Skip to content

Commit

Permalink
implemented postgres operator
Browse files Browse the repository at this point in the history
  • Loading branch information
bensoer committed May 18, 2024
1 parent 8995206 commit 9ef9207
Show file tree
Hide file tree
Showing 10 changed files with 834 additions and 17 deletions.
21 changes: 18 additions & 3 deletions modules/k8config/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,7 @@ module "traefik" {
domain = var.domain

providers = {
helm = helm
kubernetes = kubernetes
kubectl = kubectl
helm = helm
}

depends_on = [
Expand Down Expand Up @@ -162,3 +160,20 @@ module "prometheus-adapter" {
]
}

module "postgres-operator" {
source = "./modules/postgres"

domain = var.domain

providers = {
helm = helm
kubectl = kubectl
kubernetes = kubernetes
}

depends_on = [
time_sleep.wait_60_seconds,
module.certmanager,
module.traefik
]
}
129 changes: 129 additions & 0 deletions modules/k8config/modules/postgres/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = ">= 2.0.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.27.0"
}
kubectl = {
source = "alekc/kubectl"
version = "2.0.4"
}
}
}

resource "kubernetes_namespace" "postgres_namespace" {
metadata {
name = "postgres"
}
}


resource "helm_release" "postgres_operator" {
name = "postgres-operator"

repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator"
chart = "postgres-operator"

atomic = true

create_namespace = true
namespace = "postgres"

recreate_pods = true
reuse_values = true
force_update = true
cleanup_on_fail = true
dependency_update = true

values = [
file("${abspath(path.module)}/res/postgres-operator-values.yaml")
]

depends_on = [
kubernetes_namespace.postgres_namespace
]

}

resource "helm_release" "postgres_operator_ui" {
name = "postgres-operator-ui"

repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui"
chart = "postgres-operator-ui"

atomic = true

create_namespace = true
namespace = "postgres"

recreate_pods = true
reuse_values = true
force_update = true
cleanup_on_fail = true
dependency_update = true

values = [
templatefile("${abspath(path.module)}/res/postgres-operator-ui-values.yaml.tftpl", {
domain = var.domain
})
]

depends_on = [
kubernetes_namespace.postgres_namespace,
helm_release.postgres_operator
]

}

resource "kubectl_manifest" "postgres_operator_ui_certificate" {
yaml_body = templatefile("${abspath(path.module)}/res/postgres-operator-ui-certificate.yaml.tftpl", {
domain = var.domain
})

depends_on = [
kubernetes_namespace.postgres_namespace,
helm_release.postgres_operator_ui
]
}

resource "random_password" "postgres_operator_ui_password" {
length = 25
special = false
#override_special = "!#$%&*()-_=+[]{}<>:?"
}

resource "kubernetes_secret" "postgres_operator_ui_auth_secret" {
metadata {
name = "postgres-operator-ui-auth-secret"
namespace = "traefik"
}

type = "kubernetes.io/basic-auth"

data = {
username = "postgres-operator-ui-admin"
password = random_password.postgres_operator_ui_password.result
}
}

resource "kubectl_manifest" "postgres_operator_ui_auth_middleware" {
yaml_body = file("${abspath(path.module)}/res/postgres-operator-ui-middleware.yaml")
}

resource "kubectl_manifest" "postgres_operator_ui_ingress" {
yaml_body = templatefile("${abspath(path.module)}/res/postgres-operator-ui-ingress.yaml.tftpl", {
domain = var.domain
})

depends_on = [
kubernetes_namespace.postgres_namespace,
kubectl_manifest.postgres_operator_ui_certificate,
helm_release.postgres_operator_ui,
kubectl_manifest.postgres_operator_ui_auth_middleware
]
}

Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: postgres-operator-ui-certificate
namespace: traefik
spec:
secretName: postgres-operator-ui-certificate-secret
dnsNames:
- "postgres-operator.${domain}"
issuerRef:
name: letsencrypt-dev-cluster-issuer
kind: ClusterIssuer
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: postgres-operator-ui-ingress
namespace: traefik
spec:
entryPoints: # [1]
- websecure
routes: # [2]
- kind: Rule
match: Host(`postgres-operator.${domain}`)
priority: 10
middlewares:
- name: postgres-operator-ui-auth
namespace: traefik
services:
- name: postgres-operator-ui
namespace: postgres
port: 80
tls: # [12]
secretName: postgres-operator-ui-certificate-secret
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: postgres-operator-ui-auth
namespace: traefik
spec:
basicAuth:
secret: postgres-operator-ui-auth-secret
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
# Default values for postgres-operator-ui.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 1

# configure ui image
image:
registry: registry.opensource.zalan.do
repository: acid/postgres-operator-ui
tag: v1.11.0
pullPolicy: "IfNotPresent"

# Optionally specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
# imagePullSecrets:
# - name:

rbac:
# Specifies whether RBAC resources should be created
create: true

serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:

# configure UI pod resources
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi

# configure UI ENVs
envs:
# IMPORTANT: While operator chart and UI chart are independent, this is the interface between
# UI and operator API. Insert the service name of the operator API here!
appUrl: "http://postgres-operator.${domain}:80"
operatorApiUrl: "http://postgres-operator.postgres.svc.cluster.local:8080"
operatorClusterNameLabel: "cluster-name"
resourcesVisible: "False"
# Set to "*" to allow viewing/creation of clusters in all namespaces
targetNamespace: "*"
teams:
- "acid"

# Extra pod annotations
podAnnotations:
{}

# configure extra UI ENVs
# Extra ENVs are writen in kubenertes format and added "as is" to the pod's env variables
# https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
# UI specific env variables can be found here: https://github.com/zalando/postgres-operator/blob/master/ui/operator_ui/main.py
extraEnvs:
[]
# Exemple of settings to make snapshot view working in the ui when using AWS
# - name: WALE_S3_ENDPOINT
# value: https+path://s3.us-east-1.amazonaws.com:443
# - name: SPILO_S3_BACKUP_PREFIX
# value: spilo/
# - name: AWS_ACCESS_KEY_ID
# valueFrom:
# secretKeyRef:
# name: <postgres operator secret with AWS token>
# key: AWS_ACCESS_KEY_ID
# - name: AWS_SECRET_ACCESS_KEY
# valueFrom:
# secretKeyRef:
# name: <postgres operator secret with AWS token>
# key: AWS_SECRET_ACCESS_KEY
# - name: AWS_DEFAULT_REGION
# valueFrom:
# secretKeyRef:
# name: <postgres operator secret with AWS token>
# key: AWS_DEFAULT_REGION
# - name: SPILO_S3_BACKUP_BUCKET
# value: <s3 bucket used by the operator>
# - name: "USE_AWS_INSTANCE_PROFILE"
# value: "true"

# configure UI service
service:
type: "ClusterIP"
port: "80"
# If the type of the service is NodePort a port can be specified using the nodePort field
# If the nodePort field is not specified, or if it has no value, then a random port is used
# nodePort: 32521
annotations:
{}

# configure UI ingress. If needed: "enabled: true"
ingress:
enabled: false
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
ingressClassName: ""
hosts:
- host: ui.example.org
paths: ["/"]
tls: []
# - secretName: ui-tls
# hosts:
# - ui.exmaple.org
Loading

0 comments on commit 9ef9207

Please sign in to comment.