Merge pull request #18 from amanmallsops/feature/primary_services

created primary services in mongodb, added resources limit and request and affinity on all module

Author: RohitSquareops

README.md

@@ -98,7 +98,27 @@ module "mongodb" {
 
 ## IAM Permissions
 The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-kubernetes-mongodb/blob/main/IAM.md)
-
+## Mongo Backup and Restore
+This module provides functionality to automate the backup and restore process for mongo databases using AWS S3 buckets. It allows users to easily schedule backups, restore databases from backups stored in S3, and manage access permissions using AWS IAM roles.
+Features
+### Backup
+- Users can schedule full backups.
+- Backups are stored in specified S3 buckets.
+### Restore
+- Users can restore Mongo databases from backups stored in S3 buckets.
+- Supports specifying the backup file to restore from and the target S3 bucket region.
+### IAM Role for Permissions
+- Users need to provide an IAM role for the module to access the specified S3 bucket and perform backup and restore operations.
+## Module Inputs
+### Backup Configuration
+- bucket_uri: The URI of the S3 bucket where backups will be stored.
+- s3_bucket_region: The region of the S3 bucket.
+- cron_for_full_backup: The cron expression for scheduling full backups.
+### Restore Configuration
+- mongodb_restore_config: Configuration for restoring databases. 
+- bucket_uri: The URI of the S3 bucket containing the backup file.
+- file_name: The name of the backup file to restore.
+- s3_bucket_region: The region of the S3 bucket containing the backup file.
 ## Important Notes
   1. In order to enable the exporter, it is required to deploy Prometheus/Grafana first.
   2. The exporter is a tool that extracts metrics data from an application or system and makes it available to be scraped by Prometheus.

examples/complete/aws/helm/exporter.yaml

@@ -13,4 +13,4 @@ resources:
     memory: 200Mi
   requests:
     cpu: 50m
-    memory: 100Mi
+    memory: 100Mi

examples/complete/aws/helm/values.yaml

@@ -7,6 +7,44 @@ affinity:
             operator: In
             values:
             - "true"
+
+resources:
+  limits:
+    cpu: 900m
+    memory: 800Mi
+  requests:
+    cpu: 600m
+    memory: 500Mi
+
+metrics:
+  enabled: true
+  resources:
+    limits:
+       cpu: 200m
+       memory: 528Mi
+    requests:
+       cpu: 120m
+       memory: 228Mi
+
+arbiter:
+  resources:
+    limits:
+      cpu: 200m
+      memory: 400Mi
+    requests:
+      cpu: 100m
+      memory: 250Mi
+  
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+          - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
 backupjob:
   resources:
     requests:
@@ -23,4 +61,4 @@ restorejob:
       cpu: 50m
     limits:
       memory: 200Mi
-      cpu: 100m
+      cpu: 100m

helm/values/exporter/values.yaml

@@ -24,7 +24,7 @@ livenessProbe:
 
 # [mongodb[+srv]://][user:pass@]host1[:port1][,host2[:port2],...][/database][?options]
 mongodb:
-  uri: "mongodb://mongodb_exporter:${mongodb_exporter_password}@mongodb-0.mongodb-headless.{namespace}.svc.cluster.local:27017/admin?authSource=admin"
+  uri: "mongodb://mongodb_exporter:${mongodb_exporter_password}@mongodb-primary.{namespace}.svc.cluster.local:27017/admin?authSource=admin"
 
 # Name of an externally managed secret (in the same namespace) containing the connection uri as key `mongodb-uri`.
 # If this is provided, the value mongodb.uri is ignored.

helm/values/mongodb/values.yaml

@@ -67,7 +67,29 @@ clusterDomain: cluster.local
 ##       app.kubernetes.io/name: mongodb
 ##       primary: "true"
 ##
-extraDeploy: []
+extraDeploy:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: mongodb-primary
+      namespace: ${namespace}
+      labels:
+        app.kubernetes.io/component: mongodb
+        app.kubernetes.io/instance: mongodb
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: mongodb
+    spec:
+      type: ClusterIP
+      ports:
+        - name: mongodb-primary
+          port: 27017
+          protocol: TCP
+          targetPort: mongodb
+      selector:
+        app.kubernetes.io/component: mongodb
+        app.kubernetes.io/instance: mongodb
+        app.kubernetes.io/name: mongodb
+        primary: "true"
 ## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
 ##
 commonLabels: {}
@@ -502,23 +524,23 @@ containerSecurityContext:
 ## @param resources.limits The resources limits for MongoDB(®) containers
 ## @param resources.requests The requested resources for MongoDB(®) containers
 ##
-resources:
+resources: {}
   ## Example:
   ## limits:
   ##    cpu: 100m
   ##    memory: 128Mi
   ##
-  limits:
-    cpu: 1000m
-    memory: 1000Mi
+  # limits:
+  #   cpu: 1000m
+  #   memory: 1000Mi
   ## Examples:
   ## requests:
   ##    cpu: 100m
   ##    memory: 128Mi
   ##
-  requests:
-    cpu: 500m
-    memory: 500Mi
+  # requests:
+  #   cpu: 500m
+  #   memory: 500Mi
 ## @param containerPorts.mongodb MongoDB(®) container port
 containerPorts:
   mongodb: 27017
@@ -620,7 +642,24 @@ initContainers: []
 ##     - name: DEBUG
 ##       value: "true"
 ##
-sidecars: []
+sidecars:
+  - name: mongo-labeler
+    image: korenlev/k8s-mongo-labeler-sidecar
+    imagePullPolicy: Always
+    env:
+      - name: LABEL_SELECTOR
+        value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
+      - name: NAMESPACE
+        value: ${namespace}
+      - name: DEBUG
+        value: "true"
+    resources:
+      limits:
+        cpu: 100m
+        memory: 200Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
 ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s)
 ## Examples:
 ## extraVolumeMounts:
@@ -996,7 +1035,7 @@ rbac:
   ## that allows MongoDB(®) pods querying the K8s API
   ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
   ##
-  create: false
+  create: true
   ## @param rbac.rules Custom rules to create following the role specification
   ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
   ## rules:
@@ -1010,7 +1049,16 @@ rbac:
   ##       - watch
   ##       - update
   ##
-  rules: []
+  rules:
+    - apiGroups:
+        - ""
+      resources:
+        - pods
+      verbs:
+        - get
+        - list
+        - watch
+        - update
 ## PodSecurityPolicy configuration
 ## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
 ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
@@ -1304,23 +1352,23 @@ arbiter:
   ## @param arbiter.resources.limits The resources limits for Arbiter containers
   ## @param arbiter.resources.requests The requested resources for Arbiter containers
   ##
-  resources:
+  resources: {}
     ## Example:
     ## limits:
     ##    cpu: 100m
     ##    memory: 128Mi
     ##
-    limits:
-      cpu: 200m
-      memory: 500Mi
+    # limits:
+    #   cpu: 200m
+    #   memory: 500Mi
     ## Examples:
     ## requests:
     ##    cpu: 100m
     ##    memory: 128Mi
     ##
-    requests:
-      cpu: 100m
-      memory: 250Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 250Mi
   ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port
   ##
   containerPorts:
@@ -1866,19 +1914,14 @@ metrics:
   ## @param metrics.resources.limits The resources limits for Prometheus exporter containers
   ## @param metrics.resources.requests The requested resources for Prometheus exporter containers
   ##
-  resources:
-    ## Example:
-    ## limits:
-    ##    cpu: 100m
-    ##    memory: 128Mi
-    ##
-    limits: {}
-    ## Examples:
-    ## requests:
-    ##    cpu: 100m
-    ##    memory: 128Mi
-    ##
-    requests: {}
+  resources: {}
+    # limits:
+    #    cpu: 100m
+    #    memory: 128Mi
+    # requests:
+    #    cpu: 100m
+    #    memory: 128Mi
+  ##
   ## @param metrics.containerPort Port of the Prometheus metrics container
   ##
   containerPort: 9216
@@ -1929,9 +1972,9 @@ metrics:
   ##
   readinessProbe:
     enabled: true
-    initialDelaySeconds: 5
+    initialDelaySeconds: 30
     periodSeconds: 5
-    timeoutSeconds: 1
+    timeoutSeconds: 15
     failureThreshold: 3
     successThreshold: 1
   ## Slow starting containers can be protected through startup probes

main.tf

@@ -67,7 +67,8 @@ resource "helm_release" "mongodb_backup" {
       azure_storage_account_key  = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
       azure_container_name       = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
       annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_backup}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_backup}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_backup}" : ""
-    })
+    }),
+    var.mongodb_config.values_yaml
   ]
 }
 
@@ -90,7 +91,8 @@ resource "helm_release" "mongodb_restore" {
       azure_storage_account_key  = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
       azure_container_name       = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
       annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_restore}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_restore}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_restore}" : ""
-    })
+    }),
+    var.mongodb_config.values_yaml
   ]
 }
 

modules/backup/templates/fullbackup-cronjob.yaml

@@ -13,15 +13,16 @@ spec:
     spec:
       template:
         spec:
-          affinity: {{ .Values.affinity | toYaml | nindent 10 }}
+          affinity:
+            {{- toYaml .Values.affinity | nindent 12 }}
           restartPolicy: OnFailure
           serviceAccountName: sa-mongo-backup
           containers:
           - name: backup-mongodb
             image: squareops/mongodb-backup:v7
             env:
             - name: MONGODB_URI
-              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-0.mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
+              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
             - name: MONGO_OPLOG
               value: "true"
             - name: MONGO_BUCKET_URI
@@ -33,4 +34,5 @@ spec:
               value: {{ .Values.bucket_provider_type }}
             - name: AWS_DEFAULT_REGION
               value: {{ .Values.backup.aws_default_region }}
-            resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }}
+            resources: 
+              {{- toYaml .Values.backupjob.resources | nindent 14 }}

modules/restore/templates/job.yaml

@@ -5,14 +5,15 @@ metadata:
 spec:
   template:
     spec:
-      affinity: {{ .Values.affinity | toYaml | nindent 6 }}
+      affinity:
+        {{- toYaml .Values.affinity | nindent 8 }}
       serviceAccountName: sa-mongo-restore
       containers:
           - name: restore-mongodb
             image: squareops/mongodb-restore:v6
             env:
             - name: MONGO_URI
-              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-0.mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
+              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-primary.{{ .Release.Namespace }}.svc.cluster.local:27017
             - name: MONGO_OPLOG
               value: "false"
             - name: AWS_DEFAULT_REGION
@@ -26,6 +27,7 @@ spec:
               value: {{ .Values.restore.file_name | quote }}
             - name: RESTORE_FROM
               value: {{ .Values.bucket_provider_type}}
-            resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }}
+            resources:
+              {{- toYaml .Values.restorejob.resources | nindent 14 }}
       restartPolicy: Never
   backoffLimit: 4

output.tf

@@ -1,8 +1,9 @@
 output "mongodb_endpoints" {
   description = "MongoDB endpoints in the Kubernetes cluster."
   value = {
-    mongoport        = "27017",
-    mongodb_endpoint = "mongodb-headless.${var.namespace}.svc.cluster.local"
+    mongoport                 = "27017",
+    mongodb_headless_endpoint = "mongodb-headless.${var.namespace}.svc.cluster.local"
+    mongodb_primary_endpoint  = "mongodb-primary.${var.namespace}.svc.cluster.local"
   }
 }