vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-29 17:16:33 +02:00
parent 3dfe5b4a69
commit 2c671da3f8
11 changed files with 113 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
apps/dbgate/configs.tf
View File

@@ -1,5 +1,6 @@
locals {
pg_vars = merge([for pg in var.pg: {
pg = concat(var.pg, var.detected.pgs)
pg_vars = merge([for pg in local.pg: {
join("_",["LABEL_pg", pg.namespace, pg.name, pg.dbname]) = join(" | ",[pg.namespace, pg.name, pg.dbname])
join("_",["ENGINE_pg", pg.namespace, pg.name, pg.dbname]) = "postgres@dbgate-plugin-postgres"
join("_",["SERVER_pg", pg.namespace, pg.name, pg.dbname]) = join(".",["${pg.name}-rw", pg.namespace, "svc"])
@@ -7,45 +8,48 @@ locals {
join("_",["DATABASE_pg", pg.namespace, pg.name, pg.dbname]) = pg.dbname
join("_",["USER_pg", pg.namespace, pg.name, pg.dbname]) = pg.username
}]...)
pg_secrets = merge([for index, pg in var.pg: {
pg_secrets = merge([for index, pg in local.pg: {
join("_",["PASSWORD_pg", pg.namespace, pg.name, pg.dbname]) = lookup(coalesce(data.kubernetes_secret_v1.pgs[index].data,{}),lookup(pg.secret,"key", "password"), "not-found")
}]...)
pg_conns = [for pg in var.pg: join("_",["pg", pg.namespace, pg.name, pg.dbname])]
pg_conns = [for pg in local.pg: join("_",["pg", pg.namespace, pg.name, pg.dbname])]
maria_vars = merge([for m in var.maria: {
join("_",["LABEL_maria", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
join("_",["ENGINE_maria", m.namespace, m.name]) = "mysql@dbgate-plugin-mysql"
join("_",["SERVER_maria", m.namespace, m.name]) = join(".",["${m.name}-svc", m.namespace, "svc"])
join("_",["PORT_maria", m.namespace, m.name]) = "3306"
join("_",["DATABASE_maria", m.namespace, m.name]) = m.dbname
join("_",["USER_maria", m.namespace, m.name]) = m.username
ndb = concat(var.ndb, var.detected.ndbs)
ndb_vars = merge([for m in local.ndb: {
join("_",["LABEL_ndb", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
join("_",["ENGINE_ndb", m.namespace, m.name]) = "mysql@dbgate-plugin-mysql"
join("_",["SERVER_ndb", m.namespace, m.name]) = join(".",["${m.name}-svc", m.namespace, "svc"])
join("_",["PORT_ndb", m.namespace, m.name]) = "3306"
join("_",["DATABASE_ndb", m.namespace, m.name]) = m.dbname
join("_",["USER_ndb", m.namespace, m.name]) = m.username
}]...)
maria_secrets = merge([for index, m in var.maria: {
join("_",["PASSWORD_maria", m.namespace, m.name]) = "unimplemented"
ndb_secrets = merge([for index, m in local.ndb: {
join("_",["PASSWORD_ndb", m.namespace, m.name]) = lookup(coalesce(data.kubernetes_secret_v1.ndbs[index].data,{}),lookup(m.secret,"key", "password"), "not-found")
}]...)
maria_conns = [for m in var.maria: join("_",["maria", m.namespace, m.name])]
ndb_conns = [for m in local.ndb: join("_",["ndb", m.namespace, m.name])]
redis_vars = merge([for m in var.redis: {
redis = concat(var.redis, var.detected.rediss)
redis_vars = merge([for m in local.redis: {
join("_",["LABEL_redis", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
join("_",["ENGINE_redis", m.namespace, m.name]) = "redis@dbgate-plugin-redis"
join("_",["SERVER_redis", m.namespace, m.name]) = join(".",[m.name, m.namespace, "svc"])
join("_",["PORT_redis", m.namespace, m.name]) = "6379"
}]...)
redis-privs = [for m in var.redis: merge({secret = lookup(m,"secret",{})},m) if contains(keys(m),"secret")]
redis-privs = [for m in local.redis: merge({secret = lookup(m,"secret",{})},m) if contains(keys(m),"secret")]
redis_secrets = merge([for index, m in local.redis-privs: {
join("_",["PASSWORD_redis", m.namespace, m.name]) = data.kubernetes_secret_v1.redis[index].data[lookup(m.secret,"key", "password")]
}]...)
redis_conns = [for m in var.redis: join("_",["redis", m.namespace, m.name])]
redis_conns = [for m in local.redis: join("_",["redis", m.namespace, m.name])]
mongo_vars = merge([for m in var.mongo: {
mongo = concat(var.mongo, var.detected.mongos)
mongo_vars = merge([for m in local.mongo: {
join("_",["LABEL_mongo", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
join("_",["ENGINE_mongo", m.namespace, m.name]) = "mongo@dbgate-plugin-mongo"
join("_",["DATABASE_mongo", m.namespace, m.name]) = m.dbname
}]...)
mongo_secrets = merge([for index, m in var.mongo: {
mongo_secrets = merge([for index, m in local.mongo: {
join("_",["URL_mongo", m.namespace, m.name]) = "mongodb://${m.username}:${urlencode(data.kubernetes_secret_v1.mongos[index].data[m.secret.key])}@${join(".",["${m.name}-svc", m.namespace, "svc"])}:27017/${m.dbname}"
}]...)
mongo_conns = [for m in var.mongo: join("_",["mongo", m.namespace, m.name])]
mongo_conns = [for m in local.mongo: join("_",["mongo", m.namespace, m.name])]
oauth_config = {
"OAUTH_AUTH" = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/authorize/"
"OAUTH_TOKEN" = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/token/"
@@ -54,8 +58,8 @@ locals {
"OAUTH_SCOPE" = "email"
"NODE_EXTRA_CA_CERTS" = "/etc/local-ca/ca.crt"
}
connections = join(",", concat(local.pg_conns, local.maria_conns, local.mongo_conns, local.redis_conns))
connection_vars = merge(local.pg_vars, local.maria_vars, local.mongo_vars, local.redis_vars)
connections = join(",", concat(local.pg_conns, local.ndb_conns, local.mongo_conns, local.redis_conns))
connection_vars = merge(local.pg_vars, local.ndb_vars, local.mongo_vars, local.redis_vars)
connection_secrets = merge(local.pg_secrets, local.mongo_secrets, local.redis_secrets)
}
@@ -81,18 +85,26 @@ resource "kubernetes_secret_v1" "dbgate-config-secret" {
data "kubernetes_secret_v1" "pgs" {
count = length(var.pg)
count = length(local.pg)
metadata {
name = "${var.pg[count.index].secret.name}"
namespace = "${var.pg[count.index].namespace}"
name = "${local.pg[count.index].secret.name}"
namespace = "${local.pg[count.index].namespace}"
}
}
data "kubernetes_secret_v1" "ndbs" {
count = length(local.ndb)
metadata {
name = "${local.ndb[count.index].secret.name}"
namespace = "${local.ndb[count.index].namespace}"
}
}
data "kubernetes_secret_v1" "mongos" {
count = length(var.mongo)
count = length(local.mongo)
metadata {
name = "${var.mongo[count.index].secret.name}"
namespace = "${var.mongo[count.index].namespace}"
name = "${local.mongo[count.index].secret.name}"
namespace = "${local.mongo[count.index].namespace}"
}
}
data "kubernetes_secret_v1" "redis" {

10
apps/dbgate/index.yaml
View File

@@ -12,9 +12,9 @@ options:
- dev
type: string
domain:
default: media
default: your-company
examples:
- media
- your-company
type: string
domain_name:
default: your_company.com
@@ -70,7 +70,7 @@ options:
examples:
- letsencrypt-prod
type: string
maria:
mongo:
default: []
examples:
- []
@@ -99,7 +99,7 @@ options:
type: string
type: object
type: array
mongo:
ndb:
default: []
examples:
- []
@@ -238,4 +238,4 @@ providers:
restapi: null
http: null
gitea: null
tfaddtype: null
tfaddtype: true

51
apps/dbgate/template.rhai
View File

@@ -1,16 +1,16 @@
const DEST=dest;
const DOMAIN = config.domain;
fn post_template() {
let nss = list_namespace().items.filter(|ns| ns.metadata.name.starts_with(global::DOMAIN)).map(|ns| ns.metadata.name);
let nss = list_namespace().items.filter(|ns| ns.metadata.name.starts_with(`${global::DOMAIN}-`)).map(|ns| ns.metadata.name);
let pgs = [];
let rediss = [];
let mongos = [];
let marias = [];
let ndbs = [];
for ns in nss {
let svcs = list_service(ns).items;
let secrets = list_secret(ns).items;
for svc in svcs {
if svc.metadata.name.ends_with("-pg-rw") {
if svc.metadata.name.ends_with("-pg-rw") && svc.spec.ports.some(|p| p.port==5432) {
let basename = svc.metadata.name-"-pg-rw";
let pg_secrets = secrets.filter(|s| s.metadata.name == `${basename}-pg-app`);
if pg_secrets.len>0 && basename.split("-").len>1 {
@@ -29,7 +29,7 @@ fn post_template() {
};
}
}
if svc.metadata.name.ends_with("-mongo-svc") {
if svc.metadata.name.ends_with("-mongo-svc") && svc.spec.ports.some(|p| p.port == 27017) {
let basename = svc.metadata.name-"-mongo-svc";
let mongo_secrets = secrets.filter(|s| s.metadata.name == `${basename}-mongo`);
if mongo_secrets.len>0 && basename.split("-").len>1 {
@@ -48,12 +48,53 @@ fn post_template() {
};
}
}
if svc.metadata.name.ends_with("-mysqld") && svc.spec.ports.some(|p| p.port == 3306) {
let basename = svc.metadata.name-"-mysqld";
let ndb_secrets = secrets.filter(|s| s.metadata.name == `${basename}-mysql-app`);
if ndb_secrets.len>0 && basename.split("-").len>1 {
let tmp = (basename-"-dataset").split("-");
let comp = tmp[tmp.len-1];
log_info(`Found a Mysql(NDB) database ${svc.metadata.namespace} ${basename}`);
ndbs += #{
name: svc.metadata.name,
dbname: comp,
username: comp,
namespace: svc.metadata.namespace,
secret: #{
name: `${basename}-mysql-app`,
key: "password"
}
};
}
}
if svc.metadata.name.ends_with("-redis") && svc.spec.ports.some(|p| p.port == 6379) {
let basename = svc.metadata.name-"-redis";
let ndb_secrets = secrets.filter(|s| s.metadata.name == `${basename}-mysql-app`);
let tmp = (basename-"-dataset").split("-");
let comp = tmp[tmp.len-1];
log_info(`Found a Redis database ${svc.metadata.namespace} ${basename}`);
if comp == "authentik" {
rediss += #{
name: svc.metadata.name,
namespace: svc.metadata.namespace,
secret: #{
name: comp,
key: "AUTHENTIK_REDIS__PASSWORD"
}
};
} else {
rediss += #{
name: svc.metadata.name,
namespace: svc.metadata.namespace
};
}
}
}
}
save_to_tf(`${global::DEST}/detected.tf`, "detected", #{
pgs: pgs,
mongos: mongos,
rediss: rediss,
marias: marias
ndbs: ndbs
});
}