From bb5c66b398ecc8998d5dd6bdb4d8fa5d890ef9eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sat, 7 Oct 2023 23:35:53 +0200 Subject: [PATCH] fix --- share/dataset-mongo/index.yaml | 77 +++++++++++++++++++ share/dataset-mongo/mongo.tf | 131 +++++++++++++++++++++++++++++++++ 2 files changed, 208 insertions(+) create mode 100644 share/dataset-mongo/index.yaml create mode 100644 share/dataset-mongo/mongo.tf diff --git a/share/dataset-mongo/index.yaml b/share/dataset-mongo/index.yaml new file mode 100644 index 0000000..027c792 --- /dev/null +++ b/share/dataset-mongo/index.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: share +metadata: + name: dataset-mongo + description: null +options: + image: + default: + pullPolicy: IfNotPresent + examples: + - pullPolicy: IfNotPresent + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + type: object + cacheSizeGB: + default: 1 + examples: + - 1 + type: integer + ressources: + default: + limits: + cpu: '1' + memory: 1100M + requests: + cpu: '0.3' + memory: 400M + examples: + - limits: + cpu: '1' + memory: 1100M + requests: + cpu: '0.3' + memory: 400M + properties: + limits: + default: + cpu: '1' + memory: 1100M + properties: + cpu: + default: '1' + type: string + memory: + default: 1100M + type: string + type: object + requests: + default: + cpu: '0.3' + memory: 400M + properties: + cpu: + default: '0.3' + type: string + memory: + default: 400M + type: string + type: object + type: object +dependencies: [] +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + restapi: null + http: null +tfaddtype: null diff --git a/share/dataset-mongo/mongo.tf b/share/dataset-mongo/mongo.tf new file mode 100644 index 0000000..25af9be --- /dev/null +++ b/share/dataset-mongo/mongo.tf @@ -0,0 +1,131 @@ +locals { + mongo-labels = merge(local.common-labels, { + "app.kubernetes.io/component" = "mongo" + }) +} +resource "kubectl_manifest" "prj_mongo_secret" { + ignore_fields = ["metadata.annotations"] + yaml_body = <<-EOF + apiVersion: "secretgenerator.mittwald.de/v1alpha1" + kind: "StringSecret" + metadata: + name: "${var.instance}-${var.component}" + namespace: "${var.namespace}" + labels: ${jsonencode(local.mongo-labels)} + spec: + forceRegenerate: false + fields: + - fieldName: "password" + length: "16" + EOF +} +data "kubernetes_secret_v1" "prj_mongo_secret" { + depends_on = [ kubectl_manifest.prj_mongo_secret ] + metadata { + name = "${var.instance}-${var.component}" + namespace = var.namespace + } +} +locals { + mongo-password = data.kubernetes_secret_v1.prj_mongo_secret.data["password"] +} +resource "kubectl_manifest" "prj_mongo" { + yaml_body = <<-EOF + apiVersion: mongodbcommunity.mongodb.com/v1 + kind: MongoDBCommunity + metadata: + name: "${var.instance}-${var.component}" + namespace: "${var.namespace}" + labels: ${jsonencode(local.mongo-labels)} + spec: + members: 1 + type: ReplicaSet + version: "4.4.0" + statefulSet: + spec: + template: + metadata: + annotations: + "k8up.io/backupcommand": "sh -c 'mongodump --username=$MONGODB_USER --password=$MONGODB_PASSWORD mongodb://localhost/$MONGODB_NAME --archive'" + "k8up.io/file-extension": ".archive" + spec: + containers: + - name: mongod + imagePullPolicy: "${var.image.pullPolicy}" + resources: + limits: + cpu: "${var.ressources.limits.cpu}" + memory: "${var.ressources.limits.memory}" + requests: + cpu: "${var.ressources.requests.cpu}" + memory: "${var.ressources.requests.memory}" + env: + - name: MONGODB_NAME + value: ${var.instance} + - name: MONGODB_USER + value: ${var.instance} + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: "${var.instance}-${var.component}" + key: password + security: + authentication: + modes: ["SCRAM"] + additionalMongodConfig: + storage.wiredTiger.engineConfig.cacheSizeGB: ${var.cacheSizeGB} + users: + - name: ${var.component} + db: ${var.component} + passwordSecretRef: + name: "${var.instance}-${var.component}" + roles: + - db: ${var.component} + name: readWrite + scramCredentialsSecretName: "${var.instance}-${var.component}-scram" + EOF +} +resource "kubectl_manifest" "prj_mongo_sa" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ServiceAccount + metadata: + name: "mongodb-database" + namespace: "${var.namespace}" + labels: ${jsonencode(local.mongo-labels)} + EOF +} +resource "kubectl_manifest" "prj_mongo_role" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: "mongodb-database" + namespace: "${var.namespace}" + labels: ${jsonencode(local.mongo-labels)} + rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["patch", "delete", "get"] + EOF +} +resource "kubectl_manifest" "prj_mongo_rb" { + yaml_body = <<-EOF + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: "mongodb-database" + namespace: "${var.namespace}" + labels: ${jsonencode(local.mongo-labels)} + subjects: + - kind: ServiceAccount + name: mongodb-database + roleRef: + kind: Role + name: mongodb-database + apiGroup: rbac.authorization.k8s.io + EOF +}