diff --git a/main.tf b/main.tf index 0d340c45..87fb6519 100644 --- a/main.tf +++ b/main.tf @@ -69,6 +69,9 @@ provider "helm" { } } # provider "kubectl" { +# config_path = var.prod ? "" : "~/.kube/config" +# } +# provider "kubectl" { # host = "kubernetes.viktorbarzin.lan" # cluster_ca_certificate = base64decode(var.eks_cluster_ca) # token = data.aws_eks_cluster_auth.main.token diff --git a/modules/kubernetes/dbaas/main.tf b/modules/kubernetes/dbaas/main.tf index 1d9486d4..07ff97b5 100644 --- a/modules/kubernetes/dbaas/main.tf +++ b/modules/kubernetes/dbaas/main.tf @@ -1,5 +1,8 @@ # DB as a service. Installs MySQL operator variable "tls_secret_name" {} +variable "cluster_master_service" { + default = "mysql-cluster-mysql-master" +} resource "kubernetes_namespace" "dbaas" { metadata { @@ -72,10 +75,144 @@ resource "kubernetes_secret" "cluster-password" { } type = "Opaque" data = { - "ROOT_PASSWORD" = "kek" + "ROOT_PASSWORD" = "a2VrCg==" } } -# resource "kubernetes_manifest" "mysql-cluster" { + +resource "kubernetes_ingress" "dbaas" { + metadata { + name = "orchestrator-ingress" + namespace = "dbaas" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" + "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" + } + } + + spec { + tls { + hosts = ["db.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "db.viktorbarzin.me" + http { + path { + path = "/" + backend { + service_name = "mysql-mysql-operator" + service_port = "80" + } + } + } + } + } +} + + +# PHPMyAdmin instance +resource "kubernetes_deployment" "phpmyadmin" { + metadata { + name = "phpmyadmin" + namespace = "dbaas" + labels = { + "app" = "phpmyadmin" + } + } + spec { + replicas = "1" + selector { + match_labels = { + "app" = "phpmyadmin" + } + } + template { + metadata { + labels = { + "app" = "phpmyadmin" + } + } + spec { + container { + name = "phpmyadmin" + image = "phpmyadmin/phpmyadmin" + port { + container_port = 80 + } + env { + name = "PMA_HOST" + value = var.cluster_master_service + } + env { + name = "PMA_PORT" + value = "3306" + } + env { + name = "MYSQL_ROOT_PASSWORD" + value_from { + secret_key_ref { + name = "cluster-secret" + key = "ROOT_PASSWORD" + } + } + } + } + } + } + } +} + +resource "kubernetes_service" "phpmyadmin" { + metadata { + name = "phpmyadmin" + namespace = "dbaas" + } + spec { + selector = { + "app" = "phpmyadmin" + } + port { + name = "web" + port = 80 + } + } +} + +resource "kubernetes_ingress" "phpmyadmin" { + metadata { + name = "phpmyadmin-ingress" + namespace = "dbaas" + + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" + "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" + } + } + spec { + tls { + hosts = ["pma.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "pma.viktorbarzin.me" + http { + path { + path = "/" + backend { + service_name = "phpmyadmin" + service_port = "80" + } + } + } + } + } + +} + + +# resource "kubectl_manifest" "mysql-cluster" { # manifest = { # apiVersion = "mysql.presslabs.org/v1alpha1" # kind = "MysqlCluster" diff --git a/modules/kubernetes/dbaas/mysql_chart_values.yaml b/modules/kubernetes/dbaas/mysql_chart_values.yaml index e5494455..e0a7934d 100644 --- a/modules/kubernetes/dbaas/mysql_chart_values.yaml +++ b/modules/kubernetes/dbaas/mysql_chart_values.yaml @@ -3,11 +3,11 @@ orchestrator: persistence: enabled: false ingress: - enabled: true + enable: false hosts: - host: db.viktorbarzin.me paths: - # - path: / + - path: / tls: - secretName: ${secretName} hosts: diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 9d058a8e..22566880 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -49,10 +49,10 @@ module "bind" { named_conf_options = var.bind_named_conf_options } -# module "dbaas" { -# source = "./dbaas" -# tls_secret_name = var.tls_secret_name -# } +module "dbaas" { + source = "./dbaas" + tls_secret_name = var.tls_secret_name +} module "descheduler" { source = "./descheduler" diff --git a/modules/kubernetes/versions.tf b/modules/kubernetes/versions.tf index 5d7c4592..d0e41025 100644 --- a/modules/kubernetes/versions.tf +++ b/modules/kubernetes/versions.tf @@ -3,6 +3,10 @@ terraform { kubernetes = { source = "hashicorp/kubernetes" } + # kubectl = { + # source = "gavinbunney/kubectl" + # version = ">= 1.10.0" + # } } required_version = ">= 0.13" } diff --git a/terraform.tfvars b/terraform.tfvars index 70a8b6c2..2d33a0d7 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ diff --git a/versions.tf b/versions.tf index 08edb954..d0e41025 100644 --- a/versions.tf +++ b/versions.tf @@ -5,7 +5,7 @@ terraform { } # kubectl = { # source = "gavinbunney/kubectl" - # version = ">= 1.7.0" + # version = ">= 1.10.0" # } } required_version = ">= 0.13"