chaostoolkit-examples/gke-pod-fault-injection/app/terraform/app.tf (83 lines of code) (raw):
#
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
data "google_client_config" "default" {}
provider "kubernetes" {
host = "https://${google_container_cluster.default.endpoint}"
token = data.google_client_config.default.access_token
cluster_ca_certificate = base64decode(google_container_cluster.default.master_auth[0].cluster_ca_certificate)
ignore_annotations = [
"^autopilot\\.gke\\.io\\/.*",
"^cloud\\.google\\.com\\/.*"
]
}
resource "kubernetes_deployment_v1" "default" {
metadata {
name = var.deployment_name
}
spec {
replicas = 3
selector {
match_labels = {
app = var.app_name
}
}
template {
metadata {
labels = {
app = var.app_name
}
}
spec {
container {
image = "us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0"
name = "hello-app-container"
port {
container_port = 8080
name = var.service_name
}
liveness_probe {
http_get {
path = "/"
port = var.service_name
http_header {
name = "X-Custom-Header"
value = "Awesome"
}
}
initial_delay_seconds = 3
period_seconds = 3
}
}
security_context {
# run_as_non_root = true
seccomp_profile {
type = "RuntimeDefault"
}
}
toleration {
effect = "NoSchedule"
key = "kubernetes.io/arch"
operator = "Equal"
value = "amd64"
}
}
}
}
}
resource "kubernetes_service_v1" "default" {
metadata {
name = var.load_balancer_name
}
spec {
selector = {
app = kubernetes_deployment_v1.default.spec[0].selector[0].match_labels.app
}
port {
port = 80
target_port = kubernetes_deployment_v1.default.spec[0].template[0].spec[0].container[0].port[0].name
}
type = "LoadBalancer"
}
depends_on = [time_sleep.wait_service_cleanup]
}
resource "time_sleep" "wait_service_cleanup" {
depends_on = [google_container_cluster.default]
destroy_duration = "180s"
}