feat: support per-route timeout overrides for ingress path rules

[djeebus]

Changes the additional_api_paths_handled_by_ingress variable from list(string) to also accepting list(object({ paths, timeout_sec? })). Each entry now creates its own path_rule, and when timeout_sec is set, it adds a route_action.timeout that overrides the ingress backend default (80s). Fully backwards compatible.

Also move traefik configuration to a config file, and support extra config files.

This was done in order to increase timeouts for specific paths, and enhance our ability to configure traefik per environment without exposing new variables.

[cursor]

PR Summary

Medium Risk
Touches ingress routing and proxy configuration across GCP/AWS modules; misconfiguration could change request routing or timeouts and impact availability. Backward-compat normalization reduces migration risk but still alters variable types and template rendering paths.

Overview
Adds per-route timeout overrides for GCP load balancer path rules by allowing additional_api_paths_handled_by_ingress to accept structured entries (paths + optional timeout_sec) and introducing an ingress_timeout_seconds default for the ingress backend service. Refactors the Nomad ingress/Traefik job to use a generated traefik.toml config file plus optional extra dynamic config files via the file provider, replacing the prior additional_traefik_arguments plumbing and propagating the new traefik_config_files variable through AWS and GCP Terraform modules.

^{Written by Cursor Bugbot for commit 62ed9e9. This will update automatically on new commits. Configure here.}

[dobrac]

LGTM, but please address the bot comments first

[sitole]

Ping me when ready i will approve it 🙏🏼
Please make sure all our deploy ENVs for clusters are configured properly before merging.

[sitole]

Please provide default

[djeebus]

Are we planning on using these outside of provider-aws / provider-gcp? If we're not, I'm passing the values in from both modules. so defaults are never used. Adding defaults only hides the fact that we forgot to implement the configuration in aws or gcp.

If we're planning on publishing these modules to terraform (for example) or having people use them on their own, then the default is still useful.

[sitole]

Do we already have examples of what we want to reconfigure? I did not find any relevant PR using this.

[djeebus]

Using this feature we (and anyone else) can configure traefik any way they want. New files could override logging, improve tracing, add routers, etc. We'll be using it to increase timeouts for specific paths, but that'll be done directly in runtime configuration.

[sitole]

Can we set a default here?

[sitole]

The network module is used in our closed-source code, so you don't need to redefine it imho.

[djeebus]

This default would never be used; we pass a value in to network/variables.tf explicitly. We define a default in iac/provider-gcp/variables.tf though, which is used and passed up the chain to here.

[sitole]

Empty default here would be nice

[djeebus]

The default is defined in iac/provider-gcp/variables.tf and propagated here.

[sitole]

I think there is a missing change in the makefile to remove old and add new vars.

[djeebus]

No need, we support both the old and new versions (as of the latest commit)

[djeebus]

Ping me when ready i will approve it 🙏🏼 Please make sure all our deploy ENVs for clusters are configured properly before merging.

No changes are necessary; this is backwards compatible, and new values don't need to be added until after we merge this.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

resolved all bot comments