vynil/kydah-modules
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5299267f470cbf7e02201c548bb1a6728b5745be
kydah-modules/rabbitmq/rabbitmq.tf

102 lines
3.1 KiB
HCL
Raw Blame History

locals {
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
rabbit_labels = merge(var.labels, {
"app.kubernetes.io/component" = "rabbitmq"
})
secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert"
pvc_spec = merge({
"storage" = var.storage.size
}, var.storage.class != "" ? {
"storageClassName" = var.storage.class
} : {})
}
resource "kubectl_manifest" "certificate" {
count = var.cert_name == "" ? 1 : 0
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Certificate"
metadata:
name: "${local.app_slug}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.rabbit_labels)}
spec:
secretName: "${local.secret_name}"
dnsNames:
- "${local.app_slug}-mq.${var.namespace}.svc"
- "*.${local.app_slug}-mq-nodes.${var.namespace}.svc"
issuerRef:
kind: "ClusterIssuer"
name: "${var.issuer}"
group: "cert-manager.io"
EOF
}
resource "kubectl_manifest" "rabbit_secret" {
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "${local.app_slug}-user"
namespace: "${var.namespace}"
labels: ${jsonencode(local.rabbit_labels)}
spec:
forceRegenerate: false
data:
username: "${var.instance}"
port: "5672"
host: "${local.app_slug}-mq.${var.namespace}.svc"
fields:
- fieldName: "password"
length: "32"
EOF
}
data "kubernetes_secret_v1" "rabbit_secret" {
depends_on = [kubectl_manifest.rabbit_secret]
metadata {
name = "${local.app_slug}-user"
namespace = var.namespace
labels = local.rabbit_labels
}
}
# based on https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples
resource "kubectl_manifest" "rabbitmq" {
depends_on = [
kubectl_manifest.certificate,
kubectl_manifest.rabbit_secret,
data.kubernetes_secret_v1.rabbit_secret,
]
yaml_body = <<-EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "${local.app_slug}-mq"
namespace: "${var.namespace}"
labels: ${jsonencode(local.rabbit_labels)}
spec:
replicas: ${var.replicas}
image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
imagePullPolicy: "${var.image.pull_policy}"
persistence: ${jsonencode(local.pvc_spec)}
resources: ${jsonencode(var.resources)}
tls:
secretName: ${local.secret_name}
rabbitmq:
erlangInetConfig: |
{inet6, true}.
envConfig: |
SERVER_ADDITIONAL_ERL_ARGS="-kernel inetrc '/etc/rabbitmq/erl_inetrc' -proto_dist inet6_tcp"
RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
additionalConfig: |
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]}
default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]}
additionalPlugins: ${jsonencode(var.plugins)}
service:
ipFamilyPolicy: "PreferDualStack"
EOF
}
Reference in New Issue View Git Blame Copy Permalink