Merge pull request #313 from recognizegroup/feature/CM-27-basic-k8s-m…

…odules-and-public-psql CM-27 - Add Kubernetes modules and MySQL, PostGresql public flexible server
recognizegroup · Apr 25, 2023 · 0687048 · 0687048
2 parents d6da208 + 4fac76e
commit 0687048
Show file tree

Hide file tree

Showing 24 changed files with 1,170 additions and 4 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -332,6 +332,11 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "terraform"
+    directory: "/modules/azure/mysql_flexible_server_public"
+    schedule:
+      interval: "daily"
+
   - package-ecosystem: "terraform"
     directory: "/modules/azure/network_security_group"
     schedule:
@@ -342,6 +347,11 @@ updates:
     schedule:
       interval: "daily"
 
+  - package-ecosystem: "terraform"
+    directory: "/modules/azure/postgresql_public"
+    schedule:
+      interval: "daily"
+
   - package-ecosystem: "terraform"
     directory: "/modules/azure/private_dns_zone"
     schedule:
@@ -501,3 +511,28 @@ updates:
     directory: "/modules/other/password_generator"
     schedule:
       interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/configmap"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/deployment_with_service"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/ingress"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/secret"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "terraform"
+    directory: "/modules/kubernetes/pvc"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
@@ -1,8 +1,9 @@
 name: Validate
 on:
-  push:
+  pull_request:
     branches:
-      - '**'
+      - main
+      - develop
 
 jobs:
   validate-terraform:

diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf
@@ -45,7 +45,7 @@ variable "storage_auto_grow_enabled" {
 variable "backup_retention_days" {
   type        = number
   description = "Backup retention days for the mysql server."
-  default     = 7
+  default     = 30
 }
 
 variable "geo_redundant_backup_enabled" {
@@ -101,4 +101,4 @@ variable "slow_query_log" {
 variable "private_dns_zone_id" {
   type        = string
   description = "ID of the private dns zone"
-}
+}
diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf
@@ -0,0 +1,117 @@
+terraform {
+  required_version = "~> 1.3"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.48"
+    }
+  }
+
+  backend "azurerm" {}
+}
+
+provider "azurerm" {
+  features {}
+}
+
+resource "random_password" "mysql_admin_password" {
+  length           = 16
+  special          = true
+  override_special = "_%@"
+  keepers          = var.password_keeper
+}
+
+resource "azurerm_mysql_flexible_server" "mysql_flexible_server" {
+  name                = var.server_name
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+  administrator_login    = var.admin_username
+  administrator_password = random_password.mysql_admin_password.result
+
+  backup_retention_days        = var.backup_retention_days
+  geo_redundant_backup_enabled = var.geo_redundant_backup_enabled
+
+  sku_name = var.server_sku
+  version  = var.server_version
+
+  storage {
+    auto_grow_enabled = var.storage_auto_grow_enabled
+    size_gb           = var.server_storage_max
+  }
+
+  lifecycle {
+    ignore_changes  = [zone]
+    prevent_destroy = true
+  }
+}
+
+resource "azurerm_mysql_flexible_database" "mysql_flexible_database" {
+  name                = var.database_name
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql_flexible_server.name
+  charset             = var.database_charset
+  collation           = var.database_collation
+}
+
+resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_configuration" {
+  name                = "slow_query_log"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql_flexible_server.name
+  value               = var.slow_query_log
+}
+
+data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" {
+  count       = var.log_analytics_workspace_id == null ? 0 : 1
+  resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" {
+  count                      = var.log_analytics_workspace_id == null ? 0 : 1
+  name                       = "diag-${var.server_name}"
+  target_resource_id         = azurerm_mysql_flexible_server.mysql_flexible_server.id
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+
+  dynamic "enabled_log" {
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].log_category_types
+
+    content {
+      category = enabled_log.value
+
+      retention_policy {
+        enabled = false
+      }
+    }
+  }
+
+  dynamic "metric" {
+    for_each = data.azurerm_monitor_diagnostic_categories.diagnostic_categories[0].metrics
+
+    content {
+      category = metric.value
+      enabled  = true
+
+      retention_policy {
+        enabled = false
+      }
+    }
+  }
+
+  // TODO: not yet implemented by Azure
+  // log_analytics_destination_type = "Dedicated"
+  lifecycle {
+    ignore_changes = [log_analytics_destination_type]
+  }
+}
+
+resource "azurerm_mysql_flexible_server_firewall_rule" "rule" {
+  for_each = var.whitelist_ip_addresses
+
+  name                = "fw-${var.server_name}-${replace(each.value, ".", "-")}"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql_flexible_server.name
+  start_ip_address    = each.value
+  end_ip_address      = each.value
+}
+
diff --git a/modules/azure/mysql_flexible_server_public/outputs.tf b/modules/azure/mysql_flexible_server_public/outputs.tf
@@ -0,0 +1,21 @@
+output "id" {
+  value = azurerm_mysql_flexible_server.mysql_flexible_server.id
+}
+
+output "fqdn" {
+  value = azurerm_mysql_flexible_server.mysql_flexible_server.fqdn
+}
+
+output "database_name" {
+  value = azurerm_mysql_flexible_database.mysql_flexible_database.name
+}
+
+output "admin_username" {
+  value     = azurerm_mysql_flexible_server.mysql_flexible_server.administrator_login
+  sensitive = true
+}
+
+output "admin_password" {
+  value     = azurerm_mysql_flexible_server.mysql_flexible_server.administrator_password
+  sensitive = true
+}
diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf
@@ -0,0 +1,94 @@
+variable "location" {
+  type        = string
+  description = "A datacenter location in Azure."
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "Name of the resource group."
+}
+
+variable "server_name" {
+  type        = string
+  description = "Name of the mysql server."
+}
+
+variable "server_sku" {
+  type        = string
+  description = "Specifies the sku for the mysql server"
+  default     = "GP_Standard_D2ds_v4"
+}
+
+variable "server_storage_max" {
+  type        = number
+  description = "Max storage allowed in GB for the mysql server."
+  default     = 20
+}
+
+variable "server_version" {
+  type        = string
+  description = "Mysql server version."
+}
+
+variable "storage_auto_grow_enabled" {
+  type        = bool
+  description = "Enables auto-growing of mysql server storage."
+  default     = true
+}
+
+variable "backup_retention_days" {
+  type        = number
+  description = "Backup retention days for the mysql server."
+  default     = 30
+}
+
+variable "geo_redundant_backup_enabled" {
+  type        = bool
+  description = "Enables geo-redundant mysql server backups."
+  default     = true
+}
+
+variable "database_name" {
+  type        = string
+  description = "Name of the mysql database."
+}
+
+variable "database_charset" {
+  type        = string
+  description = "Specifies the charset for the mysql database."
+  default     = "utf8mb3"
+}
+
+variable "database_collation" {
+  type        = string
+  description = "Specifies the collation for the mysql database."
+  default     = "utf8mb3_unicode_ci"
+}
+
+variable "admin_username" {
+  type        = string
+  description = "The administrator login username for the mysql server."
+}
+
+variable "password_keeper" {
+  type        = map(string)
+  description = "Random map of strings, when changed the mysql admin password will rotate."
+}
+
+variable "log_analytics_workspace_id" {
+  type        = string
+  description = "ID of a log analytics workspace (optional)."
+  default     = null
+}
+
+variable "slow_query_log" {
+  type        = string
+  description = "Slow query log. ON or OFF (default)"
+  default     = "OFF"
+}
+
+variable "whitelist_ip_addresses" {
+  type        = set(string)
+  description = "List of IP addresses to whitelist."
+  default     = []
+}