Refactor Velero in infrastructure (#1541)

* Refactor Velero in infrastructure * updates * Suspend velero ks while restore * Fix path for terraform in nginx --------- Co-authored-by: Automatic Update <[email protected]>
equinor · Dec 16, 2024 · 6e5e95c · 6e5e95c
1 parent 5bbfcab
commit 6e5e95c
Show file tree

Hide file tree

Showing 19 changed files with 216 additions and 431 deletions.
diff --git a/scripts/ingress-nginx/bootstrap.sh b/scripts/ingress-nginx/bootstrap.sh
@@ -207,7 +207,7 @@ verify_cluster_access
 ### Create secret required by ingress-nginx
 ###
 
-SELECTED_INGRESS_IP_RAW_ADDRESS=$(terraform -chdir="../../terraform/subscriptions/$AZ_SUBSCRIPTION_NAME/$RADIX_ZONE/pre-clusters" output -json clusters | jq -r '.[] | select(.cluster==env.CLUSTER_NAME).ingressIp')
+SELECTED_INGRESS_IP_RAW_ADDRESS=$(terraform -chdir="../terraform/subscriptions/$AZ_SUBSCRIPTION_NAME/$RADIX_ZONE/pre-clusters" output -json clusters | jq -r '.[] | select(.cluster==env.CLUSTER_NAME).ingressIp')
 create-a-record "*.${CLUSTER_NAME}" "$SELECTED_INGRESS_IP_RAW_ADDRESS" "$AZ_RESOURCE_GROUP_IPPRE" "$AZ_RESOURCE_DNS" "60" || {
       echo "ERROR: failed to create A record *.${CLUSTER_NAME}" >&2
   }

diff --git a/scripts/install_base_components.sh b/scripts/install_base_components.sh
@@ -250,27 +250,6 @@ wait
 ### For network security policy applied by operator to work, the namespace hosting prometheus and nginx-ingress-controller need to be labeled
 kubectl label ns default purpose=radix-base-ns --overwrite
 
-#######################################################################################
-### Install prerequisites for Velero
-###
-
-echo ""
-printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/scripts/velero/install_prerequisites_in_cluster.sh" "${normal}"
-(USER_PROMPT="$USER_PROMPT" ./velero/install_prerequisites_in_cluster.sh)
-wait
-
-#######################################################################################
-### Patching kube-dns metrics
-###
-
-# TODO: Even with this, kube-dns is not discovered in prometheus. Needs to be debugged.
-#
-# echo "Patching kube-dns metrics"
-# kubectl patch deployment -n kube-system kube-dns-v20 \
-#     --patch "$(cat ./manifests/kube-dns-metrics-patch.yaml)"
-
-#
-
 #######################################################################################
 ### Install Flux
 

diff --git a/scripts/velero/install_prerequisites_in_cluster.sh b/scripts/velero/install_prerequisites_in_cluster.sh
diff --git a/scripts/velero/restore/restore_apps.sh b/scripts/velero/restore/restore_apps.sh
@@ -427,6 +427,7 @@ start_radix_operator() {
   printf " Done.\n"
 }
 
+flux suspend ks -n flux-system velero
 wait_for_velero "BackupStorageLocation default"
 kubectl patch BackupStorageLocation default --namespace velero --type merge --patch "$(echo $PATCH_JSON)"
 
@@ -570,8 +571,10 @@ PATCH_JSON="$(
  }
 END
 )"
+
 # Set velero in read/write mode
 kubectl patch BackupStorageLocation default --namespace velero --type merge --patch "$(echo $PATCH_JSON)"
+flux resume ks -n flux-system velero
 
 #######################################################################################
 ### Done!

diff --git a/terraform/subscriptions/s940/c2/common/main.tf b/terraform/subscriptions/s940/c2/common/main.tf
@@ -55,26 +55,27 @@ data "azurerm_subnet" "this" {
 }
 
 module "storageaccount" {
-  source                   = "../../../modules/storageaccount"
-  for_each                 = var.storageaccounts
-  name                     = "radix${each.key}${module.config.environment}"
-  tier                     = each.value.account_tier
-  account_replication_type = each.value.account_replication_type
-  resource_group_name      = each.value.resource_group_name
-  location                 = each.value.location
-  environment              = module.config.environment
-  kind                     = each.value.kind
-  change_feed_enabled      = each.value.change_feed_enabled
-  versioning_enabled       = each.value.versioning_enabled
-  backup                   = each.value.backup
-  principal_id             = module.backupvault.data.backupvault.identity[0].principal_id
-  vault_id                 = module.backupvault.data.backupvault.id
-  policyblobstorage_id     = module.backupvault.data.policyblobstorage.id
-  subnet_id                = data.azurerm_subnet.this.id
-  vnet_resource_group      = module.config.vnet_resource_group
-  lifecyclepolicy          = each.value.lifecyclepolicy
-  ip_rule                  = data.azurerm_key_vault_secret.this.value
-  log_analytics_id         = module.loganalytics.workspace_id
+  source                    = "../../../modules/storageaccount"
+  for_each                  = var.storageaccounts
+  name                      = "radix${each.key}${module.config.environment}"
+  tier                      = each.value.account_tier
+  account_replication_type  = each.value.account_replication_type
+  resource_group_name       = each.value.resource_group_name
+  location                  = each.value.location
+  environment               = module.config.environment
+  kind                      = each.value.kind
+  change_feed_enabled       = each.value.change_feed_enabled
+  versioning_enabled        = each.value.versioning_enabled
+  backup                    = each.value.backup
+  principal_id              = module.backupvault.data.backupvault.identity[0].principal_id
+  vault_id                  = module.backupvault.data.backupvault.id
+  policyblobstorage_id      = module.backupvault.data.policyblobstorage.id
+  subnet_id                 = data.azurerm_subnet.this.id
+  vnet_resource_group       = module.config.vnet_resource_group
+  lifecyclepolicy           = each.value.lifecyclepolicy
+  ip_rule                   = data.azurerm_key_vault_secret.this.value
+  log_analytics_id          = module.loganalytics.workspace_id
+  shared_access_key_enabled = each.value.shared_access_key_enabled #Needed in module create container when running apply
 }
 
 module "acr" {