first commit

mysql/mysql.tf

@@ -0,0 +1,94 @@
+locals {
+  mysql_host     = "${var.instance}-${var.component}-db.${var.namespace}.svc"
+  mysql_username = data.kubernetes_secret_v1.prj_mysql_secret.data["rootUser"]
+  mysql_password = data.kubernetes_secret_v1.prj_mysql_secret.data["rootPassword"]
+}
+
+resource "kubectl_manifest" "prj_mysql_secret" {
+  yaml_body = <<-EOF
+    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
+    kind: "StringSecret"
+    metadata:
+      name: "${var.instance}-${var.component}-db"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(var.labels)}
+    spec:
+      forceRegenerate: false
+      data:
+        rootUser: "root-${var.instance}"
+        rootHost: "%"
+        username: "${var.instance}"
+        userHost: "%"
+      fields:
+      - fieldName: "rootPassword"
+        length: "32"
+      - fieldName: "password"
+        length: "32"
+  EOF
+}
+
+resource "kubectl_manifest" "prj_mysql" {
+  depends_on = [kubectl_manifest.prj_mysql_secret]
+  yaml_body  = <<-EOF
+    apiVersion: mysql.oracle.com/v2
+    kind: InnoDBCluster
+    metadata:
+      name: "${var.instance}-${var.component}-db"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(var.labels)}
+    spec:
+      secretName: ${kubectl_manifest.prj_mysql_secret.name}
+      tlsUseSelfSigned: true
+      # tlsSecretName: "${var.instance}-db-cert"
+      instances: 1
+      router:
+        instances: 1
+      edition: community
+      imagePullPolicy: IfNotPresent
+      datadirVolumeClaimTemplate:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: "${var.storage}"
+  EOF
+}
+
+resource "time_sleep" "wait_mysql_ready" {
+  depends_on      = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql]
+  create_duration = "45s"
+}
+
+data "kubernetes_secret_v1" "prj_mysql_secret" {
+  depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
+  metadata {
+    name      = "${var.instance}-${var.component}-db"
+    namespace = var.namespace
+  }
+}
+
+resource "mysql_database" "app" {
+  depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
+  name       = var.database
+}
+
+resource "mysql_user" "app_user" {
+  depends_on         = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
+  host               = data.kubernetes_secret_v1.prj_mysql_secret.data["userHost"]
+  user               = data.kubernetes_secret_v1.prj_mysql_secret.data["username"]
+  plaintext_password = data.kubernetes_secret_v1.prj_mysql_secret.data["password"]
+}
+
+resource "mysql_grant" "app_user_grant" {
+  depends_on = [
+    kubectl_manifest.prj_mysql_secret,
+    kubectl_manifest.prj_mysql,
+    time_sleep.wait_mysql_ready,
+    mysql_database.app,
+    mysql_user.app_user
+  ]
+  user       = mysql_user.app_user.user
+  host       = mysql_user.app_user.host
+  database   = mysql_database.app.name
+  privileges = ["ALL PRIVILEGES"]
+}

mysql/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    kubectl = {
+        source = "gavinbunney/kubectl"
+        version = "~> 1.14.0"
+    }
+    mysql = {
+      source = "TakatoHano/mysql"
+      version = "1.2.1"
+    }
+  }
+}

mysql/variables.tf

@@ -0,0 +1,18 @@
+variable "component" {
+  type = string
+}
+variable "instance" {
+  type = string
+}
+variable "namespace" {
+  type = string
+}
+variable "labels" {
+  type = map(string)
+}
+variable "storage" {
+  type = string
+}
+variable "database" {
+  type = string
+}