adding MongoDB

2024-01-28 09:26:08 +01:00
parent 2c066b9049
commit 71b5da2e14
4 changed files with 210 additions and 0 deletions
--- a/mongo/mongo.tf
+++ b/mongo/mongo.tf
@@ -0,0 +1,126 @@
+locals {
+  app_slug   = (var.component == var.instance || var.component=="") ? var.instance : format("%s-%s", var.component, var.instance)
+  mongo-password = data.kubernetes_secret_v1.prj_mongo_secret.data["password"]
+  username = var.username==""?var.component==""?var.instance:var.component:var.username
+  db_name = var.db_name==""?var.component==""?var.instance:var.component:var.db_name
+  mongo-labels = merge(local.labels, {
+    "app.kubernetes.io/component" = "mongo"
+  })
+}
+resource "kubectl_manifest" "prj_mongo_secret" {
+  ignore_fields = ["metadata.annotations"]
+  yaml_body  = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${local.app_slug}-mongo"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    spec:
+      forceRegenerate: false
+      fields:
+      - fieldName: "password"
+        length: "16"
+  EOF
+}
+data "kubernetes_secret_v1" "prj_mongo_secret" {
+  depends_on = [ kubectl_manifest.prj_mongo_secret ]
+  metadata {
+    name = "${local.app_slug}-mongo"
+    namespace = var.namespace
+  }
+}
+resource "kubectl_manifest" "prj_mongo" {
+  yaml_body  = <<-EOF
+    apiVersion: mongodbcommunity.mongodb.com/v1
+    kind: MongoDBCommunity
+    metadata:
+      name: "${local.app_slug}-mongo"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    spec:
+      members: 1
+      type: ReplicaSet
+      version: "7.0.2"
+      statefulSet:
+        spec:
+          template:
+            metadata:
+              annotations:
+                "k8up.io/backupcommand": "sh -c 'mongodump --username=$MONGODB_USER --password=$MONGODB_PASSWORD mongodb://localhost/$MONGODB_NAME --archive'"
+                "k8up.io/file-extension": ".archive"
+            spec:
+              containers:
+              - name: mongod
+                imagePullPolicy: "${var.pullPolicy}"
+                resources: ${jsonencode(var.resources)}
+                env:
+                - name: MONGODB_NAME
+                  value: ${local.db_name}
+                - name: MONGODB_USER
+                  value: ${local.username}
+                - name: MONGODB_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: "${local.app_slug}-mongo"
+                      key: password
+      security:
+        authentication:
+          modes: ["SCRAM"]
+      additionalMongodConfig:
+        storage.wiredTiger.engineConfig.cacheSizeGB: 1
+      users:
+      - name: ${local.username}
+        db: ${local.db_name}
+        passwordSecretRef:
+          name: "${local.app_slug}-mongo"
+        roles:
+        - db: ${local.db_name}
+          name: readWrite
+        scramCredentialsSecretName: "${local.app_slug}-mongo-scram"
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_sa" {
+  yaml_body  = <<-EOF
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_role" {
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: Role
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    rules:
+    - apiGroups: [""]
+      resources: ["secrets"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["patch", "delete", "get"]
+  EOF
+}
+resource "kubectl_manifest" "prj_mongo_rb" {
+  yaml_body  = <<-EOF
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: RoleBinding
+    metadata:
+      name: "mongodb-database"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.mongo-labels)}
+    subjects:
+    - kind: ServiceAccount
+      name: mongodb-database
+    roleRef:
+      kind: Role
+      name: mongodb-database
+      apiGroup: rbac.authorization.k8s.io
+  EOF
+}
--- a/mongo/outputs.tf
+++ b/mongo/outputs.tf
@@ -0,0 +1,21 @@
+output "url" {
+  value = "mongodb://${local.username}:${local.mongo-password}@${local.app_slug}-mongo-svc.${var.namespace}.svc:27017/${local.db_name}"
+}
+output "service" {
+  value = "${local.app_slug}-mongo-svc.${var.namespace}.svc"
+}
+output "password" {
+  value = local.mongo-password
+}
+output "username" {
+  value = local.username
+}
+output "db_name" {
+  value = local.db_name
+}
+output "secret" {
+  value = {
+    name = "${local.app_slug}-mongo"
+    key = "password"
+  }
+}
--- a/mongo/providers.tf
+++ b/mongo/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubectl = {
+        source = "gavinbunney/kubectl"
+        version = "~> 1.14.0"
+    }
+  }
+}
--- a/mongo/variables.tf
+++ b/mongo/variables.tf
@@ -0,0 +1,55 @@
+variable "component" {
+  type = string
+}
+variable "instance" {
+  type = string
+}
+variable "namespace" {
+  type = string
+}
+variable "labels" {
+  type = map(string)
+}
+variable "db_name" {
+  type = string
+  default = ""
+}
+variable "username" {
+  type = string
+  default = ""
+}
+variable "version" {
+  type = string
+  default = "6.3.2"
+}
+variable "type" {
+  type = string
+  default = "ReplicaSet"
+}
+variable "pullPolicy" {
+  type = string
+  default = "IfNotPresent"
+}
+variable "resources" {
+  type        = object({
+    limits = optional(object({
+      cpu = string
+      memory = string
+    }))
+    requests = optional(object({
+      cpu = string
+      memory = string
+    }))
+  })
+  default = {
+    limits = {
+      cpu = "1"
+      memory = "1100M"
+    }
+    requests = {
+      cpu = "0.3"
+      memory = "400M"
+    }
+  }
+
+}