Optimize service port definition

rabbitmq/rabbitmq.tf

@@ -0,0 +1,94 @@
+locals {
+  app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
+  rabbit_labels = merge(var.labels, {
+    "app.kubernetes.io/component" = "rabbitmq"
+  })
+  secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert"
+}
+
+resource "kubectl_manifest" "certificate" {
+  count     = var.cert_name == "" ? 1 : 0
+  yaml_body = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Certificate"
+    metadata:
+      name: "${local.app_slug}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.rabbit_labels)}
+    spec:
+        secretName: "${local.secret_name}"
+        dnsNames:
+        - "${local.app_slug}-mq.${var.namespace}.svc"
+        - "*.${local.app_slug}-mq-nodes.${var.namespace}.svc"
+        issuerRef:
+          kind: "ClusterIssuer"
+          name: "${var.issuer}"
+          group: "cert-manager.io"
+  EOF
+}
+
+resource "kubectl_manifest" "rabbit_secret" {
+  yaml_body = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${local.app_slug}-user"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.rabbit_labels)}
+    spec:
+      forceRegenerate: false
+      data:
+        username: "${var.instance}"
+        port: "5672"
+        host: "${local.app_slug}-mq.${var.namespace}.svc"
+      fields:
+      - fieldName: "password"
+        length: "32"
+  EOF
+}
+
+data "kubernetes_secret_v1" "rabbit_secret" {
+  depends_on = [kubectl_manifest.rabbit_secret]
+  metadata {
+    name      = "${local.app_slug}-user"
+    namespace = var.namespace
+    labels    = local.rabbit_labels
+  }
+}
+
+# based on https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples
+
+resource "kubectl_manifest" "rabbitmq" {
+  depends_on = [
+    kubectl_manifest.certificate,
+    kubectl_manifest.rabbit_secret,
+    data.kubernetes_secret_v1.rabbit_secret,
+  ]
+  yaml_body = <<-EOF
+    apiVersion: rabbitmq.com/v1beta1
+    kind: RabbitmqCluster
+    metadata:
+      name: "${local.app_slug}-mq"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.rabbit_labels)}
+    spec:
+      replicas: ${var.replicas}
+      tls:
+        secretName: ${local.secret_name}
+      rabbitmq:
+        erlangInetConfig: |
+          {inet6, true}.
+        envConfig: |
+            SERVER_ADDITIONAL_ERL_ARGS="-kernel inetrc '/etc/rabbitmq/erl_inetrc'  -proto_dist inet6_tcp"
+            RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
+        additionalConfig: |
+          cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
+          default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]}
+          default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]}
+        additionalPlugins:
+         - rabbitmq_mqtt
+         - rabbitmq_web_mqtt
+      service:
+        ipFamilyPolicy: "PreferDualStack"
+  EOF
+}