resource "kubectl_manifest" "authentik_postgresql" {
  yaml_body  = <<-EOF
    apiVersion: "acid.zalan.do/v1"
    kind: "postgresql"
    metadata:
      name: "${var.instance}-${var.component}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      databases:
        ${var.component}: "${var.component}"
      numberOfInstances: ${var.postgres.replicas}
      podAnnotations:
        "k8up.io/backupcommand": "pg_dump -U postgres -d ${var.component} --clean"
        "k8up.io/file-extension": ".sql"
      postgresql:
        version: "${var.postgres.version}"
      teamId: "${var.instance}"
      users:
        ${var.component}:
          - "superuser"
          - "createdb"
      volume:
        size: "${var.postgres.storage}"
  EOF
}

// Since each authentik worker create a new connection to the DB
// lots of logs are created mesuring in GBs of junk
// So a dayly cleanup make sense
resource "kubectl_manifest" "authentik_cleanup_logs_script" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: "${var.instance}-${var.component}-cleanlogs"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    data:
      "clean.sh": |-
        #!/bin/ash
        grep log /pgdata/pgroot/data/postgresql.conf|grep conn
        echo "$(date '+%T') - Enforcing configuration"
        sed -i "s/^log_connections.*/log_connections = 'off'/;s/^log_disconnections.*/log_disconnections = 'off'/" /pgdata/pgroot/data/postgresql.conf
        grep log /pgdata/pgroot/data/postgresql.conf|grep conn
        for i in /pgdata/pgroot/pg_log/*csv;do echo "$(date '+%T') - Cleaning $i";sed -i '/connection/d' "$i";done
        df -h /pgdata/pgroot
  EOF
}
resource "kubectl_manifest" "authentik_cleanup_logs_job" {
  yaml_body  = <<-EOF
    apiVersion: batch/v1
    kind: CronJob
    metadata:
      name: "${var.instance}-${var.component}-cleanlogs"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
      concurrencyPolicy: Forbid
      failedJobsHistoryLimit: 1
      jobTemplate:
        spec:
          template:
            spec:
              containers:
              - image: "${var.postgres.cleanlogs.image}"
                imagePullPolicy: IfNotPresent
                name: cleanlogs
                command: ["/bin/ash"]
                args: ["/script/clean.sh"]
                volumeMounts:
                - mountPath: /pgdata
                  name: pgdata
                - mountPath: /script
                  name: script
              securityContext:
                fsGroup: 100
                runAsGroup: 100
                runAsUser: 405
              volumes:
              - name: script
                configMap:
                  name: ${kubectl_manifest.authentik_cleanup_logs_script.name}
              - name: pgdata
                persistentVolumeClaim:
                  claimName: pgdata-${var.instance}-${var.component}-0
      schedule: "${var.postgres.cleanlogs.schedule}"
      successfulJobsHistoryLimit: 3
  EOF
}