fix

2023-10-01 09:45:28 +02:00
parent a374fe5e66
commit f15202de63
13 changed files with 785 additions and 57 deletions
--- a/share/dataset-pg/databases.tf
+++ b/share/dataset-pg/databases.tf
@@ -0,0 +1,69 @@
+data "kubernetes_secret_v1" "postgresql_password" {
+  depends_on = [ kubectl_manifest.prj_pg ]
+  metadata {
+    name = "${var.instance}-${var.component}-superuser"
+    namespace = "${var.namespace}"
+  }
+}
+locals {
+  pg-username = data.kubernetes_secret_v1.postgresql_password.data["username"]
+  pg-password = data.kubernetes_secret_v1.postgresql_password.data["password"]
+  pg-host = "${var.db-source.name}-pg-rw.${var.db-source.namespace}.svc"
+
+  sorted-db-name = reverse(distinct(sort([
+    for db in var.databases: db.name
+  ])))
+  sorted-dbs = flatten([
+    for name in local.sorted-db-name: [
+      for db in var.databases:
+        db if db.name == name
+    ]
+  ])
+}
+
+
+resource "kubectl_manifest" "db_secret" {
+  ignore_fields = ["metadata.annotations"]
+  count         = length(local.sorted-dbs)
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-dbs[count.index].name}))}
+    spec:
+      forceRegenerate: false
+      data:
+        POSGRESQL_USERNAME: "${local.sorted-dbs[count.index].name}"
+      fields:
+      - fieldName: "POSGRESQL_PASSWORD"
+        length: "32"
+  EOF
+}
+
+data "kubernetes_secret_v1" "password_get" {
+  depends_on        = [ kubectl_manifest.db_secret ]
+  count             = length(local.sorted-dbs)
+  metadata {
+    name      = "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
+    namespace = "${var.namespace}"
+  }
+}
+
+resource "postgresql_role" "owner" {
+  depends_on        = [ kubectl_manifest.prj_pg ]
+  count             = length(local.sorted-dbs)
+  name              = "${local.sorted-dbs[count.index].name}"
+  login             = true
+  password          = data.kubernetes_secret_v1.password_get[count.index].data["POSGRESQL_PASSWORD"]
+}
+
+resource "postgresql_database" "my_db" {
+  depends_on        = [ postgresql_role.owner ]
+  count             = length(local.sorted-dbs)
+  name              = "${local.sorted-dbs[count.index].name}"
+  owner             = "${postgresql_role.owner[count.index].name}"
+  connection_limit  = -1
+  allow_connections = true
+}
--- a/share/dataset-pg/index.yaml
+++ b/share/dataset-pg/index.yaml
@@ -0,0 +1,164 @@
+---
+apiVersion: vinyl.solidite.fr/v1beta1
+kind: Component
+category: share
+metadata:
+  name: dataset-pg
+  description: null
+options:
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      retention:
+        default:
+          db: 30d
+        properties:
+          db:
+            default: 30d
+            type: string
+        type: object
+      schedule:
+        default:
+          db: 0 3 * * *
+        properties:
+          db:
+            default: 0 3 * * *
+            type: string
+        type: object
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  storage:
+    default: 8Gi
+    examples:
+    - 8Gi
+    type: string
+  images:
+    default:
+      operator:
+        pullPolicy: IfNotPresent
+        registry: docker.io
+        repository: to-be/defined
+        tag: v1.0.0
+    examples:
+    - operator:
+        pullPolicy: IfNotPresent
+        registry: docker.io
+        repository: to-be/defined
+        tag: v1.0.0
+    properties:
+      operator:
+        default:
+          pullPolicy: IfNotPresent
+          registry: docker.io
+          repository: to-be/defined
+          tag: v1.0.0
+        properties:
+          pullPolicy:
+            default: IfNotPresent
+            enum:
+            - Always
+            - Never
+            - IfNotPresent
+            type: string
+          registry:
+            default: docker.io
+            type: string
+          repository:
+            default: to-be/defined
+            type: string
+          tag:
+            default: v1.0.0
+            type: string
+        type: object
+    type: object
+  roles:
+    default: []
+    items:
+      type: string
+    type: array
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  version:
+    default: '14'
+    examples:
+    - '14'
+    type: string
+  sub-domain:
+    default: to-be-set
+    examples:
+    - to-be-set
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  databases:
+    default: []
+    items:
+      properties:
+        name:
+          default: db
+          type: string
+      type: object
+    type: array
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+dependencies: []
+providers:
+  kubernetes: true
+  authentik: null
+  kubectl: true
+  postgresql: true
+  restapi: null
+  http: null
+tfaddtype: null
--- a/share/dataset-pg/postgresql.tf
+++ b/share/dataset-pg/postgresql.tf
@@ -0,0 +1,79 @@
+locals {
+  pg-labels = merge(local.common-labels, {
+    "app.kubernetes.io/component" = "postgresql"
+  })
+  pool-labels = merge(local.common-labels, {
+    "app.kubernetes.io/component" = "pg-pool"
+  })
+}
+
+resource "kubectl_manifest" "prj_pg" {
+  yaml_body  = join("", concat([<<-EOF
+    apiVersion: postgresql.cnpg.io/v1
+    kind: Cluster
+    metadata:
+      name: "${var.instance}-${var.component}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.pg-labels)}
+    spec:
+      instances: ${var.replicas}
+      storage:
+        size: "${var.storage}"
+      monitoring:
+        enablePodMonitor: true
+  EOF
+  ], var.backups.enable?[<<-EOF
+      backup:
+        barmanObjectStore:
+          destinationPath: "s3://${var.instance}-${var.namespace}/"
+          endpointURL: "${var.backups.endpoint}/barman"
+          s3Credentials:
+            accessKeyId:
+              name: "${var.backups.secret-name}"
+              key: "${var.backups.key-id-key}"
+            secretAccessKey:
+              name: "${var.backups.secret-name}"
+              key: "${var.backups.secret-key}"
+  EOF
+  ]:[""]))
+}
+
+resource "kubectl_manifest" "prj_pg_backup" {
+  count = var.backups.enable ? 1:0
+  yaml_body  = <<-EOF
+    apiVersion: postgresql.cnpg.io/v1
+    kind: ScheduledBackup
+    metadata:
+      name: "${var.instance}-${var.component}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.pg-labels)}
+    spec:
+      schedule: "${var.backups.schedule.db}"
+      backupOwnerReference: self
+      cluster:
+        name: "${var.instance}-${var.component}"
+  EOF
+}
+
+resource "kubectl_manifest" "prj_pg_pool" {
+  count = var.pool.enable ? 1:0
+  depends_on = [kubectl_manifest.prj_pg]
+  yaml_body  = <<-EOF
+    apiVersion: postgresql.cnpg.io/v1
+    kind: Pooler
+    metadata:
+      name: "${var.instance}-${var.component}-pool"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.pool-labels)}
+    spec:
+      cluster:
+        name: "${var.instance}-${var.component}"
+      instances: 1
+      type: rw
+      pgbouncer:
+        poolMode: session
+        parameters:
+          max_client_conn: "1000"
+          default_pool_size: "10"
+  EOF
+}
--- a/share/dataset-pg/roles.tf
+++ b/share/dataset-pg/roles.tf
@@ -0,0 +1,41 @@
+locals {
+  sorted-roles = reverse(distinct(sort(var.roles)))
+}
+
+
+resource "kubectl_manifest" "db_secret" {
+  ignore_fields = ["metadata.annotations"]
+  count         = length(local.sorted-roles)
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${var.instance}-${var.component}-role-${local.sorted-roles[count.index]}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-roles[count.index]}))}
+    spec:
+      forceRegenerate: false
+      data:
+        POSGRESQL_USERNAME: "${local.sorted-roles[count.index]}"
+      fields:
+      - fieldName: "POSGRESQL_PASSWORD"
+        length: "32"
+  EOF
+}
+
+data "kubernetes_secret_v1" "password_get" {
+  depends_on        = [ kubectl_manifest.db_secret ]
+  count             = length(local.sorted-roles)
+  metadata {
+    name      = "${var.instance}-${var.component}-role-${local.sorted-roles[count.index]}"
+    namespace = "${var.namespace}"
+  }
+}
+
+resource "postgresql_role" "role" {
+  depends_on        = [ kubectl_manifest.prj_pg ]
+  count             = length(local.sorted-roles)
+  name              = "${local.sorted-roles[count.index]}"
+  login             = true
+  password          = data.kubernetes_secret_v1.password_get[count.index].data["POSGRESQL_PASSWORD"]
+}