From 3b74c997c30e410a426efd899ff2dc0fdfe3da90 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:24:12 +0530 Subject: [PATCH 01/14] feat(ferretdb): required variables for ferretdb --- modules/ferretdb/variables.tf | 78 +++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/modules/ferretdb/variables.tf b/modules/ferretdb/variables.tf index 0e5f454..1b17057 100644 --- a/modules/ferretdb/variables.tf +++ b/modules/ferretdb/variables.tf @@ -79,6 +79,47 @@ variable "client_streaming_replica_certificate_name" { default = "ferretdb-streaming-replica-client-certificate" } +variable "cloudflare_token" { + description = "Token for generating Ingress Certificates to be associated with MongoExpress" + type = string + nullable = false +} + +variable "cloudflare_email" { + description = "Email for generating Ingress Certificates to be associated with MongoExpress" + type = string + nullable = false +} + +variable "cloudflare_issuer_name" { + description = "Name of the Cloudflare Issuer to be associated with MongoExpress" + type = string + default = "mongo-express-cloudflare-issuer" +} + +variable "acme_server" { + description = "URL for the ACME Server to be used, defaults to production URL for LetsEncrypt" + type = string + default = "https://acme-v02.api.letsencrypt.org/directory" +} + +variable "ingress_certificate_name" { + description = "Name of the Ingress Certificate to be associated with MongoExpress" + type = string + default = "mongo-express-ingress-certificate" +} + +variable "host_name" { + description = "Host name for which Ingress Certificate is to be generated for" + type = string + default = "nosql" +} + +variable "domain" { + description = "Domain for which Ingress Certificate is to be generated for" + type = string +} + # --------------- USER CONFIGURATION VARIABLES --------------- # variable "clients" { description = "Object List of clients who need databases and users to be configured for" @@ -120,6 +161,43 @@ variable "backup_bucket_name" { nullable = false } +# --------------- FERRET DEPLOYMENT VARIABLES --------------- # +variable "repository" { + description = "Repository to be used for deployment of FerretDB" + type = string + default = "ghcr.io/ferretdb" +} + +variable "image" { + description = "Docker image to be used for deployment of FerretDB" + type = string + default = "ferretdb" +} + +variable "tag" { + description = "Docker tag to be used for deployment of FerretDB" + type = string + default = "2.7.0" +} + +variable "mongo_express_repository" { + description = "Repository to be used for deployment of Mongo Express UI" + type = string + default = "docker.io/library" +} + +variable "mongo_express_image" { + description = "Docker image to be used for deployment of Mongo Express UI" + type = string + default = "nginx" +} + +variable "mongo_express_tag" { + description = "Docker tag to be used for deployment of Mongo Express UI" + type = string + default = "1.0.2-20-alpine3.19" +} + # --------------- NETWORK POLICY VARIABLES --------------- # variable "kubernetes_api_ip" { description = "IP Address for the Kubernetes API" From a241cb9c881fbfa60d6031d8b988d1f8ae69dd9a Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:24:34 +0530 Subject: [PATCH 02/14] feat(ferretdb): UI credentials for Mongo Express --- modules/ferretdb/secrets.tf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/modules/ferretdb/secrets.tf b/modules/ferretdb/secrets.tf index cdced90..64d8e74 100644 --- a/modules/ferretdb/secrets.tf +++ b/modules/ferretdb/secrets.tf @@ -88,3 +88,30 @@ resource "kubernetes_secret" "client_database_credentials" { type = "kubernetes.io/basic-auth" } + +// UI credentials configuration for MongoExpress +resource "random_password" "ui_password" { + length = 20 + lower = true + numeric = true + special = false +} + +resource "kubernetes_secret" "ui_credentials" { + metadata { + name = "ui-ferret" + namespace = kubernetes_namespace.namespace.metadata[0].name + + labels = { + app = var.app_name + component = "secret" + } + } + + data = { + "username" = "ferret" + "password" = random_password.ferret_password.result + } + + type = "kubernetes.io/basic-auth" +} From 33948eff7e2a8b61ce5c97d53f78196f8c440c29 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:24:57 +0530 Subject: [PATCH 03/14] feat(ferretdb): ferretdb deployment spec update --- modules/ferretdb/ferret.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ferretdb/ferret.tf b/modules/ferretdb/ferret.tf index 082e89b..34e8749 100644 --- a/modules/ferretdb/ferret.tf +++ b/modules/ferretdb/ferret.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "ferretdb" { container { name = "ferret" - image = "ghcr.io/ferretdb/ferretdb:2.7.0" + image = "${var.repository}/${var.image}:${var.tag}" port { container_port = 27017 From 718c16d4efdbc6a9d27adbd65674f6e4a41c2d2f Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:25:12 +0530 Subject: [PATCH 04/14] feat(ferretdb): internal and ingress certs for mongo express --- modules/ferretdb/certificates.tf | 167 +++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) diff --git a/modules/ferretdb/certificates.tf b/modules/ferretdb/certificates.tf index 5bd598e..1893429 100644 --- a/modules/ferretdb/certificates.tf +++ b/modules/ferretdb/certificates.tf @@ -295,3 +295,170 @@ resource "kubernetes_manifest" "client_streaming_replica_certificate" { delete = "5m" } } + +// Internal Certificate for MongoExpress +resource "kubernetes_manifest" "mongo_express_internal_certificate" { + manifest = { + "apiVersion" = "cert-manager.io/v1" + "kind" = "Certificate" + "metadata" = { + "name" = "mongo-express-internal-certificate" + "namespace" = kubernetes_namespace.namespace.metadata[0].name + "labels" = { + "app" = var.app_name + "component" = "internal-certificate" + } + } + "spec" = { + "dnsNames" = [ + "database.${kubernetes_namespace.namespace.metadata[0].name}.svc.cluster.local", + "127.0.0.1", + "localhost", + ] + "subject" = { + "organizations" = [var.organization_name] + "countries" = [var.country_name] + "organizationalUnits" = [var.app_name] + } + "commonName" = "mongo-express-internal-certificate" + "secretName" = "mongo-express-internal-certificate" + "issuerRef" = { + "name" = kubernetes_manifest.server_issuer.manifest.metadata.name + } + } + } + + wait { + condition { + type = "Ready" + status = "True" + } + } + timeouts { + create = "5m" + update = "5m" + delete = "5m" + } +} + +// Kubernetes Secret for Cloudflare Tokens +resource "kubernetes_secret" "cloudflare_token" { + metadata { + name = "cloudflare-token" + namespace = kubernetes_namespace.namespace.metadata[0].name + labels = { + "app" = var.app_name + "component" = "secret" + } + } + + data = { + cloudflare-token = var.cloudflare_token + } + + type = "Opaque" +} + +// Cloudflare Issuer for MongoExpress Ingress Service +resource "kubernetes_manifest" "public_issuer" { + manifest = { + "apiVersion" = "cert-manager.io/v1" + "kind" = "Issuer" + "metadata" = { + "name" = var.cloudflare_issuer_name + "namespace" = kubernetes_namespace.namespace.metadata[0].name + "labels" = { + "app" = var.app_name + "component" = "cloudflare-issuer" + } + } + "spec" = { + "acme" = { + "email" = var.cloudflare_email + "server" = var.acme_server + "privateKeySecretRef" = { + "name" = var.cloudflare_issuer_name + } + "solvers" = [ + { + "dns01" = { + "cloudflare" = { + "email" = var.cloudflare_email + "apiTokenSecretRef" = { + "name" = "cloudflare-token" + "key" = "cloudflare-token" + } + } + } + } + ] + } + } + } + + depends_on = [kubernetes_secret.cloudflare_token] + + wait { + condition { + type = "Ready" + status = "True" + } + } + + timeouts { + create = "5m" + update = "5m" + delete = "5m" + } +} + +// Certificate to be used for MongoExpress Ingress +resource "kubernetes_manifest" "ingress_certificate" { + + manifest = { + "apiVersion" = "cert-manager.io/v1" + "kind" = "Certificate" + "metadata" = { + "name" = var.ingress_certificate_name + "namespace" = kubernetes_namespace.namespace.metadata[0].name + "labels" = { + "app" = var.app_name + "component" = "ingress-certificate" + } + } + "spec" = { + "duration" = "2160h" + "renewBefore" = "360h" + "subject" = { + "organizations" = [var.organization_name] + "countries" = [var.country_name] + "organizationalUnits" = [var.app_name] + } + "privateKey" = { + "algorithm" = "RSA" + "encoding" = "PKCS1" + "size" = "2048" + } + "dnsNames" = ["${var.host_name}.${var.domain}"] + "secretName" = var.ingress_certificate_name + "issuerRef" = { + "name" = kubernetes_manifest.public_issuer.manifest.metadata.name + "kind" = "Issuer" + "group" = "cert-manager.io" + } + } + } + + wait { + condition { + type = "Ready" + status = "True" + } + } + + timeouts { + create = "5m" + update = "5m" + delete = "5m" + } +} From bc3bd989dd785972a9a46f2157d9cdbe9d7e8e6c Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:25:24 +0530 Subject: [PATCH 05/14] feat(ferretdb): service for mongo express --- modules/ferretdb/service.tf | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/modules/ferretdb/service.tf b/modules/ferretdb/service.tf index 4492b9f..b16ca60 100644 --- a/modules/ferretdb/service.tf +++ b/modules/ferretdb/service.tf @@ -25,3 +25,31 @@ resource "kubernetes_service" "ferret_service" { type = "ClusterIP" } } + +// Mongo Express Service for Ingress Usage +resource "kubernetes_service" "mongo_express" { + metadata { + name = "mongo-express-service" + namespace = kubernetes_namespace.namespace.metadata[0].name + labels = { + app = var.app_name + component = "service" + } + } + + spec { + type = "ClusterIP" + + port { + port = 8081 + target_port = 8081 + name = "https" + } + + selector = { + app = var.app_name + component = "pod" + used-for = "mongo-express" + } + } +} From 65ed51f962ddfe848a294549eeb97a2bb70dd44e Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:25:33 +0530 Subject: [PATCH 06/14] feat(ferretdb): mongo express deployment spec --- modules/ferretdb/mongo-express.tf | 190 ++++++++++++++++++++++++++++++ 1 file changed, 190 insertions(+) create mode 100644 modules/ferretdb/mongo-express.tf diff --git a/modules/ferretdb/mongo-express.tf b/modules/ferretdb/mongo-express.tf new file mode 100644 index 0000000..fc2d707 --- /dev/null +++ b/modules/ferretdb/mongo-express.tf @@ -0,0 +1,190 @@ +resource "kubernetes_deployment" "mongo_express" { + metadata { + name = "mongo-express" + namespace = kubernetes_namespace.namespace.metadata[0].name + } + + spec { + replicas = 1 + selector { + match_labels = { + "ferret-access" = true + app = var.app_name + component = "pod" + used-for = "mongo-express" + } + } + + template { + metadata { + labels = { + "ferret-access" = true + app = var.app_name + component = "pod" + used-for = "mongo-express" + } + } + + spec { + // Node Affinity rule to run only on worker nodes + affinity { + node_affinity { + required_during_scheduling_ignored_during_execution { + node_selector_term { + match_expressions { + key = "worker" + operator = "Exists" + } + } + } + } + } + + // Topology Spread to ensure pods are running on seperate nodes + topology_spread_constraint { + max_skew = 1 + topology_key = "kubernetes.io/hostname" + when_unsatisfiable = "DoNotSchedule" + label_selector { + match_labels = { + app = var.app_name + component = "pod" + "part-of" = "ferretdb" + } + } + } + + container { + name = "mongo-express" + image = "${var.mongo_express_repository}/${var.mongo_express_image}:${var.mongo_express_tag}" + + // FerretDB Connection Settings + env { + name = "DB_USERNAME" + value_from { + secret_key_ref { + name = kubernetes_secret.ferret_database_credentials.metadata[0].name + key = "username" + } + } + } + + env { + name = "DB_PASSWORD" + value_from { + secret_key_ref { + name = kubernetes_secret.ferret_database_credentials.metadata[0].name + key = "password" + } + } + } + + env { + name = "ME_CONFIG_MONGODB_URL" + value = "mongodb://$(DB_USERNAME):$(DB_PASSWORD)@${kubernetes_service.ferret_service.metadata[0].name}.${kubernetes_namespace.namespace.metadata[0].name}.svc.cluster.local:27017/ferret?authMechanism=SCRAM-SHA-256" + } + + env { + name = "ME_CONFIG_MONGODB_ENABLE_ADMIN" + value = "true" + } + + // UI Authentication for Mongo Express + env { + name = "ME_CONFIG_BASICAUTH_ENABLED" + value = "true" + } + + env { + name = "ME_CONFIG_BASICAUTH_USERNAME" + value_from { + secret_key_ref { + name = kubernetes_secret.ui_credentials.metadata[0].name + key = "username" + } + } + } + + env { + name = "ME_CONFIG_BASICAUTH_PASSWORD" + value_from { + secret_key_ref { + name = kubernetes_secret.ui_credentials.metadata[0].name + key = "password" + } + } + } + + // SSL Configuration for Mongo Express + env { + name = "ME_CONFIG_SITE_SSL_ENABLED" + value = "true" + } + + env { + name = "ME_CONFIG_SITE_SSL_CRT_PATH" + value = "/etc/mongoexpress/certs/tls.crt" + } + + env { + name = "ME_CONFIG_SITE_SSL_KEY_PATH" + value = "/etc/mongoexpress/certs/tls.key" + } + + port { + container_port = 8081 + name = "mongoexpress" + } + + resources { + requests = { + cpu = "250m" + memory = "256Mi" + } + limits = { + cpu = "500m" + memory = "500Mi" + } + } + + liveness_probe { + http_get { + path = "/status" + port = 8081 + } + initial_delay_seconds = 10 + period_seconds = 10 + success_threshold = 1 + failure_threshold = 5 + } + + readiness_probe { + http_get { + path = "/status" + port = 8081 + } + initial_delay_seconds = 10 + period_seconds = 10 + success_threshold = 1 + failure_threshold = 5 + } + + volume_mount { + name = "tls-certs" + mount_path = "/etc/mongoexpress/certs" + read_only = true + } + } + + volume { + name = "tls-certs" + secret { + secret_name = kubernetes_manifest.mongo_express_internal_certificate.manifest.spec.secretName + } + } + } + } + } + + depends_on = [ kubernetes_deployment.ferretdb ] +} From fb167839ef1fc1cca154bc5f47656698e947ee37 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:27:40 +0530 Subject: [PATCH 07/14] feat(infrastructure): folder rename --- {example => infrastructure}/README.md | 0 {example => infrastructure}/locals.tf | 0 {example => infrastructure}/main.tf | 7 +++++-- {example => infrastructure}/providers.tf | 0 {example => infrastructure}/variables.tf | 0 5 files changed, 5 insertions(+), 2 deletions(-) rename {example => infrastructure}/README.md (100%) rename {example => infrastructure}/locals.tf (100%) rename {example => infrastructure}/main.tf (96%) rename {example => infrastructure}/providers.tf (100%) rename {example => infrastructure}/variables.tf (100%) diff --git a/example/README.md b/infrastructure/README.md similarity index 100% rename from example/README.md rename to infrastructure/README.md diff --git a/example/locals.tf b/infrastructure/locals.tf similarity index 100% rename from example/locals.tf rename to infrastructure/locals.tf diff --git a/example/main.tf b/infrastructure/main.tf similarity index 96% rename from example/main.tf rename to infrastructure/main.tf index a3ae104..af2e259 100644 --- a/example/main.tf +++ b/infrastructure/main.tf @@ -81,7 +81,7 @@ module "cnpg" { # FerretDB Deployment for MongoDB Database Solution module "ferretdb" { - source = "git::https://github.com/necro-cloud/modules//modules/ferretdb?ref=task/68/authn-setup" + source = "git::https://github.com/necro-cloud/modules//modules/ferretdb?ref=task/69/mongo-ui" // Garage Cluster Details for configuration of PITR Backups garage_certificate_authority = module.garage.garage_internal_certificate_secret @@ -97,8 +97,11 @@ module "ferretdb" { } ] - // Certificate details for internal certificates + // Certificate details for internal and ingress certificates cluster_issuer_name = module.cluster-issuer.cluster-issuer-name + cloudflare_token = var.cloudflare_token + cloudflare_email = var.cloudflare_email + domain = var.domain // Whitelisting Kubernetes API Endpoints in the Network Policy kubernetes_api_ip = one(flatten(data.kubernetes_endpoints_v1.kubernetes_api_endpoint.subset[*].address[*].ip)) diff --git a/example/providers.tf b/infrastructure/providers.tf similarity index 100% rename from example/providers.tf rename to infrastructure/providers.tf diff --git a/example/variables.tf b/infrastructure/variables.tf similarity index 100% rename from example/variables.tf rename to infrastructure/variables.tf From 1e4cb0c99462b44490e61d6f0bc177f9ded54329 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:28:10 +0530 Subject: [PATCH 08/14] ci(infrastructure): folder rename --- .github/workflows/tofu-deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tofu-deploy.yaml b/.github/workflows/tofu-deploy.yaml index 576c6b4..2b1517b 100644 --- a/.github/workflows/tofu-deploy.yaml +++ b/.github/workflows/tofu-deploy.yaml @@ -24,7 +24,7 @@ jobs: uses: necro-cloud/automations/.github/workflows/tofu-deploy.yml@main with: deployment_name: Kubernetes Infrastructure - folder_path: example + folder_path: infrastructure runners: cloud pre_plan_script: tofu apply --target=module.helm -var-file terraform.tfvars.json -auto-approve secrets: From 57ee4d9e2ad7160b619cd8807ad69c8ac322d515 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:31:04 +0530 Subject: [PATCH 09/14] fix(ferretdb): mongo express image name fix --- modules/ferretdb/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ferretdb/variables.tf b/modules/ferretdb/variables.tf index 1b17057..3585df8 100644 --- a/modules/ferretdb/variables.tf +++ b/modules/ferretdb/variables.tf @@ -189,7 +189,7 @@ variable "mongo_express_repository" { variable "mongo_express_image" { description = "Docker image to be used for deployment of Mongo Express UI" type = string - default = "nginx" + default = "mongo-express" } variable "mongo_express_tag" { From c65c2fc2299995b14952aaa78995a6c0be66dd98 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:34:05 +0530 Subject: [PATCH 10/14] fix(ferretdb): labels fix for netpol --- modules/ferretdb/mongo-express.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ferretdb/mongo-express.tf b/modules/ferretdb/mongo-express.tf index fc2d707..a95ad1c 100644 --- a/modules/ferretdb/mongo-express.tf +++ b/modules/ferretdb/mongo-express.tf @@ -8,7 +8,7 @@ resource "kubernetes_deployment" "mongo_express" { replicas = 1 selector { match_labels = { - "ferret-access" = true + "ferret-mongo-access" = true app = var.app_name component = "pod" used-for = "mongo-express" @@ -18,7 +18,7 @@ resource "kubernetes_deployment" "mongo_express" { template { metadata { labels = { - "ferret-access" = true + "ferret-mongo-access" = true app = var.app_name component = "pod" used-for = "mongo-express" From 713ed4023738959160f7116a7852d06f83172bf7 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:37:08 +0530 Subject: [PATCH 11/14] fix(ferretdb): probes scheme to HTTPS --- modules/ferretdb/mongo-express.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/ferretdb/mongo-express.tf b/modules/ferretdb/mongo-express.tf index a95ad1c..75e0301 100644 --- a/modules/ferretdb/mongo-express.tf +++ b/modules/ferretdb/mongo-express.tf @@ -151,6 +151,7 @@ resource "kubernetes_deployment" "mongo_express" { http_get { path = "/status" port = 8081 + scheme = "HTTPS" } initial_delay_seconds = 10 period_seconds = 10 @@ -162,6 +163,7 @@ resource "kubernetes_deployment" "mongo_express" { http_get { path = "/status" port = 8081 + scheme = "HTTPS" } initial_delay_seconds = 10 period_seconds = 10 From ee996ef31d5ff24b5a7d31a8bb92dc51de5dbbb4 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:46:18 +0530 Subject: [PATCH 12/14] feat(ferretdb): ingress setup for mongo express --- modules/ferretdb/ingress.tf | 44 +++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 modules/ferretdb/ingress.tf diff --git a/modules/ferretdb/ingress.tf b/modules/ferretdb/ingress.tf new file mode 100644 index 0000000..b72eb01 --- /dev/null +++ b/modules/ferretdb/ingress.tf @@ -0,0 +1,44 @@ +// Kubernetes Ingress for Mongo Express Access +resource "kubernetes_ingress_v1" "mongo_express_ingress" { + metadata { + name = "mongo-express-ingress" + namespace = kubernetes_namespace.namespace.metadata[0].name + labels = { + app = var.app_name + component = "ingress" + } + annotations = { + "nginx.ingress.kubernetes.io/proxy-ssl-verify" : "on" + "nginx.ingress.kubernetes.io/proxy-ssl-secret" : "${kubernetes_namespace.namespace.metadata[0].name}/${kubernetes_manifest.mongo_express_internal_certificate.manifest.spec.secretName}" + "nginx.ingress.kubernetes.io/proxy-ssl-name" : "database.${kubernetes_namespace.namespace.metadata[0].name}.svc.cluster.local" + "nginx.ingress.kubernetes.io/backend-protocol" : "HTTPS" + "nginx.ingress.kubernetes.io/rewrite-target" : "/" + "nginx.ingress.kubernetes.io/proxy-body-size" : 0 + "nginx.ingress.kubernetes.io/client-body-buffer-size" : "500M" + } + } + + spec { + ingress_class_name = "nginx" + tls { + hosts = ["${var.host_name}.${var.domain}"] + secret_name = kubernetes_manifest.ingress_certificate.manifest.spec.secretName + } + rule { + host = "${var.host_name}.${var.domain}" + http { + path { + path = "/" + backend { + service { + name = kubernetes_service.mongo_express.metadata[0].name + port { + name = "https" + } + } + } + } + } + } + } +} From b443845fd2bfd168a5cb7ab173aeb530e26182f5 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 14:54:33 +0530 Subject: [PATCH 13/14] docs(ferretdb): README update for the ferretdb module --- modules/ferretdb/README.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/modules/ferretdb/README.md b/modules/ferretdb/README.md index 0f21db0..d21482d 100644 --- a/modules/ferretdb/README.md +++ b/modules/ferretdb/README.md @@ -19,12 +19,17 @@ Required Modules to deploy FerretDB Database: | Name | Type | |------|------| | [kubernetes_deployment.ferretdb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource | +| [kubernetes_deployment.mongo_express](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource | +| [kubernetes_ingress_v1.mongo_express_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | | [kubernetes_manifest.barman_object_store](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.client_certificate_authority](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.client_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.client_streaming_replica_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.cluster](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.ferret_cluster_image_catalog](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | +| [kubernetes_manifest.ingress_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | +| [kubernetes_manifest.mongo_express_internal_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | +| [kubernetes_manifest.public_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.server_certificate](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.server_certificate_authority](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | | [kubernetes_manifest.server_issuer](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | @@ -34,42 +39,59 @@ Required Modules to deploy FerretDB Database: | [kubernetes_pod_disruption_budget_v1.cnpg_pdb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_disruption_budget_v1) | resource | | [kubernetes_pod_disruption_budget_v1.ferret_pdb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_disruption_budget_v1) | resource | | [kubernetes_secret.client_database_credentials](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | +| [kubernetes_secret.cloudflare_token](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | | [kubernetes_secret.ferret_database_credentials](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | | [kubernetes_secret.garage_certificate_authority](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | | [kubernetes_secret.garage_configuration](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | +| [kubernetes_secret.ui_credentials](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | | [kubernetes_service.ferret_service](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource | +| [kubernetes_service.mongo_express](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource | | [random_password.client_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | | [random_password.ferret_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | +| [random_password.ui_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [acme\_server](#input\_acme\_server) | URL for the ACME Server to be used, defaults to production URL for LetsEncrypt | `string` | `"https://acme-v02.api.letsencrypt.org/directory"` | no | | [app\_name](#input\_app\_name) | App name for deploying Ferret Database | `string` | `"ferret"` | no | | [backup\_bucket\_name](#input\_backup\_bucket\_name) | Name of the bucket for storing PITR Backups in Garage | `string` | n/a | yes | | [client\_certificate\_authority\_name](#input\_client\_certificate\_authority\_name) | Name of the Certificate Authority to be used with Ferret Client | `string` | `"ferretdb-client-certificate-authority"` | no | | [client\_issuer\_name](#input\_client\_issuer\_name) | Name of the Issuer to be used with Ferret Client | `string` | `"ferretdb-client-issuer"` | no | | [client\_streaming\_replica\_certificate\_name](#input\_client\_streaming\_replica\_certificate\_name) | Name of the Certificate to be used with Ferret Streaming Replica Client | `string` | `"ferretdb-streaming-replica-client-certificate"` | no | -| [clients](#input\_clients) | Object List of clients who need databases and users to be configured for | 
list(object({
    namespace          = string
    user               = string
    database           = string
    derRequired        = bool
    privateKeyEncoding = string
  }))
| `[]` | no | +| [clients](#input\_clients) | Object List of clients who need databases and users to be configured for | 
list(object({
    namespace          = string
    user               = string
  }))
| `[]` | no | +| [cloudflare\_email](#input\_cloudflare\_email) | Email for generating Ingress Certificates to be associated with MongoExpress | `string` | n/a | yes | +| [cloudflare\_issuer\_name](#input\_cloudflare\_issuer\_name) | Name of the Cloudflare Issuer to be associated with MongoExpress | `string` | `"mongo-express-cloudflare-issuer"` | no | +| [cloudflare\_token](#input\_cloudflare\_token) | Token for generating Ingress Certificates to be associated with MongoExpress | `string` | n/a | yes | | [cluster\_issuer\_name](#input\_cluster\_issuer\_name) | Name for the Cluster Issuer to be used to generate internal self signed certificates | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | Name of the Ferret Database Cluster to be created | `string` | `"ferret-postgresql-cluster"` | no | | [cluster\_postgresql\_version](#input\_cluster\_postgresql\_version) | Version of Ferret Database to use and deploy | `number` | `17` | no | | [cluster\_size](#input\_cluster\_size) | Number of pods to deploy for the Ferret Cluster | `number` | `2` | no | | [country\_name](#input\_country\_name) | Country name for deploying Ferret Database | `string` | `"India"` | no | +| [domain](#input\_domain) | Domain for which Ingress Certificate is to be generated for | `string` | n/a | yes | | [garage\_certificate\_authority](#input\_garage\_certificate\_authority) | Name of the Certificate Authority associated with the Garage Storage Solution | `string` | n/a | yes | | [garage\_configuration](#input\_garage\_configuration) | Garage Configuration for storing PITR Backups | `string` | n/a | yes | | [garage\_namespace](#input\_garage\_namespace) | Namespace for the Garage Deployment for storing PITR Backups | `string` | n/a | yes | +| [host\_name](#input\_host\_name) | Host name for which Ingress Certificate is to be generated for | `string` | `"nosql"` | no | +| [image](#input\_image) | Docker image to be used for deployment of FerretDB | `string` | `"ferretdb"` | no | +| [ingress\_certificate\_name](#input\_ingress\_certificate\_name) | Name of the Ingress Certificate to be associated with MongoExpress | `string` | `"mongo-express-ingress-certificate"` | no | | [kubernetes\_api\_ip](#input\_kubernetes\_api\_ip) | IP Address for the Kubernetes API | `string` | n/a | yes | | [kubernetes\_api\_port](#input\_kubernetes\_api\_port) | Port for the Kubernetes API | `number` | n/a | yes | | [kubernetes\_api\_protocol](#input\_kubernetes\_api\_protocol) | Protocol for the Kubernetes API | `string` | n/a | yes | +| [mongo\_express\_image](#input\_mongo\_express\_image) | Docker image to be used for deployment of Mongo Express UI | `string` | `"mongo-express"` | no | +| [mongo\_express\_repository](#input\_mongo\_express\_repository) | Repository to be used for deployment of Mongo Express UI | `string` | `"docker.io/library"` | no | +| [mongo\_express\_tag](#input\_mongo\_express\_tag) | Docker tag to be used for deployment of Mongo Express UI | `string` | `"1.0.2-20-alpine3.19"` | no | | [namespace](#input\_namespace) | Namespace to be used for deploying Ferret Database | `string` | `"ferret"` | no | | [organization\_name](#input\_organization\_name) | Organization name for deploying Ferret Database | `string` | `"cloud"` | no | +| [repository](#input\_repository) | Repository to be used for deployment of FerretDB | `string` | `"ghcr.io/ferretdb"` | no | | [server\_certificate\_authority\_name](#input\_server\_certificate\_authority\_name) | Name of the Certificate Authority to be used with Ferret Server | `string` | `"ferretdb-server-certificate-authority"` | no | | [server\_certificate\_name](#input\_server\_certificate\_name) | Name of the Certificate to be used with Ferret Server | `string` | `"ferretdb-server-certificate"` | no | | [server\_issuer\_name](#input\_server\_issuer\_name) | Name of the Issuer to be used with Ferret Server | `string` | `"ferretdb-server-issuer"` | no | +| [tag](#input\_tag) | Docker tag to be used for deployment of FerretDB | `string` | `"2.7.0"` | no | ## Outputs | Name | Description | |------|-------------| -| [namespace](#output\_namespace) | Namespace where FerretDB is deployed in | +| [namespace](#output\_namespace) | Namespace where the PostgreSQL Database is deployed in | From 99178d2413827e65f12b62414cd56b4516969193 Mon Sep 17 00:00:00 2001 From: khatrivarun Date: Thu, 15 Jan 2026 15:04:30 +0530 Subject: [PATCH 14/14] [INF] All modules switch to main branch --- infrastructure/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/main.tf b/infrastructure/main.tf index af2e259..98ef44e 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -81,7 +81,7 @@ module "cnpg" { # FerretDB Deployment for MongoDB Database Solution module "ferretdb" { - source = "git::https://github.com/necro-cloud/modules//modules/ferretdb?ref=task/69/mongo-ui" + source = "git::https://github.com/necro-cloud/modules//modules/ferretdb?ref=main" // Garage Cluster Details for configuration of PITR Backups garage_certificate_authority = module.garage.garage_internal_certificate_secret