diff --git a/bootstrap/cloudflared/config.yml.tfpl b/bootstrap/cloudflared/config.yml.tfpl index 499e4c1..4822d1b 100644 --- a/bootstrap/cloudflared/config.yml.tfpl +++ b/bootstrap/cloudflared/config.yml.tfpl @@ -1,5 +1,5 @@ # Name of the tunnel you want to run -tunnel: example-tunnel +tunnel: ${tunnel_id} credentials-file: /etc/cloudflared/creds/credentials.json # Serves the metrics server under /metrics and the readiness server under /ready metrics: 0.0.0.0:${metrics_port} diff --git a/bootstrap/cloudflared/credentials.tf b/bootstrap/cloudflared/credentials.tf new file mode 100644 index 0000000..a413fc2 --- /dev/null +++ b/bootstrap/cloudflared/credentials.tf @@ -0,0 +1,22 @@ +locals { + credentials_secret_name = "tunnel-credentials" +} + +resource "kubernetes_secret" "tunnel_credentials" { + metadata { + namespace = var.namespace + name = local.credentials_secret_name + } + + data = { + "credentials.json" = jsonencode({ + "AccountTag" : var.account_tag, + "TunnelSecret" : var.tunnel_secret, + "TunnelID" : var.tunnel_id + }) + } + + type = "Opaque" +} + + diff --git a/bootstrap/cloudflared/deployment.tf b/bootstrap/cloudflared/deployment.tf index 4e406c2..3f434e7 100644 --- a/bootstrap/cloudflared/deployment.tf +++ b/bootstrap/cloudflared/deployment.tf @@ -1,5 +1,6 @@ resource "kubernetes_deployment" "cloudflared" { wait_for_rollout = false + depends_on = [kubernetes_secret.tunnel_credentials] metadata { name = "cloudflared" @@ -86,7 +87,7 @@ resource "kubernetes_deployment" "cloudflared" { volume { name = "creds" secret { - secret_name = var.credentials_secret_name + secret_name = local.credentials_secret_name } } diff --git a/bootstrap/cloudflared/main.tf b/bootstrap/cloudflared/main.tf index 8b70c85..298804e 100644 --- a/bootstrap/cloudflared/main.tf +++ b/bootstrap/cloudflared/main.tf @@ -48,7 +48,12 @@ variable "resources" { } } -variable "credentials_secret_name" { +variable "account_tag" { type = string - default = "Name of the K8s secret where the credentials.json is stored." + default = "AccountTag, written on credentials json." +} + +variable "tunnel_secret" { + type = string + default = "TunnelSecret, written on credentials json." } diff --git a/bootstrap/main.tf b/bootstrap/main.tf index 52b8943..7a8f0f6 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -1,11 +1,11 @@ -resource "kubernetes_namespace" "namespace" { +resource "kubernetes_namespace_v1" "namespace" { metadata { name = var.namespace } } module "feature" { - depends_on = [kubernetes_namespace.namespace] + depends_on = [kubernetes_namespace_v1.namespace] source = "./feature" namespace = var.namespace @@ -25,7 +25,7 @@ module "configs" { } module "services" { - depends_on = [kubernetes_namespace.namespace] + depends_on = [kubernetes_namespace_v1.namespace] for_each = { for network in var.networks : "${network}" => network } source = "./service" @@ -34,7 +34,7 @@ module "services" { } module "proxy" { - depends_on = [kubernetes_namespace.namespace] + depends_on = [kubernetes_namespace_v1.namespace] source = "./proxy" namespace = var.namespace @@ -47,14 +47,15 @@ module "cloudflared" { depends_on = [module.proxy] source = "./cloudflared" - namespace = var.namespace - tunnel_id = var.cloudflared_tunnel_id - hostname = var.cloudflared_hostname - credentials_secret_name = var.cloudflared_credentials_secret_name - metrics_port = var.cloudflared_metrics_port - image_tag = var.cloudflared_image_tag - replicas = var.cloudflared_replicas - resources = var.cloudflared_resources + namespace = var.namespace + tunnel_id = var.cloudflared_tunnel_id + hostname = "${var.extension_subdomain}.${var.dns_zone}" + tunnel_secret = var.cloudflared_tunnel_secret + account_tag = var.cloudflared_account_tag + metrics_port = var.cloudflared_metrics_port + image_tag = var.cloudflared_image_tag + replicas = var.cloudflared_replicas + resources = var.cloudflared_resources } module "instances" { diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf index ff29a48..9041b05 100644 --- a/bootstrap/variables.tf +++ b/bootstrap/variables.tf @@ -67,13 +67,14 @@ variable "cloudflared_tunnel_id" { type = string } -variable "cloudflared_hostname" { - type = string +variable "cloudflared_tunnel_secret" { + type = string + description = "TunnelSecret, written on credentials file." } -variable "cloudflared_credentials_secret_name" { +variable "cloudflared_account_tag" { type = string - description = "Name of the secret where credentials.json is saved." + description = "AccountTag, written on credentials file." } variable "cloudflared_metrics_port" { diff --git a/proxy/src/proxy.rs b/proxy/src/proxy.rs index 1fd6829..a3af136 100644 --- a/proxy/src/proxy.rs +++ b/proxy/src/proxy.rs @@ -31,12 +31,12 @@ impl UtxoRpcProxy { async fn respond_health(&self, session: &mut Session, ctx: &mut Context) { ctx.is_health_request = true; session.set_keepalive(None); + let header = Box::new(ResponseHeader::build(200, None).unwrap()); + session.write_response_header(header, true).await.unwrap(); session .write_response_body(Some(Bytes::from("OK")), true) .await .unwrap(); - let header = Box::new(ResponseHeader::build(200, None).unwrap()); - session.write_response_header(header, true).await.unwrap(); } }