terraform_modules/digitalocean_database_cluster: initial commit
This commit is contained in:
parent
2906f910c0
commit
de97ffef10
|
@ -13,6 +13,8 @@ resource "random_id" "suffix" {
|
|||
resource "digitalocean_custom_image" "talos" {
|
||||
name = "talos"
|
||||
url = "https://github.com/siderolabs/talos/releases/download/v1.4.3/digital-ocean-amd64.raw.gz"
|
||||
# this gets reset by DigitalOcean
|
||||
distribution = "Unknown OS"
|
||||
regions = [var.region]
|
||||
}
|
||||
|
||||
|
@ -31,5 +33,34 @@ module "digitalocean_talos_cluster-2" {
|
|||
count = 1,
|
||||
size = "s-2vcpu-4gb",
|
||||
}]
|
||||
digitalocean_region = "sfo3"
|
||||
digitalocean_region = var.region
|
||||
}
|
||||
|
||||
module "digitalocean_database_cluster" {
|
||||
source = "../../terraform_modules/digitalocean_database_cluster"
|
||||
|
||||
cluster_name = "distrust"
|
||||
db_engine = "pg"
|
||||
db_version = "15"
|
||||
size = "db-s-1vcpu-2gb"
|
||||
node_count = 1
|
||||
|
||||
databases = [{
|
||||
name = "keycloak",
|
||||
create_default_superuser = true,
|
||||
}, {
|
||||
name = "forgejo",
|
||||
create_default_superuser = true,
|
||||
}]
|
||||
|
||||
vpc_id = module.digitalocean_talos_cluster-2.vpc_id
|
||||
digitalocean_region = var.region
|
||||
}
|
||||
|
||||
# TODO: make it output a Kubernetes Secret in env var format, can be piped into
|
||||
# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen
|
||||
# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml
|
||||
output "database_users" {
|
||||
value = module.digitalocean_database_cluster.database_users
|
||||
sensitive = true
|
||||
}
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
terraform {
|
||||
required_providers {
|
||||
digitalocean = {
|
||||
source = "digitalocean/digitalocean"
|
||||
version = "~> 2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "digitalocean_database_cluster" "main" {
|
||||
name = var.cluster_name
|
||||
engine = var.db_engine
|
||||
size = var.size
|
||||
region = var.digitalocean_region
|
||||
node_count = var.node_count
|
||||
version = var.db_version
|
||||
private_network_uuid = var.vpc_id # TODO: nullable = true
|
||||
}
|
||||
|
||||
resource "digitalocean_database_db" "main" {
|
||||
for_each = { for db in var.databases: db.name => db }
|
||||
|
||||
cluster_id = digitalocean_database_cluster.main.id
|
||||
name = each.key
|
||||
}
|
||||
|
||||
locals {
|
||||
base_connection_string = trimsuffix(digitalocean_database_cluster.main.uri,
|
||||
"/defaultdb?sslmode=require")
|
||||
}
|
||||
|
||||
resource "digitalocean_database_user" "default_users" {
|
||||
for_each = {
|
||||
for db in [for db in var.databases: db if db.create_default_superuser]:
|
||||
db.name => db.name
|
||||
}
|
||||
|
||||
cluster_id = digitalocean_database_cluster.main.id
|
||||
name = each.key
|
||||
|
||||
provisioner "local-exec" {
|
||||
command = "GRANT ALL ON DATABASE ${each.key} TO ${each.key}"
|
||||
interpreter = ["psql", "${local.base_connection_string}/${each.key}"]
|
||||
}
|
||||
|
||||
provisioner "local-exec" {
|
||||
command = "GRANT ALL ON SCHEMA public TO ${each.key}"
|
||||
interpreter = ["psql", "${local.base_connection_string}/${each.key}"]
|
||||
}
|
||||
|
||||
# Note: provisioners depend on databases existing
|
||||
depends_on = [digitalocean_database_db.main]
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
output "database_cluster" {
|
||||
value = digitalocean_database_cluster.main
|
||||
}
|
||||
|
||||
output "database_users" {
|
||||
value = digitalocean_database_user.default_users
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
variable "cluster_name" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "db_engine" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "size" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "digitalocean_region" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "node_count" {
|
||||
type = number
|
||||
}
|
||||
|
||||
variable "databases" {
|
||||
type = list(object({
|
||||
name = string,
|
||||
create_default_superuser = optional(bool, false),
|
||||
}))
|
||||
}
|
||||
|
||||
variable "db_version" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "vpc_id" {
|
||||
type = string
|
||||
nullable = true
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
output "vpc_id" {
|
||||
value = var.vpc_id == "undefined" ? digitalocean_vpc.talos[0].id : var.vpc_id
|
||||
}
|
Loading…
Reference in New Issue