-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor resource name definitions and Add Optional Helm Install Support #15
base: main
Are you sure you want to change the base?
Conversation
9ffd65f
to
d7c67fa
Compare
modules/operator/main.tf
Outdated
# TODO: Publish the chart to a public repository, currently using a forked version of the chart | ||
repository = "https://raw.githubusercontent.com/bobbyiliev/materialize/refs/heads/helm-chart-package/misc/helm-charts" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The main next step here is to decide on how we would like to publish the Helm Chart.
Currently, the PR uses a temporary solution with a forked version of the Materialize Helm chart.
We need to decide on an appropriate public repository for publishing the Helm chart, this could totally live in the main repository, we would just need an extra flow to package and generate the index.yaml:
helm package operator
helm repo index .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I vote for main repository because that's easiest for having compatibility and running e2e tests immediately when something in the terraform plugin changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this should be doable, in this case, we could use GitHub pages as suggested on the Helm website: https://helm.sh/docs/topics/chart_repository/#github-pages-example
modules/operator/main.tf
Outdated
spec = { | ||
containers = [{ | ||
name = "init-db" | ||
image = "postgres:latest" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there value in pinning this to a version that matches RDS? or not worth the maintenance effort
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good idea! I will update it
modules/operator/main.tf
Outdated
value = format( | ||
"postgres://%s:%s@%s/%s?sslmode=require", | ||
each.value.database_username, | ||
each.value.database_password, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this means the pw will appear in plaintext on the Job's definition. you could inject the database username / pw / host as env vars from the Secret (which should be in the same namespace) and construct the URL in the psql
statement
modules/operator/main.tf
Outdated
} | ||
} | ||
|
||
resource "kubernetes_manifest" "db_init_job" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if it works it works, but I'm a bit surprised we need to do this versus using the RDS provider to initialize the databases for us. this is more portable though!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it would have been much more convenient, but it is not supported with the RDS terraform module.
You can only initialize a single db:
https://registry.terraform.io/modules/terraform-aws-modules/rds/aws/latest#input_db_name
examples/simple/main.tf
Outdated
materialize_instances = [ | ||
{ | ||
name = "analytics" | ||
instance_id = "12345678-1234-1234-1234-123456789012" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ooc what are these for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was using those in the bucket definitions: https://github.com/MaterializeInc/terraform-aws-materialize/pull/15/files/8edf57c29a39838a5158d788a3dfd04e28e84573#diff-885a9176a02d8454724784f56e5cb4e4c3be25ab53b298a7ff2a8cf4e316d7cbR76
But now thinking about this, it is quite unnecessary, we could just use the name instead.
Very cool! This is going to be so nice for getting set up 🌟 |
examples/simple/main.tf
Outdated
# { | ||
# name = "production" | ||
# namespace = "materialize-environment" | ||
# database_name = "production_db" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Q: Wondering if naming this "production" might be misleading if we want to ensure that people view these Terraforms as something we provide for evaluation purposes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes! Very good point! Thanks Kay! Will update this shortly.
name = string | ||
namespace = optional(string) | ||
database_name = string | ||
environmentd_version = optional(string, "v0.127.1") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need to change? although, since just the default, I guess it won't need to but wasn't sure if we wanted to change the default to something else.
type = string | ||
default = "materialize-s3-access" | ||
default = "v25.1.0-beta.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need to change?
This PR includes a few major changes:
Global Resource Prefix: this is a breaking change so we will have to adjust the CI and the existing docs:
cluster_name
,environment
,vpc_name
,bucket_name
,service_account_name
,db_identifier
).namespace
andenvironment
only, which will construct the names of all resources using the format${namespace}-${environment}-${resource_name}
.Optional Helm Installation for Materialize Operator:
One thing to keep in mind is that the
materialize_instances
are using thekubernetes_manifest
resource which has a couple of limitations:The workaround for the above is to not define the
materialize_instances
initially, once the EKS cluster is ready along with the operator installed, then you can do a second run to setup thematerialize_instances
.Fixes #14
Fixes #16