feat(infrastructure): add rabbitmq cluster

tofu/main.tf

@@ -96,7 +96,14 @@ module "argocd" {
 }
 
 module "redis" {
-  source     = "${path.module}/modules/redis"
-  depends_on = [module.storage]
+  source                 = "${path.module}/modules/redis"
+  depends_on             = [module.storage]
   cloudflare_base_domain = var.cloudflare_domain
 }
+
+module "rabbitmq" {
+  source            = "${path.module}/modules/rabbitmq"
+  depends_on        = [module.storage]
+  base_domain       = var.cloudflare_domain
+  rabbitmq-password = var.rabbitmq-password
+}

tofu/modules/rabbitmq/main.tf

@@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.19.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "3.0.2"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.38.0"
+    }
+    kustomization = {
+      source  = "kbst/kustomization"
+      version = "0.9.6"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = "0.13.1"
+    }
+  }
+}
+
+# Define the Helm release for RabbitMQ.
+# This resource will install the RabbitMQ chart from the Bitnami repository.
+resource "helm_release" "rabbitmq" {
+  # The name of the release in Kubernetes.
+  name = "rabbitmq"
+
+  # The repository where the chart is located.
+  repository = "https://charts.bitnami.com/bitnami"
+
+  # The name of the chart to deploy.
+  chart = "rabbitmq"
+
+  # The version of the chart to deploy. It's best practice to pin the version.
+  version = "14.4.1"
+
+  # The Kubernetes namespace to deploy into.
+  # If the namespace doesn't exist, you can create it with a kubernetes_namespace resource.
+  namespace        = "rabbitmq"
+  create_namespace = true
+
+  # Override default chart values.
+  # This is where you customize your RabbitMQ deployment.
+  set = [
+    {
+      name  = "auth.username"
+      value = "admin"
+    },
+    {
+      name  = "auth.password"
+      value = var.rabbitmq-password
+    },
+    {
+      name  = "persistence.enabled"
+      value = "true"
+    },
+    {
+      name  = "replicaCount"
+      value = "3"
+    },
+    {
+      name  = "podAntiAffinityPreset"
+      value = "soft"
+    }
+  ]
+}
+
+resource "kubectl_manifest" "rabbitmq_ui" {
+  yaml_body = templatefile("${path.module}/rabbit-ui.yaml", {
+    base_domain = var.base_domain
+  })
+  depends_on = [helm_release.rabbitmq]
+}

tofu/modules/rabbitmq/rabbit-ui.yaml

@@ -0,0 +1,14 @@
+apiVersion: networking.cfargotunnel.com/v1alpha1
+kind: TunnelBinding
+metadata:
+  name: rabbit-tunnel-binding
+  namespace: rabbitmq
+subjects:
+  - name: rabbit-gui
+    spec:
+      target: http://rabbitmq.rabbitmq.svc.cluster.local:15672
+      fqdn: rabbitmq.${base_domain}
+      noTlsVerify: true
+tunnelRef:
+  kind: ClusterTunnel
+  name: cluster-tunnel

tofu/modules/rabbitmq/variables.tf

@@ -0,0 +1,11 @@
+variable "base_domain" {
+  type     = string # The type of the variable, in this case a string
+  nullable = false  # Description of what this variable represents
+}
+
+variable "rabbitmq-password" {
+  type = string
+  nullable = false
+  sensitive = true
+  description = "Admin password for RabbitMQ user"
+}

tofu/variables.tf

@@ -96,8 +96,15 @@ variable "cloudflare_account_id" {
 }
 
 variable "argocd_admin_password" {
-  type = string
-  nullable = false
-  sensitive = true
+  type        = string
+  nullable    = false
+  sensitive   = true
   description = "ArgoCD admin password"
 }
+
+variable "rabbitmq-password" {
+  type        = string
+  nullable    = false
+  sensitive   = true
+  description = "Admin password for RabbitMQ user"
+}