Enhance Trivy integration: update email dispatch logic, add LLM prompt generation, and improve security context in deployments
This commit is contained in:
@@ -22,23 +22,23 @@ resource "kubernetes_service_account" "reverse-proxy_service_account" {
|
||||
automount_service_account_token = false
|
||||
}
|
||||
|
||||
resource "kubernetes_service" "reverse-proxy" {
|
||||
resource "kubernetes_service" "services" {
|
||||
for_each = var.services
|
||||
metadata {
|
||||
name = format("reverse-proxy-%s", replace(each.key, ".", "-"))
|
||||
name = format("%s", replace(each.key, ".", "-"))
|
||||
namespace = kubernetes_namespace.reverse_proxy.metadata[0].name
|
||||
}
|
||||
spec {
|
||||
port {
|
||||
name = "http"
|
||||
port = 80
|
||||
port = each.value.service_http_port
|
||||
target_port = substr(format("http-%s", replace(each.key, ".", "-")), 0, 15)
|
||||
}
|
||||
dynamic "port" {
|
||||
for_each = each.value.tls ? [1] : []
|
||||
content {
|
||||
name = "https"
|
||||
port = 443
|
||||
port = each.value.service_https_port
|
||||
target_port = substr(format("https-%s", replace(each.key, ".", "-")), 0, 15)
|
||||
}
|
||||
}
|
||||
@@ -137,10 +137,10 @@ resource "kubernetes_config_map" "auth_script" {
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_ingress_v1" "reverse-proxy_ingress" {
|
||||
for_each = var.services
|
||||
resource "kubernetes_ingress_v1" "ingress" {
|
||||
for_each = { for k, v in var.services : k => v if lookup(v, "ingress", true) && length(v.fqdn) > 0 }
|
||||
metadata {
|
||||
name = format("reverse-proxy-%s", replace(each.key, ".", "-"))
|
||||
name = format("%s", replace(each.key, ".", "-"))
|
||||
namespace = kubernetes_namespace.reverse_proxy.metadata[0].name
|
||||
|
||||
annotations = merge({
|
||||
@@ -149,7 +149,7 @@ resource "kubernetes_ingress_v1" "reverse-proxy_ingress" {
|
||||
},
|
||||
each.value.custom_ingress_annotations,
|
||||
each.value.tls ? {
|
||||
"nginx.org/ssl-services" = format("reverse-proxy-%s", replace(each.key, ".", "-"))
|
||||
"nginx.org/ssl-services" = format("%s", replace(each.key, ".", "-"))
|
||||
"nginx.org/ssl-redirect" = "true"
|
||||
"nginx.org/redirect-to-https" = "true"
|
||||
"nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS"
|
||||
@@ -169,7 +169,7 @@ resource "kubernetes_ingress_v1" "reverse-proxy_ingress" {
|
||||
path {
|
||||
backend {
|
||||
service {
|
||||
name = format("reverse-proxy-%s", replace(each.key, ".", "-"))
|
||||
name = format("%s", replace(each.key, ".", "-"))
|
||||
port {
|
||||
name = each.value.tls ? "https" : "http"
|
||||
}
|
||||
@@ -535,35 +535,3 @@ resource "kubernetes_deployment" "reverse_proxy" {
|
||||
ignore_changes = [spec[0].template[0].metadata[0].annotations["kubectl.kubernetes.io/restartedAt"]]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# resource "kubernetes_service" "reverse_proxy_streams" {
|
||||
# count = length(var.streams) > 0 ? 1 : 0
|
||||
# metadata {
|
||||
# name = "stream-ports"
|
||||
# namespace = kubernetes_namespace.reverse_proxy.metadata[0].name
|
||||
# }
|
||||
|
||||
# spec {
|
||||
# selector = {
|
||||
# app = "reverse-proxy"
|
||||
# }
|
||||
|
||||
# dynamic "port" {
|
||||
# for_each = var.streams
|
||||
# content {
|
||||
# name = format("%s-%s-%d", port.key, port.value.protocol, port.value.port)
|
||||
# port = port.value.port
|
||||
# target_port = port.value.port
|
||||
# protocol = upper(port.value.protocol)
|
||||
# }
|
||||
# }
|
||||
# type = "LoadBalancer"
|
||||
# }
|
||||
|
||||
# lifecycle {
|
||||
# ignore_changes = [
|
||||
# metadata[0].annotations
|
||||
# ]
|
||||
# }
|
||||
# }
|
||||
|
||||
Reference in New Issue
Block a user