langfuse-terraform-azure/postgres.tf at main · mrestorff/langfuse-terraform-azure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
resource "azurerm_subnet" "db" {
  name                 = "db"
  resource_group_name  = azurerm_resource_group.this.name
  virtual_network_name = azurerm_virtual_network.this.name
  address_prefixes     = [var.db_subnet_address_prefix]
  service_endpoints    = ["Microsoft.Sql"]

  delegation {
    name = "fs"
    service_delegation {
      name = "Microsoft.DBforPostgreSQL/flexibleServers"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

resource "azurerm_postgresql_flexible_server" "this" {
  name                          = "${local.globally_unique_prefix}${var.name}"
  resource_group_name           = azurerm_resource_group.this.name
  location                      = var.location
  version                       = "15"
  storage_mb                    = var.postgres_storage_mb
  auto_grow_enabled             = true
  sku_name                      = var.postgres_sku_name
  public_network_access_enabled = false

  administrator_login    = "postgres"
  administrator_password = random_password.postgres_password.result

  dynamic "high_availability" {
    for_each = var.postgres_instance_count > 1 ? [1] : []
    content {
      mode = var.postgres_ha_mode
    }
  }

  maintenance_window {
    day_of_week  = 0
    start_hour   = 0
    start_minute = 0
  }

  backup_retention_days = 7

  authentication {
    active_directory_auth_enabled = true
    password_auth_enabled         = true
  }

  tags = {
    application = local.tag_name
  }

  lifecycle {
    ignore_changes = [
      zone,
      authentication[0].tenant_id,
    ]
  }
}

resource "azurerm_postgresql_flexible_server_database" "langfuse" {
  name      = "langfuse"
  server_id = azurerm_postgresql_flexible_server.this.id
  charset   = "UTF8"
  collation = "en_US.utf8"
}

# Random password for PostgreSQL
# Using a alphanumeric password to avoid issues with special characters on bash entrypoint
resource "random_password" "postgres_password" {
  length      = 64
  special     = false
  min_lower   = 1
  min_upper   = 1
  min_numeric = 1
}

# Add Private Endpoint for PostgreSQL
resource "azurerm_private_endpoint" "postgres" {
  name                = "${var.name}-postgres"
  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
  subnet_id           = azurerm_subnet.aks.id

  private_service_connection {
    name                           = "${var.name}-postgres"
    private_connection_resource_id = azurerm_postgresql_flexible_server.this.id
    is_manual_connection           = false
    subresource_names              = ["postgresqlServer"]
  }
}

resource "azurerm_private_dns_zone" "postgres" {
  name                = "privatelink.postgres.database.azure.com"
  resource_group_name = azurerm_resource_group.this.name
}

resource "azurerm_private_dns_zone_virtual_network_link" "postgres" {
  name                  = "${var.name}-postgres"
  resource_group_name   = azurerm_resource_group.this.name
  private_dns_zone_name = azurerm_private_dns_zone.postgres.name
  virtual_network_id    = azurerm_virtual_network.this.id
  registration_enabled  = false
}