From 0f7e070f94cec9c8fac6b97ce1a51928b3471392 Mon Sep 17 00:00:00 2001
From: "Klaus @ LambdaClass" <18153834+klaus993@users.noreply.github.com>
Date: Wed, 14 Aug 2024 21:34:11 -0300
Subject: [PATCH] Add zk-stack Route53 zone and HTTP => HTTPS redirect (#14)

* Add zk-stack R53 zone

* Add HTTP => HTTPS redirect

* Fix module references
---
 infra/kubernetes/frontendconfigs/http-https-redirect.yaml | 8 ++++++++
 infra/kubernetes/ingress/en-grafana.yaml                  | 1 +
 infra/kubernetes/ingress/explorer-api.yaml                | 1 +
 infra/kubernetes/ingress/explorer-app.yaml                | 1 +
 infra/kubernetes/ingress/external-node.yaml               | 1 +
 infra/kubernetes/ingress/grafana.yaml                     | 1 +
 infra/kubernetes/ingress/portal.yaml                      | 1 +
 infra/kubernetes/ingress/server.yaml                      | 1 +
 infra/terraform/dev/us-central1/gke/ip.tf                 | 8 +++++++-
 infra/terraform/modules/zk_stack/gke.tf                   | 2 +-
 infra/terraform/modules/zk_stack/providers.tf             | 8 ++++----
 11 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 infra/kubernetes/frontendconfigs/http-https-redirect.yaml

diff --git a/infra/kubernetes/frontendconfigs/http-https-redirect.yaml b/infra/kubernetes/frontendconfigs/http-https-redirect.yaml
new file mode 100644
index 0000000..7c79fbc
--- /dev/null
+++ b/infra/kubernetes/frontendconfigs/http-https-redirect.yaml
@@ -0,0 +1,8 @@
+apiVersion: networking.gke.io/v1beta1
+kind: FrontendConfig
+metadata:
+  name: http-https-redirect
+spec:
+  redirectToHttps:
+    enabled: true
+    responseCodeName: PERMANENT_REDIRECT
diff --git a/infra/kubernetes/ingress/en-grafana.yaml b/infra/kubernetes/ingress/en-grafana.yaml
index 1aae1a7..267b347 100644
--- a/infra/kubernetes/ingress/en-grafana.yaml
+++ b/infra/kubernetes/ingress/en-grafana.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: en01-grafana-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: en01-grafana
 spec:
diff --git a/infra/kubernetes/ingress/explorer-api.yaml b/infra/kubernetes/ingress/explorer-api.yaml
index 6cde8ae..cbc5546 100644
--- a/infra/kubernetes/ingress/explorer-api.yaml
+++ b/infra/kubernetes/ingress/explorer-api.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: explorer-api-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: explorer-api
 spec:
diff --git a/infra/kubernetes/ingress/explorer-app.yaml b/infra/kubernetes/ingress/explorer-app.yaml
index 597e32a..db68a75 100644
--- a/infra/kubernetes/ingress/explorer-app.yaml
+++ b/infra/kubernetes/ingress/explorer-app.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: explorer-app-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: explorer-app
 spec:
diff --git a/infra/kubernetes/ingress/external-node.yaml b/infra/kubernetes/ingress/external-node.yaml
index 4d63e9e..8cd0846 100644
--- a/infra/kubernetes/ingress/external-node.yaml
+++ b/infra/kubernetes/ingress/external-node.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: external-node-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: external-node
 spec:
diff --git a/infra/kubernetes/ingress/grafana.yaml b/infra/kubernetes/ingress/grafana.yaml
index 6f67c47..8bc41f0 100644
--- a/infra/kubernetes/ingress/grafana.yaml
+++ b/infra/kubernetes/ingress/grafana.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: grafana-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: grafana
 spec:
diff --git a/infra/kubernetes/ingress/portal.yaml b/infra/kubernetes/ingress/portal.yaml
index d6b1996..5de8881 100644
--- a/infra/kubernetes/ingress/portal.yaml
+++ b/infra/kubernetes/ingress/portal.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: portal-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: portal
 spec:
diff --git a/infra/kubernetes/ingress/server.yaml b/infra/kubernetes/ingress/server.yaml
index b70bf77..6f527ae 100644
--- a/infra/kubernetes/ingress/server.yaml
+++ b/infra/kubernetes/ingress/server.yaml
@@ -7,6 +7,7 @@ metadata:
     kubernetes.io/ingress.global-static-ip-name: server-ip
     cert-manager.io/issuer: http01-issuer
     acme.cert-manager.io/http01-edit-in-place: "true"
+    networking.gke.io/v1beta1.FrontendConfig: "http-https-redirect"
   labels:
     app: server
 spec:
diff --git a/infra/terraform/dev/us-central1/gke/ip.tf b/infra/terraform/dev/us-central1/gke/ip.tf
index bcad727..c578ac5 100644
--- a/infra/terraform/dev/us-central1/gke/ip.tf
+++ b/infra/terraform/dev/us-central1/gke/ip.tf
@@ -1,3 +1,4 @@
+# Public IPs
 resource "google_compute_global_address" "explorer-app" {
   name = "explorer-app-ip"
 }
@@ -82,8 +83,13 @@ data "google_compute_global_address" "en-grafana" {
   ]
 }
 
+# DNS
+resource "aws_route53_zone" "zk-stack" {
+  name = "zk-stack.lambdaclass.com"
+}
+
 data "aws_route53_zone" "zk-stack-lambdaclass-com" {
-  name         = "${var.aws_dns_zone}."
+  zone_id = aws_route53_zone.zk-stack.zone_id
 }
 
 resource "aws_route53_record" "k8s-explorer-sepolia" {
diff --git a/infra/terraform/modules/zk_stack/gke.tf b/infra/terraform/modules/zk_stack/gke.tf
index 324583a..e3b3e92 100644
--- a/infra/terraform/modules/zk_stack/gke.tf
+++ b/infra/terraform/modules/zk_stack/gke.tf
@@ -1,4 +1,4 @@
-module "zk-stack-stack-gke-cluster" {
+module "zk-stack-gke-cluster" {
   source                     = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
   version                    = "31.1.0"
   project_id                 = var.project_id
diff --git a/infra/terraform/modules/zk_stack/providers.tf b/infra/terraform/modules/zk_stack/providers.tf
index eef035f..573508f 100644
--- a/infra/terraform/modules/zk_stack/providers.tf
+++ b/infra/terraform/modules/zk_stack/providers.tf
@@ -26,16 +26,16 @@ terraform {
 }
 
 provider "kubernetes" {
-  host                   = "https://${module.zk-stack-stack-gke-cluster.endpoint}"
+  host                   = "https://${module.zk-stack-gke-cluster.endpoint}"
   token                  = data.google_client_config.default.access_token
-  cluster_ca_certificate = base64decode(module.zk-stack-stack-gke-cluster.ca_certificate)
+  cluster_ca_certificate = base64decode(module.zk-stack-gke-cluster.ca_certificate)
 }
 
 provider "helm" {
   kubernetes {
-     host                   = "https://${module.zk-stack-stack-gke-cluster.endpoint}"
+     host                   = "https://${module.zk-stack-gke-cluster.endpoint}"
      token                  = data.google_client_config.default.access_token
-     cluster_ca_certificate = base64decode(module.zk-stack-stack-gke-cluster.ca_certificate)
+     cluster_ca_certificate = base64decode(module.zk-stack-gke-cluster.ca_certificate)
   }
 }