oci-postgres-cluster/examples/complete/main.tf at main · obytes/oci-postgres-cluster · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
########################################
# PostgreSQL HA Cluster with Patroni & etcd
#
# 1. terraform init     - downloads providers
# 2. terraform validate - checks syntax
# 3. terraform plan     - requires valid OCI credentials
# 4. terraform apply    - deploys the cluster
########################################

terraform {
  backend "local" {
    path = "terraform.tfstate"
  }

  required_version = ">= 1.5"

  required_providers {
    oci = {
      source  = "oracle/oci"
      version = ">= 5.0"
    }
  }
}

locals {
  common_tags = {
    environment = var.environment
    purpose     = "PostgreSQL HA Cluster"
    managed_by  = "terraform"
  }
  prefix     = var.prefix
  vault_type = ["DEFAULT", "VIRTUAL_PRIVATE"]
}

module "postgres-cluster" {
  source = "../../modules/postgres-cluster"

  # General
  prefix         = local.prefix
  common_tags    = local.common_tags
  compartment_id = var.compartment_id
  vcn_id         = var.vcn_id

  # Network
  subnet_id   = var.subnet_id
  subnet_cidr = var.subnet_cidr

  # Network Security Group rules
  postgres_cluster_nsg = {
    PostgreSQL = {
      cidr_blocks = [var.subnet_cidr]
      min_port    = 5432
      max_port    = 5432
      direction   = "INGRESS"
      stateless   = false
    }

    Patroni = {
      cidr_blocks = [var.subnet_cidr]
      min_port    = 8008
      max_port    = 8008
      direction   = "INGRESS"
      stateless   = false
    }

    etcd_client = {
      cidr_blocks = [var.subnet_cidr]
      min_port    = 2379
      max_port    = 2379
      direction   = "INGRESS"
      stateless   = false
    }

    etcd_peer = {
      cidr_blocks = [var.subnet_cidr]
      min_port    = 2380
      max_port    = 2380
      direction   = "INGRESS"
      stateless   = false
    }

    SSH = {
      cidr_blocks = [var.subnet_cidr]
      min_port    = 22
      max_port    = 22
      direction   = "INGRESS"
      stateless   = false
    }
  }

  # Reserved Private IPs - adjust based on your subnet
  reserved_private_ips = [
    cidrhost(var.subnet_cidr, 175),
    cidrhost(var.subnet_cidr, 176),
    cidrhost(var.subnet_cidr, 177),
  ]

  # Cluster naming
  cluster_name = var.cluster_name

  # Security
  kms_key_id = oci_kms_key.kms_key.id

  # Instance configuration
  family_shape                 = var.family_shape
  image_id                     = data.oci_core_images.oracle_linux.images[0].id
  postgres_instance_specs      = var.postgres_instance_specs
  ssh_authorized_keys_postgres = var.ssh_authorized_keys_postgres
}