feat(infrastructure): add basic terraform resources

tofu/config/maxscale/charts/maxscale-helm/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: maxscale-helm
+version: 0.1.9
+description: Helm chart for MaxScale related Kubernetes manifests

tofu/config/maxscale/charts/maxscale-helm/templates/config.yaml

@@ -0,0 +1,157 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+  name: mariadb-repl
+  namespace: mariadb-operator
+spec:
+  rootPasswordSecretKeyRef:
+    name: mariadb-secret
+    key: root-password
+
+  username: mariadb
+  passwordSecretKeyRef:
+    name: mariadb-secret
+    key: password
+  database: mariadb
+
+  storage:
+    size: 5Gi
+    storageClassName: longhorn
+    resizeInUseVolumes: true
+    waitForVolumeResize: true
+    volumeClaimTemplate:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 5Gi
+      storageClassName: longhorn
+
+  replicas: 3
+  replicasAllowEvenNumber: true
+
+  podSpec:
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - "ALL"
+      seccompProfile:
+        type: RuntimeDefault
+
+  maxScale:
+    enabled: true
+
+    kubernetesService:
+      type: LoadBalancer
+      metadata:
+        annotations:
+          metallb.universe.tf/loadBalancerIPs: {{ .Values.metallb.maxscale_ip | default "" | quote }}
+
+    connection:
+      secretName: mxs-repl-conn
+      port: 3306
+
+    metrics:
+      enabled: true
+
+    tls:
+      enabled: true
+
+  replication:
+    enabled: true
+    primary:
+      podIndex: 0
+      automaticFailover: true
+    replica:
+      waitPoint: AfterSync
+      gtid: CurrentPos
+      replPasswordSecretKeyRef:
+        name: mariadb-secret
+        key: password
+      connectionTimeout: 10s
+      connectionRetries: 10
+      syncTimeout: 10s
+    syncBinlog: 1
+    probesEnabled: true
+
+  service:
+    type: LoadBalancer
+    metadata:
+      annotations:
+        metallb.universe.tf/loadBalancerIPs: {{ .Values.metallb.service_ip | default "" | quote }}
+  connection:
+    secretName: mariadb-repl-conn
+    secretTemplate:
+      key: dsn
+
+  primaryService:
+    type: LoadBalancer
+    metadata:
+      annotations:
+        metallb.universe.tf/loadBalancerIPs: {{ .Values.metallb.primary_ip | default "" | quote }}
+  primaryConnection:
+    secretName: mariadb-repl-conn-primary
+    secretTemplate:
+      key: dsn
+
+  secondaryService:
+    type: LoadBalancer
+    metadata:
+      annotations:
+        metallb.universe.tf/loadBalancerIPs: {{ .Values.metallb.secondary_ip | default "" | quote }}
+  secondaryConnection:
+    secretName: mariadb-repl-conn-secondary
+    secretTemplate:
+      key: dsn
+
+  affinity:
+    antiAffinityEnabled: true
+
+  tolerations:
+    - key: "k8s.mariadb.com/ha"
+      operator: "Exists"
+      effect: "NoSchedule"
+
+  podDisruptionBudget:
+    maxUnavailable: 33%
+
+  updateStrategy:
+    type: ReplicasFirstPrimaryLast
+
+  myCnf: |
+    [mariadb]
+    bind-address=*
+    default_storage_engine=InnoDB
+    binlog_format=row
+    innodb_autoinc_lock_mode=2
+    innodb_buffer_pool_size=1024M
+    max_allowed_packet=256M
+
+  #timeZone: Europe/Prague
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      memory: 1Gi
+
+  livenessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 5
+    timeoutSeconds: 5
+
+  readinessProbe:
+    initialDelaySeconds: 20
+    periodSeconds: 5
+    timeoutSeconds: 5
+
+  metrics:
+    enabled: true
+
+  tls:
+    enabled: true
+    required: true
+
+  suspend: false

tofu/config/maxscale/charts/maxscale-helm/templates/grant.yaml

@@ -0,0 +1,18 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: grant
+spec:
+  mariaDbRef:
+    name: mariadb-repl
+    namespace: mariadb-operator
+    waitForIt: false
+  privileges:
+    - "ALL PRIVILEGES"
+  database: "*"
+  table: "*"
+  username: {{ .Values.user.name | default "user" }}
+  grantOption: true
+  host: {{ .Values.user.host | default "%" | quote }}
+  requeueInterval: 30s
+  retryInterval: 5s

tofu/config/maxscale/charts/maxscale-helm/templates/mariadb-service-0.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-repl-0
+  namespace: mariadb-operator
+spec:
+  selector:
+    app.kubernetes.io/instance: mariadb-repl
+    app.kubernetes.io/name: mariadb
+    statefulset.kubernetes.io/pod-name: mariadb-repl-0
+  ports:
+    - name: mariadb
+      port: 3306
+      targetPort: 3306
+      protocol: TCP
+  type: ClusterIP

tofu/config/maxscale/charts/maxscale-helm/templates/mariadb-service-1.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-repl-1
+  namespace: mariadb-operator
+spec:
+  selector:
+    app.kubernetes.io/instance: mariadb-repl
+    app.kubernetes.io/name: mariadb
+    statefulset.kubernetes.io/pod-name: mariadb-repl-1
+  ports:
+    - name: mariadb
+      port: 3306
+      targetPort: 3306
+      protocol: TCP
+  type: ClusterIP

tofu/config/maxscale/charts/maxscale-helm/templates/mariadb-service-2.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-repl-2
+  namespace: mariadb-operator
+spec:
+  selector:
+    app.kubernetes.io/instance: mariadb-repl
+    app.kubernetes.io/name: mariadb
+    statefulset.kubernetes.io/pod-name: mariadb-repl-2
+  ports:
+    - name: mariadb
+      port: 3306
+      targetPort: 3306
+      protocol: TCP
+  type: ClusterIP

tofu/config/maxscale/charts/maxscale-helm/templates/phpmyadmin-config-map.yaml

@@ -0,0 +1,32 @@
+{{- if (.Values.phpmyadmin.enabled | default true) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+   name: phpmyadmin-config
+   namespace: mariadb-operator
+data:
+  hosts-init-script.sh: |-
+    #!/bin/bash
+
+    echo "
+    /* Maximum number of databases displayed on one page */
+    $cfg['MaxDbList'] = 300;
+    $cfg['MaxNavigationItems'] = 300;
+    /* Additional servers */
+    $servers = [
+    {{- range $i, $e := until (int (3)) }}
+      'mariadb-repl-{{ $i }}',
+    {{- end }}
+    ];
+    foreach ($servers as $server) {
+        $i++;
+        /* Authentication type */
+        $cfg['Servers'][$i]['auth_type'] = 'cookie';
+        /* Server parameters */
+        $cfg['Servers'][$i]['host'] = $server;
+        $cfg['Servers'][$i]['port'] = '3306';
+        $cfg['Servers'][$i]['compress'] = false;
+        $cfg['Servers'][$i]['AllowNoPassword'] = false;
+    }
+    " >> /opt/bitnami/phpmyadmin/config.inc.php
+{{- end }}

tofu/config/maxscale/charts/maxscale-helm/templates/phpmyadmin-deployment.yaml

@@ -0,0 +1,76 @@
+{{- if (.Values.phpmyadmin.enabled | default true) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin
+  namespace: mariadb-operator
+  labels:
+    app: phpmyadmin
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: phpmyadmin
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: phpmyadmin
+    spec:
+      containers:
+      - env:
+        - name: DATABASE_ENABLE_SSL
+          value: "yes"
+        - name: DATABASE_HOST
+          value: "mariadb-repl"
+        - name: DATABASE_PORT_NUMBER
+          value: "3306"
+        - name: PHPMYADMIN_ALLOW_NO_PASSWORD
+          value: "false"
+        image: "docker.io/bitnami/phpmyadmin:5.2.2"
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /
+            port: http
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: phpmyadmin
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        - containerPort: 8443
+          name: https
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /
+            port: http
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /docker-entrypoint-init.d/hosts-init-script.sh
+          name: config
+          subPath: hosts-init-script.sh
+        ip: 127.0.0.1
+      restartPolicy: Always
+      volumes:
+      - configMap:
+          defaultMode: 511
+          name: phpmyadmin-config
+          optional: false
+        name: config
+{{- end }}

tofu/config/maxscale/charts/maxscale-helm/templates/phpmyadmin-service.yaml

@@ -0,0 +1,18 @@
+{{- if (.Values.phpmyadmin.enabled | default true) }}
+apiVersion: v1
+kind: Service
+metadata:
+   name: "phpmyadmin"
+   namespace: {{ .Values.namespace | default "mariadb-operator" | quote }}
+   labels:
+      app: "phpmyadmin"
+spec:
+   clusterIP: None
+   ports:
+      - name: http
+        port: {{ .Values.phpmyadmin.servicePort | default 8080 }}
+        protocol: TCP
+        targetPort: {{ .Values.phpmyadmin.servicePort | default 8080 }}
+   selector:
+      app: "phpmyadmin"
+{{- end }}

tofu/config/maxscale/charts/maxscale-helm/templates/user.yaml

@@ -0,0 +1,16 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: mariadb-user
+  namespace: mariadb-operator
+spec:
+  mariaDbRef:
+    name: mariadb-repl
+    namespace: mariadb-operator
+    waitForIt: false
+  host: {{ .Values.user.host | default "%" | quote }}
+  name: {{ .Values.user.name | default "user" }}
+  passwordPlugin: {}
+  passwordSecretKeyRef:
+    key: user-password
+    name: mariadb-secret

tofu/config/maxscale/charts/maxscale-helm/values.yaml

@@ -0,0 +1,15 @@
+# Default values for maxscale-helm.
+# This file can be used to override manifest parameters.
+
+user:
+  name: user
+  host: "%"
+
+metallb:
+  maxscale_ip: ""
+  service_ip: ""
+  primary_ip: ""
+  secondary_ip: ""
+
+phpmyadmin:
+  enabled: true