This app module is used to create a long-running service such as an API, Web App, or Background Worker.
GKE Service is a great choice for APIs, Web Apps, or Background Workers and you do not want to manage a Kubernetes cluster.
Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.
This module uses GCP GKE, which is a technology that allows you to run Kubernetes container applications without managing servers.
When the service is provisioned, it is placed into private subnets on the connected network. As a result, the Fargate Service can route to services on the private network and is accessible on the private network.
To enable public access to the service, add an Ingress capability.
In most cases, a Load Balancer capability is the best choice for exposing as it enables rollout deployments with no downtime.
Additionally, a Load Balancer allows you to split traffic between more than 1 task based on load.
Logs are automatically emitted to AWS Cloudwatch Log Group: /<task-name>.
To access through the Nullstone CLI, use nullstone logs CLI command. (See logs for more information)
Nullstone automatically injects secrets into your GKE Service through environment variables. (They are stored in GCP Secrets Manager and injected by Kubernetes during launch.)
The root file system is configured to be read-only to prevent an attacker from making permanent local changes and prevents binaries from being written to the local filesystem.
To create a persistent file system, add a Datastore to attach volumes or object storage.