d345841ef2
Added `tier = var.tier` to kubernetes_namespace labels in ~73 service modules. This enables Kyverno to generate LimitRange defaults, ResourceQuotas, and PriorityClass injection for all namespaces. Previously only 11 namespaces had tier labels; now all 80 active namespaces are labeled. All pods restarted in rolling waves to pick up the new policies.
84 lines
1.5 KiB
HCL
84 lines
1.5 KiB
HCL
variable "tls_secret_name" {}
|
|
variable "tier" { type = string }
|
|
|
|
resource "kubernetes_namespace" "echo" {
|
|
metadata {
|
|
name = "echo"
|
|
labels = {
|
|
"istio-injection" : "disabled"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
}
|
|
|
|
module "tls_secret" {
|
|
source = "../setup_tls_secret"
|
|
namespace = kubernetes_namespace.echo.metadata[0].name
|
|
tls_secret_name = var.tls_secret_name
|
|
}
|
|
|
|
resource "kubernetes_deployment" "echo" {
|
|
metadata {
|
|
name = "echo"
|
|
namespace = kubernetes_namespace.echo.metadata[0].name
|
|
labels = {
|
|
app = "echo"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
spec {
|
|
replicas = 5
|
|
selector {
|
|
match_labels = {
|
|
app = "echo"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "echo"
|
|
}
|
|
}
|
|
spec {
|
|
container {
|
|
image = "mendhak/http-https-echo"
|
|
name = "echo"
|
|
port {
|
|
container_port = 8080
|
|
}
|
|
port {
|
|
container_port = 8443
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service" "echo" {
|
|
metadata {
|
|
name = "echo"
|
|
namespace = kubernetes_namespace.echo.metadata[0].name
|
|
labels = {
|
|
"app" = "echo"
|
|
}
|
|
}
|
|
|
|
spec {
|
|
selector = {
|
|
app = "echo"
|
|
}
|
|
port {
|
|
name = "http"
|
|
port = "80"
|
|
target_port = "8080"
|
|
}
|
|
}
|
|
}
|
|
|
|
module "ingress" {
|
|
source = "../ingress_factory"
|
|
namespace = kubernetes_namespace.echo.metadata[0].name
|
|
name = "echo"
|
|
tls_secret_name = var.tls_secret_name
|
|
}
|