105 lines
3.2 KiB
HCL
105 lines
3.2 KiB
HCL
resource "random_password" "mysql_root_pass" {
|
|
length = 32
|
|
special = false
|
|
}
|
|
resource "random_password" "mysql_comp_pass" {
|
|
length = 32
|
|
special = false
|
|
}
|
|
locals {
|
|
mysql_host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"
|
|
mysql_username = "root"
|
|
mysql_password = random_password.mysql_root_pass.result
|
|
}
|
|
resource "kubectl_manifest" "mysql_root_pass" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-mysql-root"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
namespace: ${var.namespace}
|
|
stringData:
|
|
password: "${random_password.mysql_root_pass.result}"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "ndb" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: mysql.oracle.com/v1
|
|
kind: NdbCluster
|
|
metadata:
|
|
name: "${var.instance}-${var.component}"
|
|
labels: ${jsonencode(local.db_labels)}
|
|
namespace: ${var.namespace}
|
|
spec:
|
|
redundancyLevel: 1
|
|
dataNode:
|
|
nodeCount: 1
|
|
pvcSpec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
mysqlNode:
|
|
nodeCount: 1
|
|
rootPasswordSecretName: ${kubectl_manifest.mysql_root_pass.name}
|
|
myCnf: |
|
|
[mysqld]
|
|
default_storage_engine=NDBCLUSTER
|
|
EOF
|
|
}
|
|
resource "time_sleep" "wait_ndb_ready" {
|
|
depends_on = [kubectl_manifest.ndb]
|
|
create_duration = "180s"
|
|
}
|
|
resource "mysql_database" "component" {
|
|
depends_on = [ time_sleep.wait_ndb_ready, kubectl_manifest.ndb ]
|
|
name = var.component
|
|
}
|
|
resource "mysql_user" "component" {
|
|
depends_on = [ time_sleep.wait_ndb_ready, kubectl_manifest.ndb ]
|
|
user = var.component
|
|
host = "%.${module.service.default_definition.name}.${var.namespace}.%"
|
|
plaintext_password = random_password.mysql_comp_pass.result
|
|
}
|
|
resource "mysql_grant" "component" {
|
|
user = mysql_user.component.user
|
|
host = mysql_user.component.host
|
|
database = mysql_database.component.name
|
|
privileges = ["ALL"]
|
|
}
|
|
|
|
resource "kubectl_manifest" "pre_backup_pod_db" {
|
|
count = var.backups.enable?1:0
|
|
ignore_fields = ["metadata.annotations"]
|
|
yaml_body = <<-EOF
|
|
apiVersion: k8up.io/v1
|
|
kind: PreBackupPod
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-db"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.secrets_labels)}
|
|
spec:
|
|
backupCommand: mysqldump --all-databases --password=$$MYSQL_PWD --host=${var.instance}-${var.component}-mysqld.${var.namespace}.svc --no-create-db --add-drop-table
|
|
pod:
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- cat
|
|
env:
|
|
- name: MYSQL_PWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: "${kubectl_manifest.mysql_root_pass.name}"
|
|
image: "${var.images.mysql.registry}/${var.images.mysql.repository}:${var.images.mysql.tag}"
|
|
imagePullPolicy: "${var.images.mysql.pull_policy}"
|
|
name: secret
|
|
tty: true
|
|
serviceAccount: backup-secret
|
|
serviceAccountName: backup-secret
|
|
EOF
|
|
}
|