113 lines
2.5 KiB
YAML
113 lines
2.5 KiB
YAML
# Google Cloud Load Balancer Configuration
|
|
# This configuration uses GCP-native load balancing
|
|
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: veza-backend-api-lb
|
|
namespace: veza-production
|
|
annotations:
|
|
# Use GCP Load Balancer
|
|
cloud.google.com/load-balancer-type: "Internal" # or "External"
|
|
cloud.google.com/backend-config: '{"default": "veza-backend-config"}'
|
|
cloud.google.com/neg: '{"ingress": true}'
|
|
spec:
|
|
type: LoadBalancer
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
targetPort: 8080
|
|
protocol: TCP
|
|
selector:
|
|
app: veza-backend-api
|
|
---
|
|
# BackendConfig for GCP Load Balancer
|
|
apiVersion: cloud.google.com/v1
|
|
kind: BackendConfig
|
|
metadata:
|
|
name: veza-backend-config
|
|
namespace: veza-production
|
|
spec:
|
|
# Health checks
|
|
healthCheck:
|
|
checkIntervalSec: 10
|
|
timeoutSec: 5
|
|
healthyThreshold: 2
|
|
unhealthyThreshold: 3
|
|
type: HTTP
|
|
requestPath: /health
|
|
port: 8080
|
|
|
|
# Session affinity
|
|
sessionAffinity:
|
|
affinityType: "CLIENT_IP"
|
|
affinityCookieTtlSec: 3600
|
|
|
|
# Connection draining
|
|
connectionDraining:
|
|
drainingTimeoutSec: 60
|
|
|
|
# Timeout
|
|
timeoutSec: 60
|
|
|
|
# IAP (Identity-Aware Proxy) - optional
|
|
# iap:
|
|
# enabled: true
|
|
# oauthclientCredentials:
|
|
# secretName: iap-oauth-credentials
|
|
|
|
# CDN - optional
|
|
# cdn:
|
|
# enabled: true
|
|
# cachePolicy:
|
|
# includeHost: true
|
|
# includeProtocol: true
|
|
# includeQueryString: true
|
|
---
|
|
# FrontendConfig for SSL policies
|
|
apiVersion: networking.gke.io/v1beta1
|
|
kind: FrontendConfig
|
|
metadata:
|
|
name: veza-frontend-config
|
|
namespace: veza-production
|
|
spec:
|
|
sslPolicy: "modern"
|
|
redirectToHttps:
|
|
enabled: true
|
|
responseCodeName: "MOVED_PERMANENTLY_DEFAULT"
|
|
---
|
|
# Ingress for GCP Load Balancer
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: veza-ingress-gcp
|
|
namespace: veza-production
|
|
annotations:
|
|
kubernetes.io/ingress.class: "gce"
|
|
kubernetes.io/ingress.global-static-ip-name: "veza-static-ip"
|
|
networking.gke.io/managed-certificates: "veza-ssl-cert"
|
|
networking.gke.io/v1beta1.FrontendConfig: "veza-frontend-config"
|
|
spec:
|
|
rules:
|
|
- host: api.veza.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: veza-backend-api
|
|
port:
|
|
number: 8080
|
|
---
|
|
# ManagedCertificate for automatic SSL
|
|
apiVersion: networking.gke.io/v1
|
|
kind: ManagedCertificate
|
|
metadata:
|
|
name: veza-ssl-cert
|
|
namespace: veza-production
|
|
spec:
|
|
domains:
|
|
- api.veza.com
|
|
- app.veza.com
|
|
|