fix
This commit is contained in:
104
apps/wordpress/database.tf
Normal file
104
apps/wordpress/database.tf
Normal file
@@ -0,0 +1,104 @@
|
||||
resource "random_password" "mysql_root_pass" {
|
||||
length = 32
|
||||
special = false
|
||||
}
|
||||
resource "random_password" "mysql_comp_pass" {
|
||||
length = 32
|
||||
special = false
|
||||
}
|
||||
locals {
|
||||
mysql_host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"
|
||||
mysql_username = "root"
|
||||
mysql_password = random_password.mysql_root_pass.result
|
||||
}
|
||||
resource "kubectl_manifest" "mysql_root_pass" {
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}-mysql-root"
|
||||
labels: ${jsonencode(local.common_labels)}
|
||||
namespace: ${var.namespace}
|
||||
stringData:
|
||||
password: "${random_password.mysql_root_pass.result}"
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "ndb" {
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: mysql.oracle.com/v1
|
||||
kind: NdbCluster
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}"
|
||||
labels: ${jsonencode(local.db_labels)}
|
||||
namespace: ${var.namespace}
|
||||
spec:
|
||||
redundancyLevel: 1
|
||||
dataNode:
|
||||
nodeCount: 1
|
||||
pvcSpec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
mysqlNode:
|
||||
nodeCount: 1
|
||||
rootPasswordSecretName: ${kubectl_manifest.mysql_root_pass.name}
|
||||
myCnf: |
|
||||
[mysqld]
|
||||
default_storage_engine=NDBCLUSTER
|
||||
EOF
|
||||
}
|
||||
resource "time_sleep" "wait_ndb_ready" {
|
||||
depends_on = [kubectl_manifest.ndb]
|
||||
create_duration = "180s"
|
||||
}
|
||||
resource "mysql_database" "component" {
|
||||
depends_on = [ time_sleep.wait_ndb_ready, kubectl_manifest.ndb ]
|
||||
name = var.component
|
||||
}
|
||||
resource "mysql_user" "component" {
|
||||
depends_on = [ time_sleep.wait_ndb_ready, kubectl_manifest.ndb ]
|
||||
user = var.component
|
||||
host = "%.${module.service.default_definition.name}.${var.namespace}.%"
|
||||
plaintext_password = random_password.mysql_comp_pass.result
|
||||
}
|
||||
resource "mysql_grant" "component" {
|
||||
user = mysql_user.component.user
|
||||
host = mysql_user.component.host
|
||||
database = mysql_database.component.name
|
||||
privileges = ["ALL"]
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "pre_backup_pod_db" {
|
||||
count = var.backups.enable?1:0
|
||||
ignore_fields = ["metadata.annotations"]
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: k8up.io/v1
|
||||
kind: PreBackupPod
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}-db"
|
||||
namespace: "${var.namespace}"
|
||||
labels: ${jsonencode(local.secrets_labels)}
|
||||
spec:
|
||||
backupCommand: mysqldump --all-databases --password=$$MYSQL_PWD --host=${var.instance}-${var.component}-mysqld.${var.namespace}.svc --no-create-db --add-drop-table
|
||||
pod:
|
||||
spec:
|
||||
containers:
|
||||
- command:
|
||||
- cat
|
||||
env:
|
||||
- name: MYSQL_PWD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: "${kubectl_manifest.mysql_root_pass.name}"
|
||||
image: "${var.images.mysql.registry}/${var.images.mysql.repository}:${var.images.mysql.tag}"
|
||||
imagePullPolicy: "${var.images.mysql.pull_policy}"
|
||||
name: secret
|
||||
tty: true
|
||||
serviceAccount: backup-secret
|
||||
serviceAccountName: backup-secret
|
||||
EOF
|
||||
}
|
||||
Reference in New Issue
Block a user