From e4bb134d0e1f62a3ea8fc6ccc3f4d8e45aec5a7d Mon Sep 17 00:00:00 2001 From: John Ake Date: Tue, 17 Oct 2023 12:02:47 +0100 Subject: [PATCH] Add statuscake monitoring for preprod and prod --- terraform/aks/application.tf | 4 +-- terraform/aks/data.tf | 10 +++++-- terraform/aks/provider.tf | 3 ++ terraform/aks/statuscake.tf | 29 +++++++++++++++++++ terraform/aks/variables.tf | 13 +++++++++ .../development_aks.tfvars.json | 4 ++- .../preproduction_aks.tfvars.json | 14 ++++++++- .../production_aks.tfvars.json | 15 +++++++++- .../review_aks.tfvars.json | 4 ++- .../workspace_variables/test_aks.tfvars.json | 4 ++- terraform/paas/provider.tf | 3 -- 11 files changed, 90 insertions(+), 13 deletions(-) create mode 100644 terraform/aks/statuscake.tf diff --git a/terraform/aks/application.tf b/terraform/aks/application.tf index 8f290050..6c5cae80 100644 --- a/terraform/aks/application.tf +++ b/terraform/aks/application.tf @@ -2,8 +2,8 @@ locals { environment = "${var.app_environment}${var.app_suffix}" service_name = "find-a-lost-trn" app_secrets = { - DATABASE_URL = var.deploy_postgres ? module.postgres.url : "${data.azurerm_key_vault_secret.db_url[0].value}" - REDIS_URL = var.deploy_redis ? module.redis[0].url : "${data.azurerm_key_vault_secret.redis_url[0].value}" + DATABASE_URL = var.deploy_postgres ? module.postgres.url : "" + REDIS_URL = var.deploy_redis ? module.redis[0].url : "" } } diff --git a/terraform/aks/data.tf b/terraform/aks/data.tf index 8cf2b89f..1c41fd09 100644 --- a/terraform/aks/data.tf +++ b/terraform/aks/data.tf @@ -1,9 +1,8 @@ data "azurerm_key_vault" "infra_secret_vault" { - count = var.deploy_postgres ? 0 : 1 - name = var.key_vault_name + name = var.inf_vault_name resource_group_name = var.key_vault_resource_group } -data "azurerm_key_vault_secret" "db_url" { +/* data "azurerm_key_vault_secret" "db_url" { count = length(data.azurerm_key_vault.infra_secret_vault)==0 ? 0 : 1 name = var.review_url_db_name key_vault_id = data.azurerm_key_vault.infra_secret_vault[0].id @@ -12,4 +11,9 @@ data "azurerm_key_vault_secret" "redis_url" { count = length(data.azurerm_key_vault.infra_secret_vault)==0 ? 0 : 1 name = var.review_url_redis_name key_vault_id = data.azurerm_key_vault.infra_secret_vault[0].id +} */ + +data "azurerm_key_vault_secret" "statuscake_password" { + name = "STATUSCAKE-PASSWORD" + key_vault_id = data.azurerm_key_vault.infra_secret_vault.id } \ No newline at end of file diff --git a/terraform/aks/provider.tf b/terraform/aks/provider.tf index 39972ba3..39dc6d07 100644 --- a/terraform/aks/provider.tf +++ b/terraform/aks/provider.tf @@ -19,3 +19,6 @@ provider "kubernetes" { cluster_ca_certificate = module.cluster_data.kubernetes_cluster_ca_certificate } +provider "statuscake" { + api_token = data.azurerm_key_vault_secret.statuscake_password.value +} diff --git a/terraform/aks/statuscake.tf b/terraform/aks/statuscake.tf new file mode 100644 index 00000000..73236625 --- /dev/null +++ b/terraform/aks/statuscake.tf @@ -0,0 +1,29 @@ +module "statuscake" { + for_each = var.statuscake_alerts + + source = "./vendor/modules/aks//monitoring/statuscake" + + uptime_urls = each.value.website_url + contact_groups = each.value.contact_group +} + +resource "statuscake_ssl_check" "domain-alert" { + for_each = var.statuscake_alerts + + check_interval = 3600 # Check once per hour + contact_groups = each.value.contact_group + follow_redirects = true + + alert_config { + alert_at = [3, 7, 30] # Alert 1 month, 1 week then 3 days before expiration + + on_reminder = true + on_expiry = true + on_broken = true + on_mixed = true + } + + monitored_resource { + address = each.value.ssl_domain + } +} diff --git a/terraform/aks/variables.tf b/terraform/aks/variables.tf index 5f783a21..99aed108 100644 --- a/terraform/aks/variables.tf +++ b/terraform/aks/variables.tf @@ -108,6 +108,11 @@ variable "key_vault_resource_group" { description = "the name of the key vault resorce group" } +variable "inf_vault_name" { + default = null + description = "infrastructure kv name" +} + variable "review_url_db_name" { default = null description = "the name of the secret storing review db url" @@ -117,3 +122,11 @@ variable "review_url_redis_name" { default = null description = "the name of the secret storing review redis url" } + +# StatusCake variables +variable "statuscake_alerts" { + type = map(any) + default = {} +} + +variable "api_token" { default = "" } diff --git a/terraform/aks/workspace_variables/development_aks.tfvars.json b/terraform/aks/workspace_variables/development_aks.tfvars.json index dc9b89c0..fdda8619 100644 --- a/terraform/aks/workspace_variables/development_aks.tfvars.json +++ b/terraform/aks/workspace_variables/development_aks.tfvars.json @@ -7,5 +7,7 @@ "azure_resource_prefix": "s189t01", "config_short": "dv", "service_short": "faltrn", - "app_key_vault": "s189t01-faltrn-dv-app-kv" + "app_key_vault": "s189t01-faltrn-dv-app-kv", + "inf_vault_name": "s189t01-faltrn-dv-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-dv-rg" } diff --git a/terraform/aks/workspace_variables/preproduction_aks.tfvars.json b/terraform/aks/workspace_variables/preproduction_aks.tfvars.json index 072b945e..96c1eb00 100644 --- a/terraform/aks/workspace_variables/preproduction_aks.tfvars.json +++ b/terraform/aks/workspace_variables/preproduction_aks.tfvars.json @@ -7,5 +7,17 @@ "azure_resource_prefix": "s189t01", "config_short": "pp", "service_short": "faltrn", - "app_key_vault": "s189t01-faltrn-pp-app-kv" + "app_key_vault": "s189t01-faltrn-pp-app-kv", + "statuscake_alerts": { + "alert": { + "website_url": [ + "https://preprod.find-a-lost-trn.education.gov.uk/health/all", + "https://find-a-lost-trn-preproduction.test.teacherservices.cloud/health/all" + ], + "contact_group": [282783], + "ssl_domain": "https://preprod.find-a-lost-trn.education.gov.uk" + } + }, + "inf_vault_name": "s189t01-faltrn-pp-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-pp-rg" } diff --git a/terraform/aks/workspace_variables/production_aks.tfvars.json b/terraform/aks/workspace_variables/production_aks.tfvars.json index c55ae080..782eee8f 100644 --- a/terraform/aks/workspace_variables/production_aks.tfvars.json +++ b/terraform/aks/workspace_variables/production_aks.tfvars.json @@ -8,5 +8,18 @@ "config_short": "pd", "service_short": "faltrn", "app_key_vault": "s189p01-faltrn-pd-app-kv", - "worker_replicas": 0 + "worker_replicas": 0, + "statuscake_alerts": { + "alert": { + "website_url": [ + "https://find-a-lost-trn.education.gov.uk/health/all", + "https://find-a-lost-trn-production.teacherservices.cloud/health/all" + ], + "contact_group": [282783], + "ssl_domain": "https://find-a-lost-trn.education.gov.uk", + "confirmations": 2 + } + }, + "inf_vault_name": "s189p01-faltrn-pd-inf-kv", + "key_vault_resource_group": "s189p01-faltrn-pd-rg" } diff --git a/terraform/aks/workspace_variables/review_aks.tfvars.json b/terraform/aks/workspace_variables/review_aks.tfvars.json index 7ad851fc..1e0a06a2 100644 --- a/terraform/aks/workspace_variables/review_aks.tfvars.json +++ b/terraform/aks/workspace_variables/review_aks.tfvars.json @@ -8,5 +8,7 @@ "config_short": "rv", "service_short": "faltrn", "deploy_azure_backing_services": false, - "enable_postgres_ssl": false + "enable_postgres_ssl": false, + "inf_vault_name": "s189t01-faltrn-rv-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-rv-rg" } diff --git a/terraform/aks/workspace_variables/test_aks.tfvars.json b/terraform/aks/workspace_variables/test_aks.tfvars.json index f637c660..5f765749 100644 --- a/terraform/aks/workspace_variables/test_aks.tfvars.json +++ b/terraform/aks/workspace_variables/test_aks.tfvars.json @@ -7,5 +7,7 @@ "azure_resource_prefix": "s189t01", "config_short": "ts", "service_short": "faltrn", - "app_key_vault": "s189t01-faltrn-ts-app-kv" + "app_key_vault": "s189t01-faltrn-ts-app-kv", + "inf_vault_name": "s189t01-faltrn-ts-inf-kv", + "key_vault_resource_group": "s189t01-faltrn-ts-rg" } diff --git a/terraform/paas/provider.tf b/terraform/paas/provider.tf index a360d335..76e372de 100644 --- a/terraform/paas/provider.tf +++ b/terraform/paas/provider.tf @@ -20,6 +20,3 @@ provider "cloudfoundry" { password = data.azurerm_key_vault_secret.secrets["PAAS-PASSWORD"].value } -provider "statuscake" { - api_token = local.monitoring_secrets.STATUSCAKE_PASSWORD -}