fix

2023-10-07 23:35:53 +02:00
parent 5981587652
commit bb5c66b398
2 changed files with 208 additions and 0 deletions
--- a/share/dataset-mongo/index.yaml
+++ b/share/dataset-mongo/index.yaml
@@ -0,0 +1,77 @@
+---
+apiVersion: vinyl.solidite.fr/v1beta1
+kind: Component
+category: share
+metadata:
+  name: dataset-mongo
+  description: null
+options:
+  image:
+    default:
+      pullPolicy: IfNotPresent
+    examples:
+    - pullPolicy: IfNotPresent
+    properties:
+      pullPolicy:
+        default: IfNotPresent
+        enum:
+        - Always
+        - Never
+        - IfNotPresent
+        type: string
+    type: object
+  cacheSizeGB:
+    default: 1
+    examples:
+    - 1
+    type: integer
+  ressources:
+    default:
+      limits:
+        cpu: '1'
+        memory: 1100M
+      requests:
+        cpu: '0.3'
+        memory: 400M
+    examples:
+    - limits:
+        cpu: '1'
+        memory: 1100M
+      requests:
+        cpu: '0.3'
+        memory: 400M
+    properties:
+      limits:
+        default:
+          cpu: '1'
+          memory: 1100M
+        properties:
+          cpu:
+            default: '1'
+            type: string
+          memory:
+            default: 1100M
+            type: string
+        type: object
+      requests:
+        default:
+          cpu: '0.3'
+          memory: 400M
+        properties:
+          cpu:
+            default: '0.3'
+            type: string
+          memory:
+            default: 400M
+            type: string
+        type: object
+    type: object
+dependencies: []
+providers:
+  kubernetes: true
+  authentik: null
+  kubectl: true
+  postgresql: null
+  restapi: null
+  http: null
+tfaddtype: null
--- a/share/dataset-mongo/mongo.tf
+++ b/share/dataset-mongo/mongo.tf
@@ -0,0 +1,131 @@
+locals {
+  mongo-labels = merge(local.common-labels, {
+    "app.kubernetes.io/component" = "mongo"
+  })
+}
+resource "kubectl_manifest" "prj_mongo_secret" {
+  ignore_fields = ["metadata.annotations"]
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${var.instance}-${var.component}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    spec:
+      forceRegenerate: false
+      fields:
+      - fieldName: "password"
+        length: "16"
+  EOF
+}
+data "kubernetes_secret_v1" "prj_mongo_secret" {
+  depends_on = [ kubectl_manifest.prj_mongo_secret ]
+  metadata {
+    name = "${var.instance}-${var.component}"
+    namespace = var.namespace
+  }
+}
+locals {
+  mongo-password = data.kubernetes_secret_v1.prj_mongo_secret.data["password"]
+}
+resource "kubectl_manifest" "prj_mongo" {
+  yaml_body  = <<-EOF
+    apiVersion: mongodbcommunity.mongodb.com/v1
+    kind: MongoDBCommunity
+    metadata:
+      name: "${var.instance}-${var.component}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    spec:
+      members: 1
+      type: ReplicaSet
+      version: "4.4.0"
+      statefulSet:
+        spec:
+          template:
+            metadata:
+              annotations:
+                "k8up.io/backupcommand": "sh -c 'mongodump --username=$MONGODB_USER --password=$MONGODB_PASSWORD mongodb://localhost/$MONGODB_NAME --archive'"
+                "k8up.io/file-extension": ".archive"
+            spec:
+              containers:
+              - name: mongod
+                imagePullPolicy: "${var.image.pullPolicy}"
+                resources:
+                  limits:
+                    cpu: "${var.ressources.limits.cpu}"
+                    memory: "${var.ressources.limits.memory}"
+                  requests:
+                    cpu: "${var.ressources.requests.cpu}"
+                    memory: "${var.ressources.requests.memory}"
+                env:
+                - name: MONGODB_NAME
+                  value: ${var.instance}
+                - name: MONGODB_USER
+                  value: ${var.instance}
+                - name: MONGODB_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: "${var.instance}-${var.component}"
+                      key: password
+      security:
+        authentication:
+          modes: ["SCRAM"]
+      additionalMongodConfig:
+        storage.wiredTiger.engineConfig.cacheSizeGB: ${var.cacheSizeGB}
+      users:
+      - name: ${var.component}
+        db: ${var.component}
+        passwordSecretRef:
+          name: "${var.instance}-${var.component}"
+        roles:
+        - db: ${var.component}
+          name: readWrite
+        scramCredentialsSecretName: "${var.instance}-${var.component}-scram"
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_sa" {
+  yaml_body  = <<-EOF
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_role" {
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    rules:
+    - apiGroups: [""]
+      resources: ["secrets"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["patch", "delete", "get"]
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_rb" {
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    subjects:
+    - kind: ServiceAccount
+      name: mongodb-database
+    roleRef:
+      kind: Role
+      name: mongodb-database
+      apiGroup: rbac.authorization.k8s.io
+  EOF
+}