feat: create Terraform module to manage Strapi Postgres role and DB

main
RaviAnand Mohabir 2 years ago
parent 02c778e509
commit f4babfcc71

37
deploy/.gitignore vendored

@ -0,0 +1,37 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
# Custom
.env

@ -0,0 +1,44 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cyrilgdn/postgresql" {
version = "1.17.1"
constraints = "1.17.1"
hashes = [
"h1:PbajI5dnH0WrLTbJDXExQJ850SZZpg/onCv1scFVyGI=",
"zh:0a800fd3d6745a75916f00d4fb8615a63a40fe296beba93c5cdb4fcca6fef0c3",
"zh:0ce6d6d1bc3a93305393e965b58449ee938bbfda09248a8e2d90ad94858ac046",
"zh:1d20431ce36aa371ca83ae1717282fc5fda3efd884eace5b4285daab1077f1e1",
"zh:41ca08013a8b207aabde9330c698915add6ca37329e78203b649e447e68efaa9",
"zh:4e94129e4cd9ab05c1d0ff94a99bd718e36f3f85babf1f7eb0e926eecc542367",
"zh:6017a29c840f9e0e9f9025d7acf4b2159f898a1f6dfde629b742916a50201be1",
"zh:85492e4b1ef1d5f42b7ce649680e0ea210b92a90ae376df88368346fdf3695ed",
"zh:b21d05833e0ec13f6df8e4f6bbbbfd181692197d09c3fd9e87c4c3f4276b2ae0",
"zh:b8dc0c03e9f754fbc5d3de0aaf29b161259c3c8fd5f182c6d03d96e27b8cd483",
"zh:bed38206052282408c9397adfb3c4d7b3270e9f713f55a0383a2103f125838f7",
"zh:c75f2802b57a339dce3caed4b79779b1408155349982197e59b67aaf12b67542",
"zh:d6551ca5dc15ea7f134d5f9f8523078cb32e9b702460fc99af94f341bb3d8c90",
"zh:ebaab1c5e69a6ff12536655629c2c3ae58d5e4bd9d722427a9aa77bf62c1e339",
"zh:f796ba225d7204a26fba85d958295e668bc8ca1f51b5bfeb2e5c410338b55c24",
]
}
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.13.1"
constraints = "2.13.1"
hashes = [
"h1:PUyzpcW1hcOPj0Hu2QR/RhASeAeLhMzrNA+95tQAdL4=",
"zh:061f6ecbbf9a3c6345b56c28ebc2966a05d8eb02f3ba56beedd66e4ea308e332",
"zh:2119beeccb35bc5d1392b169f9fc748865261b45fb75fc8f57200e91658837c6",
"zh:26c29083d0d84fbc2e356e3dd1db3e2dc4139e943acf7a318d3c98f954ac6bd6",
"zh:2fb5823345ab05b3df74bb5c51c61072637d01b3cddffe3ad36a73b7d5b749e6",
"zh:3475b4422fffaf58584c4d877f98bfeff075e4a746f13e985d2cb20adc873a6c",
"zh:366b4bef49932d1d71b12849c1878c254a887962ff915f37982299c1185dd48a",
"zh:589f9358e4a4bd74a83b97ccc64df455ddfa64c4c4e099aef30fa29080497a8a",
"zh:7a0d75e0e4fee6cc5599ac9d5e91de563ce9ea7bd8137480c7abd09642a9e72c",
"zh:a297a42aefe0650e3d9fbe55a3ee48b14bb8bb5edb7068c09512d72afc3d9ca5",
"zh:b7f83a89b646542d02b733d464e45d6d0739a9dbb921305e7b8347e9fc98a149",
"zh:d4c721174a598b66bd1b29c40fa7cffafe90bb58186cd7506d792a6b04161103",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}

@ -0,0 +1,52 @@
terraform {
backend "s3" {
bucket = "terraform-state"
key = "apps/landing-page/terraform.tfstate"
endpoint = "https://s3.ravianand.me"
region = "homelab01"
force_path_style = true
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
}
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.13.1"
}
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.17.1"
}
}
}
provider "kubernetes" {
cluster_ca_certificate = base64decode(var.kubernetes_cluster_ca_certificate)
host = var.kubernetes_host
token = var.kubernetes_token
}
provider "postgresql" {
host = var.postgres_host
port = 5432
database = "postgres"
username = var.postgres_admin_user
password = var.postgres_admin_password
sslmode = var.postgres_sslmode
connect_timeout = 15
}
resource "postgresql_role" "strapi" {
name = var.postgres_user
login = true
password = var.postgres_password
}
resource "postgresql_database" "strapi" {
name = "strapi"
owner = postgresql_role.strapi.name
}

@ -0,0 +1,50 @@
variable "kubernetes_cluster_ca_certificate" {
description = "Cluster CA certificate for Kubernetes API server"
type = string
sensitive = true
}
variable "kubernetes_host" {
description = "Host of the Kubernetes API server"
type = string
}
variable "kubernetes_token" {
description = "Kubernetes Bearer token"
type = string
sensitive = true
}
variable "postgres_host" {
description = "Postgres host"
type = string
}
variable "postgres_sslmode" {
description = "SSL mode to use in Postgres"
type = string
default = "require"
}
variable "postgres_admin_user" {
description = "Postgres management user with DB create and user create privileges"
type = string
}
variable "postgres_admin_password" {
description = "Postgres management user password"
type = string
sensitive = true
}
variable "postgres_user" {
description = "Postgres user to be created for Strapi"
default = "strapi"
type = string
}
variable "postgres_password" {
description = "Password for Strapi Postgres user"
type = string
sensitive = true
}
Loading…
Cancel
Save