Skip to content

Commit

Permalink
Refactor Velero in infrastructure
Browse files Browse the repository at this point in the history
  • Loading branch information
Automatic Update committed Dec 13, 2024
1 parent 5bbfcab commit b935890
Show file tree
Hide file tree
Showing 16 changed files with 212 additions and 430 deletions.
21 changes: 0 additions & 21 deletions scripts/install_base_components.sh
Original file line number Diff line number Diff line change
Expand Up @@ -250,27 +250,6 @@ wait
### For network security policy applied by operator to work, the namespace hosting prometheus and nginx-ingress-controller need to be labeled
kubectl label ns default purpose=radix-base-ns --overwrite

#######################################################################################
### Install prerequisites for Velero
###

echo ""
printf "%s► Execute %s%s\n" "${grn}" "$WORKDIR_PATH/scripts/velero/install_prerequisites_in_cluster.sh" "${normal}"
(USER_PROMPT="$USER_PROMPT" ./velero/install_prerequisites_in_cluster.sh)
wait

#######################################################################################
### Patching kube-dns metrics
###

# TODO: Even with this, kube-dns is not discovered in prometheus. Needs to be debugged.
#
# echo "Patching kube-dns metrics"
# kubectl patch deployment -n kube-system kube-dns-v20 \
# --patch "$(cat ./manifests/kube-dns-metrics-patch.yaml)"

#

#######################################################################################
### Install Flux

Expand Down
248 changes: 0 additions & 248 deletions scripts/velero/install_prerequisites_in_cluster.sh

This file was deleted.

41 changes: 21 additions & 20 deletions terraform/subscriptions/s940/c2/common/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -55,26 +55,27 @@ data "azurerm_subnet" "this" {
}

module "storageaccount" {
source = "../../../modules/storageaccount"
for_each = var.storageaccounts
name = "radix${each.key}${module.config.environment}"
tier = each.value.account_tier
account_replication_type = each.value.account_replication_type
resource_group_name = each.value.resource_group_name
location = each.value.location
environment = module.config.environment
kind = each.value.kind
change_feed_enabled = each.value.change_feed_enabled
versioning_enabled = each.value.versioning_enabled
backup = each.value.backup
principal_id = module.backupvault.data.backupvault.identity[0].principal_id
vault_id = module.backupvault.data.backupvault.id
policyblobstorage_id = module.backupvault.data.policyblobstorage.id
subnet_id = data.azurerm_subnet.this.id
vnet_resource_group = module.config.vnet_resource_group
lifecyclepolicy = each.value.lifecyclepolicy
ip_rule = data.azurerm_key_vault_secret.this.value
log_analytics_id = module.loganalytics.workspace_id
source = "../../../modules/storageaccount"
for_each = var.storageaccounts
name = "radix${each.key}${module.config.environment}"
tier = each.value.account_tier
account_replication_type = each.value.account_replication_type
resource_group_name = each.value.resource_group_name
location = each.value.location
environment = module.config.environment
kind = each.value.kind
change_feed_enabled = each.value.change_feed_enabled
versioning_enabled = each.value.versioning_enabled
backup = each.value.backup
principal_id = module.backupvault.data.backupvault.identity[0].principal_id
vault_id = module.backupvault.data.backupvault.id
policyblobstorage_id = module.backupvault.data.policyblobstorage.id
subnet_id = data.azurerm_subnet.this.id
vnet_resource_group = module.config.vnet_resource_group
lifecyclepolicy = each.value.lifecyclepolicy
ip_rule = data.azurerm_key_vault_secret.this.value
log_analytics_id = module.loganalytics.workspace_id
shared_access_key_enabled = each.value.shared_access_key_enabled #Needed in module create container when running apply
}

module "acr" {
Expand Down
34 changes: 18 additions & 16 deletions terraform/subscriptions/s940/c2/common/variables.tf
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
variable "storageaccounts" {
description = "Max 15 characters lowercase in the storageaccount name"
type = map(object({
name = string
resource_group_name = optional(string, "common-c2")
location = optional(string, "westeurope")
account_tier = optional(string, "Standard")
account_replication_type = optional(string, "LRS")
kind = optional(string, "StorageV2")
change_feed_enabled = optional(bool, false)
versioning_enabled = optional(bool, false)
backup = optional(bool, false)
principal_id = optional(string)
private_endpoint = optional(bool, false)
lifecyclepolicy = optional(bool, false)
name = string
resource_group_name = optional(string, "common-c2")
location = optional(string, "westeurope")
account_tier = optional(string, "Standard")
account_replication_type = optional(string, "LRS")
kind = optional(string, "StorageV2")
change_feed_enabled = optional(bool, false)
versioning_enabled = optional(bool, false)
backup = optional(bool, false)
principal_id = optional(string)
private_endpoint = optional(bool, false)
lifecyclepolicy = optional(bool, false)
shared_access_key_enabled = optional(bool, false)
}))
default = {
log = {
Expand All @@ -22,10 +23,11 @@ variable "storageaccounts" {

},
velero = {
name = "velero"
account_replication_type = "GRS"
backup = true
lifecyclepolicy = true
name = "velero"
account_replication_type = "GRS"
backup = true
lifecyclepolicy = true
shared_access_key_enabled = true
}
}
}
Expand Down
14 changes: 14 additions & 0 deletions terraform/subscriptions/s940/c2/post-clusters/velero.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,17 @@ resource "azurerm_federated_identity_credential" "velero-mi-fedcred" {
parent_id = data.azurerm_user_assigned_identity.velero.id
resource_group_name = module.config.common_resource_group
}

resource "azurerm_storage_container" "velero" {
for_each = module.clusters.oidc_issuer_url
name = each.key
storage_account_name = "radixvelero${module.config.environment}"
container_access_type = "private" # Options: private, blob, container
}

resource "azurerm_storage_container" "velero" {
for_each = module.clusters.oidc_issuer_url
name = each.key
storage_account_name = "radixvelero${module.config.environment}"
container_access_type = "private" # Options: private, blob, container
}
Loading

0 comments on commit b935890

Please sign in to comment.