diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index a01435cf..14d28210 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -127,18 +127,34 @@ jobs: id: init run: terraform init -input=false - # On push to main, build or change infrastructure according - # to Terraform configuration files + # On push to main, build or change infrastructure according + # to Terraform configuration files - name: Terraform Apply id: apply env: TF_WORKSPACE: ${{ secrets.TF_WORKSPACE }} # TF VARS TF_VAR_namespace: ${{ inputs.kubeNamespace }} - TF_ENV_appsVersion: '{"s42"="${{ inputs.imageTag }}"}' + TF_VAR_appsVersion: '{"s42"="${{ inputs.imageTag }}"}' TF_VAR_baseUrl: ${{ steps.envurl.outputs.url }} TF_VAR_webhooksEnabled: ${{ inputs.kubeNamespace == 'production' }} TF_VAR_crawlerEnabled: ${{ inputs.kubeNamespace == 'production' }} TF_VAR_hasProvidedJWTKSCertificates: "false" TF_VAR_hasPersistentStorage: ${{ contains(fromJson('["production", "staging"]'), inputs.kubeNamespace) }} run: terraform apply -auto-approve -input=false + + # Update discord channel version information after all jobs are done + # under production environment. + update_discord_channel: + name: "update discord channel" + runs-on: ubuntu-latest + needs: [terraform] + if: ${{ inputs.kubeNamespace == 'production' }} + steps: + - name: Update Discord channel + run: | + curl --request PATCH \ + --url https://discord.com/api/v9/channels/954496570362044466 \ + --header 'Authorization: Bot ${{ secrets.DISCORD_BOT_TOKEN }}' \ + --header 'Content-Type: application/json' \ + --data '{"name": "🔖 ${{ github.event.release.tag_name }}+beta"}' diff --git a/.github/workflows/discord-push-release.yaml b/.github/workflows/discord-push-release.yaml index 3ee17091..9d2d6742 100644 --- a/.github/workflows/discord-push-release.yaml +++ b/.github/workflows/discord-push-release.yaml @@ -43,7 +43,7 @@ jobs: { "style": 5, "label": "Show Full Release", - "url": "https://api.github.com/repos/42Atomys/stud42/releases/72738031", + "url": "https://github.com/42Atomys/stud42/releases/tag/${{ github.event.release.tag_name }}", "disabled": false, "type": 2 } @@ -83,7 +83,7 @@ jobs: { "style": 5, "label": "Show Full Release", - "url": "${{ github.event.release.url }}", + "url": "https://github.com/42Atomys/stud42/releases/tag/${{ github.event.release.tag_name }}", "disabled": false, "type": 2 } diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml index fc489384..b402af58 100644 --- a/.github/workflows/linters.yaml +++ b/.github/workflows/linters.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - stack: ["pre-cluster", "cluster", "apps"] + stack: ["pre-cluster", "cluster", "apps", "sandbox"] defaults: run: working-directory: "deploy/stacks/${{ matrix.stack }}" @@ -17,6 +17,9 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v2 - name: Terraform Format + env: + # Sandbox is not deployed to the production workspace. + TF_WORKSPACE: ${{ matrix.stack == 'sandbox' && 'sandbox' || 'production' }} run: terraform fmt -check=true -recursive backend: diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 08df652a..521db6e2 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -12,11 +12,14 @@ jobs: terraform: runs-on: ubuntu-latest env: - TF_WORKSPACE: production # Compare the changes when plan with production + # Sandbox is not deployed to the production workspace. + # Compare the changes when plan with production + TF_WORKSPACE: ${{ matrix.stack == 'sandbox' && 'sandbox' || 'production' }} AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }} # TF VARS (bind to production to display changes between branch and production) - TF_VAR_namespace: production + # Compare the changes when plan with production + TF_VAR_namespace: ${{ matrix.stack == 'sandbox' && 'sandbox' || 'production' }} TF_ENV_appsVersion: '{"s42": "${{ inputs.imageTag }}"}' TF_VAR_baseUrl: "s42.app" TF_VAR_webhooksEnabled: "true" @@ -26,7 +29,7 @@ jobs: strategy: matrix: - stack: ["pre-cluster", "cluster", "apps"] + stack: ["pre-cluster", "cluster", "apps", "sandbox"] defaults: run: working-directory: "deploy/stacks/${{ matrix.stack }}" diff --git a/deploy/stacks/sandbox/main.tf b/deploy/stacks/sandbox/main.tf index 182f2dc9..0b67e9a2 100644 --- a/deploy/stacks/sandbox/main.tf +++ b/deploy/stacks/sandbox/main.tf @@ -1,4 +1,14 @@ terraform { + backend "s3" { + bucket = "s42-terraform-state" + key = "sandbox.tfstate" + endpoint = "https://s3.gra.io.cloud.ovh.net/" + region = "gra" + skip_region_validation = true + skip_credentials_validation = true + } + + required_providers { kubernetes = { source = "hashicorp/kubernetes" diff --git a/deploy/stacks/sandbox/terraform.tfstate.d/staging/terraform.tfstate b/deploy/stacks/sandbox/terraform.tfstate.d/staging/terraform.tfstate deleted file mode 100644 index 519398dd..00000000 --- a/deploy/stacks/sandbox/terraform.tfstate.d/staging/terraform.tfstate +++ /dev/null @@ -1,1067 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.3.4", - "serial": 15, - "lineage": "5710762d-0e74-9985-5a0c-3122b96f879d", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "kubernetes_config_map", - "name": "stud42_config", - "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "binary_data": {}, - "data": { - "stud42.yaml": "# API relatives configurations\r\napi: {}\r\n\r\n# Interface relatives configurations\r\ninterface: {}\r\n\r\n# jwtks service relatives configurations\r\njwtks:\r\n # Endpoint of the public JWKSet can be used to validate\r\n # a JWT Token\r\n endpoints:\r\n sets: https://sandbox.s42.dev/.well-known/jwks\r\n sign: jwtks-service.sandbox.svc.cluster.local:5000\r\n # Certs used to sign and validate the JWT\r\n # Also called : The JWK\r\n jwk:\r\n certPrivateKeyFile: /etc/certs/jwk/private.key\r\n certPublicKeyFile: /etc/certs/jwk/public.pem\r\n # Certs used to secure the GRPC Endpoint with SSL/TLS\r\n grpc:\r\n insecure: true\r\n certRootCaFile: /etc/certs/grpc/ca.crt\r\n certPrivateKeyFile: /etc/certs/grpc/tls.key\r\n certPublicKeyFile: /etc/certs/grpc/tls.crt\r\n\r\ndiscord:\r\n guildID: \"248936708379246593\"\r\n" - }, - "id": "sandbox/stud42-config", - "immutable": false, - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 0, - "labels": { - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "stud42", - "kubernetes.io/name": "stud42-config" - }, - "name": "stud42-config", - "namespace": "sandbox", - "resource_version": "24765788185", - "uid": "35d00c5b-a37e-4ecd-a68f-d5d89c079e4a" - } - ] - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.istio", - "mode": "managed", - "type": "kubectl_manifest", - "name": "virtual_services", - "provider": "provider[\"registry.terraform.io/gavinbunney/kubectl\"]", - "instances": [ - { - "index_key": "dev-s42-sandbox", - "schema_version": 1, - "attributes": { - "api_version": "networking.istio.io/v1alpha3", - "apply_only": false, - "force_conflicts": false, - "force_new": false, - "id": "/apis/networking.istio.io/v1alpha3/namespaces/sandbox/virtualservices/dev-s42-sandbox", - "ignore_fields": null, - "kind": "VirtualService", - "live_manifest_incluster": "09bcc4821579972e073af266fea104d7477b050c3a889673f6ef6fb3ffab312e", - "live_uid": "950753ce-f13d-4b94-a3bc-aa82422a7776", - "name": "dev-s42-sandbox", - "namespace": "sandbox", - "override_namespace": null, - "sensitive_fields": null, - "server_side_apply": false, - "timeouts": null, - "uid": "950753ce-f13d-4b94-a3bc-aa82422a7776", - "validate_schema": true, - "wait": null, - "wait_for_rollout": true, - "yaml_body": "\"apiVersion\": \"networking.istio.io/v1alpha3\"\n\"kind\": \"VirtualService\"\n\"metadata\":\n \"name\": \"dev-s42-sandbox\"\n \"namespace\": \"sandbox\"\n\"spec\":\n \"gateways\":\n - \"dev-s42-sandbox\"\n \"hosts\":\n - \"sandbox.s42.dev\"\n \"http\":\n - \"match\": null\n \"name\": \"jwtks-service-public-sign\"\n \"rewrite\": null\n \"route\":\n - \"destination\":\n \"host\": \"jwtks-service.sandbox.svc.cluster.local\"\n \"port\":\n \"number\": 5000\n - \"match\":\n - \"method\":\n \"exact\": \"GET\"\n \"uri\":\n \"exact\": null\n \"prefix\": \"/.well-known/jwks\"\n \"name\": \"jwtks-service\"\n \"rewrite\":\n \"uri\": \"/jwks\"\n \"route\":\n - \"destination\":\n \"host\": \"jwtks-service.sandbox.svc.cluster.local\"\n \"port\":\n \"number\": 5500\n", - "yaml_body_parsed": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: dev-s42-sandbox\n namespace: sandbox\nspec:\n gateways:\n - dev-s42-sandbox\n hosts:\n - sandbox.s42.dev\n http:\n - match: null\n name: jwtks-service-public-sign\n rewrite: null\n route:\n - destination:\n host: jwtks-service.sandbox.svc.cluster.local\n port:\n number: 5000\n - match:\n - method:\n exact: GET\n uri:\n exact: null\n prefix: /.well-known/jwks\n name: jwtks-service\n rewrite:\n uri: /jwks\n route:\n - destination:\n host: jwtks-service.sandbox.svc.cluster.local\n port:\n number: 5500\n", - "yaml_incluster": "09bcc4821579972e073af266fea104d7477b050c3a889673f6ef6fb3ffab312e" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_deployment", - "name": "app", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "id": "sandbox/jwtks-service", - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 3, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service", - "namespace": "sandbox", - "resource_version": "24766116380", - "uid": "04e58141-8aea-4d92-9cbc-0583d038b338" - } - ], - "spec": [ - { - "min_ready_seconds": 0, - "paused": false, - "progress_deadline_seconds": 600, - "replicas": "1", - "revision_history_limit": 2, - "selector": [ - { - "match_expressions": [], - "match_labels": { - "kubernetes.io/name": "jwtks-service" - } - } - ], - "strategy": [ - { - "rolling_update": [ - { - "max_surge": "1", - "max_unavailable": "0" - } - ], - "type": "RollingUpdate" - } - ], - "template": [ - { - "metadata": [ - { - "annotations": { - "prometheus.io/path": "/metrics", - "prometheus.io/port": "8080", - "prometheus.io/scrape": "false" - }, - "generate_name": "", - "generation": 0, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "kubernetes.io/name": "jwtks-service", - "sidecar.istio.io/inject": "false", - "version": "latest" - }, - "name": "", - "namespace": "", - "resource_version": "", - "uid": "" - } - ], - "spec": [ - { - "active_deadline_seconds": 0, - "affinity": [], - "automount_service_account_token": true, - "container": [ - { - "args": [ - "--config", - "/config/stud42.yaml", - "serve", - "jwtks" - ], - "command": [ - "stud42cli" - ], - "env": [ - { - "name": "S42_SERVICE_TOKEN", - "value": "", - "value_from": [ - { - "config_map_key_ref": [], - "field_ref": [], - "resource_field_ref": [], - "secret_key_ref": [ - { - "key": "TOKEN", - "name": "s42-service-token", - "optional": false - } - ] - } - ] - }, - { - "name": "SENTRY_DSN", - "value": "", - "value_from": [ - { - "config_map_key_ref": [], - "field_ref": [], - "resource_field_ref": [], - "secret_key_ref": [ - { - "key": "JWTKS_SERVICE_DSN", - "name": "sentry-dsns", - "optional": false - } - ] - } - ] - }, - { - "name": "GO_ENV", - "value": "sandbox", - "value_from": [] - } - ], - "env_from": [], - "image": "ghcr.io/42atomys/stud42:latest", - "image_pull_policy": "IfNotPresent", - "lifecycle": [], - "liveness_probe": [], - "name": "jwtks-service", - "port": [ - { - "container_port": 5000, - "host_ip": "", - "host_port": 0, - "name": "grpc-signing", - "protocol": "TCP" - }, - { - "container_port": 5500, - "host_ip": "", - "host_port": 0, - "name": "http-wellknow", - "protocol": "TCP" - } - ], - "readiness_probe": [], - "resources": [ - { - "limits": { - "memory": "60Mi" - }, - "requests": { - "cpu": "100m", - "memory": "40Mi" - } - } - ], - "security_context": [ - { - "allow_privilege_escalation": false, - "capabilities": [], - "privileged": false, - "read_only_root_filesystem": false, - "run_as_group": "1001", - "run_as_non_root": true, - "run_as_user": "1001", - "se_linux_options": [], - "seccomp_profile": [] - } - ], - "startup_probe": [], - "stdin": false, - "stdin_once": false, - "termination_message_path": "/dev/termination-log", - "termination_message_policy": "File", - "tty": false, - "volume_mount": [ - { - "mount_path": "/config", - "mount_propagation": "None", - "name": "configuration", - "read_only": true, - "sub_path": "" - }, - { - "mount_path": "/etc/certs/grpc", - "mount_propagation": "None", - "name": "certs-grpc", - "read_only": true, - "sub_path": "" - }, - { - "mount_path": "/etc/certs/jwk", - "mount_propagation": "None", - "name": "certs-jwk", - "read_only": true, - "sub_path": "" - } - ], - "working_dir": "" - } - ], - "dns_config": [], - "dns_policy": "ClusterFirst", - "enable_service_links": true, - "host_aliases": [], - "host_ipc": false, - "host_network": false, - "host_pid": false, - "hostname": "", - "image_pull_secrets": [ - { - "name": "ghcr-creds" - } - ], - "init_container": [], - "node_name": "", - "node_selector": { - "nodepool": "small" - }, - "priority_class_name": "", - "readiness_gate": [], - "restart_policy": "Always", - "security_context": [ - { - "fs_group": "1001", - "run_as_group": "1000", - "run_as_non_root": true, - "run_as_user": "1000", - "se_linux_options": [], - "seccomp_profile": [], - "supplemental_groups": [], - "sysctl": [] - } - ], - "service_account_name": "", - "share_process_namespace": false, - "subdomain": "", - "termination_grace_period_seconds": 30, - "toleration": [], - "topology_spread_constraint": [], - "volume": [ - { - "aws_elastic_block_store": [], - "azure_disk": [], - "azure_file": [], - "ceph_fs": [], - "cinder": [], - "config_map": [ - { - "default_mode": "0644", - "items": [], - "name": "stud42-config", - "optional": false - } - ], - "csi": [], - "downward_api": [], - "empty_dir": [], - "fc": [], - "flex_volume": [], - "flocker": [], - "gce_persistent_disk": [], - "git_repo": [], - "glusterfs": [], - "host_path": [], - "iscsi": [], - "local": [], - "name": "configuration", - "nfs": [], - "persistent_volume_claim": [], - "photon_persistent_disk": [], - "projected": [], - "quobyte": [], - "rbd": [], - "secret": [], - "vsphere_volume": [] - }, - { - "aws_elastic_block_store": [], - "azure_disk": [], - "azure_file": [], - "ceph_fs": [], - "cinder": [], - "config_map": [], - "csi": [], - "downward_api": [], - "empty_dir": [], - "fc": [], - "flex_volume": [], - "flocker": [], - "gce_persistent_disk": [], - "git_repo": [], - "glusterfs": [], - "host_path": [], - "iscsi": [], - "local": [], - "name": "certs-grpc", - "nfs": [], - "persistent_volume_claim": [], - "photon_persistent_disk": [], - "projected": [], - "quobyte": [], - "rbd": [], - "secret": [ - { - "default_mode": "0644", - "items": [], - "optional": false, - "secret_name": "jwtks-service-grpc-internal-tls" - } - ], - "vsphere_volume": [] - }, - { - "aws_elastic_block_store": [], - "azure_disk": [], - "azure_file": [], - "ceph_fs": [], - "cinder": [], - "config_map": [], - "csi": [], - "downward_api": [], - "empty_dir": [], - "fc": [], - "flex_volume": [], - "flocker": [], - "gce_persistent_disk": [], - "git_repo": [], - "glusterfs": [], - "host_path": [], - "iscsi": [], - "local": [], - "name": "certs-jwk", - "nfs": [], - "persistent_volume_claim": [], - "photon_persistent_disk": [], - "projected": [], - "quobyte": [], - "rbd": [], - "secret": [ - { - "default_mode": "0644", - "items": [], - "optional": false, - "secret_name": "jwtks-service-certs-jwk" - } - ], - "vsphere_volume": [] - } - ] - } - ] - } - ] - } - ], - "timeouts": null, - "wait_for_rollout": true - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9" - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_horizontal_pod_autoscaler_v2", - "name": "app", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "sandbox/jwtks-service", - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 0, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service", - "namespace": "sandbox", - "resource_version": "24766108333", - "uid": "4a520913-7844-4b4b-a5d5-424cc5b72521" - } - ], - "spec": [ - { - "behavior": [ - { - "scale_down": [ - { - "policy": [ - { - "period_seconds": 15, - "type": "Percent", - "value": 100 - } - ], - "select_policy": "Max", - "stabilization_window_seconds": 0 - } - ], - "scale_up": [ - { - "policy": [ - { - "period_seconds": 15, - "type": "Pods", - "value": 11 - }, - { - "period_seconds": 15, - "type": "Percent", - "value": 100 - } - ], - "select_policy": "Max", - "stabilization_window_seconds": 0 - } - ] - } - ], - "max_replicas": 10, - "metric": [ - { - "container_resource": [], - "external": [], - "object": [], - "pods": [], - "resource": [ - { - "name": "cpu", - "target": [ - { - "average_utilization": 75, - "average_value": "", - "type": "Utilization", - "value": "" - } - ] - } - ], - "type": "Resource" - } - ], - "min_replicas": 1, - "scale_target_ref": [ - { - "api_version": "apps/v1", - "kind": "Deployment", - "name": "jwtks-service" - } - ], - "target_cpu_utilization_percentage": 0 - } - ] - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.jwtks_service.kubernetes_deployment.app" - ] - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_manifest", - "name": "certificate", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": "grpc-internal", - "schema_version": 1, - "attributes": { - "computed_fields": null, - "field_manager": [], - "manifest": { - "value": { - "apiVersion": "cert-manager.io/v1", - "kind": "Certificate", - "metadata": { - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service-grpc-internal", - "namespace": "sandbox" - }, - "spec": { - "dnsNames": [ - "jwtks-service", - "jwtks-service.sandbox.svc.cluster.local" - ], - "issuerRef": { - "kind": "ClusterIssuer", - "name": "selfsigned-issuer" - }, - "secretName": "jwtks-service-grpc-internal-tls" - } - }, - "type": [ - "object", - { - "apiVersion": "string", - "kind": "string", - "metadata": [ - "object", - { - "labels": [ - "object", - { - "app": "string", - "app.kubernetes.io/created-by": "string", - "app.kubernetes.io/managed-by": "string", - "app.kubernetes.io/part-of": "string", - "app.kubernetes.io/version": "string", - "kubernetes.io/name": "string", - "version": "string" - } - ], - "name": "string", - "namespace": "string" - } - ], - "spec": [ - "object", - { - "dnsNames": [ - "list", - "string" - ], - "issuerRef": [ - "object", - { - "kind": "string", - "name": "string" - } - ], - "secretName": "string" - } - ] - } - ] - }, - "object": { - "value": { - "apiVersion": "cert-manager.io/v1", - "kind": "Certificate", - "metadata": { - "annotations": null, - "clusterName": null, - "creationTimestamp": null, - "deletionGracePeriodSeconds": null, - "deletionTimestamp": null, - "finalizers": null, - "generateName": null, - "generation": null, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "managedFields": null, - "name": "jwtks-service-grpc-internal", - "namespace": "sandbox", - "ownerReferences": null, - "resourceVersion": null, - "selfLink": null, - "uid": null - }, - "spec": { - "additionalOutputFormats": null, - "commonName": null, - "dnsNames": [ - "jwtks-service", - "jwtks-service.sandbox.svc.cluster.local" - ], - "duration": null, - "emailAddresses": null, - "encodeUsagesInRequest": null, - "ipAddresses": null, - "isCA": null, - "issuerRef": { - "group": null, - "kind": "ClusterIssuer", - "name": "selfsigned-issuer" - }, - "keystores": { - "jks": { - "create": null, - "passwordSecretRef": { - "key": null, - "name": null - } - }, - "pkcs12": { - "create": null, - "passwordSecretRef": { - "key": null, - "name": null - } - } - }, - "literalSubject": null, - "privateKey": { - "algorithm": null, - "encoding": null, - "rotationPolicy": null, - "size": null - }, - "renewBefore": null, - "revisionHistoryLimit": null, - "secretName": "jwtks-service-grpc-internal-tls", - "secretTemplate": { - "annotations": null, - "labels": null - }, - "subject": { - "countries": null, - "localities": null, - "organizationalUnits": null, - "organizations": null, - "postalCodes": null, - "provinces": null, - "serialNumber": null, - "streetAddresses": null - }, - "uris": null, - "usages": null - } - }, - "type": [ - "object", - { - "apiVersion": "string", - "kind": "string", - "metadata": [ - "object", - { - "annotations": [ - "map", - "string" - ], - "clusterName": "string", - "creationTimestamp": "string", - "deletionGracePeriodSeconds": "number", - "deletionTimestamp": "string", - "finalizers": [ - "list", - "string" - ], - "generateName": "string", - "generation": "number", - "labels": [ - "map", - "string" - ], - "managedFields": [ - "tuple", - [ - [ - "object", - { - "apiVersion": "string", - "fieldsType": "string", - "fieldsV1": "dynamic", - "manager": "string", - "operation": "string", - "subresource": "string", - "time": "string" - } - ] - ] - ], - "name": "string", - "namespace": "string", - "ownerReferences": [ - "list", - [ - "object", - { - "apiVersion": "string", - "blockOwnerDeletion": "bool", - "controller": "bool", - "kind": "string", - "name": "string", - "uid": "string" - } - ] - ], - "resourceVersion": "string", - "selfLink": "string", - "uid": "string" - } - ], - "spec": [ - "object", - { - "additionalOutputFormats": [ - "list", - [ - "object", - { - "type": "string" - } - ] - ], - "commonName": "string", - "dnsNames": [ - "list", - "string" - ], - "duration": "string", - "emailAddresses": [ - "list", - "string" - ], - "encodeUsagesInRequest": "bool", - "ipAddresses": [ - "list", - "string" - ], - "isCA": "bool", - "issuerRef": [ - "object", - { - "group": "string", - "kind": "string", - "name": "string" - } - ], - "keystores": [ - "object", - { - "jks": [ - "object", - { - "create": "bool", - "passwordSecretRef": [ - "object", - { - "key": "string", - "name": "string" - } - ] - } - ], - "pkcs12": [ - "object", - { - "create": "bool", - "passwordSecretRef": [ - "object", - { - "key": "string", - "name": "string" - } - ] - } - ] - } - ], - "literalSubject": "string", - "privateKey": [ - "object", - { - "algorithm": "string", - "encoding": "string", - "rotationPolicy": "string", - "size": "number" - } - ], - "renewBefore": "string", - "revisionHistoryLimit": "number", - "secretName": "string", - "secretTemplate": [ - "object", - { - "annotations": [ - "map", - "string" - ], - "labels": [ - "map", - "string" - ] - } - ], - "subject": [ - "object", - { - "countries": [ - "list", - "string" - ], - "localities": [ - "list", - "string" - ], - "organizationalUnits": [ - "list", - "string" - ], - "organizations": [ - "list", - "string" - ], - "postalCodes": [ - "list", - "string" - ], - "provinces": [ - "list", - "string" - ], - "serialNumber": "string", - "streetAddresses": [ - "list", - "string" - ] - } - ], - "uris": [ - "list", - "string" - ], - "usages": [ - "list", - "string" - ] - } - ] - } - ] - }, - "timeouts": [], - "wait": [], - "wait_for": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_service", - "name": "app", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "id": "sandbox/jwtks-service", - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 0, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service", - "namespace": "sandbox", - "resource_version": "24766093793", - "uid": "2a070796-ad63-4c62-9de5-107d8ffcd10c" - } - ], - "spec": [ - { - "allocate_load_balancer_node_ports": true, - "cluster_ip": "10.3.144.48", - "cluster_ips": [ - "10.3.144.48" - ], - "external_ips": [], - "external_name": "", - "external_traffic_policy": "", - "health_check_node_port": 0, - "internal_traffic_policy": "Cluster", - "ip_families": [ - "IPv4" - ], - "ip_family_policy": "SingleStack", - "load_balancer_class": "", - "load_balancer_ip": "", - "load_balancer_source_ranges": [], - "port": [ - { - "app_protocol": "", - "name": "grpc-signing", - "node_port": 0, - "port": 5000, - "protocol": "TCP", - "target_port": "5000" - }, - { - "app_protocol": "", - "name": "http-wellknow", - "node_port": 0, - "port": 5500, - "protocol": "TCP", - "target_port": "5500" - } - ], - "publish_not_ready_addresses": false, - "selector": { - "kubernetes.io/name": "jwtks-service" - }, - "session_affinity": "None", - "session_affinity_config": [], - "type": "ClusterIP" - } - ], - "status": [ - { - "load_balancer": [ - { - "ingress": [] - } - ] - } - ], - "timeouts": null, - "wait_for_load_balancer": true - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - } - ], - "check_results": null -} diff --git a/deploy/stacks/sandbox/terraform.tfstate.d/staging/terraform.tfstate.backup b/deploy/stacks/sandbox/terraform.tfstate.d/staging/terraform.tfstate.backup deleted file mode 100644 index 4388c0f1..00000000 --- a/deploy/stacks/sandbox/terraform.tfstate.d/staging/terraform.tfstate.backup +++ /dev/null @@ -1,1066 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.3.4", - "serial": 13, - "lineage": "5710762d-0e74-9985-5a0c-3122b96f879d", - "outputs": {}, - "resources": [ - { - "mode": "managed", - "type": "kubernetes_config_map", - "name": "stud42_config", - "provider": "provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "binary_data": {}, - "data": { - "stud42.yaml": "# API relatives configurations\r\napi: {}\r\n\r\n# Interface relatives configurations\r\ninterface: {}\r\n\r\n# jwtks service relatives configurations\r\njwtks:\r\n # Endpoint of the public JWKSet can be used to validate\r\n # a JWT Token\r\n endpoints:\r\n sets: https://sandbox.s42.dev/.well-known/jwks\r\n sign: jwtks-service.sandbox.svc.cluster.local:5000\r\n # Certs used to sign and validate the JWT\r\n # Also called : The JWK\r\n jwk:\r\n certPrivateKeyFile: /etc/certs/jwk/private.key\r\n certPublicKeyFile: /etc/certs/jwk/public.pem\r\n # Certs used to secure the GRPC Endpoint with SSL/TLS\r\n grpc:\r\n insecure: true\r\n certRootCaFile: /etc/certs/grpc/ca.crt\r\n certPrivateKeyFile: /etc/certs/grpc/tls.key\r\n certPublicKeyFile: /etc/certs/grpc/tls.crt\r\n\r\ndiscord:\r\n guildID: \"248936708379246593\"\r\n" - }, - "id": "sandbox/stud42-config", - "immutable": false, - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 0, - "labels": { - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "stud42", - "kubernetes.io/name": "stud42-config" - }, - "name": "stud42-config", - "namespace": "sandbox", - "resource_version": "24765788185", - "uid": "35d00c5b-a37e-4ecd-a68f-d5d89c079e4a" - } - ] - }, - "sensitive_attributes": [], - "private": "bnVsbA==" - } - ] - }, - { - "module": "module.istio", - "mode": "managed", - "type": "kubectl_manifest", - "name": "virtual_services", - "provider": "provider[\"registry.terraform.io/gavinbunney/kubectl\"]", - "instances": [ - { - "index_key": "dev-s42-sandbox", - "schema_version": 1, - "attributes": { - "api_version": "networking.istio.io/v1alpha3", - "apply_only": false, - "force_conflicts": false, - "force_new": false, - "id": "/apis/networking.istio.io/v1alpha3/namespaces/sandbox/virtualservices/dev-s42-sandbox", - "ignore_fields": null, - "kind": "VirtualService", - "live_manifest_incluster": "09bcc4821579972e073af266fea104d7477b050c3a889673f6ef6fb3ffab312e", - "live_uid": "950753ce-f13d-4b94-a3bc-aa82422a7776", - "name": "dev-s42-sandbox", - "namespace": "sandbox", - "override_namespace": null, - "sensitive_fields": null, - "server_side_apply": false, - "timeouts": null, - "uid": "950753ce-f13d-4b94-a3bc-aa82422a7776", - "validate_schema": true, - "wait": null, - "wait_for_rollout": true, - "yaml_body": "\"apiVersion\": \"networking.istio.io/v1alpha3\"\n\"kind\": \"VirtualService\"\n\"metadata\":\n \"name\": \"dev-s42-sandbox\"\n \"namespace\": \"sandbox\"\n\"spec\":\n \"gateways\":\n - \"dev-s42-sandbox\"\n \"hosts\":\n - \"sandbox.s42.dev\"\n \"http\":\n - \"match\": null\n \"name\": \"jwtks-service-public-sign\"\n \"rewrite\": null\n \"route\":\n - \"destination\":\n \"host\": \"jwtks-service.sandbox.svc.cluster.local\"\n \"port\":\n \"number\": 5000\n - \"match\":\n - \"method\":\n \"exact\": \"GET\"\n \"uri\":\n \"exact\": null\n \"prefix\": \"/.well-known/jwks\"\n \"name\": \"jwtks-service\"\n \"rewrite\":\n \"uri\": \"/jwks\"\n \"route\":\n - \"destination\":\n \"host\": \"jwtks-service.sandbox.svc.cluster.local\"\n \"port\":\n \"number\": 5500\n", - "yaml_body_parsed": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: dev-s42-sandbox\n namespace: sandbox\nspec:\n gateways:\n - dev-s42-sandbox\n hosts:\n - sandbox.s42.dev\n http:\n - match: null\n name: jwtks-service-public-sign\n rewrite: null\n route:\n - destination:\n host: jwtks-service.sandbox.svc.cluster.local\n port:\n number: 5000\n - match:\n - method:\n exact: GET\n uri:\n exact: null\n prefix: /.well-known/jwks\n name: jwtks-service\n rewrite:\n uri: /jwks\n route:\n - destination:\n host: jwtks-service.sandbox.svc.cluster.local\n port:\n number: 5500\n", - "yaml_incluster": "09bcc4821579972e073af266fea104d7477b050c3a889673f6ef6fb3ffab312e" - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_deployment", - "name": "app", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "id": "sandbox/jwtks-service", - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 2, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service", - "namespace": "sandbox", - "resource_version": "24766095414", - "uid": "04e58141-8aea-4d92-9cbc-0583d038b338" - } - ], - "spec": [ - { - "min_ready_seconds": 0, - "paused": false, - "progress_deadline_seconds": 600, - "replicas": "1", - "revision_history_limit": 2, - "selector": [ - { - "match_expressions": [], - "match_labels": { - "kubernetes.io/name": "jwtks-service" - } - } - ], - "strategy": [ - { - "rolling_update": [ - { - "max_surge": "1", - "max_unavailable": "0" - } - ], - "type": "RollingUpdate" - } - ], - "template": [ - { - "metadata": [ - { - "annotations": { - "prometheus.io/path": "/metrics", - "prometheus.io/port": "8080", - "prometheus.io/scrape": "false" - }, - "generate_name": "", - "generation": 0, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "", - "namespace": "", - "resource_version": "", - "uid": "" - } - ], - "spec": [ - { - "active_deadline_seconds": 0, - "affinity": [], - "automount_service_account_token": true, - "container": [ - { - "args": [ - "--config", - "/config/stud42.yaml", - "serve", - "jwtks" - ], - "command": [ - "stud42cli" - ], - "env": [ - { - "name": "S42_SERVICE_TOKEN", - "value": "", - "value_from": [ - { - "config_map_key_ref": [], - "field_ref": [], - "resource_field_ref": [], - "secret_key_ref": [ - { - "key": "TOKEN", - "name": "s42-service-token", - "optional": false - } - ] - } - ] - }, - { - "name": "SENTRY_DSN", - "value": "", - "value_from": [ - { - "config_map_key_ref": [], - "field_ref": [], - "resource_field_ref": [], - "secret_key_ref": [ - { - "key": "JWTKS_SERVICE_DSN", - "name": "sentry-dsns", - "optional": false - } - ] - } - ] - }, - { - "name": "GO_ENV", - "value": "sandbox", - "value_from": [] - } - ], - "env_from": [], - "image": "ghcr.io/42atomys/stud42:latest", - "image_pull_policy": "IfNotPresent", - "lifecycle": [], - "liveness_probe": [], - "name": "jwtks-service", - "port": [ - { - "container_port": 5000, - "host_ip": "", - "host_port": 0, - "name": "grpc-signing", - "protocol": "TCP" - }, - { - "container_port": 5500, - "host_ip": "", - "host_port": 0, - "name": "http-wellknow", - "protocol": "TCP" - } - ], - "readiness_probe": [], - "resources": [ - { - "limits": { - "memory": "60Mi" - }, - "requests": { - "cpu": "100m", - "memory": "40Mi" - } - } - ], - "security_context": [ - { - "allow_privilege_escalation": false, - "capabilities": [], - "privileged": false, - "read_only_root_filesystem": false, - "run_as_group": "1001", - "run_as_non_root": true, - "run_as_user": "1001", - "se_linux_options": [], - "seccomp_profile": [] - } - ], - "startup_probe": [], - "stdin": false, - "stdin_once": false, - "termination_message_path": "/dev/termination-log", - "termination_message_policy": "File", - "tty": false, - "volume_mount": [ - { - "mount_path": "/config", - "mount_propagation": "None", - "name": "configuration", - "read_only": true, - "sub_path": "" - }, - { - "mount_path": "/etc/certs/grpc", - "mount_propagation": "None", - "name": "certs-grpc", - "read_only": true, - "sub_path": "" - }, - { - "mount_path": "/etc/certs/jwk", - "mount_propagation": "None", - "name": "certs-jwk", - "read_only": true, - "sub_path": "" - } - ], - "working_dir": "" - } - ], - "dns_config": [], - "dns_policy": "ClusterFirst", - "enable_service_links": true, - "host_aliases": [], - "host_ipc": false, - "host_network": false, - "host_pid": false, - "hostname": "", - "image_pull_secrets": [ - { - "name": "ghcr-creds" - } - ], - "init_container": [], - "node_name": "", - "node_selector": { - "nodepool": "small" - }, - "priority_class_name": "", - "readiness_gate": [], - "restart_policy": "Always", - "security_context": [ - { - "fs_group": "1001", - "run_as_group": "1000", - "run_as_non_root": true, - "run_as_user": "1000", - "se_linux_options": [], - "seccomp_profile": [], - "supplemental_groups": [], - "sysctl": [] - } - ], - "service_account_name": "", - "share_process_namespace": false, - "subdomain": "", - "termination_grace_period_seconds": 30, - "toleration": [], - "topology_spread_constraint": [], - "volume": [ - { - "aws_elastic_block_store": [], - "azure_disk": [], - "azure_file": [], - "ceph_fs": [], - "cinder": [], - "config_map": [ - { - "default_mode": "0644", - "items": [], - "name": "stud42-config", - "optional": false - } - ], - "csi": [], - "downward_api": [], - "empty_dir": [], - "fc": [], - "flex_volume": [], - "flocker": [], - "gce_persistent_disk": [], - "git_repo": [], - "glusterfs": [], - "host_path": [], - "iscsi": [], - "local": [], - "name": "configuration", - "nfs": [], - "persistent_volume_claim": [], - "photon_persistent_disk": [], - "projected": [], - "quobyte": [], - "rbd": [], - "secret": [], - "vsphere_volume": [] - }, - { - "aws_elastic_block_store": [], - "azure_disk": [], - "azure_file": [], - "ceph_fs": [], - "cinder": [], - "config_map": [], - "csi": [], - "downward_api": [], - "empty_dir": [], - "fc": [], - "flex_volume": [], - "flocker": [], - "gce_persistent_disk": [], - "git_repo": [], - "glusterfs": [], - "host_path": [], - "iscsi": [], - "local": [], - "name": "certs-grpc", - "nfs": [], - "persistent_volume_claim": [], - "photon_persistent_disk": [], - "projected": [], - "quobyte": [], - "rbd": [], - "secret": [ - { - "default_mode": "0644", - "items": [], - "optional": false, - "secret_name": "jwtks-service-grpc-internal-tls" - } - ], - "vsphere_volume": [] - }, - { - "aws_elastic_block_store": [], - "azure_disk": [], - "azure_file": [], - "ceph_fs": [], - "cinder": [], - "config_map": [], - "csi": [], - "downward_api": [], - "empty_dir": [], - "fc": [], - "flex_volume": [], - "flocker": [], - "gce_persistent_disk": [], - "git_repo": [], - "glusterfs": [], - "host_path": [], - "iscsi": [], - "local": [], - "name": "certs-jwk", - "nfs": [], - "persistent_volume_claim": [], - "photon_persistent_disk": [], - "projected": [], - "quobyte": [], - "rbd": [], - "secret": [ - { - "default_mode": "0644", - "items": [], - "optional": false, - "secret_name": "jwtks-service-certs-jwk" - } - ], - "vsphere_volume": [] - } - ] - } - ] - } - ] - } - ], - "timeouts": null, - "wait_for_rollout": true - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9" - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_horizontal_pod_autoscaler_v2", - "name": "app", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "sandbox/jwtks-service", - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 0, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service", - "namespace": "sandbox", - "resource_version": "24766080693", - "uid": "4a520913-7844-4b4b-a5d5-424cc5b72521" - } - ], - "spec": [ - { - "behavior": [ - { - "scale_down": [ - { - "policy": [ - { - "period_seconds": 15, - "type": "Percent", - "value": 100 - } - ], - "select_policy": "Max", - "stabilization_window_seconds": 0 - } - ], - "scale_up": [ - { - "policy": [ - { - "period_seconds": 15, - "type": "Pods", - "value": 11 - }, - { - "period_seconds": 15, - "type": "Percent", - "value": 100 - } - ], - "select_policy": "Max", - "stabilization_window_seconds": 0 - } - ] - } - ], - "max_replicas": 10, - "metric": [ - { - "container_resource": [], - "external": [], - "object": [], - "pods": [], - "resource": [ - { - "name": "cpu", - "target": [ - { - "average_utilization": 75, - "average_value": "", - "type": "Utilization", - "value": "" - } - ] - } - ], - "type": "Resource" - } - ], - "min_replicas": 1, - "scale_target_ref": [ - { - "api_version": "apps/v1", - "kind": "Deployment", - "name": "jwtks-service" - } - ], - "target_cpu_utilization_percentage": 0 - } - ] - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.jwtks_service.kubernetes_deployment.app" - ] - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_manifest", - "name": "certificate", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": "grpc-internal", - "schema_version": 1, - "attributes": { - "computed_fields": null, - "field_manager": [], - "manifest": { - "value": { - "apiVersion": "cert-manager.io/v1", - "kind": "Certificate", - "metadata": { - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service-grpc-internal", - "namespace": "sandbox" - }, - "spec": { - "dnsNames": [ - "jwtks-service", - "jwtks-service.sandbox.svc.cluster.local" - ], - "issuerRef": { - "kind": "ClusterIssuer", - "name": "selfsigned-issuer" - }, - "secretName": "jwtks-service-grpc-internal-tls" - } - }, - "type": [ - "object", - { - "apiVersion": "string", - "kind": "string", - "metadata": [ - "object", - { - "labels": [ - "object", - { - "app": "string", - "app.kubernetes.io/created-by": "string", - "app.kubernetes.io/managed-by": "string", - "app.kubernetes.io/part-of": "string", - "app.kubernetes.io/version": "string", - "kubernetes.io/name": "string", - "version": "string" - } - ], - "name": "string", - "namespace": "string" - } - ], - "spec": [ - "object", - { - "dnsNames": [ - "list", - "string" - ], - "issuerRef": [ - "object", - { - "kind": "string", - "name": "string" - } - ], - "secretName": "string" - } - ] - } - ] - }, - "object": { - "value": { - "apiVersion": "cert-manager.io/v1", - "kind": "Certificate", - "metadata": { - "annotations": null, - "clusterName": null, - "creationTimestamp": null, - "deletionGracePeriodSeconds": null, - "deletionTimestamp": null, - "finalizers": null, - "generateName": null, - "generation": null, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "managedFields": null, - "name": "jwtks-service-grpc-internal", - "namespace": "sandbox", - "ownerReferences": null, - "resourceVersion": null, - "selfLink": null, - "uid": null - }, - "spec": { - "additionalOutputFormats": null, - "commonName": null, - "dnsNames": [ - "jwtks-service", - "jwtks-service.sandbox.svc.cluster.local" - ], - "duration": null, - "emailAddresses": null, - "encodeUsagesInRequest": null, - "ipAddresses": null, - "isCA": null, - "issuerRef": { - "group": null, - "kind": "ClusterIssuer", - "name": "selfsigned-issuer" - }, - "keystores": { - "jks": { - "create": null, - "passwordSecretRef": { - "key": null, - "name": null - } - }, - "pkcs12": { - "create": null, - "passwordSecretRef": { - "key": null, - "name": null - } - } - }, - "literalSubject": null, - "privateKey": { - "algorithm": null, - "encoding": null, - "rotationPolicy": null, - "size": null - }, - "renewBefore": null, - "revisionHistoryLimit": null, - "secretName": "jwtks-service-grpc-internal-tls", - "secretTemplate": { - "annotations": null, - "labels": null - }, - "subject": { - "countries": null, - "localities": null, - "organizationalUnits": null, - "organizations": null, - "postalCodes": null, - "provinces": null, - "serialNumber": null, - "streetAddresses": null - }, - "uris": null, - "usages": null - } - }, - "type": [ - "object", - { - "apiVersion": "string", - "kind": "string", - "metadata": [ - "object", - { - "annotations": [ - "map", - "string" - ], - "clusterName": "string", - "creationTimestamp": "string", - "deletionGracePeriodSeconds": "number", - "deletionTimestamp": "string", - "finalizers": [ - "list", - "string" - ], - "generateName": "string", - "generation": "number", - "labels": [ - "map", - "string" - ], - "managedFields": [ - "tuple", - [ - [ - "object", - { - "apiVersion": "string", - "fieldsType": "string", - "fieldsV1": "dynamic", - "manager": "string", - "operation": "string", - "subresource": "string", - "time": "string" - } - ] - ] - ], - "name": "string", - "namespace": "string", - "ownerReferences": [ - "list", - [ - "object", - { - "apiVersion": "string", - "blockOwnerDeletion": "bool", - "controller": "bool", - "kind": "string", - "name": "string", - "uid": "string" - } - ] - ], - "resourceVersion": "string", - "selfLink": "string", - "uid": "string" - } - ], - "spec": [ - "object", - { - "additionalOutputFormats": [ - "list", - [ - "object", - { - "type": "string" - } - ] - ], - "commonName": "string", - "dnsNames": [ - "list", - "string" - ], - "duration": "string", - "emailAddresses": [ - "list", - "string" - ], - "encodeUsagesInRequest": "bool", - "ipAddresses": [ - "list", - "string" - ], - "isCA": "bool", - "issuerRef": [ - "object", - { - "group": "string", - "kind": "string", - "name": "string" - } - ], - "keystores": [ - "object", - { - "jks": [ - "object", - { - "create": "bool", - "passwordSecretRef": [ - "object", - { - "key": "string", - "name": "string" - } - ] - } - ], - "pkcs12": [ - "object", - { - "create": "bool", - "passwordSecretRef": [ - "object", - { - "key": "string", - "name": "string" - } - ] - } - ] - } - ], - "literalSubject": "string", - "privateKey": [ - "object", - { - "algorithm": "string", - "encoding": "string", - "rotationPolicy": "string", - "size": "number" - } - ], - "renewBefore": "string", - "revisionHistoryLimit": "number", - "secretName": "string", - "secretTemplate": [ - "object", - { - "annotations": [ - "map", - "string" - ], - "labels": [ - "map", - "string" - ] - } - ], - "subject": [ - "object", - { - "countries": [ - "list", - "string" - ], - "localities": [ - "list", - "string" - ], - "organizationalUnits": [ - "list", - "string" - ], - "organizations": [ - "list", - "string" - ], - "postalCodes": [ - "list", - "string" - ], - "provinces": [ - "list", - "string" - ], - "serialNumber": "string", - "streetAddresses": [ - "list", - "string" - ] - } - ], - "uris": [ - "list", - "string" - ], - "usages": [ - "list", - "string" - ] - } - ] - } - ] - }, - "timeouts": [], - "wait": [], - "wait_for": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.jwtks_service", - "mode": "managed", - "type": "kubernetes_service", - "name": "app", - "provider": "module.jwtks_service.provider[\"registry.terraform.io/hashicorp/kubernetes\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 1, - "attributes": { - "id": "sandbox/jwtks-service", - "metadata": [ - { - "annotations": {}, - "generate_name": "", - "generation": 0, - "labels": { - "app": "jwtks-service", - "app.kubernetes.io/created-by": "github-actions", - "app.kubernetes.io/managed-by": "terraform", - "app.kubernetes.io/part-of": "jwtks-service", - "app.kubernetes.io/version": "latest", - "kubernetes.io/name": "jwtks-service", - "version": "latest" - }, - "name": "jwtks-service", - "namespace": "sandbox", - "resource_version": "24766093793", - "uid": "2a070796-ad63-4c62-9de5-107d8ffcd10c" - } - ], - "spec": [ - { - "allocate_load_balancer_node_ports": true, - "cluster_ip": "10.3.144.48", - "cluster_ips": [ - "10.3.144.48" - ], - "external_ips": [], - "external_name": "", - "external_traffic_policy": "", - "health_check_node_port": 0, - "internal_traffic_policy": "Cluster", - "ip_families": [ - "IPv4" - ], - "ip_family_policy": "SingleStack", - "load_balancer_class": "", - "load_balancer_ip": "", - "load_balancer_source_ranges": [], - "port": [ - { - "app_protocol": "", - "name": "grpc-signing", - "node_port": 0, - "port": 5000, - "protocol": "TCP", - "target_port": "5000" - }, - { - "app_protocol": "", - "name": "http-wellknow", - "node_port": 0, - "port": 5500, - "protocol": "TCP", - "target_port": "5500" - } - ], - "publish_not_ready_addresses": false, - "selector": { - "kubernetes.io/name": "jwtks-service" - }, - "session_affinity": "None", - "session_affinity_config": [], - "type": "ClusterIP" - } - ], - "status": [ - { - "load_balancer": [ - { - "ingress": [] - } - ] - } - ], - "timeouts": null, - "wait_for_load_balancer": true - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - } - ], - "check_results": null -}