diff --git a/infra/vultr-kubernetes/firewall.tf b/infra/vultr-kubernetes/firewall.tf index 2a2973f..f475500 100644 --- a/infra/vultr-kubernetes/firewall.tf +++ b/infra/vultr-kubernetes/firewall.tf @@ -7,3 +7,12 @@ resource vultr_firewall_rule web_inbound { subnet_size = 0 port = each.value } + +resource vultr_firewall_rule web-health-inbound { + firewall_group_id = vultr_kubernetes.athens.firewall_group_id + protocol = "tcp" + ip_type = "v4" + subnet = "0.0.0.0" + subnet_size = 0 + port = local.sanity.port +} diff --git a/infra/vultr-kubernetes/test-nginx.tf b/infra/vultr-kubernetes/test-nginx.tf new file mode 100644 index 0000000..89caeae --- /dev/null +++ b/infra/vultr-kubernetes/test-nginx.tf @@ -0,0 +1,64 @@ +# Here we create a super simple pod that we can reach via IP +# Using nginx as the service to expose + +locals { + sanity = { + namespace = "sanity" + service = "web-health" + port = 30808 + } +} + +resource kubernetes_namespace sanity { + metadata { + name = local.sanity.namespace + } +} + +resource kubernetes_pod nginx { + metadata { + name = local.sanity.service + labels = { + app = local.sanity.service + } + } + spec { + container { + image = "nginx:latest" + name = "nginx" + resources { + limits = { + cpu = "200m" + memory = "64Mi" + } + } + liveness_probe { + http_get { + path = "/" + port = 80 + } + + initial_delay_seconds = 30 + period_seconds = 30 + } + } + } +} + +resource kubernetes_service nginx { + metadata { + name = local.sanity.service + } + spec { + selector = { + app = local.sanity.service + } + port { + port = 8080 + target_port = 80 + node_port = local.sanity.port + } + type = "NodePort" + } +} +