From 281ca5a14b3c2987e67a6121252254bf11511916 Mon Sep 17 00:00:00 2001 From: Liam Date: Tue, 1 Apr 2025 23:16:26 +1100 Subject: [PATCH 1/4] Add engine-deployment.yaml --- .../manifests/engine/engine-deployment.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 kubernetes/manifests/engine/engine-deployment.yaml diff --git a/kubernetes/manifests/engine/engine-deployment.yaml b/kubernetes/manifests/engine/engine-deployment.yaml new file mode 100644 index 0000000..9d9d61f --- /dev/null +++ b/kubernetes/manifests/engine/engine-deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: echo-engine + namespace: default +spec: + selector: + matchLabels: + app: echo-engine + template: + metadata: + labels: + app: echo-engine + spec: + containers: + - name: echo-engine + image: australia-southeast2-docker.pkg.dev/sit-23t1-project-echo-25288b9/project-echo/echo-engine:latest #adjust for docker image + imagePullPolicy: IfNotPresent + ports: + - containerPort: 9001 #adjust + protocol: TCP + \ No newline at end of file From ee5faacb9ed1645058b979c13f29cec713169408 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 5 Apr 2025 12:57:30 +1100 Subject: [PATCH 2/4] Add resource limits and configure health checks --- .../engine/echo-engine-deployment.yaml | 37 +++++++++++++++++++ .../manifests/engine/engine-deployment.yaml | 22 ----------- 2 files changed, 37 insertions(+), 22 deletions(-) create mode 100644 kubernetes/manifests/engine/echo-engine-deployment.yaml delete mode 100644 kubernetes/manifests/engine/engine-deployment.yaml diff --git a/kubernetes/manifests/engine/echo-engine-deployment.yaml b/kubernetes/manifests/engine/echo-engine-deployment.yaml new file mode 100644 index 0000000..78b8757 --- /dev/null +++ b/kubernetes/manifests/engine/echo-engine-deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: echo-engine + namespace: echo-system + labels: + app: echo-engine +spec: + replicas: 2 + selector: + matchLabels: + app: echo-engine + template: + metadata: + labels: + app: echo-engine + spec: + containers: + - name: echo-engine + image: australia-southeast2-docker.pkg.dev/sit-23t1-project-echo-25288b9/project-echo/echo-engine:v1.0.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + name: http + protocol: TCP + resources: + requests: + cpu: "500m" + memory: "512Mi" + livenessProbe: + httpGet: + path: /healthz + port: 8080 + readinessProbe: + httpGet: + path: /readyz + port: 8080 \ No newline at end of file diff --git a/kubernetes/manifests/engine/engine-deployment.yaml b/kubernetes/manifests/engine/engine-deployment.yaml deleted file mode 100644 index 9d9d61f..0000000 --- a/kubernetes/manifests/engine/engine-deployment.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: echo-engine - namespace: default -spec: - selector: - matchLabels: - app: echo-engine - template: - metadata: - labels: - app: echo-engine - spec: - containers: - - name: echo-engine - image: australia-southeast2-docker.pkg.dev/sit-23t1-project-echo-25288b9/project-echo/echo-engine:latest #adjust for docker image - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9001 #adjust - protocol: TCP - \ No newline at end of file From c5501c1f1ee5f045a5b4631d6cb1a8a8e985ef34 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 5 Apr 2025 12:58:21 +1100 Subject: [PATCH 3/4] Add echo-engine-service.yaml --- .../manifests/engine/echo-engine-service.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 kubernetes/manifests/engine/echo-engine-service.yaml diff --git a/kubernetes/manifests/engine/echo-engine-service.yaml b/kubernetes/manifests/engine/echo-engine-service.yaml new file mode 100644 index 0000000..13bf774 --- /dev/null +++ b/kubernetes/manifests/engine/echo-engine-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: echo-engine + namespace: echo-system +spec: + selector: + app: echo-engine + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + type: ClusterIP + \ No newline at end of file From 61c6a7062e9498d25192279878a208e6ccc9d241 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 5 Apr 2025 13:23:42 +1100 Subject: [PATCH 4/4] Add lifecycle rule and state encryption --- .../terraform_state_bucket/bucket.tf | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/terraform/root_modules/terraform_state_bucket/bucket.tf b/terraform/root_modules/terraform_state_bucket/bucket.tf index af96b8b..d05fdc4 100644 --- a/terraform/root_modules/terraform_state_bucket/bucket.tf +++ b/terraform/root_modules/terraform_state_bucket/bucket.tf @@ -7,4 +7,32 @@ resource "google_storage_bucket" "tooling_state" { versioning { enabled = true } + + lifecycle_rule { + action { + type = "Delete" + } + condition { + age = 90 # Auto-delete old state files after 90 days + } + } + + encryption { + default_kms_key_name = google_kms_crypto_key.terraform_state_key.id + } +} + +# KMS key for state encryption +resource "google_kms_crypto_key" "terraform_state_key" { + name = "terraform-state-key" + key_ring = google_kms_key_ring.terraform_key_ring.id + purpose = "ENCRYPT_DECRYPT" + lifecycle { + prevent_destroy = true # Makes KMS key undeletable + } +} + +resource "google_kms_key_ring" "terraform_key_ring" { + name = "terraform-state-keyring" + location = var.gcp_default_region }