add mysql cluster [ci skip]

2021-05-03 14:59:17 +01:00 · 2021-05-03 14:59:17 +01:00 · cff72b036a
commit cff72b036a
parent 661b49a7d3
7 changed files with 153 additions and 9 deletions
--- a/main.tf
+++ b/main.tf
@ -69,6 +69,9 @@ provider "helm" {
  }
 }
 # provider "kubectl" {
+#   config_path = var.prod ? "" : "~/.kube/config"
+# }
+# provider "kubectl" {
 # host                   = "kubernetes.viktorbarzin.lan"
 # cluster_ca_certificate = base64decode(var.eks_cluster_ca)
 # token                  = data.aws_eks_cluster_auth.main.token
--- a/modules/kubernetes/dbaas/main.tf
+++ b/modules/kubernetes/dbaas/main.tf
@ -1,5 +1,8 @@
 # DB as a service. Installs MySQL operator
 variable "tls_secret_name" {}
+variable "cluster_master_service" {
+  default = "mysql-cluster-mysql-master"
+}

 resource "kubernetes_namespace" "dbaas" {
  metadata {
@ -72,10 +75,144 @@ resource "kubernetes_secret" "cluster-password" {
  }
  type = "Opaque"
  data = {
-    "ROOT_PASSWORD" = "kek"
+    "ROOT_PASSWORD" = "a2VrCg=="
  }
 }
-# resource "kubernetes_manifest" "mysql-cluster" {
+
+resource "kubernetes_ingress" "dbaas" {
+  metadata {
+    name      = "orchestrator-ingress"
+    namespace = "dbaas"
+    annotations = {
+      "kubernetes.io/ingress.class"                        = "nginx"
+      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      "nginx.ingress.kubernetes.io/auth-tls-secret"        = "default/ca-secret"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["db.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "db.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "mysql-mysql-operator"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
+
+
+# PHPMyAdmin instance
+resource "kubernetes_deployment" "phpmyadmin" {
+  metadata {
+    name      = "phpmyadmin"
+    namespace = "dbaas"
+    labels = {
+      "app" = "phpmyadmin"
+    }
+  }
+  spec {
+    replicas = "1"
+    selector {
+      match_labels = {
+        "app" = "phpmyadmin"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          "app" = "phpmyadmin"
+        }
+      }
+      spec {
+        container {
+          name  = "phpmyadmin"
+          image = "phpmyadmin/phpmyadmin"
+          port {
+            container_port = 80
+          }
+          env {
+            name  = "PMA_HOST"
+            value = var.cluster_master_service
+          }
+          env {
+            name  = "PMA_PORT"
+            value = "3306"
+          }
+          env {
+            name = "MYSQL_ROOT_PASSWORD"
+            value_from {
+              secret_key_ref {
+                name = "cluster-secret"
+                key  = "ROOT_PASSWORD"
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "phpmyadmin" {
+  metadata {
+    name      = "phpmyadmin"
+    namespace = "dbaas"
+  }
+  spec {
+    selector = {
+      "app" = "phpmyadmin"
+    }
+    port {
+      name = "web"
+      port = 80
+    }
+  }
+}
+
+resource "kubernetes_ingress" "phpmyadmin" {
+  metadata {
+    name      = "phpmyadmin-ingress"
+    namespace = "dbaas"
+
+    annotations = {
+      "kubernetes.io/ingress.class"                        = "nginx"
+      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      "nginx.ingress.kubernetes.io/auth-tls-secret"        = "default/ca-secret"
+    }
+  }
+  spec {
+    tls {
+      hosts       = ["pma.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "pma.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "phpmyadmin"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+
+}
+
+
+# resource "kubectl_manifest" "mysql-cluster" {
 #   manifest = {
 #     apiVersion = "mysql.presslabs.org/v1alpha1"
 #     kind       = "MysqlCluster"
--- a/modules/kubernetes/dbaas/mysql_chart_values.yaml
+++ b/modules/kubernetes/dbaas/mysql_chart_values.yaml
@ -3,11 +3,11 @@ orchestrator:
  persistence:
    enabled: false
  ingress:
-    enabled: true
+    enable: false
    hosts:
    - host: db.viktorbarzin.me
      paths:
-      # - path: /
+      - path: /
    tls:
    - secretName: ${secretName}
      hosts:
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -49,10 +49,10 @@ module "bind" {
  named_conf_options  = var.bind_named_conf_options
 }

-# module "dbaas" {
-#   source          = "./dbaas"
-#   tls_secret_name = var.tls_secret_name
-# }
+module "dbaas" {
+  source          = "./dbaas"
+  tls_secret_name = var.tls_secret_name
+}

 module "descheduler" {
  source = "./descheduler"
--- a/modules/kubernetes/versions.tf
+++ b/modules/kubernetes/versions.tf
@ -3,6 +3,10 @@ terraform {
    kubernetes = {
      source = "hashicorp/kubernetes"
    }
+    # kubectl = {
+    #   source  = "gavinbunney/kubectl"
+    #   version = ">= 1.10.0"
+    # }
  }
  required_version = ">= 0.13"
 }
--- a/terraform.tfvars
+++ b/terraform.tfvars
--- a/versions.tf
+++ b/versions.tf
@ -5,7 +5,7 @@ terraform {
    }
    # kubectl = {
    #   source  = "gavinbunney/kubectl"
-    #   version = ">= 1.7.0"
+    #   version = ">= 1.10.0"
    # }
  }
  required_version = ">= 0.13"