mirror of
https://github.com/roleypoly/roleypoly.git
synced 2025-04-25 11:59:11 +00:00
66 lines
1.7 KiB
HCL
66 lines
1.7 KiB
HCL
# Primary cluster hostname
|
|
resource "cloudflare_record" "cluster" {
|
|
zone_id = var.cloudflare-zone-id
|
|
name = var.record-name
|
|
value = var.ingress-endpoint
|
|
type = "A"
|
|
proxied = true
|
|
}
|
|
|
|
# PRD & STG records for direct FQDN usage
|
|
# Long term, these will also be CNAME'd to
|
|
# - prd == roleypoly.com
|
|
# - stg == beta.roleypoly.com
|
|
resource "cloudflare_record" "prd" {
|
|
zone_id = var.cloudflare-zone-id
|
|
name = "prd.${var.record-name}"
|
|
value = cloudflare_record.cluster.hostname
|
|
type = "CNAME"
|
|
proxied = true
|
|
}
|
|
|
|
resource "cloudflare_record" "stg" {
|
|
zone_id = var.cloudflare-zone-id
|
|
name = "stg.${var.record-name}"
|
|
value = cloudflare_record.cluster.hostname
|
|
type = "CNAME"
|
|
proxied = true
|
|
}
|
|
|
|
# Origin CA Cert
|
|
resource "tls_private_key" "origin-ca-key" {
|
|
algorithm = "ECDSA"
|
|
}
|
|
|
|
resource "tls_cert_request" "origin-ca-csr" {
|
|
key_algorithm = tls_private_key.origin-ca-key.algorithm
|
|
private_key_pem = tls_private_key.origin-ca-key.private_key_pem
|
|
|
|
subject {
|
|
common_name = "roleypoly.com"
|
|
organization = "Roleypoly"
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_origin_ca_certificate" "origin-ca-cert" {
|
|
csr = tls_cert_request.origin-ca-csr.cert_request_pem
|
|
hostnames = [
|
|
cloudflare_record.cluster.hostname,
|
|
cloudflare_record.prd.hostname,
|
|
cloudflare_record.stg.hostname
|
|
]
|
|
request_type = "origin-ecc"
|
|
requested_validity = 1095 # 3 years
|
|
}
|
|
|
|
resource "kubernetes_secret" "cloudflare-origin" {
|
|
type = "kubernetes.io/tls"
|
|
metadata {
|
|
name = "cloudflare-origin"
|
|
namespace = "default"
|
|
}
|
|
data = {
|
|
"tls.crt" = base64encode(cloudflare_origin_ca_certificate.origin-ca-cert.certificate),
|
|
"tls.key" = base64encode(tls_private_key.origin-ca-key.private_key_pem)
|
|
}
|
|
}
|