vynil/kydah-modules
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refacto and add modules

Browse Source
This commit is contained in:
Xavier Mortelette
2024-02-06 11:03:20 +01:00
parent 140321f714
commit 1e1cedcaeb
47 changed files with 685 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
mongo/mongo.tf
View File

@@ -1,21 +1,21 @@
locals {
app_slug = (var.component == var.instance || var.component=="") ? var.instance : format("%s-%s", var.component, var.instance)
mongo-password = data.kubernetes_secret_v1.prj_mongo_secret.data["password"]
username = var.username==""?var.component==""?var.instance:var.component:var.username
db_name = var.db_name==""?var.component==""?var.instance:var.component:var.db_name
mongo-labels = merge(var.labels, {
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
mongo_labels = merge(var.labels, {
"app.kubernetes.io/component" = "mongo"
})
db_name = var.db_name == "" ? var.component == "" ? var.instance : var.component : var.db_name
username = var.username == "" ? var.component == "" ? var.instance : var.component : var.username
mongo_password = data.kubernetes_secret_v1.mongo_secret.data["password"]
}
resource "kubectl_manifest" "prj_mongo_secret" {
resource "kubectl_manifest" "mongo_secret" {
ignore_fields = ["metadata.annotations"]
yaml_body = <<-EOF
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "${local.app_slug}-mongo"
namespace: "${var.namespace}"
labels: ${jsonencode(local.mongo-labels)}
labels: ${jsonencode(local.mongo_labels)}
spec:
forceRegenerate: false
fields:
@@ -23,21 +23,21 @@ resource "kubectl_manifest" "prj_mongo_secret" {
length: "16"
EOF
}
data "kubernetes_secret_v1" "prj_mongo_secret" {
depends_on = [ kubectl_manifest.prj_mongo_secret ]
data "kubernetes_secret_v1" "mongo_secret" {
depends_on = [kubectl_manifest.mongo_secret]
metadata {
name = "${local.app_slug}-mongo"
name = "${local.app_slug}-mongo"
namespace = var.namespace
}
}
resource "kubectl_manifest" "prj_mongo" {
yaml_body = <<-EOF
resource "kubectl_manifest" "mongo" {
yaml_body = <<-EOF
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: "${local.app_slug}-mongo"
namespace: "${var.namespace}"
labels: ${jsonencode(local.mongo-labels)}
labels: ${jsonencode(local.mongo_labels)}
spec:
members: 1
type: ${var.mongo_type}
@@ -52,7 +52,7 @@ resource "kubectl_manifest" "prj_mongo" {
spec:
containers:
- name: mongod
imagePullPolicy: "${var.pullPolicy}"
imagePullPolicy: "${var.pull_policy}"
resources: ${jsonencode(var.resources)}
env:
- name: MONGODB_NAME
@@ -80,24 +80,24 @@ resource "kubectl_manifest" "prj_mongo" {
scramCredentialsSecretName: "${local.app_slug}-mongo-scram"
EOF
}
resource "kubectl_manifest" "prj_mongo_sa" {
yaml_body = <<-EOF
resource "kubectl_manifest" "mongo_sa" {
yaml_body = <<-EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: "mongodb-database"
name: "${local.app_slug}-mongodb-database"
namespace: "${var.namespace}"
labels: ${jsonencode(local.mongo-labels)}
labels: ${jsonencode(local.mongo_labels)}
EOF
}
resource "kubectl_manifest" "prj_mongo_role" {
yaml_body = <<-EOF
resource "kubectl_manifest" "mongo_role" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "mongodb-database"
name: "${local.app_slug}-mongodb-database"
namespace: "${var.namespace}"
labels: ${jsonencode(local.mongo-labels)}
labels: ${jsonencode(local.mongo_labels)}
rules:
- apiGroups: [""]
resources: ["secrets"]
@@ -107,20 +107,20 @@ resource "kubectl_manifest" "prj_mongo_role" {
verbs: ["patch", "delete", "get"]
EOF
}
resource "kubectl_manifest" "prj_mongo_rb" {
yaml_body = <<-EOF
resource "kubectl_manifest" "mongo_rb" {
yaml_body = <<-EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "mongodb-database"
name: "${local.app_slug}-mongodb-database"
namespace: "${var.namespace}"
labels: ${jsonencode(local.mongo-labels)}
labels: ${jsonencode(local.mongo_labels)}
subjects:
- kind: ServiceAccount
name: mongodb-database
name: ${local.app_slug}-mongodb-database
roleRef:
kind: Role
name: mongodb-database
name: ${local.app_slug}-mongodb-database
apiGroup: rbac.authorization.k8s.io
EOF
}

6
mongo/outputs.tf
View File

@@ -1,11 +1,11 @@
output "url" {
value = "mongodb://${local.username}:${local.mongo-password}@${local.app_slug}-mongo-svc.${var.namespace}.svc:27017/${local.db_name}"
value = "mongodb://${urlencode(local.username)}:${urlencode(local.mongo_password)}@${local.app_slug}-mongo-svc.${var.namespace}.svc:27017/${local.db_name}"
}
output "service" {
value = "${local.app_slug}-mongo-svc.${var.namespace}.svc"
}
output "password" {
value = local.mongo-password
value = local.mongo_password
}
output "username" {
value = local.username
@@ -16,6 +16,6 @@ output "db_name" {
output "secret" {
value = {
name = "${local.app_slug}-mongo"
key = "password"
key = "password"
}
}

4
mongo/providers.tf
View File

@@ -1,8 +1,8 @@
terraform {
required_providers {
kubectl = {
source = "gavinbunney/kubectl"
version = "~> 1.14.0"
source = "gavinbunney/kubectl"
version = "~> 1.14.0"
}
}
}

24
mongo/variables.tf
View File

@@ -11,45 +11,45 @@ variable "labels" {
type = map(string)
}
variable "db_name" {
type = string
type = string
default = ""
}
variable "username" {
type = string
type = string
default = ""
}
variable "mongo_version" {
type = string
type = string
default = "6.0.13"
}
variable "mongo_type" {
type = string
type = string
default = "ReplicaSet"
}
variable "pullPolicy" {
type = string
variable "pull_policy" {
type = string
default = "IfNotPresent"
}
variable "resources" {
type = object({
type = object({
limits = optional(object({
cpu = string
cpu = string
memory = string
}))
requests = optional(object({
cpu = string
cpu = string
memory = string
}))
})
default = {
limits = {
cpu = "1"
cpu = "1"
memory = "1100M"
}
requests = {
cpu = "0.3"
cpu = "0.3"
memory = "400M"
}
}
}
}