Merge pull request #3 from ShibraAmin18/azure-dev

added support for azure

Author: prajwalakhuj

backup/templates/fullbackup-cronjob.yaml

@@ -17,7 +17,7 @@ spec:
           serviceAccountName: sa-mongo-backup
           containers:
           - name: backup-mongodb
-            image: squareops/mongodb-backup:v3
+            image: squareops/mongodb-backup:v5
             env:
             - name: MONGODB_URI
               value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-0.mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017

example/complete/azure/README.md

@@ -0,0 +1,42 @@
+## Mongodb Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+<br>
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.70.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_azure"></a> [azure](#module\_azure) | squareops/mongodb/kubernetes//provider/azure | n/a |
+| <a name="module_mongodb"></a> [mongodb](#module\_mongodb) | squareops/mongodb/kubernetes | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_mongodb_credential"></a> [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
+| <a name="output_mongodb_endpoints"></a> [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |

example/complete/azure/helm/values.yaml

@@ -0,0 +1,9 @@
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "Addons-Services"
+            operator: In
+            values:
+            - "true"

example/complete/azure/main.tf

@@ -0,0 +1,70 @@
+locals {
+  name        = "mongo"
+  region      = "eastus"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  store_password_to_secret_manager   = true
+  mongodb_custom_credentials_enabled = true
+  mongodb_custom_credentials_config = {
+    root_user                = "root"
+    root_password            = "NCPFUKEMd7rrWuvMAa73"
+    metric_exporter_user     = "mongodb_exporter"
+    metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
+  }
+
+  azure_storage_account_name = ""
+  azure_container_name       = ""
+}
+
+module "azure" {
+  source                             = "squareops/mongodb/kubernetes//provider/azure"
+  resource_group_name                = ""
+  resource_group_location            = ""
+  name                               = local.name
+  environment                        = local.environment
+  mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
+  mongodb_custom_credentials_config  = local.mongodb_custom_credentials_config
+  store_password_to_secret_manager   = local.store_password_to_secret_manager
+  storage_account_name               = local.azure_storage_account_name
+}
+
+module "mongodb" {
+  source                  = "squareops/mongodb/kubernetes"
+  cluster_name            = ""
+  resource_group_name     = ""
+  resource_group_location = ""
+  mongodb_config = {
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    volume_size                      = "10Gi"
+    architecture                     = "replicaset"
+    replica_count                    = 1
+    environment                      = local.environment
+    storage_class_name               = "infra-service-sc"
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+  }
+  mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
+  mongodb_custom_credentials_config  = local.mongodb_custom_credentials_config
+  root_password                      = local.mongodb_custom_credentials_enabled ? "" : module.azure.root_password
+  metric_exporter_pasword            = local.mongodb_custom_credentials_enabled ? "" : module.azure.metric_exporter_pasword
+  bucket_provider_type               = "azure"
+  mongodb_backup_enabled             = false
+  mongodb_backup_config = {
+    bucket_uri                 = "https://${local.azure_storage_account_name}.blob.core.windows.net/${local.azure_container_name}"
+    azure_storage_account_name = local.azure_storage_account_name
+    azure_container_name       = local.azure_container_name
+    cron_for_full_backup       = "* * 1 * *"
+  }
+  mongodb_restore_enabled = false
+  mongodb_restore_config = {
+    bucket_uri                 = "https://${local.azure_storage_account_name}.blob.core.windows.net/${local.azure_container_name}"
+    azure_storage_account_name = local.azure_storage_account_name
+    azure_container_name       = local.azure_container_name
+    file_name                  = "mongodumpfull_20230710_132301.gz"
+  }
+  mongodb_exporter_enabled = true
+}

example/complete/azure/output.tf

@@ -0,0 +1,9 @@
+output "mongodb_endpoints" {
+  value       = module.mongodb.mongodb_endpoints
+  description = "MongoDB endpoints in the Kubernetes cluster."
+}
+
+output "mongodb_credential" {
+  value       = local.store_password_to_secret_manager ? null : module.mongodb.mongodb_credential
+  description = "MongoDB credentials used for accessing the MongoDB database."
+}

example/complete/azure/provider.tf

@@ -0,0 +1,26 @@
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_kubernetes_cluster" "primary" {
+  name                = ""
+  resource_group_name = ""
+}
+
+provider "kubernetes" {
+  host                   = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+  username               = data.azurerm_kubernetes_cluster.primary.kube_config.0.username
+  password               = data.azurerm_kubernetes_cluster.primary.kube_config.0.password
+  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+  client_key             = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+    client_key             = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+    client_certificate     = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+    cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+  }
+}

helm/values/backup/values.yaml

@@ -6,9 +6,12 @@ auth:
 backup:
   bucket_uri: ${bucket_uri}
   aws_default_region: ${s3_bucket_region}
+  azure_storage_account_name: ${azure_storage_account_name}
+  azure_storage_account_key: ${azure_storage_account_key}
+  azure_container_name: ${azure_container_name}
   cron_for_full_backup: "${cron_for_full_backup}"
 
 annotations:
   ${annotations}
 
-bucket_provider_type: ${bucket_provider_type}
+bucket_provider_type: ${bucket_provider_type}

helm/values/restore/values.yaml

@@ -7,6 +7,9 @@ restore:
   bucket_uri: ${bucket_uri}
   file_name: ${file_name}
   aws_default_region: ${s3_bucket_region}
+  azure_storage_account_name: ${azure_storage_account_name}
+  azure_storage_account_key: ${azure_storage_account_key}
+  azure_container_name: ${azure_container_name}
 
 annotations:
   ${annotations}

main.tf

@@ -60,7 +60,10 @@ resource "helm_release" "mongodb_backup" {
       s3_bucket_region           = var.bucket_provider_type == "s3" ? var.mongodb_backup_config.s3_bucket_region : "",
       cron_for_full_backup       = var.mongodb_backup_config.cron_for_full_backup,
       bucket_provider_type       = var.bucket_provider_type,
-      annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${var.iam_role_arn_backup}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
+      azure_storage_account_name = var.bucket_provider_type == "azure" ? var.azure_storage_account_name : ""
+      azure_storage_account_key  = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
+      azure_container_name       = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
+      annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_backup}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_backup}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_backup}" : ""      
     })
   ]
 }
@@ -80,7 +83,10 @@ resource "helm_release" "mongodb_restore" {
       file_name                  = var.mongodb_restore_config.file_name,
       s3_bucket_region           = var.bucket_provider_type == "s3" ? var.mongodb_restore_config.s3_bucket_region : "",
       bucket_provider_type       = var.bucket_provider_type,
-      annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${var.iam_role_arn_restore}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
+      azure_storage_account_name = var.bucket_provider_type == "azure" ? var.azure_storage_account_name : ""
+      azure_storage_account_key  = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
+      azure_container_name       = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
+      annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_restore}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_restore}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_restore}" : ""
     })
   ]
 }

provider/azure/README.md

@@ -0,0 +1,62 @@
+# Azure Mongodb Kubernetes Module
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_key_vault.mongo-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
+| [azurerm_key_vault_secret.mongo-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_role_assignment.pod_identity_assignment_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.secretadmin_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.secretadmin_restore](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.service_account_token_creator_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.service_account_token_creator_restore](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_user_assigned_identity.mongo_backup_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [azurerm_user_assigned_identity.mongo_restore_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [azurerm_user_assigned_identity.pod_identity_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
+| [random_password.mongodb_exporter_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+| [random_password.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+| [azurerm_subscription.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_azure_uai_backup_name"></a> [azure\_uai\_backup\_name](#input\_azure\_uai\_backup\_name) | Azure User Assigned Identity name for backup | `string` | `"mongo-backup"` | no |
+| <a name="input_azure_uai_pod_identity_backup_name"></a> [azure\_uai\_pod\_identity\_backup\_name](#input\_azure\_uai\_pod\_identity\_backup\_name) | Azure User Assigned Identity name for pod identity backup | `string` | `"pod-identity-backup"` | no |
+| <a name="input_azure_uai_pod_identity_restore_name"></a> [azure\_uai\_pod\_identity\_restore\_name](#input\_azure\_uai\_pod\_identity\_restore\_name) | Azure User Assigned Identity name for pod identity restore | `string` | `"pod-identity-restore"` | no |
+| <a name="input_azure_uai_restore_name"></a> [azure\_uai\_restore\_name](#input\_azure\_uai\_restore\_name) | Azure User Assigned Identity name for restore | `string` | `"mongo-restore"` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
+| <a name="input_mongodb_config"></a> [mongodb\_config](#input\_mongodb\_config) | Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | <pre>{<br>  "architecture": "",<br>  "environment": "",<br>  "name": "",<br>  "replica_count": 2,<br>  "storage_class_name": "",<br>  "store_password_to_secret_manager": true,<br>  "values_yaml": "",<br>  "volume_size": ""<br>}</pre> | no |
+| <a name="input_mongodb_custom_credentials_config"></a> [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | <pre>{<br>  "metric_exporter_password": "",<br>  "metric_exporter_user": "",<br>  "root_password": "",<br>  "root_user": ""<br>}</pre> | no |
+| <a name="input_mongodb_custom_credentials_enabled"></a> [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of all the resources | `string` | `""` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Azure region | `string` | `"East US"` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Azure Resource Group name | `string` | `""` | no |
+| <a name="input_storage_account_name"></a> [storage\_account\_name](#input\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
+| <a name="input_store_password_to_secret_manager"></a> [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_az_account_backup"></a> [az\_account\_backup](#output\_az\_account\_backup) | Azure User Assigned Identity for backup |
+| <a name="output_az_account_restore"></a> [az\_account\_restore](#output\_az\_account\_restore) | Azure User Assigned Identity for restore |
+| <a name="output_metric_exporter_pasword"></a> [metric\_exporter\_pasword](#output\_metric\_exporter\_pasword) | mongodb\_exporter user's password of MongoDB |
+| <a name="output_root_password"></a> [root\_password](#output\_root\_password) | Root user's password of MongoDB |