resource "hcloud_load_balancer" "ingress" {
  name               = "cthulhu-ingress"
  load_balancer_type = "lb11"
  location           = "fsn1"
  labels = {
    "env"              = "production"
    "k8s.cluster.name" = "cthulhu"
  }
}

resource "hcloud_load_balancer_target" "ingress" {
  type           = "label_selector"
  label_selector = "k8s.node.role=worker"
  use_private_ip = true

  load_balancer_id = hcloud_load_balancer.ingress.id

  depends_on = [hcloud_load_balancer_network.ingress_to_network]
}

resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" {
  load_balancer_id = hcloud_load_balancer.ingress.id
  protocol         = "tcp"
  listen_port      = 80
  destination_port = 32080
  proxyprotocol    = true

  health_check {
    protocol = "http"
    port     = 32080
    interval = 5
    timeout  = 3
    retries  = 1

    http {
      path = "/healthz"

      status_codes = ["2??", "3??"]
    }
  }
}

resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" {
  load_balancer_id = hcloud_load_balancer.ingress.id
  protocol         = "tcp"
  listen_port      = 443
  destination_port = 32443
  proxyprotocol    = true

  health_check {
    protocol = "http"
    port     = 32080
    interval = 5
    timeout  = 3
    retries  = 1

    http {
      path = "/healthz"

      status_codes = ["2??", "3??"]
    }
  }
}

resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz" {
  zone_id = data.cloudflare_zone.vxm_cz.id
  name    = "ingress.cthulhu.k8s"
  value   = hcloud_load_balancer.ingress.ipv4
  type    = "A"
  proxied = false
}

resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz_ipv6" {
  zone_id = data.cloudflare_zone.vxm_cz.id
  name    = "ingress.cthulhu.k8s"
  value   = hcloud_load_balancer.ingress.ipv6
  type    = "AAAA"
  proxied = false
}

resource "hcloud_load_balancer_network" "ingress_to_network" {
  load_balancer_id = hcloud_load_balancer.ingress.id
  network_id       = hcloud_network.cthulhu.id
  ip               = cidrhost(hcloud_network_subnet.service.ip_range, 1)
}