95 lines
2.9 KiB
HCL
95 lines
2.9 KiB
HCL
locals {
|
|
mysql_host = "${var.instance}-${var.component}-db.${var.namespace}.svc"
|
|
mysql_username = data.kubernetes_secret_v1.prj_mysql_secret.data["rootUser"]
|
|
mysql_password = data.kubernetes_secret_v1.prj_mysql_secret.data["rootPassword"]
|
|
}
|
|
|
|
resource "kubectl_manifest" "prj_mysql_secret" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
|
|
kind: "StringSecret"
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-db"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(var.labels)}
|
|
spec:
|
|
forceRegenerate: false
|
|
data:
|
|
rootUser: "root-${var.instance}"
|
|
rootHost: "%"
|
|
username: "${var.instance}"
|
|
userHost: "%"
|
|
fields:
|
|
- fieldName: "rootPassword"
|
|
length: "32"
|
|
- fieldName: "password"
|
|
length: "32"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "prj_mysql" {
|
|
depends_on = [kubectl_manifest.prj_mysql_secret]
|
|
yaml_body = <<-EOF
|
|
apiVersion: mysql.oracle.com/v2
|
|
kind: InnoDBCluster
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-db"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(var.labels)}
|
|
spec:
|
|
secretName: ${kubectl_manifest.prj_mysql_secret.name}
|
|
tlsUseSelfSigned: true
|
|
# tlsSecretName: "${var.instance}-db-cert"
|
|
instances: 1
|
|
router:
|
|
instances: 1
|
|
edition: community
|
|
imagePullPolicy: IfNotPresent
|
|
datadirVolumeClaimTemplate:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: "${var.storage}"
|
|
EOF
|
|
}
|
|
|
|
resource "time_sleep" "wait_mysql_ready" {
|
|
depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql]
|
|
create_duration = "45s"
|
|
}
|
|
|
|
data "kubernetes_secret_v1" "prj_mysql_secret" {
|
|
depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
|
|
metadata {
|
|
name = "${var.instance}-${var.component}-db"
|
|
namespace = var.namespace
|
|
}
|
|
}
|
|
|
|
resource "mysql_database" "app" {
|
|
depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
|
|
name = var.database
|
|
}
|
|
|
|
resource "mysql_user" "app_user" {
|
|
depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
|
|
host = data.kubernetes_secret_v1.prj_mysql_secret.data["userHost"]
|
|
user = data.kubernetes_secret_v1.prj_mysql_secret.data["username"]
|
|
plaintext_password = data.kubernetes_secret_v1.prj_mysql_secret.data["password"]
|
|
}
|
|
|
|
resource "mysql_grant" "app_user_grant" {
|
|
depends_on = [
|
|
kubectl_manifest.prj_mysql_secret,
|
|
kubectl_manifest.prj_mysql,
|
|
time_sleep.wait_mysql_ready,
|
|
mysql_database.app,
|
|
mysql_user.app_user
|
|
]
|
|
user = mysql_user.app_user.user
|
|
host = mysql_user.app_user.host
|
|
database = mysql_database.app.name
|
|
privileges = ["ALL PRIVILEGES"]
|
|
}
|