demeter-run · gonzalezzfelipe · Aug 8, 2024 · Aug 8, 2024
diff --git a/bootstrap/cloudflared/config.yml.tfpl b/bootstrap/cloudflared/config.yml.tfpl
@@ -1,5 +1,5 @@
 # Name of the tunnel you want to run
-tunnel: example-tunnel
+tunnel: ${tunnel_id}
 credentials-file: /etc/cloudflared/creds/credentials.json
 # Serves the metrics server under /metrics and the readiness server under /ready
 metrics: 0.0.0.0:${metrics_port}

diff --git a/bootstrap/cloudflared/credentials.tf b/bootstrap/cloudflared/credentials.tf
@@ -0,0 +1,22 @@
+locals {
+  credentials_secret_name = "tunnel-credentials"
+}
+
+resource "kubernetes_secret" "tunnel_credentials" {
+  metadata {
+    namespace = var.namespace
+    name      = local.credentials_secret_name
+  }
+
+  data = {
+    "credentials.json" = jsonencode({
+      "AccountTag" : var.account_tag,
+      "TunnelSecret" : var.tunnel_secret,
+      "TunnelID" : var.tunnel_id
+    })
+  }
+
+  type = "Opaque"
+}
+
+
diff --git a/bootstrap/cloudflared/deployment.tf b/bootstrap/cloudflared/deployment.tf
@@ -1,5 +1,6 @@
 resource "kubernetes_deployment" "cloudflared" {
   wait_for_rollout = false
+  depends_on       = [kubernetes_secret.tunnel_credentials]
 
   metadata {
     name      = "cloudflared"
@@ -86,7 +87,7 @@ resource "kubernetes_deployment" "cloudflared" {
         volume {
           name = "creds"
           secret {
-            secret_name = var.credentials_secret_name
+            secret_name = local.credentials_secret_name
           }
         }
 

diff --git a/bootstrap/cloudflared/main.tf b/bootstrap/cloudflared/main.tf
@@ -48,7 +48,12 @@ variable "resources" {
   }
 }
 
-variable "credentials_secret_name" {
+variable "account_tag" {
   type    = string
-  default = "Name of the K8s secret where the credentials.json is stored."
+  default = "AccountTag, written on credentials json."
+}
+
+variable "tunnel_secret" {
+  type    = string
+  default = "TunnelSecret, written on credentials json."
 }
diff --git a/bootstrap/main.tf b/bootstrap/main.tf
@@ -1,11 +1,11 @@
-resource "kubernetes_namespace" "namespace" {
+resource "kubernetes_namespace_v1" "namespace" {
   metadata {
     name = var.namespace
   }
 }
 
 module "feature" {
-  depends_on = [kubernetes_namespace.namespace]
+  depends_on = [kubernetes_namespace_v1.namespace]
   source     = "./feature"
 
   namespace           = var.namespace
@@ -25,7 +25,7 @@ module "configs" {
 }
 
 module "services" {
-  depends_on = [kubernetes_namespace.namespace]
+  depends_on = [kubernetes_namespace_v1.namespace]
   for_each   = { for network in var.networks : "${network}" => network }
   source     = "./service"
 
@@ -34,7 +34,7 @@ module "services" {
 }
 
 module "proxy" {
-  depends_on = [kubernetes_namespace.namespace]
+  depends_on = [kubernetes_namespace_v1.namespace]
   source     = "./proxy"
 
   namespace = var.namespace
@@ -47,14 +47,15 @@ module "cloudflared" {
   depends_on = [module.proxy]
   source     = "./cloudflared"
 
-  namespace               = var.namespace
-  tunnel_id               = var.cloudflared_tunnel_id
-  hostname                = var.cloudflared_hostname
-  credentials_secret_name = var.cloudflared_credentials_secret_name
-  metrics_port            = var.cloudflared_metrics_port
-  image_tag               = var.cloudflared_image_tag
-  replicas                = var.cloudflared_replicas
-  resources               = var.cloudflared_resources
+  namespace     = var.namespace
+  tunnel_id     = var.cloudflared_tunnel_id
+  hostname      = "${var.extension_subdomain}.${var.dns_zone}"
+  tunnel_secret = var.cloudflared_tunnel_secret
+  account_tag   = var.cloudflared_account_tag
+  metrics_port  = var.cloudflared_metrics_port
+  image_tag     = var.cloudflared_image_tag
+  replicas      = var.cloudflared_replicas
+  resources     = var.cloudflared_resources
 }
 
 module "instances" {

diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf
@@ -67,13 +67,14 @@ variable "cloudflared_tunnel_id" {
   type = string
 }
 
-variable "cloudflared_hostname" {
-  type = string
+variable "cloudflared_tunnel_secret" {
+  type        = string
+  description = "TunnelSecret, written on credentials file."
 }
 
-variable "cloudflared_credentials_secret_name" {
+variable "cloudflared_account_tag" {
   type        = string
-  description = "Name of the secret where credentials.json is saved."
+  description = "AccountTag, written on credentials file."
 }
 
 variable "cloudflared_metrics_port" {

diff --git a/proxy/src/proxy.rs b/proxy/src/proxy.rs
@@ -31,12 +31,12 @@ impl UtxoRpcProxy {
     async fn respond_health(&self, session: &mut Session, ctx: &mut Context) {
         ctx.is_health_request = true;
         session.set_keepalive(None);
+        let header = Box::new(ResponseHeader::build(200, None).unwrap());
+        session.write_response_header(header, true).await.unwrap();
         session
             .write_response_body(Some(Bytes::from("OK")), true)
             .await
             .unwrap();
-        let header = Box::new(ResponseHeader::build(200, None).unwrap());
-        session.write_response_header(header, true).await.unwrap();
     }
 }