fix: production block s3 upload due to cors

42atomys commented 1 year ago

Describe the pull request This pull request addresses an issue where uploads to S3 in the production environment are being blocked due to CORS (Cross-Origin Resource Sharing) issues. The fix involves changing the fetch mode to 'no-cors', thereby allowing these uploads to proceed without triggering CORS restrictions.

Checklist

[x] I have linked the relative issue to this pull request
[x] I have made the modifications or added tests related to my PR
[x] I have added/updated the documentation for my RP
[x] I put my PR in Ready for Review only when all the checklist is checked

Breaking changes ? no

github-actions[bot] commented 1 year ago

Terraform data for `sandbox` stack

Terraform Initialization ⚙️ `success`

Terraform Validation 🤖 `success`

Show Validation

``` Success! The configuration is valid. ```

Terraform Plan 📖 `success`

Show Plan

``` kubernetes_config_map.stud42_config: Refreshing state... [id=sandbox/stud42-config] module.istio.kubectl_manifest.virtual_services["dev-s42-sandbox"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/sandbox/virtualservices/dev-s42-sandbox] module.jwtks_service.kubernetes_service.app[0]: Refreshing state... [id=sandbox/jwtks-service] module.jwtks_service.kubernetes_deployment.app[0]: Refreshing state... [id=sandbox/jwtks-service] module.jwtks_service.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=sandbox/jwtks-service] module.jwtks_service.kubernetes_manifest.certificate["grpc-internal"]: Refreshing state... No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ```

github-actions[bot] commented 1 year ago

Terraform data for `pre-cluster` stack

Terraform Initialization ⚙️ `success`

Terraform Validation 🤖 `success`

Show Validation

``` Success! The configuration is valid. ```

Terraform Plan 📖 `success`

Show Plan

``` helm_release.rabbitmq_operator: Refreshing state... [id=primary] helm_release.istio_base: Refreshing state... [id=istio-base] helm_release.sealed_secret: Refreshing state... [id=sealed-secret] helm_release.reflector: Refreshing state... [id=reflector] kubernetes_namespace.namespace["cert-manager"]: Refreshing state... [id=cert-manager] kubernetes_namespace.namespace["istio-system"]: Refreshing state... [id=istio-system] kubernetes_namespace.namespace["sandbox"]: Refreshing state... [id=sandbox] kubernetes_namespace.namespace["monitoring"]: Refreshing state... [id=monitoring] kubernetes_namespace.namespace["permission-manager"]: Refreshing state... [id=permission-manager] kubernetes_namespace.namespace["production"]: Refreshing state... [id=production] kubernetes_namespace.namespace["staging"]: Refreshing state... [id=staging] kubernetes_namespace.namespace["previews"]: Refreshing state... [id=previews] helm_release.gateway: Refreshing state... [id=istio-ingressgateway] helm_release.istiod: Refreshing state... [id=istiod] No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ```

github-actions[bot] commented 1 year ago

Terraform data for `cluster` stack

Terraform Initialization ⚙️ `success`

Terraform Validation 🤖 `success`

Show Validation

``` Success! The configuration is valid. ```

Terraform Plan 📖 `success`

Show Plan

``` module.istio.kubectl_manifest.gateways["dev-s42-sandbox"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/sandbox/gateways/dev-s42-sandbox] module.istio.kubectl_manifest.gateways["dev-s42-previews"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/previews/gateways/dev-s42-previews] module.istio.kubectl_manifest.gateways["app-s42-dashboards"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/monitoring/gateways/app-s42-dashboards] module.istio.kubectl_manifest.gateways["app-s42"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/production/gateways/app-s42] module.tempo.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/tempo-config] module.cert_manager.null_resource.cert_manager_ovh_source: Refreshing state... [id=6901452211892208863] module.tempo.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/tempo-data] module.istio.kubectl_manifest.gateways["app-s42-next"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/staging/gateways/app-s42-next] module.tempo.kubernetes_service.app[0]: Refreshing state... [id=monitoring/tempo] module.grafana.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/grafana-data] module.prometheus.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/prometheus-data] module.promtail.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/promtail-config] module.grafana.kubernetes_service.app[0]: Refreshing state... [id=monitoring/grafana] module.grafana.kubernetes_deployment.app[0]: Refreshing state... [id=monitoring/grafana] module.prometheus.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/prometheus-config] module.prometheus.kubernetes_service.app[0]: Refreshing state... [id=monitoring/prometheus] module.promtail.kubernetes_daemonset.app[0]: Refreshing state... [id=monitoring/promtail] module.promtail.kubernetes_service.app[0]: Refreshing state... [id=monitoring/promtail] kubernetes_cluster_role.promtail: Refreshing state... [id=promtail] kubernetes_service_account.tempo: Refreshing state... [id=monitoring/tempo] kubernetes_role.loki: Refreshing state... [id=monitoring/loki] kubernetes_service_account.prometheus: Refreshing state... [id=monitoring/prometheus] kubernetes_service_account.promtail: Refreshing state... [id=monitoring/promtail] kubernetes_service_account.loki: Refreshing state... [id=monitoring/loki] kubernetes_cluster_role.prometheus: Refreshing state... [id=prometheus] module.monitoring_routing.kubectl_manifest.virtual_services["app-s42-dashboards"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/monitoring/virtualservices/app-s42-dashboards] module.cert_manager.helm_release.cert_manager: Refreshing state... [id=cert-manager] module.loki.kubernetes_service.app[0]: Refreshing state... [id=monitoring/loki] module.tempo.kubernetes_stateful_set.app[0]: Refreshing state... [id=monitoring/tempo] module.loki.kubernetes_config_map.app["config"]: Refreshing state... [id=monitoring/loki-config] module.loki.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=monitoring/loki-data] module.prometheus.kubernetes_stateful_set.app[0]: Refreshing state... [id=monitoring/prometheus] kubernetes_cluster_role_binding.prometheus: Refreshing state... [id=prometheus] kubernetes_cluster_role_binding.promtail: Refreshing state... [id=promtail] kubernetes_role_binding.loki: Refreshing state... [id=monitoring/loki] module.secrets.kubernetes_manifest.sealed_secret["ovh-credentials"]: Refreshing state... module.loki.kubernetes_stateful_set.app[0]: Refreshing state... [id=monitoring/loki] module.secrets.kubernetes_manifest.sealed_secret["ghcr-creds"]: Refreshing state... module.cert_manager.kubernetes_role.cert_manager_webhook_ovh_secret_reader: Refreshing state... [id=cert-manager/cert-manager-webhook-ovh:secret-reader] module.cert_manager.kubectl_manifest.certificates["dev-s42-previews"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/dev-s42-previews] module.cert_manager.kubectl_manifest.certificates["app-s42-dashboards"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/app-s42-dashboards] module.cert_manager.kubectl_manifest.certificates["app-s42-next"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/app-s42-next] module.cert_manager.kubectl_manifest.certificates["dev-s42-sandbox"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/dev-s42-sandbox] module.cert_manager.kubectl_manifest.certificates["app-s42"]: Refreshing state... [id=/apis/cert-manager.io/v1/namespaces/istio-system/certificates/app-s42] module.cert_manager.kubernetes_role_binding.cert_manager_webhook_ovh_secret_reader: Refreshing state... [id=cert-manager/cert-manager-webhook-ovh:secret-reader] module.cert_manager.helm_release.cert_manager_ovh: Refreshing state... [id=cert-manager-webhook-ovh] module.cert_manager.kubectl_manifest.self_signed_issuers["selfsigned-issuer"]: Refreshing state... [id=/apis/cert-manager.io/v1/clusterissuers/selfsigned-issuer] module.cert_manager.kubectl_manifest.issuers["ovh-staging-issuer"]: Refreshing state... [id=/apis/cert-manager.io/v1/clusterissuers/ovh-staging-issuer] module.cert_manager.kubectl_manifest.issuers["ovh-issuer"]: Refreshing state... [id=/apis/cert-manager.io/v1/clusterissuers/ovh-issuer] No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. Warning: "default_secret_name" is no longer applicable for Kubernetes v1.24.0 and above with kubernetes_service_account.prometheus, on monitoring.tf line 73, in resource "kubernetes_service_account" "prometheus": 73: resource "kubernetes_service_account" "prometheus" { Starting from version 1.24.0 Kubernetes does not automatically generate a token for service accounts, in this case, "default_secret_name" will be empty (and 3 more similar warnings elsewhere) ```

github-actions[bot] commented 1 year ago

Terraform data for `apps` stack

Terraform Initialization ⚙️ `success`

Terraform Validation 🤖 `success`

Show Validation

``` Success! The configuration is valid. ```

Terraform Plan 📖 `success`

Show Plan

``` module.s42.kubernetes_pod_disruption_budget_v1.rabbitmq: Refreshing state... [id=production/rabbitmq] module.s42.random_password.next_auth_secret: Refreshing state... [id=none] module.webhooked.module.webhooked.kubernetes_service.app[0]: Refreshing state... [id=production/webhooked] module.webhooked.module.webhooked.kubernetes_config_map.app["config"]: Refreshing state... [id=production/webhooked-config] module.s42.kubernetes_config_map.stud42_config: Refreshing state... [id=production/stud42-config] module.s42.random_password.meilisearch_token: Refreshing state... [id=none] module.s42.random_password.dragonfly: Refreshing state... [id=none] module.s42.random_password.postgres: Refreshing state... [id=none] module.webhooked.module.secrets.kubernetes_manifest.sealed_secret["s42-webhooked-secrets"]: Refreshing state... module.s42.kubernetes_manifest.rabbitmq_queue_webhooks_processing: Refreshing state... module.s42.module.jwtks_service.kubernetes_service.app[0]: Refreshing state... [id=production/jwtks-service] module.s42.kubernetes_manifest.rabbitmq: Refreshing state... module.s42.module.jwtks_service.kubernetes_deployment.app[0]: Refreshing state... [id=production/jwtks-service] module.s42.kubernetes_manifest.rabbitmq_policy_webhooks_dlq: Refreshing state... module.s42.module.jwtks_service.kubernetes_manifest.certificate["grpc-internal"]: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["github-token"]: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["s42-service-token"]: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["sentry-dsns"]: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["jwtks-service-certs-jwk"]: Refreshing state... module.s42.kubernetes_manifest.rabbitmq_binding_webhooks_dlq: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["discord-token"]: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["oauth2-providers"]: Refreshing state... module.s42.module.service-token.kubernetes_manifest.sealed_secret["ovh-s3-credentials"]: Refreshing state... module.s42.kubernetes_manifest.rabbitmq_queue_webhooks_dlq: Refreshing state... module.s42.module.meilisearch.kubernetes_service.app[0]: Refreshing state... [id=production/meilisearch] module.s42.module.meilisearch.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=production/meilisearch-data] module.s42.kubernetes_secret.next_auth_secret: Refreshing state... [id=production/next-auth-secret] module.s42.module.meilisearch_clean_tasks.kubernetes_cron_job_v1.app[0]: Refreshing state... [id=production/meilisearch-clean-tasks] module.s42.module.dragonfly.kubernetes_service.app[0]: Refreshing state... [id=production/dragonfly] module.s42.module.dragonfly.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=production/dragonfly-data] module.s42.module.jwtks_service.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/jwtks-service] module.s42.module.istio.kubectl_manifest.virtual_services["app-s42"]: Refreshing state... [id=/apis/networking.istio.io/v1alpha3/namespaces/production/virtualservices/app-s42] module.s42.module.webhooks_processor.kubernetes_deployment.app[0]: Refreshing state... [id=production/webhooks-processor] module.s42.module.postgres.kubernetes_service.app[0]: Refreshing state... [id=production/postgres] module.s42.module.interface.kubernetes_service.app[0]: Refreshing state... [id=production/interface] module.s42.module.postgres.kubernetes_config_map.app["config"]: Refreshing state... [id=production/postgres-config] module.s42.kubernetes_manifest.rabbitmq_exchange_webhooks: Refreshing state... module.s42.module.interface.kubernetes_deployment.app[0]: Refreshing state... [id=production/interface] module.s42.module.postgres.kubernetes_persistent_volume_claim.app["data"]: Refreshing state... [id=production/postgres-data] module.s42.module.meilisearch.kubernetes_stateful_set.app[0]: Refreshing state... [id=production/meilisearch] module.s42.module.meilisearch.kubernetes_secret.app["token"]: Refreshing state... [id=production/meilisearch-token] module.s42.module.postgres.kubernetes_secret.app["credentials"]: Refreshing state... [id=production/postgres-credentials] module.s42.module.dragonfly.kubernetes_secret.app["credentials"]: Refreshing state... [id=production/dragonfly-credentials] module.s42.module.api.kubernetes_service.app[0]: Refreshing state... [id=production/api] module.s42.module.api.kubernetes_deployment.app[0]: Refreshing state... [id=production/api] module.s42.module.dragonfly.kubernetes_stateful_set.app[0]: Refreshing state... [id=production/dragonfly] module.s42.module.webhooks_processor.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/webhooks-processor] module.s42.module.postgres.kubernetes_stateful_set.app[0]: Refreshing state... [id=production/postgres] module.webhooked.module.webhooked.kubernetes_deployment.app[0]: Refreshing state... [id=production/webhooked] module.s42.module.interface.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/interface] module.webhooked.module.webhooked.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/webhooked] module.s42.module.api.kubernetes_horizontal_pod_autoscaler_v2.app[0]: Refreshing state... [id=production/api] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place - destroy Terraform will perform the following actions: # module.s42.kubernetes_pod_disruption_budget.rabbitmq will be created + resource "kubernetes_pod_disruption_budget" "rabbitmq" { + id = (known after apply) + metadata { + generation = (known after apply) + name = "rabbitmq" + namespace = "production" + resource_version = (known after apply) + uid = (known after apply) } + spec { + max_unavailable = "0" + selector { + match_labels = { + "app.kubernetes.io/name" = "rabbitmq" } } } } # module.s42.kubernetes_pod_disruption_budget_v1.rabbitmq will be destroyed # (because kubernetes_pod_disruption_budget_v1.rabbitmq is not in configuration) - resource "kubernetes_pod_disruption_budget_v1" "rabbitmq" { - id = "production/rabbitmq" -> null - metadata { - annotations = {} -> null - generation = 1 -> null - labels = {} -> null - name = "rabbitmq" -> null - namespace = "production" -> null - resource_version = "28373353078" -> null - uid = "6ab28258-2f60-4a59-8118-97ee33ba8fd2" -> null } - spec { - max_unavailable = "0" -> null - selector { - match_labels = { - "app.kubernetes.io/name" = "rabbitmq" } -> null } } } # module.s42.module.api.kubernetes_deployment.app[0] will be updated in-place ~ resource "kubernetes_deployment" "app" { id = "production/api" # (1 unchanged attribute hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "api" # (5 unchanged attributes hidden) } ~ spec { ~ replicas = "2" -> "1" # (4 unchanged attributes hidden) ~ template { ~ metadata { ~ labels = { ~ "version" = "v0.24" -> "latest" # (4 unchanged elements hidden) } # (2 unchanged attributes hidden) } ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "ghcr.io/42atomys/stud42:v0.24" -> "ghcr.io/42atomys/stud42:latest" name = "api" # (8 unchanged attributes hidden) ~ env { ~ name = "FORTY_TWO_ID" -> "GITHUB_TOKEN" ~ value_from { ~ secret_key_ref { ~ key = "FORTY_TWO_ID" -> "GITHUB_TOKEN" ~ name = "oauth2-providers" -> "github-token" # (1 unchanged attribute hidden) } } } ~ env { ~ name = "FORTY_TWO_SECRET" -> "S42_SERVICE_TOKEN" ~ value_from { ~ secret_key_ref { ~ key = "FORTY_TWO_SECRET" -> "TOKEN" ~ name = "oauth2-providers" -> "s42-service-token" # (1 unchanged attribute hidden) } } } ~ env { ~ name = "GITHUB_TOKEN" -> "SEARCHENGINE_MEILISEARCH_TOKEN" ~ value_from { ~ secret_key_ref { ~ key = "GITHUB_TOKEN" -> "MEILI_MASTER_KEY" ~ name = "github-token" -> "meilisearch-token" # (1 unchanged attribute hidden) } } } ~ env { ~ name = "S42_SERVICE_TOKEN" -> "SENTRY_DSN" ~ value_from { ~ secret_key_ref { ~ key = "TOKEN" -> "API_DSN" ~ name = "s42-service-token" -> "sentry-dsns" # (1 unchanged attribute hidden) } } } ~ env { ~ name = "SEARCHENGINE_MEILISEARCH_TOKEN" -> "CORS_ORIGIN" + value = "https://s42.app" - value_from { - secret_key_ref { - key = "MEILI_MASTER_KEY" -> null - name = "meilisearch-token" -> null - optional = false -> null } } } ~ env { ~ name = "SENTRY_DSN" -> "DATABASE_HOST" + value = "postgres.production.svc.cluster.local" - value_from { - secret_key_ref { - key = "API_DSN" -> null - name = "sentry-dsns" -> null - optional = false -> null } } } ~ env { ~ name = "CORS_ORIGIN" -> "DATABASE_NAME" ~ value = "https://s42.app" -> "s42" } ~ env { ~ name = "DATABASE_HOST" -> "DATABASE_URL" ~ value = "postgres.production.svc.cluster.local" -> "postgresql://postgres:$(DATABASE_PASSWORD)@$(DATABASE_HOST):5432/$(DATABASE_NAME)?sslmode=disable" } ~ env { ~ name = "DATABASE_NAME" -> "GO_ENV" ~ value = "s42" -> "production" } ~ env { ~ name = "DATABASE_URL" -> "KEYVALUE_STORE_HOST" ~ value = "postgresql://postgres:$(DATABASE_PASSWORD)@$(DATABASE_HOST):5432/$(DATABASE_NAME)?sslmode=disable" -> "dragonfly.production.svc.cluster.local" } ~ env { ~ name = "GO_ENV" -> "KEYVALUE_STORE_PORT" ~ value = "production" -> "6379" } ~ env { ~ name = "KEYVALUE_STORE_HOST" -> "KEYVALUE_STORE_URL" ~ value = "dragonfly.production.svc.cluster.local" -> "redis://:$(DFLY_PASSWORD)@$(KEYVALUE_STORE_HOST):$(KEYVALUE_STORE_PORT)" } ~ env { ~ name = "KEYVALUE_STORE_PORT" -> "SEARCHENGINE_MEILISEARCH_HOST" ~ value = "6379" -> "http://meilisearch.production.svc.cluster.local:7700" } - env { - name = "KEYVALUE_STORE_URL" -> null - value = "redis://:$(DFLY_PASSWORD)@$(KEYVALUE_STORE_HOST):$(KEYVALUE_STORE_PORT)" -> null } - env { - name = "SEARCHENGINE_MEILISEARCH_HOST" -> null - value = "http://meilisearch.production.svc.cluster.local:7700" -> null } # (9 unchanged blocks hidden) } # (3 unchanged blocks hidden) } } # (2 unchanged blocks hidden) } } # module.s42.module.api.kubernetes_horizontal_pod_autoscaler_v2.app[0] will be updated in-place ~ resource "kubernetes_horizontal_pod_autoscaler_v2" "app" { id = "production/api" ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "api" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } # module.s42.module.api.kubernetes_service.app[0] will be updated in-place ~ resource "kubernetes_service" "app" { id = "production/api" # (2 unchanged attributes hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "api" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } # module.s42.module.crawler_campus.kubernetes_cron_job.app[0] will be created + resource "kubernetes_cron_job" "app" { + id = (known after apply) + metadata { + generation = (known after apply) + labels = { + "app" = "crawler-campus" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "app.kubernetes.io/part-of" = "crawler-campus" + "app.kubernetes.io/version" = "latest" + "kubernetes.io/name" = "crawler-campus" + "version" = "latest" } + name = "crawler-campus" + namespace = "production" + resource_version = (known after apply) + uid = (known after apply) } + spec { + concurrency_policy = "Forbid" + failed_jobs_history_limit = 3 + schedule = "10 03 * * mon" + starting_deadline_seconds = 0 + successful_jobs_history_limit = 1 + suspend = false + job_template { + metadata { + generation = (known after apply) + labels = { + "app" = "crawler-campus" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "app.kubernetes.io/part-of" = "crawler-campus" + "app.kubernetes.io/version" = "latest" + "kubernetes.io/name" = "crawler-campus" + "version" = "latest" } + name = (known after apply) + resource_version = (known after apply) + uid = (known after apply) } + spec { + active_deadline_seconds = 600 + backoff_limit = 0 + completion_mode = "NonIndexed" + completions = 1 + parallelism = 1 + ttl_seconds_after_finished = "300" + selector { + match_labels = (known after apply) + match_expressions { + key = (known after apply) + operator = (known after apply) + values = (known after apply) } } + template { + metadata { + annotations = { + "prometheus.io/path" = "/metrics" + "prometheus.io/port" = "8080" + "prometheus.io/scrape" = "false" } + generation = (known after apply) + labels = { + "app" = "crawler-campus" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "kubernetes.io/name" = "crawler-campus" + "sidecar.istio.io/inject" = "false" + "version" = "latest" } + name = (known after apply) + resource_version = (known after apply) + uid = (known after apply) } + spec { + automount_service_account_token = true + dns_policy = "ClusterFirst" + enable_service_links = true + host_ipc = false + host_network = false + host_pid = false + hostname = (known after apply) + node_name = (known after apply) + node_selector = { + "nodepool" = "small" } + restart_policy = "Never" + service_account_name = (known after apply) + share_process_namespace = false + termination_grace_period_seconds = 30 + container { + args = [ + "--config", + "/config/stud42.yaml", + "jobs", + "crawler", + "campus", ] + command = [ + "stud42cli", ] + image = "ghcr.io/42atomys/stud42:latest" + image_pull_policy = "IfNotPresent" + name = "crawler-campus" + stdin = false + stdin_once = false + termination_message_path = "/dev/termination-log" + termination_message_policy = (known after apply) + tty = false + env { + name = "DATABASE_PASSWORD" + value_from { + secret_key_ref { + key = "POSTGRES_PASSWORD_ENCODED" + name = "postgres-credentials" } } } + env { + name = "FORTY_TWO_ID" + value_from { + secret_key_ref { + key = "FORTY_TWO_ID" + name = "oauth2-providers" } } } + env { + name = "FORTY_TWO_SECRET" + value_from { + secret_key_ref { + key = "FORTY_TWO_SECRET" + name = "oauth2-providers" } } } + env { + name = "SENTRY_DSN" + value_from { + secret_key_ref { + key = "API_DSN" + name = "sentry-dsns" } } } + env { + name = "DATABASE_HOST" + value = "postgres.production.svc.cluster.local" } + env { + name = "DATABASE_NAME" + value = "s42" } + env { + name = "DATABASE_URL" + value = "postgresql://postgres:$(DATABASE_PASSWORD)@$(DATABASE_HOST):5432/$(DATABASE_NAME)?sslmode=disable" } + env { + name = "DEBUG" + value = "true" } + env { + name = "GO_ENV" + value = "production" } + resources { + limits = { + "memory" = "128Mi" } + requests = { + "cpu" = "5m" + "memory" = "42Mi" } } + security_context { + allow_privilege_escalation = false + privileged = false + read_only_root_filesystem = false + run_as_group = "1000" + run_as_non_root = true + run_as_user = "1000" } + volume_mount { + mount_path = "/config" + mount_propagation = "None" + name = "configuration" + read_only = true } } + image_pull_secrets { + name = "ghcr-creds" } + readiness_gate { + condition_type = (known after apply) } + security_context { + fs_group = "1000" + run_as_group = "1000" + run_as_non_root = true + run_as_user = "1000" } + volume { + name = "configuration" + config_map { + default_mode = "0644" + name = "stud42-config" } } } } } } } } # module.s42.module.crawler_locations.kubernetes_cron_job.app[0] will be created + resource "kubernetes_cron_job" "app" { + id = (known after apply) + metadata { + generation = (known after apply) + labels = { + "app" = "crawler-locations" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "app.kubernetes.io/part-of" = "crawler-locations" + "app.kubernetes.io/version" = "latest" + "kubernetes.io/name" = "crawler-locations" + "version" = "latest" } + name = "crawler-locations" + namespace = "production" + resource_version = (known after apply) + uid = (known after apply) } + spec { + concurrency_policy = "Forbid" + failed_jobs_history_limit = 3 + schedule = "0 * * * *" + starting_deadline_seconds = 0 + successful_jobs_history_limit = 1 + suspend = false + job_template { + metadata { + generation = (known after apply) + labels = { + "app" = "crawler-locations" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "app.kubernetes.io/part-of" = "crawler-locations" + "app.kubernetes.io/version" = "latest" + "kubernetes.io/name" = "crawler-locations" + "version" = "latest" } + name = (known after apply) + resource_version = (known after apply) + uid = (known after apply) } + spec { + active_deadline_seconds = 600 + backoff_limit = 0 + completion_mode = "NonIndexed" + completions = 1 + parallelism = 1 + ttl_seconds_after_finished = "300" + selector { + match_labels = (known after apply) + match_expressions { + key = (known after apply) + operator = (known after apply) + values = (known after apply) } } + template { + metadata { + annotations = { + "prometheus.io/path" = "/metrics" + "prometheus.io/port" = "8080" + "prometheus.io/scrape" = "false" } + generation = (known after apply) + labels = { + "app" = "crawler-locations" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "kubernetes.io/name" = "crawler-locations" + "sidecar.istio.io/inject" = "false" + "version" = "latest" } + name = (known after apply) + resource_version = (known after apply) + uid = (known after apply) } + spec { + automount_service_account_token = true + dns_policy = "ClusterFirst" + enable_service_links = true + host_ipc = false + host_network = false + host_pid = false + hostname = (known after apply) + node_name = (known after apply) + node_selector = { + "nodepool" = "small" } + restart_policy = "Never" + service_account_name = (known after apply) + share_process_namespace = false + termination_grace_period_seconds = 30 + container { + args = [ + "--config", + "/config/stud42.yaml", + "jobs", + "crawler", + "locations", ] + command = [ + "stud42cli", ] + image = "ghcr.io/42atomys/stud42:latest" + image_pull_policy = "IfNotPresent" + name = "crawler-locations" + stdin = false + stdin_once = false + termination_message_path = "/dev/termination-log" + termination_message_policy = (known after apply) + tty = false + env { + name = "DATABASE_PASSWORD" + value_from { + secret_key_ref { + key = "POSTGRES_PASSWORD_ENCODED" + name = "postgres-credentials" } } } + env { + name = "FORTY_TWO_ID" + value_from { + secret_key_ref { + key = "FORTY_TWO_ID" + name = "oauth2-providers" } } } + env { + name = "FORTY_TWO_SECRET" + value_from { + secret_key_ref { + key = "FORTY_TWO_SECRET" + name = "oauth2-providers" } } } + env { + name = "SEARCHENGINE_MEILISEARCH_TOKEN" + value_from { + secret_key_ref { + key = "MEILI_MASTER_KEY" + name = "meilisearch-token" } } } + env { + name = "SENTRY_DSN" + value_from { + secret_key_ref { + key = "API_DSN" + name = "sentry-dsns" } } } + env { + name = "DATABASE_HOST" + value = "postgres.production.svc.cluster.local" } + env { + name = "DATABASE_NAME" + value = "s42" } + env { + name = "DATABASE_URL" + value = "postgresql://postgres:$(DATABASE_PASSWORD)@$(DATABASE_HOST):5432/$(DATABASE_NAME)?sslmode=disable" } + env { + name = "DEBUG" + value = "true" } + env { + name = "GO_ENV" + value = "production" } + env { + name = "SEARCHENGINE_MEILISEARCH_HOST" + value = "http://meilisearch.production.svc.cluster.local:7700" } + resources { + limits = { + "memory" = "128Mi" } + requests = { + "cpu" = "5m" + "memory" = "42Mi" } } + security_context { + allow_privilege_escalation = false + privileged = false + read_only_root_filesystem = false + run_as_group = "1000" + run_as_non_root = true + run_as_user = "1000" } + volume_mount { + mount_path = "/config" + mount_propagation = "None" + name = "configuration" + read_only = true } } + image_pull_secrets { + name = "ghcr-creds" } + readiness_gate { + condition_type = (known after apply) } + security_context { + fs_group = "1000" + run_as_group = "1000" + run_as_non_root = true + run_as_user = "1000" } + volume { + name = "configuration" + config_map { + default_mode = "0644" + name = "stud42-config" } } } } } } } } # module.s42.module.interface.kubernetes_deployment.app[0] will be updated in-place ~ resource "kubernetes_deployment" "app" { id = "production/interface" # (1 unchanged attribute hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "interface" # (5 unchanged attributes hidden) } ~ spec { ~ replicas = "2" -> "1" # (4 unchanged attributes hidden) ~ template { ~ metadata { ~ labels = { ~ "version" = "v0.24" -> "latest" # (4 unchanged elements hidden) } # (2 unchanged attributes hidden) } ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "ghcr.io/42atomys/stud42:v0.24" -> "ghcr.io/42atomys/stud42:latest" name = "interface" # (8 unchanged attributes hidden) # (19 unchanged blocks hidden) } # (4 unchanged blocks hidden) } } # (2 unchanged blocks hidden) } } # module.s42.module.interface.kubernetes_horizontal_pod_autoscaler_v2.app[0] will be updated in-place ~ resource "kubernetes_horizontal_pod_autoscaler_v2" "app" { id = "production/interface" ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "interface" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } # module.s42.module.interface.kubernetes_service.app[0] will be updated in-place ~ resource "kubernetes_service" "app" { id = "production/interface" # (2 unchanged attributes hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "interface" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } # module.s42.module.jwtks_service.kubernetes_deployment.app[0] will be updated in-place ~ resource "kubernetes_deployment" "app" { id = "production/jwtks-service" # (1 unchanged attribute hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "jwtks-service" # (5 unchanged attributes hidden) } ~ spec { ~ replicas = "2" -> "1" # (4 unchanged attributes hidden) ~ template { ~ metadata { ~ labels = { ~ "version" = "v0.24" -> "latest" # (4 unchanged elements hidden) } # (2 unchanged attributes hidden) } ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "ghcr.io/42atomys/stud42:v0.24" -> "ghcr.io/42atomys/stud42:latest" name = "jwtks-service" # (8 unchanged attributes hidden) # (10 unchanged blocks hidden) } # (5 unchanged blocks hidden) } } # (2 unchanged blocks hidden) } } # module.s42.module.jwtks_service.kubernetes_horizontal_pod_autoscaler_v2.app[0] will be updated in-place ~ resource "kubernetes_horizontal_pod_autoscaler_v2" "app" { id = "production/jwtks-service" ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "jwtks-service" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } # module.s42.module.jwtks_service.kubernetes_manifest.certificate["grpc-internal"] will be updated in-place ~ resource "kubernetes_manifest" "certificate" { ~ manifest = { ~ metadata = { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ version = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "jwtks-service-grpc-internal" # (1 unchanged element hidden) } # (3 unchanged elements hidden) } ~ object = { ~ metadata = { ~ labels = { - "app" = "jwtks-service" - "app.kubernetes.io/created-by" = "github-actions" - "app.kubernetes.io/managed-by" = "terraform" - "app.kubernetes.io/part-of" = "jwtks-service" - "app.kubernetes.io/version" = "v0.24" - "kubernetes.io/name" = "jwtks-service" - "version" = "v0.24" } -> (known after apply) name = "jwtks-service-grpc-internal" # (13 unchanged elements hidden) } # (3 unchanged elements hidden) } } # module.s42.module.jwtks_service.kubernetes_service.app[0] will be updated in-place ~ resource "kubernetes_service" "app" { id = "production/jwtks-service" # (2 unchanged attributes hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "jwtks-service" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } # module.s42.module.meilisearch_clean_tasks.kubernetes_cron_job.app[0] will be created + resource "kubernetes_cron_job" "app" { + id = (known after apply) + metadata { + generation = (known after apply) + labels = { + "app" = "meilisearch-clean-tasks" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "app.kubernetes.io/part-of" = "meilisearch-clean-tasks" + "app.kubernetes.io/version" = "v0.30" + "kubernetes.io/name" = "meilisearch-clean-tasks" + "version" = "v0.30" } + name = "meilisearch-clean-tasks" + namespace = "production" + resource_version = (known after apply) + uid = (known after apply) } + spec { + concurrency_policy = "Forbid" + failed_jobs_history_limit = 2 + schedule = "0 0 * * *" + starting_deadline_seconds = 0 + successful_jobs_history_limit = 1 + suspend = false + job_template { + metadata { + generation = (known after apply) + labels = { + "app" = "meilisearch-clean-tasks" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "app.kubernetes.io/part-of" = "meilisearch-clean-tasks" + "app.kubernetes.io/version" = "v0.30" + "kubernetes.io/name" = "meilisearch-clean-tasks" + "version" = "v0.30" } + name = (known after apply) + resource_version = (known after apply) + uid = (known after apply) } + spec { + active_deadline_seconds = 600 + backoff_limit = 0 + completion_mode = "NonIndexed" + completions = 1 + parallelism = 1 + ttl_seconds_after_finished = "0" + selector { + match_labels = (known after apply) + match_expressions { + key = (known after apply) + operator = (known after apply) + values = (known after apply) } } + template { + metadata { + annotations = { + "prometheus.io/path" = "/metrics" + "prometheus.io/port" = "8080" + "prometheus.io/scrape" = "false" } + generation = (known after apply) + labels = { + "app" = "meilisearch-clean-tasks" + "app.kubernetes.io/created-by" = "github-actions" + "app.kubernetes.io/managed-by" = "terraform" + "kubernetes.io/name" = "meilisearch-clean-tasks" + "version" = "v0.30" } + name = (known after apply) + resource_version = (known after apply) + uid = (known after apply) } + spec { + automount_service_account_token = true + dns_policy = "ClusterFirst" + enable_service_links = true + host_ipc = false + host_network = false + host_pid = false + hostname = (known after apply) + node_name = (known after apply) + node_selector = { + "nodepool" = "small" } + restart_policy = "OnFailure" + service_account_name = (known after apply) + share_process_namespace = false + termination_grace_period_seconds = 30 + container { + args = [ + "--fail", + "-X", + "DELETE", + "http://meilisearch:7700/tasks?statuses=failed,canceled,succeeded", + "-H", + "Authorization: Bearer $(MEILI_MASTER_KEY)", + "-H", + "Content-Type: application/json", ] + command = [] + image = "curlimages/curl:7.86.0" + image_pull_policy = "IfNotPresent" + name = "meilisearch-clean-tasks" + stdin = false + stdin_once = false + termination_message_path = "/dev/termination-log" + termination_message_policy = (known after apply) + tty = false + env { + name = "MEILI_MASTER_KEY" + value_from { + secret_key_ref { + key = "MEILI_MASTER_KEY" + name = "meilisearch-token" } } } + resources { + limits = { + "memory" = "128Mi" } + requests = { + "cpu" = "100m" + "memory" = "128Mi" } } + security_context { + allow_privilege_escalation = false + privileged = false + read_only_root_filesystem = false + run_as_group = "1000" + run_as_non_root = true + run_as_user = "1000" } } + image_pull_secrets { + name = "ghcr-creds" } + readiness_gate { + condition_type = (known after apply) } + security_context { + fs_group = "1000" + run_as_group = "1000" + run_as_non_root = true + run_as_user = "1000" } + volume { + name = (known after apply) + aws_elastic_block_store { + fs_type = (known after apply) + partition = (known after apply) + read_only = (known after apply) + volume_id = (known after apply) } + azure_disk { + caching_mode = (known after apply) + data_disk_uri = (known after apply) + disk_name = (known after apply) + fs_type = (known after apply) + kind = (known after apply) + read_only = (known after apply) } + azure_file { + read_only = (known after apply) + secret_name = (known after apply) + secret_namespace = (known after apply) + share_name = (known after apply) } + ceph_fs { + monitors = (known after apply) + path = (known after apply) + read_only = (known after apply) + secret_file = (known after apply) + user = (known after apply) + secret_ref { + name = (known after apply) + namespace = (known after apply) } } + cinder { + fs_type = (known after apply) + read_only = (known after apply) + volume_id = (known after apply) } + config_map { + default_mode = (known after apply) + name = (known after apply) + optional = (known after apply) + items { + key = (known after apply) + mode = (known after apply) + path = (known after apply) } } + csi { + driver = (known after apply) + fs_type = (known after apply) + read_only = (known after apply) + volume_attributes = (known after apply) + node_publish_secret_ref { + name = (known after apply) } } + downward_api { + default_mode = (known after apply) + items { + mode = (known after apply) + path = (known after apply) + field_ref { + api_version = (known after apply) + field_path = (known after apply) } + resource_field_ref { + container_name = (known after apply) + divisor = (known after apply) + resource = (known after apply) } } } + empty_dir { + medium = (known after apply) + size_limit = (known after apply) } + fc { + fs_type = (known after apply) + lun = (known after apply) + read_only = (known after apply) + target_ww_ns = (known after apply) } + flex_volume { + driver = (known after apply) + fs_type = (known after apply) + options = (known after apply) + read_only = (known after apply) + secret_ref { + name = (known after apply) + namespace = (known after apply) } } + flocker { + dataset_name = (known after apply) + dataset_uuid = (known after apply) } + gce_persistent_disk { + fs_type = (known after apply) + partition = (known after apply) + pd_name = (known after apply) + read_only = (known after apply) } + git_repo { + directory = (known after apply) + repository = (known after apply) + revision = (known after apply) } + glusterfs { + endpoints_name = (known after apply) + path = (known after apply) + read_only = (known after apply) } + host_path { + path = (known after apply) + type = (known after apply) } + iscsi { + fs_type = (known after apply) + iqn = (known after apply) + iscsi_interface = (known after apply) + lun = (known after apply) + read_only = (known after apply) + target_portal = (known after apply) } + local { + path = (known after apply) } + nfs { + path = (known after apply) + read_only = (known after apply) + server = (known after apply) } + persistent_volume_claim { + claim_name = (known after apply) + read_only = (known after apply) } + photon_persistent_disk { + fs_type = (known after apply) + pd_id = (known after apply) } + projected { + default_mode = (known after apply) + sources { + config_map { + name = (known after apply) + optional = (known after apply) + items { + key = (known after apply) + mode = (known after apply) + path = (known after apply) } } + downward_api { + items { + mode = (known after apply) + path = (known after apply) + field_ref { + api_version = (known after apply) + field_path = (known after apply) } + resource_field_ref { + container_name = (known after apply) + divisor = (known after apply) + resource = (known after apply) } } } + secret { + name = (known after apply) + optional = (known after apply) + items { + key = (known after apply) + mode = (known after apply) + path = (known after apply) } } + service_account_token { + audience = (known after apply) + expiration_seconds = (known after apply) + path = (known after apply) } } } + quobyte { + group = (known after apply) + read_only = (known after apply) + registry = (known after apply) + user = (known after apply) + volume = (known after apply) } + rbd { + ceph_monitors = (known after apply) + fs_type = (known after apply) + keyring = (known after apply) + rados_user = (known after apply) + rbd_image = (known after apply) + rbd_pool = (known after apply) + read_only = (known after apply) + secret_ref { + name = (known after apply) + namespace = (known after apply) } } + secret { + default_mode = (known after apply) + optional = (known after apply) + secret_name = (known after apply) + items { + key = (known after apply) + mode = (known after apply) + path = (known after apply) } } + vsphere_volume { + fs_type = (known after apply) + volume_path = (known after apply) } } } } } } } } # module.s42.module.meilisearch_clean_tasks.kubernetes_cron_job_v1.app[0] will be destroyed # (because kubernetes_cron_job_v1.app is not in configuration) - resource "kubernetes_cron_job_v1" "app" { - id = "production/meilisearch-clean-tasks" -> null - metadata { - annotations = {} -> null - generation = 4 -> null - labels = { - "app" = "meilisearch-clean-tasks" - "app.kubernetes.io/created-by" = "github-actions" - "app.kubernetes.io/managed-by" = "terraform" - "app.kubernetes.io/part-of" = "meilisearch-clean-tasks" - "app.kubernetes.io/version" = "v0.30" - "kubernetes.io/name" = "meilisearch-clean-tasks" - "version" = "v0.30" } -> null - name = "meilisearch-clean-tasks" -> null - namespace = "production" -> null - resource_version = "28385776192" -> null - uid = "9756ab03-978d-4d20-87c1-827abd59e8d0" -> null } - spec { - concurrency_policy = "Forbid" -> null - failed_jobs_history_limit = 2 -> null - schedule = "0 0 * * *" -> null - starting_deadline_seconds = 0 -> null - successful_jobs_history_limit = 1 -> null - suspend = false -> null - job_template { - metadata { - annotations = {} -> null - generation = 0 -> null - labels = { - "app" = "meilisearch-clean-tasks" - "app.kubernetes.io/created-by" = "github-actions" - "app.kubernetes.io/managed-by" = "terraform" - "app.kubernetes.io/part-of" = "meilisearch-clean-tasks" - "app.kubernetes.io/version" = "v0.30" - "kubernetes.io/name" = "meilisearch-clean-tasks" - "version" = "v0.30" } -> null } - spec { - active_deadline_seconds = 600 -> null - backoff_limit = 0 -> null - completion_mode = "NonIndexed" -> null - completions = 1 -> null - manual_selector = false -> null - parallelism = 1 -> null - ttl_seconds_after_finished = "0" -> null - template { - metadata { - annotations = { - "prometheus.io/path" = "/metrics" - "prometheus.io/port" = "8080" - "prometheus.io/scrape" = "false" } -> null - generation = 0 -> null - labels = { - "app" = "meilisearch-clean-tasks" - "app.kubernetes.io/created-by" = "github-actions" - "app.kubernetes.io/managed-by" = "terraform" - "kubernetes.io/name" = "meilisearch-clean-tasks" - "version" = "v0.30" } -> null } - spec { - active_deadline_seconds = 0 -> null - automount_service_account_token = true -> null - dns_policy = "ClusterFirst" -> null - enable_service_links = true -> null - host_ipc = false -> null - host_network = false -> null - host_pid = false -> null - node_selector = { - "nodepool" = "small" } -> null - restart_policy = "OnFailure" -> null - share_process_namespace = false -> null - termination_grace_period_seconds = 30 -> null - container { - args = [ - "--fail", - "-X", - "DELETE", - "http://meilisearch:7700/tasks?statuses=failed,canceled,succeeded", - "-H", - "Authorization: Bearer $(MEILI_MASTER_KEY)", - "-H", - "Content-Type: application/json", ] -> null - command = [] -> null - image = "curlimages/curl:7.86.0" -> null - image_pull_policy = "IfNotPresent" -> null - name = "meilisearch-clean-tasks" -> null - stdin = false -> null - stdin_once = false -> null - termination_message_path = "/dev/termination-log" -> null - termination_message_policy = "File" -> null - tty = false -> null - env { - name = "MEILI_MASTER_KEY" -> null - value_from { - secret_key_ref { - key = "MEILI_MASTER_KEY" -> null - name = "meilisearch-token" -> null - optional = false -> null } } } - resources { - limits = { - "memory" = "128Mi" } -> null - requests = { - "cpu" = "100m" - "memory" = "128Mi" } -> null } - security_context { - allow_privilege_escalation = false -> null - privileged = false -> null - read_only_root_filesystem = false -> null - run_as_group = "1000" -> null - run_as_non_root = true -> null - run_as_user = "1000" -> null } } - image_pull_secrets { - name = "ghcr-creds" -> null } - security_context { - fs_group = "1000" -> null - run_as_group = "1000" -> null - run_as_non_root = true -> null - run_as_user = "1000" -> null - supplemental_groups = [] -> null } } } } } } - timeouts {} } # module.s42.module.webhooks_processor.kubernetes_deployment.app[0] will be updated in-place ~ resource "kubernetes_deployment" "app" { id = "production/webhooks-processor" # (1 unchanged attribute hidden) ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "webhooks-processor" # (5 unchanged attributes hidden) } ~ spec { # (5 unchanged attributes hidden) ~ template { ~ metadata { ~ labels = { ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } # (2 unchanged attributes hidden) } ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "ghcr.io/42atomys/stud42:v0.24" -> "ghcr.io/42atomys/stud42:latest" name = "webhooks-processor" # (8 unchanged attributes hidden) # (20 unchanged blocks hidden) } # (3 unchanged blocks hidden) } } # (2 unchanged blocks hidden) } } # module.s42.module.webhooks_processor.kubernetes_horizontal_pod_autoscaler_v2.app[0] will be updated in-place ~ resource "kubernetes_horizontal_pod_autoscaler_v2" "app" { id = "production/webhooks-processor" ~ metadata { ~ labels = { ~ "app.kubernetes.io/version" = "v0.24" -> "latest" ~ "version" = "v0.24" -> "latest" # (5 unchanged elements hidden) } name = "webhooks-processor" # (5 unchanged attributes hidden) } # (1 unchanged block hidden) } Plan: 4 to add, 12 to change, 2 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: apps-tfplan To perform exactly these actions, run the following command to apply: terraform apply "apps-tfplan" ```

42atomys / stud42