diff --git a/bootstrap/cell/main.tf b/bootstrap/cell/main.tf index a4197dd..d7003e5 100644 --- a/bootstrap/cell/main.tf +++ b/bootstrap/cell/main.tf @@ -34,11 +34,13 @@ locals { ] } module "dbsync_pvc" { - source = "../pvc" - namespace = var.namespace - volume_name = var.volume_name - storage_size = var.storage_size - name = local.db_volume_claim + source = "../pvc" + namespace = var.namespace + access_mode = var.access_mode + volume_name = var.volume_name + storage_class_name = var.storage_class_name + storage_size = var.storage_size + name = local.db_volume_claim } module "dbsync_postgres" { @@ -53,6 +55,7 @@ module "dbsync_postgres" { postgres_secret_name = var.postgres_secret_name postgres_resources = var.postgres_resources is_blockfrost_backend = var.is_blockfrost_backend + postgres_tolerations = var.postgres_tolerations } module "dbsync_pgbouncer" { @@ -67,6 +70,7 @@ module "dbsync_pgbouncer" { instance_name = "postgres-dbsync-v3-${var.salt}" postgres_instance_name = local.postgres_host pgbouncer_reloader_image_tag = var.pgbouncer_reloader_image_tag + pgbouncer_tolerations = var.pgbouncer_tolerations } module "dbsync_instances" { diff --git a/bootstrap/cell/variables.tf b/bootstrap/cell/variables.tf index d3df4c6..de24482 100644 --- a/bootstrap/cell/variables.tf +++ b/bootstrap/cell/variables.tf @@ -21,6 +21,14 @@ variable "storage_size" { type = string } +variable "storage_class_name" { + type = string +} + +variable "access_mode" { + type = string +} + variable "db_volume_claim" { type = string default = null @@ -66,6 +74,35 @@ variable "postgres_config_name" { default = null } +variable "postgres_tolerations" { + type = list(object({ + key = string + operator = string + value = string + effect = string + })) + default = [ + { + key = "demeter.run/compute-profile" + operator = "Equal" + value = "disk-intensive" + effect = "NoSchedule" + }, + { + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + effect = "NoSchedule" + }, + { + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + effect = "NoSchedule" + } + ] +} + // PGBouncer variable "pgbouncer_image_tag" { default = "1.21.0" @@ -83,6 +120,39 @@ variable "pgbouncer_reloader_image_tag" { type = string } +variable "pgbouncer_secret_name" { + type = string + default = "" +} + +variable "pgbouncer_tolerations" { + type = list(object({ + effect = string + key = string + operator = string + value = optional(string) + })) + default = [ + { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Exists" + }, + { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + }, + { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "best-effort" + } + ] +} + // Instance variable "instances" { type = map(object({ diff --git a/bootstrap/main.tf b/bootstrap/main.tf index 7aa7cb9..97b4370 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -39,9 +39,11 @@ module "dbsync_cells" { salt = each.key // PVC - volume_name = each.value.pvc.volume_name - storage_size = each.value.pvc.storage_size - db_volume_claim = each.value.pvc.name + access_mode = each.value.pvc.access_mode + db_volume_claim = each.value.pvc.name + storage_class_name = each.value.pvc.storage_class_name + storage_size = each.value.pvc.storage_size + volume_name = each.value.pvc.volume_name // PG topology_zone = each.value.postgres.topology_zone @@ -50,12 +52,15 @@ module "dbsync_cells" { postgres_secret_name = var.postgres_secret_name postgres_resources = each.value.postgres.resources postgres_config_name = each.value.postgres.config_name + postgres_tolerations = each.value.postgres.tolerations // PGBouncer pgbouncer_image_tag = var.pgbouncer_image_tag pgbouncer_replicas = each.value.pgbouncer.replicas pgbouncer_auth_user_password = var.pgbouncer_auth_user_password pgbouncer_reloader_image_tag = var.pgbouncer_reloader_image_tag + pgbouncer_secret_name = var.postgres_secret_name + pgbouncer_tolerations = each.value.pgbouncer.tolerations // Instances instances = each.value.instances diff --git a/bootstrap/pgbouncer/main.tf b/bootstrap/pgbouncer/main.tf index eb181c9..f896b27 100644 --- a/bootstrap/pgbouncer/main.tf +++ b/bootstrap/pgbouncer/main.tf @@ -6,6 +6,10 @@ variable "instance_name" { default = "dbsync-v3-pgbouncer" } +variable "cloud_provider" { + default = "gcp" +} + variable "service_name" { default = "dbsync-v3-pgbouncer" } @@ -55,8 +59,8 @@ variable "postgres_instance_name" { default = "postgres-dbsync-v3-ar9" } -resource "kubernetes_service_v1" "dbsync_pgbouncer_elb" { - count = var.load_balancer ? 1 : 0 +resource "kubernetes_service_v1" "dbsync_pgbouncer_elb_aws" { + for_each = var.load_balancer && var.cloud_provider == "aws" ? toset(["loadbalancer"]) : toset([]) metadata { namespace = var.namespace name = var.service_name @@ -82,3 +86,57 @@ resource "kubernetes_service_v1" "dbsync_pgbouncer_elb" { } } } + +resource "kubernetes_service_v1" "dbsync_pgbouncer_elb_gcp" { + for_each = var.load_balancer && var.cloud_provider == "gcp" ? toset(["loadbalancer"]) : toset([]) + metadata { + namespace = var.namespace + name = var.service_name + annotations = { + "cloud.google.com/l4-rbs" : "enabled" + } + } + + spec { + type = "LoadBalancer" + external_traffic_policy = "Local" + + port { + protocol = "TCP" + port = 5432 + target_port = 6432 + } + + selector = { + "role" = var.instance_role + } + } +} + +variable "pgbouncer_tolerations" { + type = list(object({ + effect = string + key = string + operator = string + value = optional(string) + })) + default = [ + { + effect = "NoSchedule" + key = "demeter.run/compute-profile" + operator = "Exists" + }, + { + effect = "NoSchedule" + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + }, + { + effect = "NoSchedule" + key = "demeter.run/availability-sla" + operator = "Equal" + value = "best-effort" + } + ] +} diff --git a/bootstrap/pgbouncer/pg-bouncer.tf b/bootstrap/pgbouncer/pg-bouncer.tf index a5c26df..89ed5f7 100644 --- a/bootstrap/pgbouncer/pg-bouncer.tf +++ b/bootstrap/pgbouncer/pg-bouncer.tf @@ -74,7 +74,7 @@ resource "kubernetes_deployment_v1" "pgbouncer" { name = "POSTGRESQL_PASSWORD" value_from { secret_key_ref { - name = "postgres.postgres-dbsync-v3" + name = var.postgres_secret_name key = "password" } } @@ -281,24 +281,15 @@ resource "kubernetes_deployment_v1" "pgbouncer" { } } - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-profile" - operator = "Exists" - } + dynamic "toleration" { + for_each = var.pgbouncer_tolerations - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-arch" - operator = "Equal" - value = "x86" - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/availability-sla" - operator = "Equal" - value = "best-effort" + content { + effect = toleration.value.effect + key = toleration.value.key + operator = toleration.value.operator + value = toleration.value.value + } } } } diff --git a/bootstrap/pgbouncer/pgbouncer.ini.tftpl b/bootstrap/pgbouncer/pgbouncer.ini.tftpl index 3bf450d..1fa7de4 100644 --- a/bootstrap/pgbouncer/pgbouncer.ini.tftpl +++ b/bootstrap/pgbouncer/pgbouncer.ini.tftpl @@ -16,9 +16,9 @@ auth_query=SELECT usename, passwd FROM user_search($1) pidfile=/opt/bitnami/pgbouncer/tmp/pgbouncer.pid logfile=/opt/bitnami/pgbouncer/logs/pgbouncer.log admin_users=postgres -client_tls_sslmode=allow -client_tls_key_file=/certs/tls.key -client_tls_cert_file=/certs/tls.crt +client_tls_sslmode=disable +client_tls_key_file=/certs/server.key +client_tls_cert_file=/certs/server.crt server_tls_sslmode=disable ignore_startup_parameters=extra_float_digits,statement_timeout stats_period=60 diff --git a/bootstrap/postgres/main.tf b/bootstrap/postgres/main.tf index 1d3f6fc..bada5d2 100644 --- a/bootstrap/postgres/main.tf +++ b/bootstrap/postgres/main.tf @@ -74,3 +74,32 @@ variable "postgres_settings" { } } +variable "postgres_tolerations" { + type = list(object({ + key = string + operator = string + value = string + effect = string + })) + default = [ + { + key = "demeter.run/compute-profile" + operator = "Equal" + value = "disk-intensive" + effect = "NoSchedule" + }, + { + key = "demeter.run/compute-arch" + operator = "Equal" + value = "x86" + effect = "NoSchedule" + }, + { + key = "demeter.run/availability-sla" + operator = "Equal" + value = "consistent" + effect = "NoSchedule" + } + ] +} + diff --git a/bootstrap/postgres/postgres.tf b/bootstrap/postgres/postgres.tf index 1649a53..14ce3c3 100644 --- a/bootstrap/postgres/postgres.tf +++ b/bootstrap/postgres/postgres.tf @@ -149,25 +149,14 @@ resource "kubernetes_stateful_set_v1" "postgres" { } } - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-profile" - operator = "Equal" - value = "disk-intensive" - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/compute-arch" - operator = "Equal" - value = "x86" - } - - toleration { - effect = "NoSchedule" - key = "demeter.run/availability-sla" - operator = "Equal" - value = "consistent" + dynamic "toleration" { + for_each = var.postgres_tolerations + content { + effect = toleration.value.effect + key = toleration.value.key + operator = toleration.value.operator + value = toleration.value.value + } } } } diff --git a/bootstrap/pvc/main.tf b/bootstrap/pvc/main.tf index 008949a..d0cac39 100644 --- a/bootstrap/pvc/main.tf +++ b/bootstrap/pvc/main.tf @@ -1,17 +1,30 @@ variable "namespace" { - description = "the namespace where the resources will be created" + description = "The namespace where the resources will be created." } variable "volume_name" { - description = "the name of the volume" + description = "The name of the volume. If not specified, the volume will be dynamically provisioned." + type = string + default = null } variable "name" { - description = "the name of the pvc" + description = "The name of the PersistentVolumeClaim (PVC)." } variable "storage_size" { - description = "the size of the volume" + description = "The size of the volume." +} + +variable "storage_class_name" { + description = "The name of the storage class to use." + default = "nvme" +} + +variable "access_mode" { + description = "The access mode for the volume." + type = string + default = "ReadWriteMany" } resource "kubernetes_persistent_volume_claim" "shared_disk" { @@ -23,13 +36,15 @@ resource "kubernetes_persistent_volume_claim" "shared_disk" { } spec { - access_modes = ["ReadWriteMany"] + access_modes = [var.access_mode] + resources { requests = { storage = var.storage_size } } - storage_class_name = "nvme" - volume_name = var.volume_name + + storage_class_name = var.storage_class_name + volume_name = var.volume_name != null ? var.volume_name : null } } diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf index 12dec02..063dca2 100644 --- a/bootstrap/variables.tf +++ b/bootstrap/variables.tf @@ -84,9 +84,11 @@ variable "pgbouncer_auth_user_password" { variable "cells" { type = map(object({ pvc = object({ - volume_name = string - storage_size = string - name = optional(string) + volume_name = optional(string) + storage_size = string + storage_class_name = string + access_mode = string + name = optional(string) }) postgres = object({ image_tag = string @@ -103,9 +105,24 @@ variable "cells" { memory = string }) }) + tolerations = optional(list(object({ + key = string + operator = string + value = string + effect = string + }))) }) pgbouncer = object({ - replicas = number + replicas = number + reloader_image_tag = optional(string) + auth_user_password = optional(string) + certs_configmap_name = optional(string) + tolerations = optional(list(object({ + key = string + operator = string + value = string + effect = string + }))) }) instances = map(object({ salt = optional(string)