kydah-modules/rabbitmq/rabbitmq.tf

locals {
  app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
  rabbit_labels = merge(var.labels, {
    "app.kubernetes.io/component" = "rabbitmq"
  })
  secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert"
  pvc_spec = merge({
    "storage" = var.storage.size
    }, var.storage.class != "" ? {
    "storageClassName" = var.storage.class
  } : {})
}

resource "kubectl_manifest" "certificate" {
  count     = var.cert_name == "" ? 1 : 0
  yaml_body = <<-EOF
    apiVersion: "cert-manager.io/v1"
    kind: "Certificate"
    metadata:
      name: "${local.app_slug}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.rabbit_labels)}
    spec:
        secretName: "${local.secret_name}"
        dnsNames:
        - "${local.app_slug}-mq.${var.namespace}.svc"
        - "*.${local.app_slug}-mq-nodes.${var.namespace}.svc"
        issuerRef:
          kind: "ClusterIssuer"
          name: "${var.issuer}"
          group: "cert-manager.io"
  EOF
}

resource "kubectl_manifest" "rabbit_secret" {
  yaml_body = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${local.app_slug}-user"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.rabbit_labels)}
    spec:
      forceRegenerate: false
      data:
        username: "${var.instance}"
        port: "5672"
        host: "${local.app_slug}-mq.${var.namespace}.svc"
      fields:
      - fieldName: "password"
        length: "32"
  EOF
}

data "kubernetes_secret_v1" "rabbit_secret" {
  depends_on = [kubectl_manifest.rabbit_secret]
  metadata {
    name      = "${local.app_slug}-user"
    namespace = var.namespace
    labels    = local.rabbit_labels
  }
}

# based on https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples

resource "kubectl_manifest" "rabbitmq" {
  depends_on = [
    kubectl_manifest.certificate,
    kubectl_manifest.rabbit_secret,
    data.kubernetes_secret_v1.rabbit_secret,
  ]
  yaml_body = <<-EOF
    apiVersion: rabbitmq.com/v1beta1
    kind: RabbitmqCluster
    metadata:
      name: "${local.app_slug}-mq"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.rabbit_labels)}
    spec:
      replicas: ${var.replicas}
      image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
      imagePullPolicy: "${var.image.pull_policy}"
      persistence: ${jsonencode(local.pvc_spec)}
      resources: ${jsonencode(var.resources)}
      tls:
        secretName: ${local.secret_name}
      rabbitmq:
        erlangInetConfig: |
          {inet6, true}.
        envConfig: |
            SERVER_ADDITIONAL_ERL_ARGS="-kernel inetrc '/etc/rabbitmq/erl_inetrc'  -proto_dist inet6_tcp"
            RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
        additionalConfig: |
          cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
          default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]}
          default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]}
        additionalPlugins: ${jsonencode(var.plugins)}
      service:
        ipFamilyPolicy: "PreferDualStack"
  EOF
}