-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
834 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
terraform { | ||
required_providers { | ||
helm = { | ||
source = "hashicorp/helm" | ||
version = ">= 2.0.1" | ||
} | ||
kubernetes = { | ||
source = "hashicorp/kubernetes" | ||
version = "2.27.0" | ||
} | ||
kubectl = { | ||
source = "alekc/kubectl" | ||
version = "2.0.4" | ||
} | ||
} | ||
} | ||
|
||
resource "kubernetes_namespace" "postgres_namespace" { | ||
metadata { | ||
name = "postgres" | ||
} | ||
} | ||
|
||
|
||
resource "helm_release" "postgres_operator" { | ||
name = "postgres-operator" | ||
|
||
repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator" | ||
chart = "postgres-operator" | ||
|
||
atomic = true | ||
|
||
create_namespace = true | ||
namespace = "postgres" | ||
|
||
recreate_pods = true | ||
reuse_values = true | ||
force_update = true | ||
cleanup_on_fail = true | ||
dependency_update = true | ||
|
||
values = [ | ||
file("${abspath(path.module)}/res/postgres-operator-values.yaml") | ||
] | ||
|
||
depends_on = [ | ||
kubernetes_namespace.postgres_namespace | ||
] | ||
|
||
} | ||
|
||
resource "helm_release" "postgres_operator_ui" { | ||
name = "postgres-operator-ui" | ||
|
||
repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui" | ||
chart = "postgres-operator-ui" | ||
|
||
atomic = true | ||
|
||
create_namespace = true | ||
namespace = "postgres" | ||
|
||
recreate_pods = true | ||
reuse_values = true | ||
force_update = true | ||
cleanup_on_fail = true | ||
dependency_update = true | ||
|
||
values = [ | ||
templatefile("${abspath(path.module)}/res/postgres-operator-ui-values.yaml.tftpl", { | ||
domain = var.domain | ||
}) | ||
] | ||
|
||
depends_on = [ | ||
kubernetes_namespace.postgres_namespace, | ||
helm_release.postgres_operator | ||
] | ||
|
||
} | ||
|
||
resource "kubectl_manifest" "postgres_operator_ui_certificate" { | ||
yaml_body = templatefile("${abspath(path.module)}/res/postgres-operator-ui-certificate.yaml.tftpl", { | ||
domain = var.domain | ||
}) | ||
|
||
depends_on = [ | ||
kubernetes_namespace.postgres_namespace, | ||
helm_release.postgres_operator_ui | ||
] | ||
} | ||
|
||
resource "random_password" "postgres_operator_ui_password" { | ||
length = 25 | ||
special = false | ||
#override_special = "!#$%&*()-_=+[]{}<>:?" | ||
} | ||
|
||
resource "kubernetes_secret" "postgres_operator_ui_auth_secret" { | ||
metadata { | ||
name = "postgres-operator-ui-auth-secret" | ||
namespace = "traefik" | ||
} | ||
|
||
type = "kubernetes.io/basic-auth" | ||
|
||
data = { | ||
username = "postgres-operator-ui-admin" | ||
password = random_password.postgres_operator_ui_password.result | ||
} | ||
} | ||
|
||
resource "kubectl_manifest" "postgres_operator_ui_auth_middleware" { | ||
yaml_body = file("${abspath(path.module)}/res/postgres-operator-ui-middleware.yaml") | ||
} | ||
|
||
resource "kubectl_manifest" "postgres_operator_ui_ingress" { | ||
yaml_body = templatefile("${abspath(path.module)}/res/postgres-operator-ui-ingress.yaml.tftpl", { | ||
domain = var.domain | ||
}) | ||
|
||
depends_on = [ | ||
kubernetes_namespace.postgres_namespace, | ||
kubectl_manifest.postgres_operator_ui_certificate, | ||
helm_release.postgres_operator_ui, | ||
kubectl_manifest.postgres_operator_ui_auth_middleware | ||
] | ||
} | ||
|
12 changes: 12 additions & 0 deletions
12
modules/k8config/modules/postgres/res/postgres-operator-ui-certificate.yaml.tftpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
name: postgres-operator-ui-certificate | ||
namespace: traefik | ||
spec: | ||
secretName: postgres-operator-ui-certificate-secret | ||
dnsNames: | ||
- "postgres-operator.${domain}" | ||
issuerRef: | ||
name: letsencrypt-dev-cluster-issuer | ||
kind: ClusterIssuer |
21 changes: 21 additions & 0 deletions
21
modules/k8config/modules/postgres/res/postgres-operator-ui-ingress.yaml.tftpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
apiVersion: traefik.io/v1alpha1 | ||
kind: IngressRoute | ||
metadata: | ||
name: postgres-operator-ui-ingress | ||
namespace: traefik | ||
spec: | ||
entryPoints: # [1] | ||
- websecure | ||
routes: # [2] | ||
- kind: Rule | ||
match: Host(`postgres-operator.${domain}`) | ||
priority: 10 | ||
middlewares: | ||
- name: postgres-operator-ui-auth | ||
namespace: traefik | ||
services: | ||
- name: postgres-operator-ui | ||
namespace: postgres | ||
port: 80 | ||
tls: # [12] | ||
secretName: postgres-operator-ui-certificate-secret |
8 changes: 8 additions & 0 deletions
8
modules/k8config/modules/postgres/res/postgres-operator-ui-middleware.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: traefik.io/v1alpha1 | ||
kind: Middleware | ||
metadata: | ||
name: postgres-operator-ui-auth | ||
namespace: traefik | ||
spec: | ||
basicAuth: | ||
secret: postgres-operator-ui-auth-secret |
113 changes: 113 additions & 0 deletions
113
modules/k8config/modules/postgres/res/postgres-operator-ui-values.yaml.tftpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
# Default values for postgres-operator-ui. | ||
# This is a YAML-formatted file. | ||
# Declare variables to be passed into your templates. | ||
|
||
replicaCount: 1 | ||
|
||
# configure ui image | ||
image: | ||
registry: registry.opensource.zalan.do | ||
repository: acid/postgres-operator-ui | ||
tag: v1.11.0 | ||
pullPolicy: "IfNotPresent" | ||
|
||
# Optionally specify an array of imagePullSecrets. | ||
# Secrets must be manually created in the namespace. | ||
# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod | ||
# imagePullSecrets: | ||
# - name: | ||
|
||
rbac: | ||
# Specifies whether RBAC resources should be created | ||
create: true | ||
|
||
serviceAccount: | ||
# Specifies whether a ServiceAccount should be created | ||
create: true | ||
# The name of the ServiceAccount to use. | ||
# If not set and create is true, a name is generated using the fullname template | ||
name: | ||
|
||
# configure UI pod resources | ||
resources: | ||
limits: | ||
cpu: 200m | ||
memory: 200Mi | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
|
||
# configure UI ENVs | ||
envs: | ||
# IMPORTANT: While operator chart and UI chart are independent, this is the interface between | ||
# UI and operator API. Insert the service name of the operator API here! | ||
appUrl: "http://postgres-operator.${domain}:80" | ||
operatorApiUrl: "http://postgres-operator.postgres.svc.cluster.local:8080" | ||
operatorClusterNameLabel: "cluster-name" | ||
resourcesVisible: "False" | ||
# Set to "*" to allow viewing/creation of clusters in all namespaces | ||
targetNamespace: "*" | ||
teams: | ||
- "acid" | ||
|
||
# Extra pod annotations | ||
podAnnotations: | ||
{} | ||
|
||
# configure extra UI ENVs | ||
# Extra ENVs are writen in kubenertes format and added "as is" to the pod's env variables | ||
# https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/ | ||
# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables | ||
# UI specific env variables can be found here: https://github.com/zalando/postgres-operator/blob/master/ui/operator_ui/main.py | ||
extraEnvs: | ||
[] | ||
# Exemple of settings to make snapshot view working in the ui when using AWS | ||
# - name: WALE_S3_ENDPOINT | ||
# value: https+path://s3.us-east-1.amazonaws.com:443 | ||
# - name: SPILO_S3_BACKUP_PREFIX | ||
# value: spilo/ | ||
# - name: AWS_ACCESS_KEY_ID | ||
# valueFrom: | ||
# secretKeyRef: | ||
# name: <postgres operator secret with AWS token> | ||
# key: AWS_ACCESS_KEY_ID | ||
# - name: AWS_SECRET_ACCESS_KEY | ||
# valueFrom: | ||
# secretKeyRef: | ||
# name: <postgres operator secret with AWS token> | ||
# key: AWS_SECRET_ACCESS_KEY | ||
# - name: AWS_DEFAULT_REGION | ||
# valueFrom: | ||
# secretKeyRef: | ||
# name: <postgres operator secret with AWS token> | ||
# key: AWS_DEFAULT_REGION | ||
# - name: SPILO_S3_BACKUP_BUCKET | ||
# value: <s3 bucket used by the operator> | ||
# - name: "USE_AWS_INSTANCE_PROFILE" | ||
# value: "true" | ||
|
||
# configure UI service | ||
service: | ||
type: "ClusterIP" | ||
port: "80" | ||
# If the type of the service is NodePort a port can be specified using the nodePort field | ||
# If the nodePort field is not specified, or if it has no value, then a random port is used | ||
# nodePort: 32521 | ||
annotations: | ||
{} | ||
|
||
# configure UI ingress. If needed: "enabled: true" | ||
ingress: | ||
enabled: false | ||
annotations: | ||
{} | ||
# kubernetes.io/ingress.class: nginx | ||
# kubernetes.io/tls-acme: "true" | ||
ingressClassName: "" | ||
hosts: | ||
- host: ui.example.org | ||
paths: ["/"] | ||
tls: [] | ||
# - secretName: ui-tls | ||
# hosts: | ||
# - ui.exmaple.org |
Oops, something went wrong.