Adding wildduck for testing

share/wildduck/mongo.tf

@@ -0,0 +1,101 @@
+locals {
+  mongo-labels = merge(local.common-labels, {
+    "app.kubernetes.io/component" = "mongo"
+  })
+}
+resource "kubectl_manifest" "prj_mongo_secret" {
+  ignore_fields = ["metadata.annotations"]
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${var.instance}-${var.component}-mongo"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    spec:
+      forceRegenerate: false
+      fields:
+      - fieldName: "password"
+        length: "16"
+  EOF
+}
+data "kubernetes_secret_v1" "prj_mongo_secret" {
+  depends_on = [ kubectl_manifest.prj_mongo_secret ]
+  metadata {
+    name = "${var.instance}-${var.component}-mongo"
+    namespace = var.namespace
+  }
+}
+locals {
+  mongo-password = data.kubernetes_secret_v1.prj_mongo_secret.data["password"]
+}
+resource "kubectl_manifest" "prj_mongo" {
+  yaml_body  = <<-EOF
+    apiVersion: mongodbcommunity.mongodb.com/v1
+    kind: MongoDBCommunity
+    metadata:
+      name: "${var.instance}-${var.component}-mongo"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    spec:
+      members: 1
+      type: ReplicaSet
+      version: "4.4.0"
+      security:
+        authentication:
+          modes: ["SCRAM"]
+      users:
+      - db: ${var.component}
+        name: ${var.component}
+        passwordSecretRef:
+          name: "${var.instance}-${var.component}-mongo"
+        roles:
+        - db: ${var.component}
+          name: readWrite
+        scramCredentialsSecretName: "${var.instance}-${var.component}-mongo-scram"
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_sa" {
+  yaml_body  = <<-EOF
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_role" {
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    rules:
+    - apiGroups: [""]
+      resources: ["secrets"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["patch", "delete", "get"]
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_rb" {
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    subjects:
+    - kind: ServiceAccount
+      name: mongodb-database
+    roleRef:
+      kind: Role
+      name: mongodb-database
+      apiGroup: rbac.authorization.k8s.io
+  EOF
+}