Dan6erbond
/
terraform-kubernetes-postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add Terraform Postgres Kubernetes module

Browse Source 
Unfinished: Still needs outputs and to be tested.
main
RaviAnand Mohabir 2 years ago
commit d45b08b0fd
3 changed files with 338 additions and 0 deletions
Show Stats Download Patch File Download Diff File

34
.gitignore vendored
Unescape Escape View File

@ -0,0 +1,34 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc

203
main.tf
Unescape Escape View File

@ -0,0 +1,203 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.13.1"
}
}
}
locals {
port = 5432
app = "postgres"
match_labels = {
"app.kubernetes.io/name" = "postgres"
"app.kubernetes.io/instance" = "postgres"
}
labels = merge(local.match_labels, var.labels)
env = "postgres-env"
}
resource "kubernetes_stateful_set" "postgres" {
metadata {
name = var.stateful_set_name
namespace = var.namespace
labels = local.labels
}
spec {
selector {
match_labels = local.labels
}
service_name = local.app
replicas = local.replicas
template {
metadata {
labels = local.labels
}
spec {
affinity {
pod_affinity {}
pod_anti_affinity {
preferred_during_scheduling_ignored_during_execution {
pod_affinity_term {
label_selector {
match_labels = local.match_labels
}
namespaces = [var.namespace]
topology_key = "kubernetes.io/hostname"
}
weight = 1
}
}
node_affinity {}
}
security_context {
fs_group = 1001
}
container {
image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}"
name = var.container_name
env_from {
config_map_ref {
name = kubernetes_config_map.postgres.metadata.0.name
}
}
env {
name = "POSTGRES_POSTGRES_PASSWORD"
value_from {
secret_key_ref {
name = kubernetes_secret.postgres.metadata.0.name
key = "postgres-postgres-password"
}
}
}
env {
name = "POSTGRES_PASSWORD"
value_from {
secret_key_ref {
name = kubernetes_secret.postgres.metadata.0.name
key = "postgres-password"
}
}
}
port {
name = "tcp-postgres"
container_port = local.port
}
liveness_probe {
exec {
command = ["/bin/sh", "-c", "exec pg_isready -U ${var.postgres_user} -d \"dbname=${var.postgres_db}\" -h 127.0.0.1 -p ${local.port}"]
}
initial_delay_seconds = 30
period_seconds = 10
timeout_seconds = 5
success_threshold = 1
failure_threshold = 1
}
readiness_probe {
exec {
command = [
"/bin/sh",
"-c",
"-e",
<<EOT
|
exec pg_isready -U ${var.postgres_user} -d \"dbname=${var.postgres_db}\" -h 127.0.0.1 -p ${local.port}
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
EOT
]
}
initial_delay_seconds = 30
period_seconds = 10
timeout_seconds = 5
success_threshold = 1
failure_threshold = 1
}
volume_mount {
name = "dshm"
mount_path = "/dev/shm"
}
volume_mount {
name = "data"
mount_path = "/bitnami/postgresql"
}
}
volume {
name = "dshm"
empty_dir {
medium = "Memory"
size_limit = "1Gi"
}
}
}
}
volume_claim_template {
metadata {
name = "data"
}
spec {
access_modes = ["ReadWriteOnce"]
resources {
requests = {
storage = var.storage_size
}
}
storage_class_name = var.storage_class_name
}
}
}
}
resource "kubernetes_service" "postgres" {
metadata {
name = var.service_name
namespace = var.namespace
labels = merge({
"service.alpha.kubernetes.io/tolerate-unready-endpoints" = "true"
}, local.labels)
}
spec {
type = var.service_type
publish_not_ready_addresses = true
selector = local.match_labels
port {
port = local.port
}
}
count = var.enable_service ? 1 : 0
}
resource "kubernetes_secret" "postgres" {
metadata {
name = "postgres"
namespace = local.namespace
labels = local.match_labels
}
type = "Opaque"
data = {
"postgres-postgres-password" = var.postgres_postgres_password
"postgres-password" = var.postgres_password
}
}
resource "kubernetes_config_map" "postgres" {
metadata {
name = local.env
namespace = var.namespace
}
data = {
BITNAMI_DEBUG = "false"
POSTGRESQL_PORT_NUMBER = local.port
POSTGRESQL_VOLUME_DIR = "/bitnami/postgresql"
PGDATA = "/bitnami/postgresql/data"
POSTGRES_USER = var.postgres_user
POSTGRES_DB = var.postgres_db
POSTGRESQL_ENABLE_LDAP = "no"
POSTGRESQL_LOG_HOSTNAME = "false"
POSTGRESQL_LOG_DISCONNECTIONS = "false"
POSTGRESQL_PGAUDIT_LOG_CATALOG = "off"
POSTGRESQL_CLIENT_MIN_MESSAGES = "error"
POSTGRESQL_SHARED_PRELOAD_LIBRARIES = "pgaudit"
}
}

101
variables.tf
Unescape Escape View File

@ -0,0 +1,101 @@
variable "postgres_postgres_password" {
description = "Password for the `postgres` user"
type = string
sensitive = true
}
variable "postgres_user" {
description = "Username for the user"
default = "user"
type = string
}
variable "postgres_password" {
description = "Password for the user"
type = string
sensitive = true
}
variable "postgres_db" {
description = "Name of the default database"
type = string
sensitive = true
}
variable "stateful_set_name" {
description = "Name of StatefulSet"
type = string
default = "postgres"
}
variable "labels" {
description = "Labels to add to the Postgres deployment"
type = map(any)
default = {}
}
variable "volum_claim_template_name" {
description = "Name to use for the volume claim template"
type = string
default = "postgres-pvc"
}
variable "replicas" {
description = "Replicas to deploy in the Postgres StatefulSet"
type = number
default = 1
}
variable "storage_size" {
description = "Storage size for the StatefulSet PVC"
type = string
default = "10Gi"
}
variable "storage_class_name" {
description = "Storage class to use for Postgres PVCs"
type = string
default = ""
}
variable "image_registry" {
description = "Image registry, e.g. gcr.io, docker.io"
type = string
default = ""
}
variable "image_repository" {
description = "Image to start for this pod"
type = string
default = "bitnami/postgresql"
}
variable "image_tag" {
description = "Image tag to use"
type = string
default = "13.9.0"
}
variable "container_name" {
description = "Name of the Postgres container"
type = string
default = "postgres"
}
variable "enable_service" {
description = "Enable service for Postgres"
type = bool
default = true
}
variable "service_name" {
description = "Name of service to deploy"
type = string
default = "postgres"
}
variable "service_type" {
description = "Type of service to deploy"
type = string
default = "ClusterIP"
}
Write Preview
Loading…
Cancel
Save