vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
338fb323c595cc708a520c2b1e634aa02e6618db
domain/share/dataset-pg/databases.tf
Sébastien Huss 338fb323c5 fix
2023-10-23 15:07:12 +02:00

77 lines
2.4 KiB
HCL
Raw Blame History

resource "time_sleep" "wait_pg_ready" {
depends_on = [kubectl_manifest.prj_pg]
create_duration = "90s"
}
data "kubernetes_secret_v1" "postgresql_password" {
depends_on = [ kubectl_manifest.prj_pg ]
metadata {
name = "${var.instance}-${var.component}-superuser"
namespace = "${var.namespace}"
}
}
locals {
pg-username = data.kubernetes_secret_v1.postgresql_password.data["username"]
pg-password = data.kubernetes_secret_v1.postgresql_password.data["password"]
pg-host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"
sorted-db-name = reverse(distinct(sort([
for db in var.databases: db.name
])))
sorted-dbs = flatten([
for name in local.sorted-db-name: [
for db in var.databases:
db if db.name == name
]
])
}
resource "kubectl_manifest" "db_secret" {
ignore_fields = ["metadata.annotations"]
count = length(local.sorted-dbs)
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
namespace: "${var.namespace}"
labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-dbs[count.index].name}))}
spec:
forceRegenerate: false
data:
POSGRESQL_USERNAME: "${local.sorted-dbs[count.index].name}"
fields:
- fieldName: "POSGRESQL_PASSWORD"
length: "32"
EOF
}
data "kubernetes_secret_v1" "password_get" {
depends_on = [ kubectl_manifest.db_secret ]
count = length(local.sorted-dbs)
metadata {
name = "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
namespace = "${var.namespace}"
}
}
resource "postgresql_role" "owner" {
depends_on = [ time_sleep.wait_pg_ready ]
count = length(local.sorted-dbs)
name = "${local.sorted-dbs[count.index].name}"
login = true
password = data.kubernetes_secret_v1.password_get[count.index].data["POSGRESQL_PASSWORD"]
}
resource "postgresql_database" "my_db" {
depends_on = [ postgresql_role.owner ]
count = length(local.sorted-dbs)
name = "${local.sorted-dbs[count.index].name}"
owner = "${postgresql_role.owner[count.index].name}"
connection_limit = -1
allow_connections = true
}
Reference in New Issue View Git Blame Copy Permalink