97 lines
2.6 KiB
HCL
97 lines
2.6 KiB
HCL
locals {
|
|
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
|
|
mysql_labels = merge(var.labels, {
|
|
"app.kubernetes.io/component" = "mysql"
|
|
})
|
|
mysql_host = "${local.app_slug}-mysql.${var.namespace}.svc"
|
|
mysql_username = data.kubernetes_secret_v1.mysql_secret.data["rootUser"]
|
|
mysql_password = data.kubernetes_secret_v1.mysql_secret.data["rootPassword"]
|
|
}
|
|
|
|
resource "kubectl_manifest" "mysql_secret" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
|
|
kind: "StringSecret"
|
|
metadata:
|
|
name: "${local.app_slug}-mysql"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.mysql_labels)}
|
|
spec:
|
|
forceRegenerate: false
|
|
data:
|
|
rootUser: "root-${var.instance}"
|
|
rootHost: "%"
|
|
username: "${var.instance}"
|
|
userHost: "%"
|
|
fields:
|
|
- fieldName: "rootPassword"
|
|
length: "32"
|
|
- fieldName: "password"
|
|
length: "32"
|
|
EOF
|
|
}
|
|
|
|
data "kubernetes_secret_v1" "mysql_secret" {
|
|
depends_on = [kubectl_manifest.mysql_secret]
|
|
metadata {
|
|
name = "${local.app_slug}-mysql"
|
|
namespace = var.namespace
|
|
labels = local.mysql_labels
|
|
}
|
|
}
|
|
|
|
resource "kubectl_manifest" "mysql" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: mysql.oracle.com/v2
|
|
kind: InnoDBCluster
|
|
metadata:
|
|
name: "${local.app_slug}-mysql"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.mysql_labels)}
|
|
spec:
|
|
secretName: ${data.kubernetes_secret_v1.mysql_secret.metadata[0].name}
|
|
tlsUseSelfSigned: true
|
|
instances: 1
|
|
router:
|
|
instances: 1
|
|
edition: community
|
|
imagePullPolicy: IfNotPresent
|
|
datadirVolumeClaimTemplate:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: "${var.storage}"
|
|
EOF
|
|
}
|
|
|
|
resource "time_sleep" "wait_mysql_ready" {
|
|
depends_on = [kubectl_manifest.mysql]
|
|
create_duration = "45s"
|
|
}
|
|
|
|
resource "mysql_database" "app" {
|
|
depends_on = [
|
|
kubectl_manifest.mysql,
|
|
time_sleep.wait_mysql_ready
|
|
]
|
|
name = var.database
|
|
}
|
|
|
|
resource "mysql_user" "app_user" {
|
|
depends_on = [
|
|
time_sleep.wait_mysql_ready,
|
|
mysql_database.app,
|
|
]
|
|
host = data.kubernetes_secret_v1.mysql_secret.data["userHost"]
|
|
user = data.kubernetes_secret_v1.mysql_secret.data["username"]
|
|
plaintext_password = data.kubernetes_secret_v1.mysql_secret.data["password"]
|
|
}
|
|
|
|
resource "mysql_grant" "app_user_grant" {
|
|
user = mysql_user.app_user.user
|
|
host = mysql_user.app_user.host
|
|
database = mysql_database.app.name
|
|
privileges = ["ALL PRIVILEGES"]
|
|
}
|