 22 platform) from
modules/kubernetes/<service>/ into their corresponding stack directories:

- Service stacks: stacks/<service>/module/
- Platform stack: stacks/platform/modules/<service>/

This collocates module source code with its Terragrunt definition.
Only shared utility modules remain in modules/kubernetes/:
ingress_factory, setup_tls_secret, dockerhub_secret, oauth-proxy.

All cross-references to shared modules updated to use correct
relative paths. Verified with terragrunt run --all -- plan:
0 adds, 0 destroys across all 68 stacks.
2026-02-22 14:38:14 +00:00

106 lines
2.1 KiB
HCL
Raw Blame History

variable "password" {}
variable "tier" { type = string }
variable "method" {
default = "chacha20-ietf-poly1305"
}
resource "kubernetes_namespace" "shadowsocks" {
metadata {
name = "shadowsocks"
labels = {
tier = var.tier
}
# TLS termination seems iffy - I get pfsense MiTM-ing
# labels = {
# "istio-injection" : "enabled"
# }
}
}
resource "kubernetes_deployment" "shadowsocks" {
metadata {
name = "shadowsocks"
namespace = kubernetes_namespace.shadowsocks.metadata[0].name
labels = {
"app" = "shadowsocks"
tier = var.tier
}
annotations = {
"reloader.stakater.com/search" = "true"
}
}
spec {
replicas = "1"
selector {
match_labels = {
"app" = "shadowsocks"
}
}
template {
metadata {
labels = {
"app" = "shadowsocks"
}
}
spec {
container {
name = "shadowsocks"
image = "shadowsocks/shadowsocks-libev"
image_pull_policy = "IfNotPresent"
env {
name = "METHOD"
value = var.method
}
env {
name = "PASSWORD"
value = var.password
}
port {
container_port = 8388
protocol = "TCP"
}
port {
container_port = 8388
protocol = "UDP"
}
}
}
}
}
}
resource "kubernetes_service" "mailserver" { # rename me
metadata {
name = "shadowsocks"
namespace = kubernetes_namespace.shadowsocks.metadata[0].name
labels = {
app = "shadowsocks"
}
annotations = {
"metallb.universe.tf/allow-shared-ip" = "shared"
}
}
spec {
type = "LoadBalancer"
external_traffic_policy = "Cluster"
selector = {
app = "shadowsocks"
}
port {
name = "shadowsocks-tcp"
protocol = "TCP"
port = 8388
target_port = "8388"
}
port {
name = "shadowsocks-udp"
protocol = "UDP"
port = 8388
target_port = "8388"
}
}
}
Reference in a new issue View git blame Copy permalink