viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add postgresql to dbaas [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2023-11-24 17:38:49 +00:00
parent 13fda3424a
commit 74bfaaeeb0
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
5 changed files with 227 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
main.tf
View file

@ -28,6 +28,8 @@ variable "bind_named_conf_options" {}
variable "alertmanager_account_password" {}
variable "wireguard_wg_0_key" {}
variable "dbaas_root_password" {}
variable "dbaas_postgresql_root_password" {}
variable "dbaas_pgadmin_password" {}
variable "drone_github_client_id" {}
variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {}
@ -58,6 +60,8 @@ variable "headscale_config" {}
variable "immich_postgresql_password" {}
variable "ingress_honeypotapikey" {}
variable "vaultwarden_smtp_password" {}
variable "resume_database_url" {}
variable "resume_redis_url" {}
variable "ansible_prefix" {
default = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@ -264,7 +268,9 @@ module "kubernetes_cluster" {
url_shortener_mysql_password = var.url_shortener_mysql_password
# dbaas
dbaas_root_password = var.dbaas_root_password
dbaas_root_password = var.dbaas_root_password
dbaas_postgresql_root_password = var.dbaas_postgresql_root_password
dbaas_pgadmin_password = var.dbaas_pgadmin_password
# home-assistant
home_assistant_configuration = var.home_assistant_configuration
@ -286,6 +292,9 @@ module "kubernetes_cluster" {
ingress_honeypotapikey = var.ingress_honeypotapikey
vaultwarden_smtp_password = var.vaultwarden_smtp_password
resume_redis_url = var.resume_redis_url
resume_database_url = var.resume_database_url
}

200
modules/kubernetes/dbaas/main.tf
View file

@ -4,6 +4,8 @@ variable "dbaas_root_password" {}
variable "cluster_master_service" {
default = "mysql"
}
variable "postgresql_root_password" {}
variable "pgadmin_password" {}
variable "prod" {
default = false
type = bool
@ -403,7 +405,6 @@ resource "kubernetes_ingress_v1" "phpmyadmin" {
}
}
}
}
@ -641,3 +642,200 @@ resource "kubernetes_ingress_v1" "phpmyadmin" {
# status: {}
# EOF
# }
resource "kubernetes_deployment" "postgres" {
metadata {
name = "postgresql"
namespace = "dbaas"
annotations = {
"reloader.stakater.com/search" = "true"
}
}
spec {
selector {
match_labels = {
app = "postgresql"
}
}
strategy {
type = "Recreate"
}
template {
metadata {
labels = {
app = "postgresql"
}
}
spec {
container {
image = "postgres"
name = "postgresql"
env {
name = "POSTGRES_PASSWORD"
value = var.postgresql_root_password
}
env {
name = "POSTGRES_USER"
value = "root"
}
port {
container_port = 5432
protocol = "TCP"
name = "postgresql"
}
volume_mount {
name = "postgresql-persistent-storage"
mount_path = "/var/lib/postgresql/data"
}
# volume_mount {
# name = "mycnf"
# mount_path = "/etc/my.cnf"
# sub_path = "my.cnf"
# }
}
volume {
name = "postgresql-persistent-storage"
nfs {
path = "/mnt/main/postgresql/data"
server = "10.0.10.15"
}
}
# volume {
# name = "mycnf"
# config_map {
# name = "mycnf"
# }
# }
}
}
}
}
resource "kubernetes_service" "postgresql" {
metadata {
name = "postgresql"
namespace = "dbaas"
}
spec {
selector = {
"app" = "postgresql"
}
port {
name = "postgresql"
port = 5432
target_port = 5432
}
}
}
#### PGADMIN
resource "kubernetes_deployment" "pgadmin" {
metadata {
name = "pgadmin"
namespace = "dbaas"
annotations = {
"reloader.stakater.com/search" = "true"
}
}
spec {
selector {
match_labels = {
app = "pgadmin"
}
}
template {
metadata {
labels = {
app = "pgadmin"
}
}
spec {
container {
image = "dpage/pgadmin4"
name = "pgadmin"
env {
name = "PGADMIN_DEFAULT_EMAIL"
value = "me@viktorbarzin.me"
}
env {
name = "PGADMIN_DEFAULT_PASSWORD"
# Changed at startup
value = var.pgadmin_password
}
port {
container_port = 80
name = "web"
}
volume_mount {
name = "pgadmin"
mount_path = "/var/lib/pgadmin/"
}
}
volume {
name = "pgadmin"
# config_map {
# name = "pgadmin-config"
# }
nfs {
path = "/mnt/main/postgresql/pgadmin"
server = "10.0.10.15"
}
}
}
}
}
}
resource "kubernetes_service" "pgadmin" {
metadata {
name = "pgadmin"
namespace = "dbaas"
}
spec {
selector = {
"app" = "pgadmin"
}
port {
name = "pgadmin"
port = 80
}
}
}
resource "kubernetes_ingress_v1" "pgadmin" {
metadata {
name = "pgadmin"
namespace = "dbaas"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
# "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
"nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
"nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
"nginx.ingress.kubernetes.io/proxy-body-size" : "50m"
}
}
spec {
tls {
hosts = ["pgadmin.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "pgadmin.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "pgadmin"
port {
number = 80
}
}
}
}
}
}
}
}

22
modules/kubernetes/main.tf
View file

@ -16,6 +16,8 @@ variable "bind_db_viktorbarzin_lan" {}
variable "bind_named_conf_options" {}
variable "alertmanager_account_password" {}
variable "dbaas_root_password" {}
variable "dbaas_postgresql_root_password" {}
variable "dbaas_pgadmin_password" {}
variable "drone_github_client_id" {}
variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {}
@ -45,6 +47,8 @@ variable "headscale_config" {}
variable "immich_postgresql_password" {}
variable "ingress_honeypotapikey" {}
variable "vaultwarden_smtp_password" {}
variable "resume_database_url" {}
variable "resume_redis_url" {}
resource "null_resource" "core_services" {
# List all the core modules that must be provisioned first
@ -67,10 +71,12 @@ module "blog" {
# }
module "dbaas" {
source = "./dbaas"
prod = var.prod
tls_secret_name = var.tls_secret_name
dbaas_root_password = var.dbaas_root_password
source = "./dbaas"
prod = var.prod
tls_secret_name = var.tls_secret_name
dbaas_root_password = var.dbaas_root_password
postgresql_root_password = var.dbaas_postgresql_root_password
pgadmin_password = var.dbaas_pgadmin_password
}
module "descheduler" {
@ -352,3 +358,11 @@ module "crowdsec" {
source = "./crowdsec"
tls_secret_name = var.tls_secret_name
}
# Seems like it needs S3 even if pg is local...
# module "resume" {
# source = "./resume"
# tls_secret_name = var.tls_secret_name
# redis_url = var.resume_redis_url
# database_url = var.resume_database_url
# }

BIN
terraform.tfstate
View file

Binary file not shown.

BIN
terraform.tfvars
View file

Binary file not shown.