diff --git a/main.tf b/main.tf index 6f006d07..f3b97f5d 100644 --- a/main.tf +++ b/main.tf @@ -28,6 +28,8 @@ variable "bind_named_conf_options" {} variable "alertmanager_account_password" {} variable "wireguard_wg_0_key" {} variable "dbaas_root_password" {} +variable "dbaas_postgresql_root_password" {} +variable "dbaas_pgadmin_password" {} variable "drone_github_client_id" {} variable "drone_github_client_secret" {} variable "drone_rpc_secret" {} @@ -58,6 +60,8 @@ variable "headscale_config" {} variable "immich_postgresql_password" {} variable "ingress_honeypotapikey" {} variable "vaultwarden_smtp_password" {} +variable "resume_database_url" {} +variable "resume_redis_url" {} variable "ansible_prefix" { default = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup" @@ -264,7 +268,9 @@ module "kubernetes_cluster" { url_shortener_mysql_password = var.url_shortener_mysql_password # dbaas - dbaas_root_password = var.dbaas_root_password + dbaas_root_password = var.dbaas_root_password + dbaas_postgresql_root_password = var.dbaas_postgresql_root_password + dbaas_pgadmin_password = var.dbaas_pgadmin_password # home-assistant home_assistant_configuration = var.home_assistant_configuration @@ -286,6 +292,9 @@ module "kubernetes_cluster" { ingress_honeypotapikey = var.ingress_honeypotapikey vaultwarden_smtp_password = var.vaultwarden_smtp_password + + resume_redis_url = var.resume_redis_url + resume_database_url = var.resume_database_url } diff --git a/modules/kubernetes/dbaas/main.tf b/modules/kubernetes/dbaas/main.tf index abcfced1..109e5b1b 100644 --- a/modules/kubernetes/dbaas/main.tf +++ b/modules/kubernetes/dbaas/main.tf @@ -4,6 +4,8 @@ variable "dbaas_root_password" {} variable "cluster_master_service" { default = "mysql" } +variable "postgresql_root_password" {} +variable "pgadmin_password" {} variable "prod" { default = false type = bool @@ -403,7 +405,6 @@ resource "kubernetes_ingress_v1" "phpmyadmin" { } } } - } @@ -641,3 +642,200 @@ resource "kubernetes_ingress_v1" "phpmyadmin" { # status: {} # EOF # } + +resource "kubernetes_deployment" "postgres" { + metadata { + name = "postgresql" + namespace = "dbaas" + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + selector { + match_labels = { + app = "postgresql" + } + } + strategy { + type = "Recreate" + } + template { + metadata { + labels = { + app = "postgresql" + } + } + spec { + container { + image = "postgres" + name = "postgresql" + env { + name = "POSTGRES_PASSWORD" + value = var.postgresql_root_password + } + env { + name = "POSTGRES_USER" + value = "root" + } + port { + container_port = 5432 + protocol = "TCP" + name = "postgresql" + } + volume_mount { + name = "postgresql-persistent-storage" + mount_path = "/var/lib/postgresql/data" + } + # volume_mount { + # name = "mycnf" + # mount_path = "/etc/my.cnf" + # sub_path = "my.cnf" + # } + } + volume { + name = "postgresql-persistent-storage" + nfs { + path = "/mnt/main/postgresql/data" + server = "10.0.10.15" + } + } + # volume { + # name = "mycnf" + + # config_map { + # name = "mycnf" + # } + # } + } + } + } +} +resource "kubernetes_service" "postgresql" { + metadata { + name = "postgresql" + namespace = "dbaas" + } + spec { + selector = { + "app" = "postgresql" + } + port { + name = "postgresql" + port = 5432 + target_port = 5432 + } + } +} + +#### PGADMIN + +resource "kubernetes_deployment" "pgadmin" { + metadata { + name = "pgadmin" + namespace = "dbaas" + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + selector { + match_labels = { + app = "pgadmin" + } + } + template { + metadata { + labels = { + app = "pgadmin" + } + } + spec { + container { + image = "dpage/pgadmin4" + name = "pgadmin" + env { + name = "PGADMIN_DEFAULT_EMAIL" + value = "me@viktorbarzin.me" + } + env { + name = "PGADMIN_DEFAULT_PASSWORD" + # Changed at startup + value = var.pgadmin_password + } + port { + container_port = 80 + name = "web" + } + volume_mount { + name = "pgadmin" + mount_path = "/var/lib/pgadmin/" + } + + } + volume { + name = "pgadmin" + # config_map { + # name = "pgadmin-config" + # } + nfs { + path = "/mnt/main/postgresql/pgadmin" + server = "10.0.10.15" + } + } + } + } + } +} +resource "kubernetes_service" "pgadmin" { + metadata { + name = "pgadmin" + namespace = "dbaas" + } + spec { + selector = { + "app" = "pgadmin" + } + port { + name = "pgadmin" + port = 80 + } + } +} +resource "kubernetes_ingress_v1" "pgadmin" { + metadata { + name = "pgadmin" + namespace = "dbaas" + + annotations = { + "kubernetes.io/ingress.class" = "nginx" + # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" + # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + "nginx.ingress.kubernetes.io/proxy-body-size" : "50m" + } + } + spec { + tls { + hosts = ["pgadmin.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "pgadmin.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "pgadmin" + port { + number = 80 + } + } + } + } + } + } + } +} diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index ff07a588..4cc99f90 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -16,6 +16,8 @@ variable "bind_db_viktorbarzin_lan" {} variable "bind_named_conf_options" {} variable "alertmanager_account_password" {} variable "dbaas_root_password" {} +variable "dbaas_postgresql_root_password" {} +variable "dbaas_pgadmin_password" {} variable "drone_github_client_id" {} variable "drone_github_client_secret" {} variable "drone_rpc_secret" {} @@ -45,6 +47,8 @@ variable "headscale_config" {} variable "immich_postgresql_password" {} variable "ingress_honeypotapikey" {} variable "vaultwarden_smtp_password" {} +variable "resume_database_url" {} +variable "resume_redis_url" {} resource "null_resource" "core_services" { # List all the core modules that must be provisioned first @@ -67,10 +71,12 @@ module "blog" { # } module "dbaas" { - source = "./dbaas" - prod = var.prod - tls_secret_name = var.tls_secret_name - dbaas_root_password = var.dbaas_root_password + source = "./dbaas" + prod = var.prod + tls_secret_name = var.tls_secret_name + dbaas_root_password = var.dbaas_root_password + postgresql_root_password = var.dbaas_postgresql_root_password + pgadmin_password = var.dbaas_pgadmin_password } module "descheduler" { @@ -352,3 +358,11 @@ module "crowdsec" { source = "./crowdsec" tls_secret_name = var.tls_secret_name } + +# Seems like it needs S3 even if pg is local... +# module "resume" { +# source = "./resume" +# tls_secret_name = var.tls_secret_name +# redis_url = var.resume_redis_url +# database_url = var.resume_database_url +# } diff --git a/terraform.tfstate b/terraform.tfstate index b2c037ce..7efde036 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 8bb33f62..2c93c453 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ