DataBytes-Organisation · echoEclectus · Apr 1, 2025 · Apr 5, 2025 · Apr 5, 2025 · Apr 5, 2025
diff --git a/kubernetes/manifests/engine/echo-engine-deployment.yaml b/kubernetes/manifests/engine/echo-engine-deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echo-engine
+  namespace: echo-system
+  labels:
+    app: echo-engine
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: echo-engine
+  template:
+    metadata:
+      labels:
+        app: echo-engine
+    spec:
+      containers:
+        - name: echo-engine
+          image: australia-southeast2-docker.pkg.dev/sit-23t1-project-echo-25288b9/project-echo/echo-engine:v1.0.0
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          resources:
+            requests:
+              cpu: "500m"
+              memory: "512Mi"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8080
diff --git a/kubernetes/manifests/engine/echo-engine-service.yaml b/kubernetes/manifests/engine/echo-engine-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: echo-engine
+  namespace: echo-system
+spec:
+  selector:
+    app: echo-engine
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+  type: ClusterIP
+
diff --git a/terraform/root_modules/terraform_state_bucket/bucket.tf b/terraform/root_modules/terraform_state_bucket/bucket.tf
@@ -7,4 +7,32 @@ resource "google_storage_bucket" "tooling_state" {
   versioning {
     enabled = true
   }
+
+  lifecycle_rule {
+    action {
+      type = "Delete"
+    }
+    condition {
+      age = 90 # Auto-delete old state files after 90 days
+    }
+  }
+
+  encryption {
+    default_kms_key_name = google_kms_crypto_key.terraform_state_key.id
+  }
+}
+
+# KMS key for state encryption
+resource "google_kms_crypto_key" "terraform_state_key" {
+  name     = "terraform-state-key"
+  key_ring = google_kms_key_ring.terraform_key_ring.id
+  purpose  = "ENCRYPT_DECRYPT"
+  lifecycle {
+    prevent_destroy = true # Makes KMS key undeletable
+  }
+}
+
+resource "google_kms_key_ring" "terraform_key_ring" {
+  name     = "terraform-state-keyring"
+  location = var.gcp_default_region
 }