Merge pull request #11 from ShibraAmin18/gcp

1. Added Azure and GCP cloud Compatibility 2. Enhanced Security: a. Credential Storage and Retrieval 3. Customization: a. Custom Credentials b. Custom Database Support
squareops · Aug 29, 2023 · fc0a9c1 · fc0a9c1
2 parents 581d5d7 + 5350627
commit fc0a9c1
Show file tree

Hide file tree

Showing 49 changed files with 1,480 additions and 325 deletions.
diff --git a/IAM.md b/IAM.md
@@ -1,4 +1,4 @@
-## IAM Permission
+## IAM AWS Permission
 
 The Policy required to deploy this module:
 ```hcl
@@ -50,3 +50,36 @@ The Policy required to deploy this module:
     ]
 }
 ```
+## Azure Role Permissions
+
+```hcl
+ permissions {
+    actions = [
+    "Microsoft.Authorization/roleAssignments/delete",
+    "Microsoft.Authorization/roleAssignments/read",
+    "Microsoft.Authorization/roleAssignments/write",
+    "Microsoft.KeyVault/locations/deletedVaults/read",
+    "Microsoft.KeyVault/vaults/delete",
+    "Microsoft.KeyVault/vaults/read",
+    "Microsoft.KeyVault/vaults/write",
+    "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
+    "Microsoft.ManagedIdentity/userAssignedIdentities/read",
+    "Microsoft.ManagedIdentity/userAssignedIdentities/write",
+    "Microsoft.Resources/subscriptions/providers/read",
+    "Microsoft.Resources/subscriptions/resourcegroups/read"]
+    not_actions = []
+  }
+  ```
+
+  ## Google IAM Permissions
+
+```hcl
+ permissions = [
+    "iam.serviceAccounts.create",
+    "iam.serviceAccounts.delete",
+    "iam.serviceAccounts.get",
+    "iam.serviceAccounts.update",
+    "resourcemanager.projects.getIamPolicy",
+    "resourcemanager.projects.setIamPolicy"
+  ]
+  ```
diff --git a/README.md b/README.md
diff --git a/backup/templates/backup-secrets.yaml b/backup/templates/backup-secrets.yaml
diff --git a/example/complete/main.tf b/example/complete/main.tf
diff --git a/example/complete/README.md → examples/complete/aws/README.md b/example/complete/README.md → examples/complete/aws/README.md
@@ -21,6 +21,7 @@ No requirements.
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_aws"></a> [aws](#module\_aws) | squareops/mongodb/kubernetes//provider/aws | n/a |
 | <a name="module_mongodb"></a> [mongodb](#module\_mongodb) | squareops/mongodb/kubernetes | n/a |
 
 ## Resources

diff --git a/example/complete/helm/values.yaml → examples/complete/aws/helm/values.yaml b/example/complete/helm/values.yaml → examples/complete/aws/helm/values.yaml
diff --git a/examples/complete/aws/main.tf b/examples/complete/aws/main.tf
@@ -0,0 +1,69 @@
+locals {
+  name        = "mongo"
+  region      = "us-east-2"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  create_namespace                   = true
+  namespace                          = "mongodb"
+  store_password_to_secret_manager   = true
+  mongodb_custom_credentials_enabled = true
+  mongodb_custom_credentials_config = {
+    root_user                = "root"
+    root_password            = "NCPFUKEMd7rrWuvMAa73"
+    metric_exporter_user     = "mongodb_exporter"
+    metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
+  }
+}
+module "aws" {
+  source                             = "squareops/mongodb/kubernetes//modules/resources/aws"
+  environment                        = local.environment
+  name                               = local.name
+  store_password_to_secret_manager   = local.store_password_to_secret_manager
+  cluster_name                       = ""
+  mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
+  mongodb_custom_credentials_config  = local.mongodb_custom_credentials_config
+}
+
+module "mongodb" {
+  source           = "squareops/mongodb/kubernetes"
+  namespace        = local.namespace
+  create_namespace = local.create_namespace
+  mongodb_config = {
+    name                             = local.name
+    namespace                        = local.namespace
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    volume_size                      = "10Gi"
+    architecture                     = "replicaset"
+    custom_databases                 = "['db1', 'db2']"
+    custom_databases_usernames       = "['admin', 'admin']"
+    custom_databases_passwords       = "['pass1', 'pass2']"
+    replica_count                    = 2
+    storage_class_name               = "gp2"
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+  }
+  mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
+  mongodb_custom_credentials_config  = local.mongodb_custom_credentials_config
+  root_password                      = local.mongodb_custom_credentials_enabled ? "" : module.aws.root_password
+  metric_exporter_password           = local.mongodb_custom_credentials_enabled ? "" : module.aws.metric_exporter_password
+  bucket_provider_type               = "s3"
+  mongodb_backup_enabled             = true
+  iam_role_arn_backup                = module.aws.iam_role_arn_backup
+  mongodb_backup_config = {
+    bucket_uri           = "s3://mongo-demo-backup"
+    s3_bucket_region     = "us-east-2"
+    cron_for_full_backup = "* * * * *"
+  }
+  mongodb_restore_enabled = true
+  iam_role_arn_restore    = module.aws.iam_role_arn_restore
+  mongodb_restore_config = {
+    bucket_uri       = "s3://mongo-demo-backup/mongodumpfull_20230523_092110.gz"
+    s3_bucket_region = "us-east-2"
+    file_name        = "mongodumpfull_20230523_092110.gz"
+  }
+  mongodb_exporter_enabled = true
+}
diff --git a/example/complete/output.tf → examples/complete/aws/output.tf b/example/complete/output.tf → examples/complete/aws/output.tf
diff --git a/example/complete/provider.tf → examples/complete/aws/provider.tf b/example/complete/provider.tf → examples/complete/aws/provider.tf
diff --git a/examples/complete/azure/README.md b/examples/complete/azure/README.md
@@ -0,0 +1,42 @@
+## Mongodb Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+<br>
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.70.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_azure"></a> [azure](#module\_azure) | squareops/mongodb/kubernetes//provider/azure | n/a |
+| <a name="module_mongodb"></a> [mongodb](#module\_mongodb) | squareops/mongodb/kubernetes | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_mongodb_credential"></a> [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
+| <a name="output_mongodb_endpoints"></a> [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
diff --git a/examples/complete/azure/helm/values.yaml b/examples/complete/azure/helm/values.yaml
@@ -0,0 +1,9 @@
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "Addons-Services"
+            operator: In
+            values:
+            - "true"
diff --git a/examples/complete/azure/main.tf b/examples/complete/azure/main.tf
@@ -0,0 +1,78 @@
+locals {
+  name        = "mongo"
+  region      = "eastus"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  create_namespace                   = true
+  namespace                          = "mongodb"
+  store_password_to_secret_manager   = true
+  mongodb_custom_credentials_enabled = true
+  mongodb_custom_credentials_config = {
+    root_user                = "root"
+    root_password            = "NCPFUKEMd7rrWuvMAa73"
+    metric_exporter_user     = "mongodb_exporter"
+    metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
+  }
+
+  azure_storage_account_name = ""
+  azure_container_name       = ""
+}
+
+module "azure" {
+  source                             = "squareops/mongodb/kubernetes//modules/resources/azure"
+  resource_group_name                = ""
+  resource_group_location            = ""
+  name                               = local.name
+  environment                        = local.environment
+  mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
+  mongodb_custom_credentials_config  = local.mongodb_custom_credentials_config
+  store_password_to_secret_manager   = local.store_password_to_secret_manager
+  storage_account_name               = local.azure_storage_account_name
+}
+
+module "mongodb" {
+  source                  = "squareops/mongodb/kubernetes"
+  cluster_name            = ""
+  namespace               = local.namespace
+  create_namespace        = local.create_namespace
+  resource_group_name     = ""
+  resource_group_location = ""
+  mongodb_config = {
+    name                             = local.name
+    namespace                        = local.namespace
+    values_yaml                      = file("./helm/values.yaml")
+    volume_size                      = "10Gi"
+    architecture                     = "replicaset"
+    replica_count                    = 1
+    environment                      = local.environment
+    custom_databases                 = "['db1', 'db2']"
+    custom_databases_usernames       = "['admin', 'admin']"
+    custom_databases_passwords       = "['pass1', 'pass2']"
+    storage_class_name               = "infra-service-sc"
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+  }
+  mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
+  mongodb_custom_credentials_config  = local.mongodb_custom_credentials_config
+  root_password                      = local.mongodb_custom_credentials_enabled ? "" : module.azure.root_password
+  metric_exporter_password           = local.mongodb_custom_credentials_enabled ? "" : module.azure.metric_exporter_pasword
+  bucket_provider_type               = "azure"
+  mongodb_backup_enabled             = false
+  mongodb_backup_config = {
+    bucket_uri                 = "https://${local.azure_storage_account_name}.blob.core.windows.net/${local.azure_container_name}"
+    azure_storage_account_name = local.azure_storage_account_name
+    azure_container_name       = local.azure_container_name
+    cron_for_full_backup       = "* * 1 * *"
+  }
+  mongodb_restore_enabled = false
+  mongodb_restore_config = {
+    bucket_uri                 = "https://${local.azure_storage_account_name}.blob.core.windows.net/${local.azure_container_name}"
+    azure_storage_account_name = local.azure_storage_account_name
+    azure_container_name       = local.azure_container_name
+    file_name                  = "mongodumpfull_20230710_132301.gz"
+  }
+  mongodb_exporter_enabled = true
+}
diff --git a/examples/complete/azure/output.tf b/examples/complete/azure/output.tf
@@ -0,0 +1,9 @@
+output "mongodb_endpoints" {
+  value       = module.mongodb.mongodb_endpoints
+  description = "MongoDB endpoints in the Kubernetes cluster."
+}
+
+output "mongodb_credential" {
+  value       = local.store_password_to_secret_manager ? null : module.mongodb.mongodb_credential
+  description = "MongoDB credentials used for accessing the MongoDB database."
+}
diff --git a/examples/complete/azure/provider.tf b/examples/complete/azure/provider.tf
@@ -0,0 +1,26 @@
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_kubernetes_cluster" "primary" {
+  name                = ""
+  resource_group_name = ""
+}
+
+provider "kubernetes" {
+  host                   = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+  username               = data.azurerm_kubernetes_cluster.primary.kube_config.0.username
+  password               = data.azurerm_kubernetes_cluster.primary.kube_config.0.password
+  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+  client_key             = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+    client_key             = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+    client_certificate     = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+    cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+  }
+}