various minimal changes and improvements

AncientPatata · AncientPatata · commit 892f41a19a09 · 2026-02-22T17:38:09.000+01:00
diff --git a/storage/onpremise/mongodb-percona/locals.tf b/storage/onpremise/mongodb-percona/locals.tf
@@ -3,9 +3,11 @@ locals {
   #   <cluster-release-name>-psmdb-db-rs0   (for replica set, no sharding)
   #   <cluster-release-name>-psmdb-db-mongos (mongos, sharded)
   #   <cluster-release-name>-psmdb-db-cfg0  (for config server, sharded)
-  cluster_release_name = "${var.name}-db-ps"
-  secrets_name         = "${local.cluster_release_name}-secrets"
-  ssl_secret_name      = "${local.cluster_release_name}-ssl"
+  cluster_release_name     = "${var.name}-db-ps"
+  
+  secrets_name             = "${local.cluster_release_name}-secrets"
+  ssl_secret_name          = "${local.cluster_release_name}-ssl"
+  ssl_internal_secret_name = "${local.cluster_release_name}-ssl-internal"
 
   mongodb_dns = var.sharding != null && var.sharding.enabled ? (
     "${local.cluster_release_name}-mongos.${var.namespace}.svc.cluster.local"
@@ -16,4 +18,36 @@ locals {
   mongodb_port              = 27017
   mongodb_connection_params = var.sharding != null && var.sharding.enabled ? "" : "?replicaSet=rs0"
   mongodb_url               = "mongodb://${local.mongodb_dns}:${local.mongodb_port}/${var.cluster.database_name}?authSource=admin"
+
+  shards_volume_spec = var.persistence != null ? {
+    persistentVolumeClaim = {
+      storageClassName = try(
+        coalesce(var.persistence.shards.storage_class_name),
+        length(kubernetes_storage_class.shards) > 0 ? kubernetes_storage_class.shards[0].metadata[0].name : null,
+        null
+      )
+      resources = {
+        requests = {
+          storage = var.persistence.shards.storage_size
+        }
+      }
+    }
+  } : {
+    emptyDir = {}
+  }
+
+  configsvr_volume_spec = var.persistence != null ? {
+    persistentVolumeClaim = {
+      storageClassName = try(
+        coalesce(var.persistence.configsvr.storage_class_name),
+        length(kubernetes_storage_class.configsvr) > 0 ? kubernetes_storage_class.configsvr[0].metadata[0].name : null,
+        null
+      )
+      resources = {
+        requests = { storage = var.persistence.configsvr.storage_size }
+      }
+    }
+  } : {
+    emptyDir = {}
+  }
 }
diff --git a/storage/onpremise/mongodb-percona/main.tf b/storage/onpremise/mongodb-percona/main.tf
@@ -9,6 +9,7 @@ resource "helm_release" "operator" {
 
   values = [
     yamlencode({
+      annotations = var.operator.annotations
       nodeSelector = var.operator.node_selector
       tolerations = [
         for key, value in var.operator.node_selector : {
@@ -26,13 +27,13 @@ resource "kubectl_manifest" "cluster" {
   depends_on = [
     helm_release.operator,
   ]
-
   yaml_body = yamlencode({
     apiVersion = "psmdb.percona.com/v1"
     kind       = "PerconaServerMongoDB"
     metadata = {
       name      = local.cluster_release_name
       namespace = var.namespace
+      annotations = var.cluster.annotations
     }
     spec = {
       backup = {
@@ -46,9 +47,9 @@ resource "kubectl_manifest" "cluster" {
       }
 
       secrets = {
-        users = "${local.cluster_release_name}-secrets"
-        #   ssl         = "${local.cluster_release_name}-ssl"
-        #   sslInternal = "${local.cluster_release_name}-ssl-internal"
+        users       = local.secrets_name
+        ssl         = local.ssl_secret_name
+        sslInternal = local.ssl_internal_secret_name
       }
 
       tls = {
@@ -92,30 +93,14 @@ resource "kubectl_manifest" "cluster" {
 
           resources = var.resources.configsvr
 
-          volumeSpec = {
-            persistentVolumeClaim = {
-              storageClassName = try(
-                coalesce(var.persistence.configsvr.storage_class_name),
-                length(kubernetes_storage_class.configsvr) > 0 ? kubernetes_storage_class.configsvr[0].metadata[0].name : null,
-                null
-              )
-              resources = {
-                requests = { storage = var.persistence.configsvr.storage_size }
-              }
-            }
-          }
+          volumeSpec = local.configsvr_volume_spec
           } : {
-          size         = 0
+          size         = 2
           resources    = {}
           nodeSelector = {}
           tolerations  = []
           volumeSpec = {
-            persistentVolumeClaim = {
-              storageClassName = ""
-              resources = {
-                requests = { storage = "1Gi" }
-              }
-            }
+            emptyDir = {}
           }
         }
 
@@ -169,20 +154,7 @@ resource "kubectl_manifest" "cluster" {
 
           resources = var.resources.shards
 
-          volumeSpec = {
-            persistentVolumeClaim = {
-              storageClassName = try(
-                coalesce(var.persistence.shards.storage_class_name),
-                length(kubernetes_storage_class.shards) > 0 ? kubernetes_storage_class.shards[0].metadata[0].name : null,
-                null
-              )
-              resources = {
-                requests = {
-                  storage = var.persistence.shards.storage_size
-                }
-              }
-            }
-          }
+          volumeSpec = local.shards_volume_spec
         }
       ]
     }
diff --git a/storage/onpremise/mongodb-percona/outputs.tf b/storage/onpremise/mongodb-percona/outputs.tf
@@ -36,21 +36,21 @@ output "env" {
     } : {
     "MongoDB__Sharding"   = "false"
     "MongoDB__ReplicaSet" = "rs0"
-  })
+  }, kubectl_manifest.cluster.id != "" ? {} : {})
 }
 
 output "user_credentials" {
   description = "User credentials of MongoDB"
   value = {
-    secret    = "${local.cluster_release_name}-secrets"
+    secret    = local.secrets_name
     data_keys = ["MONGODB_DATABASE_ADMIN_USER", "MONGODB_DATABASE_ADMIN_PASSWORD"]
   }
 }
 
 output "endpoints" {
   description = "Endpoints of MongoDB"
   value = {
-    secret    = "${local.cluster_release_name}-secrets"
+    secret    = local.secrets_name
     data_keys = ["MONGODB_DATABASE_ADMIN_USER", "MONGODB_DATABASE_ADMIN_PASSWORD"]
   }
 }
@@ -59,7 +59,7 @@ output "mount_secret" {
   description = "Secrets to be mounted as volumes"
   value = {
     "mongo-certificate" = {
-      secret = "${local.cluster_release_name}-ssl"
+      secret = local.ssl_secret_name
       path   = "/mongodb/certs/"
       mode   = "0644"
     }
@@ -70,7 +70,7 @@ output "env_from_secret" {
   description = "Environment variables from secrets"
   value = {
     "MongoDB__User" = {
-      secret = "${local.cluster_release_name}-secrets"
+      secret = local.secrets_name
       field  = "MONGODB_DATABASE_ADMIN_USER"
     }
     "MongoDB__Password" = {
diff --git a/storage/onpremise/mongodb-percona/persistence.tf b/storage/onpremise/mongodb-percona/persistence.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_storage_class" "shards" {
-  count = can(coalesce(var.persistence.shards.storage_provisioner)) ? 1 : 0
+  count = var.persistence != null && can(coalesce(var.persistence.shards.storage_provisioner)) ? 1 : 0
   metadata {
     name = "${var.name}-shards"
     labels = {
@@ -16,7 +16,7 @@ resource "kubernetes_storage_class" "shards" {
 }
 
 resource "kubernetes_storage_class" "configsvr" {
-  count = var.sharding != null && var.sharding.enabled && can(coalesce(var.persistence.configsvr.storage_provisioner)) ? 1 : 0
+  count = var.persistence != null && var.sharding != null && var.sharding.enabled && can(coalesce(var.persistence.configsvr.storage_provisioner)) ? 1 : 0
   metadata {
     name = "${var.name}-configsvr"
     labels = {
diff --git a/storage/onpremise/mongodb-percona/variables.tf b/storage/onpremise/mongodb-percona/variables.tf
@@ -26,6 +26,7 @@ variable "operator" {
     image                 = optional(string, "percona/percona-server-mongodb-operator")
     tag                   = optional(string)
     node_selector         = optional(map(string), {})
+    annotations = optional(map(string), {})
   })
   default = {}
 }
@@ -44,6 +45,7 @@ variable "cluster" {
     database_name         = optional(string, "database")
     replicas              = optional(number, 1)
     node_selector         = optional(map(string), {})
+    annotations = optional(map(string), {})
   })
   default = {}
 }
@@ -107,7 +109,7 @@ variable "persistence" {
       parameters          = optional(map(string), {})
     }), {})
   })
-  default = {}
+  default = null
 }
 
 # ──────────────────────────────────────────────

Original file line number	Diff line number	Diff line change
`@@ -36,21 +36,21 @@ output "env" {`
`36`	`36`	`} : {`
`37`	`37`	`"MongoDB__Sharding" = "false"`
`38`	`38`	`"MongoDB__ReplicaSet" = "rs0"`
`39`		`- })`
	`39`	`+ }, kubectl_manifest.cluster.id != "" ? {} : {})`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`output "user_credentials" {`
`43`	`43`	`description = "User credentials of MongoDB"`
`44`	`44`	`value = {`
`45`		`- secret = "${local.cluster_release_name}-secrets"`
	`45`	`+ secret = local.secrets_name`
`46`	`46`	`data_keys = ["MONGODB_DATABASE_ADMIN_USER", "MONGODB_DATABASE_ADMIN_PASSWORD"]`
`47`	`47`	`}`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`output "endpoints" {`
`51`	`51`	`description = "Endpoints of MongoDB"`
`52`	`52`	`value = {`
`53`		`- secret = "${local.cluster_release_name}-secrets"`
	`53`	`+ secret = local.secrets_name`
`54`	`54`	`data_keys = ["MONGODB_DATABASE_ADMIN_USER", "MONGODB_DATABASE_ADMIN_PASSWORD"]`
`55`	`55`	`}`
`56`	`56`	`}`
`@@ -59,7 +59,7 @@ output "mount_secret" {`
`59`	`59`	`description = "Secrets to be mounted as volumes"`
`60`	`60`	`value = {`
`61`	`61`	`"mongo-certificate" = {`
`62`		`- secret = "${local.cluster_release_name}-ssl"`
	`62`	`+ secret = local.ssl_secret_name`
`63`	`63`	`path = "/mongodb/certs/"`
`64`	`64`	`mode = "0644"`
`65`	`65`	`}`
`@@ -70,7 +70,7 @@ output "env_from_secret" {`
`70`	`70`	`description = "Environment variables from secrets"`
`71`	`71`	`value = {`
`72`	`72`	`"MongoDB__User" = {`
`73`		`- secret = "${local.cluster_release_name}-secrets"`
	`73`	`+ secret = local.secrets_name`
`74`	`74`	`field = "MONGODB_DATABASE_ADMIN_USER"`
`75`	`75`	`}`
`76`	`76`	`"MongoDB__Password" = {`