Domrev Igor viggin543

## service.yaml
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: api-gateway-backend
spec:
  securityPolicy:
    name: waf-policy
  customRequestHeaders:
{{/*https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#request_headers*/}}
{{/*https://cloud.google.com/load-balancing/docs/https/custom-headers*/}}

## service.yaml
apiVersion: v1
kind: Service
metadata:
  name: api-gateway
  labels:
    app.kubernetes.io/instance: prod-api-gateway
    .
    .
    .

## service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/instance: prod-api-gateway
    .
    .
    .

## bucket.toml
[[redirects]]
from = "/api/*"
to = "https://api.foo-prod.bar/api/:splat"
status = 200
force = true

[[redirects]]
from = "/stage/api/*"
to = "https://api.foo-stage.bar/api/:splat"
status = 200

## bucket.toml
[[redirects]]
from = "/api/*"
to = "https://api.foo-baz.bar/api/:splat"
status = 200
force = true

## bucket.tf
data "google_compute_backend_service" "api-gateway-backend" {
  name = var.project == "foo-staging" ? "k8s-be-00000--0000000000000000" : "k8s-be-11111--1111111111111111"
}

resource "google_compute_url_map" "foo" {
  name        = "foo-foo"
  description = "foo-routes"

  default_service = google_compute_backend_bucket.foo.id

## bucket.tf
resource "google_compute_backend_bucket" "foo_backend" {
  name                    = "foo-backend-bucket"
  description             = "FOO frontend"
  custom_response_headers = ["X-foo: bar"]
  bucket_name             = google_storage_bucket.foo.name
  enable_cdn              = true
  edge_security_policy    = google_compute_security_policy.waf-security-policy.id
  cdn_policy {
    serve_while_stale  = 86400
    client_ttl         = 60

## bucket.tf
resource "google_compute_backend_bucket" "foo_backend" {
  name                    = "foo-backend-bucket"
  description             = "FOO frontend"
  custom_response_headers = ["X-foo: bar"]
  bucket_name             = google_storage_bucket.editor.name
  enable_cdn              = true
  edge_security_policy    = google_compute_security_policy.waf-security-policy.id
  cdn_policy {
    serve_while_stale  = 86400
    client_ttl         = 60

## bucket.tf
data "google_iam_policy" "viewer" {
  binding {
    role = "roles/storage.objectViewer"
    members = [
      "allUsers",
    ]
  }
}
resource "google_storage_bucket_iam_policy" "foo-public-read" {
  bucket      = google_storage_bucket.editor.name

## bucket.tf
resource "google_storage_bucket" "foo-bucket" {
  name     = "${var.project}-foo"
  location = "US"

  website {
    main_page_suffix = "index.html"
    not_found_page   = "404.html"
  }

  uniform_bucket_level_access = true
	apiVersion: cloud.google.com/v1
	kind: BackendConfig
	metadata:
	name: api-gateway-backend
	spec:
	securityPolicy:
	name: waf-policy
	customRequestHeaders:
	{{/https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#request_headers/}}
	{{/https://cloud.google.com/load-balancing/docs/https/custom-headers/}}
	apiVersion: v1
	kind: Service
	metadata:
	name: api-gateway
	labels:
	app.kubernetes.io/instance: prod-api-gateway
	.
	.
	.
	[[redirects]]
	from = "/api/*"
	to = "https://api.foo-prod.bar/api/:splat"
	status = 200
	force = true

	[[redirects]]
	from = "/stage/api/*"
	to = "https://api.foo-stage.bar/api/:splat"
	status = 200
	[[redirects]]
	from = "/api/*"
	to = "https://api.foo-baz.bar/api/:splat"
	status = 200
	force = true
	data "google_compute_backend_service" "api-gateway-backend" {
	name = var.project == "foo-staging" ? "k8s-be-00000--0000000000000000" : "k8s-be-11111--1111111111111111"
	}

	resource "google_compute_url_map" "foo" {
	name = "foo-foo"
	description = "foo-routes"

	default_service = google_compute_backend_bucket.foo.id
	resource "google_compute_backend_bucket" "foo_backend" {
	name = "foo-backend-bucket"
	description = "FOO frontend"
	custom_response_headers = ["X-foo: bar"]
	bucket_name = google_storage_bucket.foo.name
	enable_cdn = true
	edge_security_policy = google_compute_security_policy.waf-security-policy.id
	cdn_policy {
	serve_while_stale = 86400
	client_ttl = 60
	data "google_iam_policy" "viewer" {
	binding {
	role = "roles/storage.objectViewer"
	members = [
	"allUsers",
	]
	}
	}
	resource "google_storage_bucket_iam_policy" "foo-public-read" {
	bucket = google_storage_bucket.editor.name
	resource "google_storage_bucket" "foo-bucket" {
	name = "${var.project}-foo"
	location = "US"

	website {
	main_page_suffix = "index.html"
	not_found_page = "404.html"
	}

	uniform_bucket_level_access = true