sudacode/dotfiles
1
0
Fork 0
mirror of https://github.com/ksyasuda/dotfiles.git synced 2026-03-21 18:11:27 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
872fc61ba53977bc0ffd9b5bdacdb29a7265510c
dotfiles/.agents/skills/cloudflare-deploy/references/terraform/configuration.md
sudacode f9a530667e update skills
2026-03-17 16:53:22 -07:00

198 lines
7.4 KiB
Markdown
Raw Blame History

# Terraform Configuration Reference
Complete resource configurations for Cloudflare infrastructure.
## Zone & DNS
```hcl
# Zone + settings
resource "cloudflare_zone" "example" { account = { id = var.account_id }; name = "example.com"; type = "full" }
resource "cloudflare_zone_settings_override" "example" {
zone_id = cloudflare_zone.example.id
settings { ssl = "strict"; always_use_https = "on"; min_tls_version = "1.2"; tls_1_3 = "on"; http3 = "on" }
}
# DNS records (A, CNAME, MX, TXT)
resource "cloudflare_dns_record" "www" {
zone_id = cloudflare_zone.example.id; name = "www"; content = "192.0.2.1"; type = "A"; proxied = true
}
resource "cloudflare_dns_record" "mx" {
for_each = { "10" = "mail1.example.com", "20" = "mail2.example.com" }
zone_id = cloudflare_zone.example.id; name = "@"; content = each.value; type = "MX"; priority = each.key
}
```
## Workers
### Simple Pattern (Legacy - Still Works)
```hcl
resource "cloudflare_workers_script" "api" {
account_id = var.account_id; name = "api-worker"; content = file("worker.js")
module = true; compatibility_date = "2025-01-01"
kv_namespace_binding { name = "KV"; namespace_id = cloudflare_workers_kv_namespace.cache.id }
r2_bucket_binding { name = "BUCKET"; bucket_name = cloudflare_r2_bucket.assets.name }
d1_database_binding { name = "DB"; database_id = cloudflare_d1_database.app.id }
secret_text_binding { name = "SECRET"; text = var.secret }
}
```
### Gradual Rollouts (Recommended for Production)
```hcl
resource "cloudflare_worker" "api" { account_id = var.account_id; name = "api-worker" }
resource "cloudflare_worker_version" "api_v1" {
account_id = var.account_id; worker_name = cloudflare_worker.api.name
content = file("worker.js"); content_sha256 = filesha256("worker.js")
compatibility_date = "2025-01-01"
bindings {
kv_namespace { name = "KV"; namespace_id = cloudflare_workers_kv_namespace.cache.id }
r2_bucket { name = "BUCKET"; bucket_name = cloudflare_r2_bucket.assets.name }
}
}
resource "cloudflare_workers_deployment" "api" {
account_id = var.account_id; worker_name = cloudflare_worker.api.name
versions { version_id = cloudflare_worker_version.api_v1.id; percentage = 100 }
}
```
### Worker Binding Types (v5)
| Binding | Attribute | Example |
|---------|-----------|---------|
| KV | `kv_namespace_binding` | `{ name = "KV", namespace_id = "..." }` |
| R2 | `r2_bucket_binding` | `{ name = "BUCKET", bucket_name = "..." }` |
| D1 | `d1_database_binding` | `{ name = "DB", database_id = "..." }` |
| Service | `service_binding` | `{ name = "AUTH", service = "auth-worker" }` |
| Secret | `secret_text_binding` | `{ name = "API_KEY", text = "..." }` |
| Queue | `queue_binding` | `{ name = "QUEUE", queue_name = "..." }` |
| Vectorize | `vectorize_binding` | `{ name = "INDEX", index_name = "..." }` |
| Hyperdrive | `hyperdrive_binding` | `{ name = "DB", id = "..." }` |
| AI | `ai_binding` | `{ name = "AI" }` |
| Browser | `browser_binding` | `{ name = "BROWSER" }` |
| Analytics | `analytics_engine_binding` | `{ name = "ANALYTICS", dataset = "..." }` |
| mTLS | `mtls_certificate_binding` | `{ name = "CERT", certificate_id = "..." }` |
### Routes & Triggers
```hcl
resource "cloudflare_worker_route" "api" {
zone_id = cloudflare_zone.example.id; pattern = "api.example.com/*"
script_name = cloudflare_workers_script.api.name
}
resource "cloudflare_worker_cron_trigger" "task" {
account_id = var.account_id; script_name = cloudflare_workers_script.api.name
schedules = ["*/5 * * * *"]
}
```
## Storage (KV, R2, D1)
```hcl
# KV
resource "cloudflare_workers_kv_namespace" "cache" { account_id = var.account_id; title = "cache" }
resource "cloudflare_workers_kv" "config" {
account_id = var.account_id; namespace_id = cloudflare_workers_kv_namespace.cache.id
key_name = "config"; value = jsonencode({ version = "1.0" })
}
# R2
resource "cloudflare_r2_bucket" "assets" { account_id = var.account_id; name = "assets"; location = "WNAM" }
# D1 (migrations via wrangler) & Queues
resource "cloudflare_d1_database" "app" { account_id = var.account_id; name = "app-db" }
resource "cloudflare_queue" "events" { account_id = var.account_id; name = "events-queue" }
```
## Pages
```hcl
resource "cloudflare_pages_project" "site" {
account_id = var.account_id; name = "site"; production_branch = "main"
deployment_configs {
production {
compatibility_date = "2025-01-01"
environment_variables = { NODE_ENV = "production" }
kv_namespaces = { KV = cloudflare_workers_kv_namespace.cache.id }
d1_databases = { DB = cloudflare_d1_database.app.id }
}
}
build_config { build_command = "npm run build"; destination_dir = "dist" }
source { type = "github"; config { owner = "org"; repo_name = "site"; production_branch = "main" }}
}
resource "cloudflare_pages_domain" "custom" {
account_id = var.account_id; project_name = cloudflare_pages_project.site.name; domain = "site.example.com"
}
```
## Rulesets (WAF, Redirects, Cache)
```hcl
# WAF
resource "cloudflare_ruleset" "waf" {
zone_id = cloudflare_zone.example.id; name = "WAF"; kind = "zone"; phase = "http_request_firewall_custom"
rules { action = "block"; enabled = true; expression = "(cf.client.bot) and not (cf.verified_bot)" }
}
# Redirects
resource "cloudflare_ruleset" "redirects" {
zone_id = cloudflare_zone.example.id; name = "Redirects"; kind = "zone"; phase = "http_request_dynamic_redirect"
rules {
action = "redirect"; enabled = true; expression = "(http.request.uri.path eq \"/old\")"
action_parameters { from_value { status_code = 301; target_url { value = "https://example.com/new" }}}
}
}
# Cache rules
resource "cloudflare_ruleset" "cache" {
zone_id = cloudflare_zone.example.id; name = "Cache"; kind = "zone"; phase = "http_request_cache_settings"
rules {
action = "set_cache_settings"; enabled = true; expression = "(http.request.uri.path matches \"\\.(jpg|png|css|js)$\")"
action_parameters { cache = true; edge_ttl { mode = "override_origin"; default = 86400 }}
}
}
```
## Load Balancers
```hcl
resource "cloudflare_load_balancer_monitor" "http" {
account_id = var.account_id; type = "http"; path = "/health"; interval = 60; timeout = 5
}
resource "cloudflare_load_balancer_pool" "api" {
account_id = var.account_id; name = "api-pool"; monitor = cloudflare_load_balancer_monitor.http.id
origins { name = "api-1"; address = "192.0.2.1" }
origins { name = "api-2"; address = "192.0.2.2" }
}
resource "cloudflare_load_balancer" "api" {
zone_id = cloudflare_zone.example.id; name = "api.example.com"
default_pool_ids = [cloudflare_load_balancer_pool.api.id]; steering_policy = "geo"
}
```
## Access (Zero Trust)
```hcl
resource "cloudflare_access_application" "admin" {
account_id = var.account_id; name = "Admin"; domain = "admin.example.com"; type = "self_hosted"
session_duration = "24h"; allowed_idps = [cloudflare_access_identity_provider.github.id]
}
resource "cloudflare_access_policy" "allow" {
account_id = var.account_id; application_id = cloudflare_access_application.admin.id
name = "Allow"; decision = "allow"; precedence = 1
include { email = ["admin@example.com"] }
}
resource "cloudflare_access_identity_provider" "github" {
account_id = var.account_id; name = "GitHub"; type = "github"
config { client_id = var.github_id; client_secret = var.github_secret }
}
```
## See Also
- [README](./README.md) - Provider setup
- [API](./api.md) - Data sources
- [Patterns](./patterns.md) - Use cases
- [Troubleshooting](./gotchas.md) - Issues
Reference in New Issue View Git Blame Copy Permalink