diff --git a/infrastructure/base/main.tf b/infrastructure/base/main.tf index acb8c23daa..b6731b2ef8 100644 --- a/infrastructure/base/main.tf +++ b/infrastructure/base/main.tf @@ -246,6 +246,20 @@ module "sql_server_production_14" { postgresql_version = "14" } +module "sql_server_production_tulip" { + count = var.deploy_production ? 1 : 0 + + source = "./modules/database" + resource_group = data.azurerm_resource_group.resource_group + project_name = "${var.project_name}-production-tulip" + subnet_id = module.network.sql_subnet_id + private_dns_zone_id = module.sql_server_private_dns_zone.dns_zone_id + key_vault_id = module.sql_server_key_vault.key_vault_id + instance_size = var.production_db_instance_size + storage_size = var.production_db_storage_size + postgresql_version = "14" +} + module "sql_server_staging" { source = "./modules/database" resource_group = data.azurerm_resource_group.resource_group diff --git a/infrastructure/base/outputs.tf b/infrastructure/base/outputs.tf index 571f3a8185..6df944899f 100644 --- a/infrastructure/base/outputs.tf +++ b/infrastructure/base/outputs.tf @@ -97,6 +97,24 @@ output "sql_server_production_14_password" { sensitive = true } +output "sql_server_production_tulip_name" { + value = length(module.sql_server_production_tulip) > 0 ? module.sql_server_production_tulip[0].sql_server_name : null +} + +output "sql_server_production_tulip_hostname" { + value = length(module.sql_server_production_tulip) > 0 ? module.sql_server_production_tulip[0].sql_server_url : null +} + +output "sql_server_production_tulip_username" { + value = length(module.sql_server_production_tulip) > 0 ? module.sql_server_production_tulip[0].sql_server_username : null + sensitive = true +} + +output "sql_server_production_tulip_password" { + value = length(module.sql_server_production_tulip) > 0 ? module.sql_server_production_tulip[0].sql_server_password : null + sensitive = true +} + output "sql_server_staging_name" { value = module.sql_server_staging.sql_server_name } diff --git a/infrastructure/kubernetes/main.tf b/infrastructure/kubernetes/main.tf index 3b9764759c..fd5747b671 100644 --- a/infrastructure/kubernetes/main.tf +++ b/infrastructure/kubernetes/main.tf @@ -142,6 +142,36 @@ module "k8s_geoprocessing_database_production_14" { } } +module "k8s_api_database_production_tulip" { + count = var.deploy_production ? 1 : 0 + + source = "./modules/database" + resource_group = data.azurerm_resource_group.resource_group + project_name = var.project_name + namespace = "production" + name = "api" + sql_server_name = data.terraform_remote_state.core.outputs.sql_server_production_tulip_name + + providers = { + postgresql = postgres.db_tunnel_production_tulip + } +} + +module "k8s_geoprocessing_database_production_tulip" { + count = var.deploy_production ? 1 : 0 + + source = "./modules/database" + resource_group = data.azurerm_resource_group.resource_group + project_name = var.project_name + namespace = "production" + name = "geoprocessing" + sql_server_name = data.terraform_remote_state.core.outputs.sql_server_production_tulip_name + + providers = { + postgresql = postgres.db_tunnel_production_tulip + } +} + module "storage_pvc_production" { count = var.deploy_production ? 1 : 0 @@ -216,36 +246,72 @@ module "webshot_production" { deployment_name = "webshot" } -module "production_secrets" { +module "production_cloud_secrets" { count = var.deploy_production ? 1 : 0 - source = "./modules/secrets" - project_name = var.project_name - namespace = "production" - name = "api" - key_vault_id = length(module.key_vault_production) > 0 ? module.key_vault_production[0].key_vault_id : null - redis_host = data.terraform_remote_state.core.outputs.redis_hostname - redis_password = data.terraform_remote_state.core.outputs.redis_password - redis_port = data.terraform_remote_state.core.outputs.redis_port - sparkpost_api_key = var.sparkpost_api_key - api_url = "api.${var.domain}" - postgres_api_database = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_database : null - postgres_api_username = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_username : null - postgres_api_password = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_password : null - postgres_api_hostname = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_hostname : null - postgres_geoprocessing_database = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_database : null - postgres_geoprocessing_username = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_username : null - postgres_geoprocessing_password = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_password : null - postgres_geoprocessing_hostname = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_hostname : null - postgres_14_api_database = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_database : null - postgres_14_api_username = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_username : null - postgres_14_api_password = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_password : null - postgres_14_api_hostname = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_hostname : null - postgres_14_geoprocessing_database = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_database : null - postgres_14_geoprocessing_username = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_username : null - postgres_14_geoprocessing_password = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_password : null - postgres_14_geoprocessing_hostname = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_hostname : null - azure_storage_account_key = data.azurerm_storage_account.storage_account.primary_access_key + source = "./modules/cloud_secrets" + project_name = var.project_name + namespace = "production" + name = "api" + key_vault_id = length(module.key_vault_production) > 0 ? module.key_vault_production[0].key_vault_id : null + redis_host = data.terraform_remote_state.core.outputs.redis_hostname + redis_password = data.terraform_remote_state.core.outputs.redis_password + redis_port = data.terraform_remote_state.core.outputs.redis_port + sparkpost_api_key = var.sparkpost_api_key + api_url = "api.${var.domain}" + postgres_api_database = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_database : null + postgres_api_username = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_username : null + postgres_api_password = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_password : null + postgres_api_hostname = length(module.k8s_api_database_production) > 0 ? module.k8s_api_database_production[0].postgresql_hostname : null + postgres_geoprocessing_database = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_database : null + postgres_geoprocessing_username = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_username : null + postgres_geoprocessing_password = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_password : null + postgres_geoprocessing_hostname = length(module.k8s_geoprocessing_database_production) > 0 ? module.k8s_geoprocessing_database_production[0].postgresql_hostname : null + postgres_14_api_database = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_database : null + postgres_14_api_username = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_username : null + postgres_14_api_password = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_password : null + postgres_14_api_hostname = length(module.k8s_api_database_production_14) > 0 ? module.k8s_api_database_production_14[0].postgresql_hostname : null + postgres_14_geoprocessing_database = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_database : null + postgres_14_geoprocessing_username = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_username : null + postgres_14_geoprocessing_password = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_password : null + postgres_14_geoprocessing_hostname = length(module.k8s_geoprocessing_database_production_14) > 0 ? module.k8s_geoprocessing_database_production_14[0].postgresql_hostname : null + postgres_tulip_api_database = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_database : null + postgres_tulip_api_username = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_username : null + postgres_tulip_api_password = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_password : null + postgres_tulip_api_hostname = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_hostname : null + postgres_tulip_geoprocessing_database = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_database : null + postgres_tulip_geoprocessing_username = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_username : null + postgres_tulip_geoprocessing_password = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_password : null + postgres_tulip_geoprocessing_hostname = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_hostname : null + azure_storage_account_key = data.azurerm_storage_account.storage_account.primary_access_key +} + +module "production_kubernetes_secrets" { + count = var.deploy_production ? 1 : 0 + + source = "./modules/kubernetes_secrets" + project_name = var.project_name + namespace = "production" + name = "api" + key_vault_id = length(module.key_vault_production) > 0 ? module.key_vault_production[0].key_vault_id : null + redis_host = data.terraform_remote_state.core.outputs.redis_hostname + redis_password = data.terraform_remote_state.core.outputs.redis_password + redis_port = data.terraform_remote_state.core.outputs.redis_port + sparkpost_api_key = var.sparkpost_api_key + api_url = "api.${var.domain}" + postgres_api_database = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_database : null + postgres_api_username = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_username : null + postgres_api_password = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_password : null + postgres_api_hostname = length(module.k8s_api_database_production_tulip) > 0 ? module.k8s_api_database_production_tulip[0].postgresql_hostname : null + postgres_geoprocessing_database = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_database : null + postgres_geoprocessing_username = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_username : null + postgres_geoprocessing_password = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_password : null + postgres_geoprocessing_hostname = length(module.k8s_geoprocessing_database_production_tulip) > 0 ? module.k8s_geoprocessing_database_production_tulip[0].postgresql_hostname : null + azure_storage_account_key = data.azurerm_storage_account.storage_account.primary_access_key + api_auth_jwt_secret = length(module.production_cloud_secrets) > 0 ? module.production_cloud_secrets[0].api_auth_jwt_secret : null + x_auth_api_key = length(module.production_cloud_secrets) > 0 ? module.production_cloud_secrets[0].x_auth_api_key : null + cloning_signing_secret = length(module.production_cloud_secrets) > 0 ? module.production_cloud_secrets[0].cloning_signing_secret : null + cloning_storage_backup_restic_password = length(module.production_cloud_secrets) > 0 ? module.production_cloud_secrets[0].cloning_storage_backup_restic_password : null } module "ingress_production" { @@ -272,6 +338,12 @@ data "azurerm_postgresql_flexible_server" "marxan_production_14" { resource_group_name = data.azurerm_resource_group.resource_group.name } +data "azurerm_postgresql_flexible_server" "marxan_production_tulip" { + count = var.deploy_production ? 1 : 0 + name = lookup(data.terraform_remote_state.core.outputs, "sql_server_production_tulip_name", null) + resource_group_name = data.azurerm_resource_group.resource_group.name +} + module "db_tunnel_production" { count = var.deploy_production ? 1 : 0 @@ -296,6 +368,18 @@ module "db_tunnel_production_14" { gateway_user = "ubuntu" } +module "db_tunnel_production_tulip" { + count = var.deploy_production ? 1 : 0 + + source = "git::https://github.com/tiagojsag/terraform-ssh-tunnel.git?ref=feature/disable-strict-host-key-checking" + + target_host = lookup(data.azurerm_postgresql_flexible_server.marxan_production_tulip[0], "fqdn", null) + target_port = 5432 + + gateway_host = data.terraform_remote_state.core.outputs.bastion_hostname + gateway_user = "ubuntu" +} + module "cloning_storage_backup_cronjob_production" { count = var.deploy_production ? 1 : 0 @@ -438,34 +522,68 @@ module "webshot_staging" { deployment_name = "webshot" } -module "staging_secrets" { - source = "./modules/secrets" - project_name = var.project_name - namespace = "staging" - name = "api" - key_vault_id = module.key_vault_staging.key_vault_id - redis_host = data.terraform_remote_state.core.outputs.redis_hostname - redis_password = data.terraform_remote_state.core.outputs.redis_password - redis_port = data.terraform_remote_state.core.outputs.redis_port - sparkpost_api_key = var.sparkpost_api_key - api_url = "api.staging.${var.domain}" - postgres_api_database = module.k8s_api_database_staging.postgresql_database - postgres_api_username = module.k8s_api_database_staging.postgresql_username - postgres_api_password = module.k8s_api_database_staging.postgresql_password - postgres_api_hostname = module.k8s_api_database_staging.postgresql_hostname - postgres_geoprocessing_database = module.k8s_geoprocessing_database_staging.postgresql_database - postgres_geoprocessing_username = module.k8s_geoprocessing_database_staging.postgresql_username - postgres_geoprocessing_password = module.k8s_geoprocessing_database_staging.postgresql_password - postgres_geoprocessing_hostname = module.k8s_geoprocessing_database_staging.postgresql_hostname - postgres_14_api_database = module.k8s_api_database_staging_14.postgresql_database - postgres_14_api_username = module.k8s_api_database_staging_14.postgresql_username - postgres_14_api_password = module.k8s_api_database_staging_14.postgresql_password - postgres_14_api_hostname = module.k8s_api_database_staging_14.postgresql_hostname - postgres_14_geoprocessing_database = module.k8s_geoprocessing_database_staging_14.postgresql_database - postgres_14_geoprocessing_username = module.k8s_geoprocessing_database_staging_14.postgresql_username - postgres_14_geoprocessing_password = module.k8s_geoprocessing_database_staging_14.postgresql_password - postgres_14_geoprocessing_hostname = module.k8s_geoprocessing_database_staging_14.postgresql_hostname - azure_storage_account_key = data.azurerm_storage_account.storage_account.primary_access_key +module "staging_cloud_secrets" { + source = "./modules/cloud_secrets" + project_name = var.project_name + namespace = "staging" + name = "api" + key_vault_id = module.key_vault_staging.key_vault_id + redis_host = data.terraform_remote_state.core.outputs.redis_hostname + redis_password = data.terraform_remote_state.core.outputs.redis_password + redis_port = data.terraform_remote_state.core.outputs.redis_port + sparkpost_api_key = var.sparkpost_api_key + api_url = "api.staging.${var.domain}" + postgres_api_database = module.k8s_api_database_staging.postgresql_database + postgres_api_username = module.k8s_api_database_staging.postgresql_username + postgres_api_password = module.k8s_api_database_staging.postgresql_password + postgres_api_hostname = module.k8s_api_database_staging.postgresql_hostname + postgres_geoprocessing_database = module.k8s_geoprocessing_database_staging.postgresql_database + postgres_geoprocessing_username = module.k8s_geoprocessing_database_staging.postgresql_username + postgres_geoprocessing_password = module.k8s_geoprocessing_database_staging.postgresql_password + postgres_geoprocessing_hostname = module.k8s_geoprocessing_database_staging.postgresql_hostname + postgres_14_api_database = module.k8s_api_database_staging_14.postgresql_database + postgres_14_api_username = module.k8s_api_database_staging_14.postgresql_username + postgres_14_api_password = module.k8s_api_database_staging_14.postgresql_password + postgres_14_api_hostname = module.k8s_api_database_staging_14.postgresql_hostname + postgres_14_geoprocessing_database = module.k8s_geoprocessing_database_staging_14.postgresql_database + postgres_14_geoprocessing_username = module.k8s_geoprocessing_database_staging_14.postgresql_username + postgres_14_geoprocessing_password = module.k8s_geoprocessing_database_staging_14.postgresql_password + postgres_14_geoprocessing_hostname = module.k8s_geoprocessing_database_staging_14.postgresql_hostname + postgres_tulip_api_database = module.k8s_api_database_staging_14.postgresql_database + postgres_tulip_api_username = module.k8s_api_database_staging_14.postgresql_username + postgres_tulip_api_password = module.k8s_api_database_staging_14.postgresql_password + postgres_tulip_api_hostname = module.k8s_api_database_staging_14.postgresql_hostname + postgres_tulip_geoprocessing_database = module.k8s_geoprocessing_database_staging_14.postgresql_database + postgres_tulip_geoprocessing_username = module.k8s_geoprocessing_database_staging_14.postgresql_username + postgres_tulip_geoprocessing_password = module.k8s_geoprocessing_database_staging_14.postgresql_password + postgres_tulip_geoprocessing_hostname = module.k8s_geoprocessing_database_staging_14.postgresql_hostname + azure_storage_account_key = data.azurerm_storage_account.storage_account.primary_access_key +} + +module "staging_kubernetes_secrets" { + source = "./modules/kubernetes_secrets" + project_name = var.project_name + namespace = "staging" + name = "api" + key_vault_id = module.key_vault_staging.key_vault_id + redis_host = data.terraform_remote_state.core.outputs.redis_hostname + redis_password = data.terraform_remote_state.core.outputs.redis_password + redis_port = data.terraform_remote_state.core.outputs.redis_port + sparkpost_api_key = var.sparkpost_api_key + api_url = "api.staging.${var.domain}" + postgres_api_database = module.k8s_api_database_staging_14.postgresql_database + postgres_api_username = module.k8s_api_database_staging_14.postgresql_username + postgres_api_password = module.k8s_api_database_staging_14.postgresql_password + postgres_api_hostname = module.k8s_api_database_staging_14.postgresql_hostname + postgres_geoprocessing_database = module.k8s_geoprocessing_database_staging_14.postgresql_database + postgres_geoprocessing_username = module.k8s_geoprocessing_database_staging_14.postgresql_username + postgres_geoprocessing_password = module.k8s_geoprocessing_database_staging_14.postgresql_password + postgres_geoprocessing_hostname = module.k8s_geoprocessing_database_staging_14.postgresql_hostname + azure_storage_account_key = data.azurerm_storage_account.storage_account.primary_access_key + api_auth_jwt_secret = module.staging_cloud_secrets.api_auth_jwt_secret + x_auth_api_key = module.staging_cloud_secrets.x_auth_api_key + cloning_signing_secret = module.staging_cloud_secrets.cloning_signing_secret + cloning_storage_backup_restic_password = module.staging_cloud_secrets.cloning_storage_backup_restic_password } module "ingress_staging" { diff --git a/infrastructure/kubernetes/modules/secrets/main.tf b/infrastructure/kubernetes/modules/secrets/main.tf deleted file mode 100644 index c427f0c886..0000000000 --- a/infrastructure/kubernetes/modules/secrets/main.tf +++ /dev/null @@ -1,140 +0,0 @@ -locals { - api_postgres_secret_json = { - username = var.postgres_api_username - password = var.postgres_api_password - database = var.postgres_api_database - } - geoprocessing_postgres_secret_json = { - username = var.postgres_geoprocessing_username - password = var.postgres_geoprocessing_password - database = var.postgres_geoprocessing_database - } - api_postgres_14_secret_json = { - username = var.postgres_14_api_username - password = var.postgres_14_api_password - database = var.postgres_14_api_database - } - geoprocessing_postgres_14_secret_json = { - username = var.postgres_14_geoprocessing_username - password = var.postgres_14_geoprocessing_password - database = var.postgres_14_geoprocessing_database - } - - api_auth_jwt_secret = random_password.jwt_secret.result - x_auth_api_key = random_password.x_auth_api_key.result - cloning_signing_secret = tls_private_key.cloning_signing_secret.private_key_pem - cloning_storage_backup_restic_password = random_password.cloning_storage_backup_restic_password.result -} - -resource "random_password" "jwt_secret" { - length = 24 - special = true -} - -resource "random_password" "x_auth_api_key" { - length = 24 - special = true -} - -resource "azurerm_key_vault_secret" "api_user_postgresql" { - name = "PostgresApiUserPassword" - value = jsonencode(local.api_postgres_secret_json) - key_vault_id = var.key_vault_id -} - -resource "azurerm_key_vault_secret" "geoprocessing_user_postgresql" { - name = "PostgresGeoprocessingUserPassword" - value = jsonencode(local.geoprocessing_postgres_secret_json) - key_vault_id = var.key_vault_id -} - -resource "azurerm_key_vault_secret" "api_user_postgresql_14" { - name = "Postgres14ApiUserPassword" - value = jsonencode(local.api_postgres_14_secret_json) - key_vault_id = var.key_vault_id -} - -resource "azurerm_key_vault_secret" "geoprocessing_user_postgresql_14" { - name = "Postgres14GeoprocessingUserPassword" - value = jsonencode(local.geoprocessing_postgres_14_secret_json) - key_vault_id = var.key_vault_id -} - -resource "tls_private_key" "cloning_signing_secret" { - algorithm = "RSA" - rsa_bits = 4096 -} - -resource "random_password" "cloning_storage_backup_restic_password" { - length = 16 - special = true -} - -resource "kubernetes_secret" "api_secret" { - metadata { - name = "api" - namespace = var.namespace - } - - data = { - API_AUTH_JWT_SECRET = sensitive(local.api_auth_jwt_secret) - API_AUTH_X_API_KEY = sensitive(local.x_auth_api_key) - CLONING_SIGNING_SECRET = sensitive(base64encode(local.cloning_signing_secret)) - - API_POSTGRES_HOST = var.postgres_api_hostname - API_POSTGRES_USER = sensitive(local.api_postgres_secret_json.username) - API_POSTGRES_PASSWORD = sensitive(local.api_postgres_secret_json.password) - API_POSTGRES_DB = sensitive(local.api_postgres_secret_json.database) - - GEO_POSTGRES_HOST = var.postgres_geoprocessing_hostname - GEO_POSTGRES_USER = sensitive(local.geoprocessing_postgres_secret_json.username) - GEO_POSTGRES_PASSWORD = sensitive(local.geoprocessing_postgres_secret_json.password) - GEO_POSTGRES_DB = sensitive(local.geoprocessing_postgres_secret_json.database) - - API_POSTGRES_14_HOST = var.postgres_14_api_hostname - API_POSTGRES_14_USER = sensitive(local.api_postgres_14_secret_json.username) - API_POSTGRES_14_PASSWORD = sensitive(local.api_postgres_14_secret_json.password) - API_POSTGRES_14_DB = sensitive(local.api_postgres_14_secret_json.database) - - GEO_POSTGRES_14_HOST = var.postgres_14_geoprocessing_hostname - GEO_POSTGRES_14_USER = sensitive(local.geoprocessing_postgres_14_secret_json.username) - GEO_POSTGRES_14_PASSWORD = sensitive(local.geoprocessing_postgres_14_secret_json.password) - GEO_POSTGRES_14_DB = sensitive(local.geoprocessing_postgres_14_secret_json.database) - - REDIS_HOST = var.redis_host - REDIS_PASSWORD = var.redis_password - REDIS_PORT = var.redis_port - - SPARKPOST_APIKEY = var.sparkpost_api_key - API_SERVICE_URL = var.api_url - - AZURE_STORAGE_ACCOUNT_KEY = sensitive(var.azure_storage_account_key) - CLONING_STORAGE_BACKUP_RESTIC_PASSWORD = sensitive(local.cloning_storage_backup_restic_password) - } -} - -resource "kubernetes_secret" "geoprocessing_secret" { - metadata { - name = "geoprocessing" - namespace = var.namespace - } - - data = { - API_AUTH_JWT_SECRET = sensitive(local.api_auth_jwt_secret) - API_AUTH_X_API_KEY = sensitive(local.x_auth_api_key) - - API_POSTGRES_HOST = var.postgres_api_hostname - API_POSTGRES_USER = sensitive(local.api_postgres_secret_json.username) - API_POSTGRES_PASSWORD = sensitive(local.api_postgres_secret_json.password) - API_POSTGRES_DB = sensitive(local.api_postgres_secret_json.database) - - GEO_POSTGRES_HOST = var.postgres_geoprocessing_hostname - GEO_POSTGRES_USER = sensitive(local.geoprocessing_postgres_secret_json.username) - GEO_POSTGRES_PASSWORD = sensitive(local.geoprocessing_postgres_secret_json.password) - GEO_POSTGRES_DB = sensitive(local.geoprocessing_postgres_secret_json.database) - - REDIS_HOST = var.redis_host - REDIS_PASSWORD = var.redis_password - REDIS_PORT = var.redis_port - } -} diff --git a/infrastructure/kubernetes/modules/secrets/variable.tf b/infrastructure/kubernetes/modules/secrets/variable.tf deleted file mode 100644 index 8fea632317..0000000000 --- a/infrastructure/kubernetes/modules/secrets/variable.tf +++ /dev/null @@ -1,106 +0,0 @@ -variable "name" { - description = "The name of the secret" -} - -variable "namespace" { - description = "The k8s namespace in which to deploy resources" -} - -variable "key_vault_id" { - description = "Azure key vault id" -} - -variable "project_name" { - type = string - description = "A project name to use when naming resources." -} - -variable "redis_host" { - description = "The redis server hostname" -} - -variable "redis_password" { - description = "The redis server password" -} - -variable "redis_port" { - description = "The redis server port" -} - -variable "sparkpost_api_key" { - type = string - description = "The API key for Sparkpost" -} - -variable "api_url" { - type = string - description = "The URL for the Marxan API server" -} - -variable "postgres_geoprocessing_hostname" { - description = "The postgres geoprocessing database hostname" -} - -variable "postgres_geoprocessing_username" { - description = "The postgres geoprocessing database username" -} - -variable "postgres_geoprocessing_password" { - description = "The postgres geoprocessing database password" -} - -variable "postgres_geoprocessing_database" { - description = "The postgres geoprocessing database name" -} - -variable "postgres_api_hostname" { - description = "The postgres api database hostname" -} - -variable "postgres_api_username" { - description = "The postgres api database username" -} - -variable "postgres_api_password" { - description = "The postgres api database password" -} - -variable "postgres_api_database" { - description = "The postgres api database name" -} - -variable "postgres_14_geoprocessing_hostname" { - description = "The postgres geoprocessing database hostname" -} - -variable "postgres_14_geoprocessing_username" { - description = "The postgres geoprocessing database username" -} - -variable "postgres_14_geoprocessing_password" { - description = "The postgres geoprocessing database password" -} - -variable "postgres_14_geoprocessing_database" { - description = "The postgres geoprocessing database name" -} - -variable "postgres_14_api_hostname" { - description = "The postgres api database hostname" -} - -variable "postgres_14_api_username" { - description = "The postgres api database username" -} - -variable "postgres_14_api_password" { - description = "The postgres api database password" -} - -variable "postgres_14_api_database" { - description = "The postgres api database name" -} - -variable "azure_storage_account_key" { - description = "A key for the Azure storage account used for backups" -} diff --git a/infrastructure/kubernetes/modules/secrets/versions.tf b/infrastructure/kubernetes/modules/secrets/versions.tf deleted file mode 100644 index e6bc9105c5..0000000000 --- a/infrastructure/kubernetes/modules/secrets/versions.tf +++ /dev/null @@ -1,19 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "3.32.0" - } - - kubernetes = { - source = "hashicorp/kubernetes" - version = "2.16.0" - } - - random = { - source = "hashicorp/random" - version = "3.3.2" - } - } - required_version = "1.3.5" -} diff --git a/infrastructure/kubernetes/versions.tf b/infrastructure/kubernetes/versions.tf index bf4622cfd8..0ad03b2589 100644 --- a/infrastructure/kubernetes/versions.tf +++ b/infrastructure/kubernetes/versions.tf @@ -101,6 +101,17 @@ provider "postgresql" { superuser = false } +provider "postgresql" { + alias = "db_tunnel_production_tulip" + + host = length(module.db_tunnel_production_tulip) > 0 ? module.db_tunnel_production_tulip[0].host : null + port = length(module.db_tunnel_production_tulip) > 0 ? module.db_tunnel_production_tulip[0].port : null + username =lookup(data.terraform_remote_state.core.outputs, "sql_server_production_tulip_username", null) + password =lookup(data.terraform_remote_state.core.outputs, "sql_server_production_tulip_password", null) + sslmode = "require" + superuser = false +} + provider "postgresql" { alias = "db_tunnel_staging"