chore: Certs as secret

gonzalezzfelipe · gonzalezzfelipe · commit 60faf87dd20b · 2025-02-05T16:14:52.000-03:00
diff --git a/bootstrap/cell/main.tf b/bootstrap/cell/main.tf
@@ -60,7 +60,7 @@ module "dbsync_pgbouncer" {
 
   namespace                     = var.namespace
   pg_bouncer_replicas           = var.pgbouncer_replicas
-  certs_configmap_name          = var.certs_configmap_name
+  certs_secret_name             = var.certs_secret_name
   pg_bouncer_auth_user_password = var.pgbouncer_auth_user_password
   instance_role                 = "pgbouncer"
   postgres_secret_name          = var.postgres_secret_name
diff --git a/bootstrap/cell/variables.tf b/bootstrap/cell/variables.tf
@@ -7,7 +7,7 @@ variable "salt" {
   description = "Salt used to identify all components as part of the cell. Should be unique between cells."
 }
 
-variable "certs_configmap_name" {
+variable "certs_secret_name" {
   type    = string
   default = "pgbouncer-certs"
 }
diff --git a/bootstrap/feature/configs.tf b/bootstrap/feature/configs.tf
diff --git a/bootstrap/feature/secret.tf b/bootstrap/feature/secret.tf
@@ -8,3 +8,15 @@ resource "kubernetes_secret" "postgres" {
   }
   type = "Opaque"
 }
+
+resource "kubernetes_secret" "pgbouncer_certs" {
+  metadata {
+    namespace = var.namespace
+    name      = "pgbouncer-certs"
+  }
+
+  data = {
+    "tls.crt" = var.pgbouncer_server_crt
+    "tls.key" = var.pgbouncer_server_key
+  }
+}
diff --git a/bootstrap/pgbouncer/main.tf b/bootstrap/pgbouncer/main.tf
@@ -26,7 +26,7 @@ variable "load_balancer" {
   default = false
 }
 
-variable "certs_configmap_name" {
+variable "certs_secret_name" {
   type    = string
   default = "pgbouncer-certs"
 }
diff --git a/bootstrap/pgbouncer/pg-bouncer.tf b/bootstrap/pgbouncer/pg-bouncer.tf
@@ -269,8 +269,8 @@ resource "kubernetes_deployment_v1" "pgbouncer" {
 
         volume {
           name = "pgbouncer-certs"
-          config_map {
-            name = var.certs_configmap_name
+          secret {
+            secret_name = var.certs_secret_name
           }
         }
 
diff --git a/bootstrap/pgbouncer/pgbouncer.ini.tftpl b/bootstrap/pgbouncer/pgbouncer.ini.tftpl
@@ -17,8 +17,8 @@ pidfile=/opt/bitnami/pgbouncer/tmp/pgbouncer.pid
 logfile=/opt/bitnami/pgbouncer/logs/pgbouncer.log
 admin_users=postgres
 client_tls_sslmode=allow
-client_tls_key_file=/certs/server.key
-client_tls_cert_file=/certs/server.crt
+client_tls_key_file=/certs/tls.key
+client_tls_cert_file=/certs/tls.crt
 server_tls_sslmode=disable
 ignore_startup_parameters=extra_float_digits,statement_timeout
 stats_period=60

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ variable "salt" {`
`7`	`7`	`description = "Salt used to identify all components as part of the cell. Should be unique between cells."`
`8`	`8`	`}`
`9`	`9`
`10`		`-variable "certs_configmap_name" {`
	`10`	`+variable "certs_secret_name" {`
`11`	`11`	`type = string`
`12`	`12`	`default = "pgbouncer-certs"`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ variable "load_balancer" {`
`26`	`26`	`default = false`
`27`	`27`	`}`
`28`	`28`
`29`		`-variable "certs_configmap_name" {`
	`29`	`+variable "certs_secret_name" {`
`30`	`30`	`type = string`
`31`	`31`	`default = "pgbouncer-certs"`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -269,8 +269,8 @@ resource "kubernetes_deployment_v1" "pgbouncer" {`
`269`	`269`
`270`	`270`	`volume {`
`271`	`271`	`name = "pgbouncer-certs"`
`272`		`- config_map {`
`273`		`- name = var.certs_configmap_name`
	`272`	`+ secret {`
	`273`	`+ secret_name = var.certs_secret_name`
`274`	`274`	`}`
`275`	`275`	`}`
`276`	`276`