diff --git a/scripts/aks/teardown.sh b/scripts/aks/teardown.sh index 65760ddd0..100326f82 100755 --- a/scripts/aks/teardown.sh +++ b/scripts/aks/teardown.sh @@ -338,13 +338,13 @@ echo "Done." WORKDIR_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -printf "\n%s► Execute Redis Cache for QA %s%s\n" "${grn}" "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh" "${normal}" -(RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$CLUSTER_NAME" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="$USER_PROMPT" source "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh") -wait # wait for subshell to finish -echo "" -printf "%s► Execute Redis Cache for Prod %s%s\n" "${grn}" "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh" "${normal}" -(RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$CLUSTER_NAME" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="$USER_PROMPT" source "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh") -wait # wait for subshell to finish +# printf "\n%s► Execute Redis Cache for QA %s%s\n" "${grn}" "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh" "${normal}" +# (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$CLUSTER_NAME" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="$USER_PROMPT" source "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh") +# wait # wait for subshell to finish +# echo "" +# printf "%s► Execute Redis Cache for Prod %s%s\n" "${grn}" "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh" "${normal}" +# (RADIX_ZONE_ENV="$RADIX_ZONE_ENV" CLUSTER_NAME="$CLUSTER_NAME" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="$USER_PROMPT" source "$WORKDIR_PATH/../redis/delete_redis_cache_for_console.sh") +# wait # wait for subshell to finish ####################################################################################### ### Delete replyUrls diff --git a/scripts/migrate.sh b/scripts/migrate.sh index 4cde31bb0..48a68d92d 100755 --- a/scripts/migrate.sh +++ b/scripts/migrate.sh @@ -233,11 +233,11 @@ if ! [[ -x "$UPDATE_NETWORKPOLICY_CANARY_SECRET_SCRIPT" ]]; then echo "ERROR: The update networkpolicy canary secret script is not found or it is not executable in path $UPDATE_NETWORKPOLICY_CANARY_SECRET_SCRIPT" >&2 fi -CREATE_REDIS_CACHE_SCRIPT="$WORKDIR_PATH/redis/create_redis_cache_for_console.sh" -if ! [[ -x "$CREATE_REDIS_CACHE_SCRIPT" ]]; then - # Print to stderror - echo "ERROR: The create redis cache script is not found or it is not executable in path $CREATE_REDIS_CACHE_SCRIPT" >&2 -fi +# CREATE_REDIS_CACHE_SCRIPT="$WORKDIR_PATH/redis/create_redis_cache_for_console.sh" +# if ! [[ -x "$CREATE_REDIS_CACHE_SCRIPT" ]]; then +# # Print to stderror +# echo "ERROR: The create redis cache script is not found or it is not executable in path $CREATE_REDIS_CACHE_SCRIPT" >&2 +# fi UPDATE_REDIS_CACHE_SECRET_SCRIPT="$WORKDIR_PATH/redis/update_redis_cache_for_console.sh" if ! [[ -x "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" ]]; then @@ -389,33 +389,33 @@ if [[ ${BACKUP_NAME} == "migration-"* ]]; then echo "" fi -create_redis_cache=true -if [[ $USER_PROMPT == true ]]; then - while true; do - read -r -p "Create Redis Caches for Console? (Y/n) " yn - case $yn in - [Yy]*) break ;; - [Nn]*) - create_redis_cache=false - exit 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - echo "" -fi +# create_redis_cache=true +# if [[ $USER_PROMPT == true ]]; then +# while true; do +# read -r -p "Create Redis Caches for Console? (Y/n) " yn +# case $yn in +# [Yy]*) break ;; +# [Nn]*) +# create_redis_cache=false +# exit 0 +# ;; +# *) echo "Please answer yes or no." ;; +# esac +# done +# echo "" +# fi -if [[ $create_redis_cache == true ]]; then - printf "Creating Redis Caches for Console...\n" - ( - printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$CREATE_REDIS_CACHE_SCRIPT" "${normal}" - RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$CREATE_REDIS_CACHE_SCRIPT" - echo "" - printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$CREATE_REDIS_CACHE_SCRIPT" "${normal}" - RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$CREATE_REDIS_CACHE_SCRIPT" - ) - printf "Done...\n" -fi +# if [[ $create_redis_cache == true ]]; then +# printf "Creating Redis Caches for Console...\n" +# ( +# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$CREATE_REDIS_CACHE_SCRIPT" "${normal}" +# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$CREATE_REDIS_CACHE_SCRIPT" +# echo "" +# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$CREATE_REDIS_CACHE_SCRIPT" "${normal}" +# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$CREATE_REDIS_CACHE_SCRIPT" +# ) +# printf "Done...\n" +# fi # Give option to create dest cluster if it does not exist echo "" @@ -726,21 +726,21 @@ printf "\n%s► Execute %s%s\n" "${grn}" "$UPDATE_NETWORKPOLICY_CANARY_SECRET_SC wait # wait for subshell to finish echo "" -update_redis_cache=true -if [[ $USER_PROMPT == true ]]; then - while true; do - read -r -p "Update Redis Caches for Console? (Y/n) " yn - case $yn in - [Yy]*) break ;; - [Nn]*) - update_redis_cache=false - exit 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - echo "" -fi +# update_redis_cache=true +# if [[ $USER_PROMPT == true ]]; then +# while true; do +# read -r -p "Update Redis Caches for Console? (Y/n) " yn +# case $yn in +# [Yy]*) break ;; +# [Nn]*) +# update_redis_cache=false +# exit 0 +# ;; +# *) echo "Please answer yes or no." ;; +# esac +# done +# echo "" +# fi # Wait for redis caches to be created. printf "\nWaiting for redis caches to be created..." @@ -750,16 +750,22 @@ while [[ $(az redis show --resource-group "$AZ_RESOURCE_GROUP_CLUSTERS" --name " done printf " Done\n." -if [[ $update_redis_cache == true ]]; then - printf "Updating Redis Caches for Console...\n" - ( - printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" - RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" - printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" - RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" - ) - printf "Done...\n" -fi +printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" +RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" +printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" +RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" + + +# if [[ $update_redis_cache == true ]]; then +# printf "Updating Redis Caches for Console...\n" +# ( +# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=qa)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" +# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="qa" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" +# printf "%s► Execute %s (RADIX_WEB_CONSOLE_ENV=prod)%s\n" "${grn}" "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" "${normal}" +# RADIX_ZONE_ENV="$RADIX_ZONE_ENV" AUTH_PROXY_COMPONENT="$AUTH_PROXY_COMPONENT" CLUSTER_NAME="$DEST_CLUSTER" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" source "$UPDATE_REDIS_CACHE_SECRET_SCRIPT" +# ) +# printf "Done...\n" +# fi # Move custom ingresses # if [[ $MIGRATION_STRATEGY == "aa" ]]; then diff --git a/scripts/redis/azure_cache_for_redis.json b/scripts/redis/azure_cache_for_redis.json deleted file mode 100644 index 1bb858c37..000000000 --- a/scripts/redis/azure_cache_for_redis.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string" - }, - "sku": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Cache/Redis", - "apiVersion": "2022-06-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "properties": { - "redisVersion": "6.0", - "sku": { - "name": "[parameters('sku')]", - "family": "C", - "capacity": 1 - }, - "enableNonSslPort": false, - "publicNetworkAccess": "Enabled", - "tenantSettings": {}, - "redisConfiguration": { - "maxmemory-reserved": "125", - "maxfragmentationmemory-reserved": "125", - "maxmemory-delta": "125" - } - } - } - ] -} \ No newline at end of file diff --git a/scripts/redis/create_redis_cache_for_console.sh b/scripts/redis/create_redis_cache_for_console.sh deleted file mode 100755 index 1b62d8aa4..000000000 --- a/scripts/redis/create_redis_cache_for_console.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/usr/bin/env bash - -####################################################################################### -### PURPOSE -### - -# Creates the redis cache for the cluster given the context. - -####################################################################################### -### INPUTS -### - -# Required: -# - RADIX_ZONE_ENV : Path to *.env file -# - AUTH_PROXY_COMPONENT : Auth Component name, ex: "auth" -# - CLUSTER_NAME : Cluster name, ex: "test-2", "weekly-93" -# - RADIX_WEB_CONSOLE_ENV : Web Console Environment, ex: "qa", "prod" - -# Optional: -# - USER_PROMPT : Enable/disable user prompt, ex: "true" [default], "false" - -####################################################################################### -### HOW TO USE -### - -# Example 1: -# RADIX_ZONE_ENV=./../radix-zone/radix_zone_dev.env AUTH_PROXY_COMPONENT="auth" CLUSTER_NAME="weekly-42" RADIX_WEB_CONSOLE_ENV="qa" ./create_redis_cache_for_console.sh - -# Example 2: -# RADIX_ZONE_ENV=./../radix-zone/radix_zone_dev.env AUTH_PROXY_COMPONENT="auth" CLUSTER_NAME="weekly-49" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" ./create_redis_cache_for_console.sh - -####################################################################################### -### Check for prerequisites binaries -### - -echo "" -printf "Check for neccesary executables... " -hash az 2>/dev/null || { - echo -e "\nERROR: Azure-CLI not found in PATH. Exiting... " >&2 - exit 1 -} - -printf "Done.\n" - -####################################################################################### -### Read inputs and configs -### - -# Required inputs - -if [[ -z "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: Please provide RADIX_ZONE_ENV" >&2 - exit 1 -else - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" -fi - -if [[ -z "$CLUSTER_NAME" ]]; then - echo "ERROR: Please provide CLUSTER_NAME." >&2 - exit 1 -fi - -# Optional inputs - -if [[ -z "$USER_PROMPT" ]]; then - USER_PROMPT=true -fi - -# Source util scripts - -source "${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/utility/util.sh" - -####################################################################################### -### Prepare az session -### - -printf "Logging you in to Azure if not already logged in... " -az account show >/dev/null || az login >/dev/null -az account set --subscription "${AZ_SUBSCRIPTION_ID}" >/dev/null -printf "Done.\n" - -####################################################################################### - -function createRedisCache() { - # check if redis cache exist, else create new - REDIS_CACHE_NAME="${CLUSTER_NAME}-${RADIX_WEB_CONSOLE_ENV}" - REDIS_CACHE_INSTANCE=$(az redis show --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --name "${REDIS_CACHE_NAME}" 2>/dev/null) - - if [[ $REDIS_CACHE_INSTANCE == "" ]]; then - echo "Info: Redis Cache \"${REDIS_CACHE_NAME}\" not found." - - if [[ $USER_PROMPT == true ]]; then - while true; do - read -r -p "Do you want to create a new Redis Cache? (Y/n) " yn - case $yn in - [Yy]*) break ;; - [Nn]*) - echo "Quitting." - exit 1 - ;; # no redis cache available, exit - *) echo "Please answer yes or no." ;; - esac - done - fi - - echo "Creating new Redis Cache. Running asynchronously..." - #Docs https://azure.microsoft.com/en-us/pricing/details/cache/ - az deployment group create \ - --no-wait \ - --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" \ - --subscription "${AZ_SUBSCRIPTION_ID}" \ - --template-file "${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/redis/azure_cache_for_redis.json" \ - --name "redis-cache-${CLUSTER_NAME}-${RADIX_WEB_CONSOLE_ENV}" \ - --parameters name="${REDIS_CACHE_NAME}" \ - --parameters location="${AZ_RADIX_ZONE_LOCATION}" \ - --parameters sku="${AZ_REDIS_CACHE_SKU}" - fi -} - -createRedisCache diff --git a/scripts/redis/delete_redis_cache_for_console.sh b/scripts/redis/delete_redis_cache_for_console.sh deleted file mode 100755 index 7b73298bf..000000000 --- a/scripts/redis/delete_redis_cache_for_console.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/env bash - -####################################################################################### -### PURPOSE -### - -# Deletes the redis cache for the cluster given the context. - -####################################################################################### -### INPUTS -### - -# Required: -# - RADIX_ZONE_ENV : Path to *.env file -# - CLUSTER_NAME : Cluster name, ex: "test-2", "weekly-93" -# - RADIX_WEB_CONSOLE_ENV : Web Console Environment, ex: "qa", "prod" - -# Optional: -# - USER_PROMPT : Enable/disable user prompt, ex: "true" [default], "false" - -####################################################################################### -### HOW TO USE -### - -# Example 1: -# RADIX_ZONE_ENV=./../radix-zone/radix_zone_dev.env CLUSTER_NAME="weekly-42" RADIX_WEB_CONSOLE_ENV="qa" ./delete_redis_cache_for_console.sh - -# Example 2: -# RADIX_ZONE_ENV=./../radix-zone/radix_zone_dev.env CLUSTER_NAME="weekly-49" RADIX_WEB_CONSOLE_ENV="prod" USER_PROMPT="false" ./delete_redis_cache_for_console.sh - -####################################################################################### -### Check for prerequisites binaries -### - -echo "" -printf "Check for neccesary executables... " -hash az 2>/dev/null || { - echo -e "\nERROR: Azure-CLI not found in PATH. Exiting... " >&2 - exit 1 -} - -printf "Done.\n" - -####################################################################################### -### Read inputs and configs -### - -# Required inputs - -if [[ -z "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: Please provide RADIX_ZONE_ENV" >&2 - exit 1 -else - if [[ ! -f "$RADIX_ZONE_ENV" ]]; then - echo "ERROR: RADIX_ZONE_ENV=$RADIX_ZONE_ENV is invalid, the file does not exist." >&2 - exit 1 - fi - source "$RADIX_ZONE_ENV" -fi - -if [[ -z "$CLUSTER_NAME" ]]; then - echo "ERROR: Please provide CLUSTER_NAME." >&2 - exit 1 -fi - -if [[ -z "$RADIX_WEB_CONSOLE_ENV" ]]; then - echo "ERROR: Please provide RADIX_WEB_CONSOLE_ENV." >&2 - exit 1 -fi - -# Optional inputs - -if [[ -z "$USER_PROMPT" ]]; then - USER_PROMPT=true -fi - -# Source util scripts - -source "${RADIX_PLATFORM_REPOSITORY_PATH}/scripts/utility/util.sh" - -####################################################################################### -### Prepare az session -### - -printf "Logging you in to Azure if not already logged in... " -az account show >/dev/null || az login >/dev/null -az account set --subscription "${AZ_SUBSCRIPTION_ID}" >/dev/null -printf "Done.\n" - -####################################################################################### - -function deleteRedisCache() { - # check if redis cache exist, else exit - echo "" - REDIS_CACHE_NAME="${CLUSTER_NAME}-${RADIX_WEB_CONSOLE_ENV}" - - if [[ $(az redis show --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --name "${REDIS_CACHE_NAME}" 2>/dev/null) == "" ]]; then - echo "ERROR: Redis Cache \"${REDIS_CACHE_NAME}\" not found." >&2 - exit 1 # redis cache not found, exit - fi - - if [[ $USER_PROMPT == true ]]; then - while true; do - read -r -p "Do you want to delete Redis Cache \"${REDIS_CACHE_NAME}\"? (Y/n) " yn - case $yn in - [Yy]*) - echo "" - break - ;; - [Nn]*) - echo "Quitting." - exit 0 - ;; - *) echo "Please answer yes or no." ;; - esac - done - fi - - printf "Deleting Redis Cache \"%s\"..." "${REDIS_CACHE_NAME}" - if [[ $(az redis delete --yes --resource-group "${AZ_RESOURCE_GROUP_CLUSTERS}" --name "${REDIS_CACHE_NAME}" 2>&1) == *"ERROR"* ]]; then - printf "\nERROR: Could not delete Redis Cache \"%s\".\n" "${REDIS_CACHE_NAME}" >&2 - else - printf " Done.\n" - fi -} - -deleteRedisCache diff --git a/terraform/subscriptions/modules/redis_cache/main.tf b/terraform/subscriptions/modules/redis_cache/main.tf new file mode 100644 index 000000000..f89f0bc2c --- /dev/null +++ b/terraform/subscriptions/modules/redis_cache/main.tf @@ -0,0 +1,18 @@ +resource "azurerm_redis_cache" "this" { + for_each = toset(["qa", "prod"]) + name = "${var.name}-${each.key}" + location = var.location + resource_group_name = var.rg_name + capacity = 1 + family = "C" + sku_name = var.sku_name + minimum_tls_version = "1.2" + redis_configuration { + maxmemory_reserved = 125 + maxmemory_delta = 125 + maxfragmentationmemory_reserved = 125 + + data_persistence_authentication_method = "SAS" + maxmemory_policy = "volatile-lru" + } +} \ No newline at end of file diff --git a/terraform/subscriptions/modules/redis_cache/networking.tf b/terraform/subscriptions/modules/redis_cache/networking.tf new file mode 100644 index 000000000..4d99fdfb7 --- /dev/null +++ b/terraform/subscriptions/modules/redis_cache/networking.tf @@ -0,0 +1,39 @@ +data "azurerm_subnet" "subnet" { + name = "private-links" + virtual_network_name = "vnet-hub" + resource_group_name = var.vnet_resource_group +} + +resource "azurerm_private_endpoint" "endpoint" { + for_each = toset(["qa", "prod"]) + name = "pe-${var.name}-${each.key}" + location = var.location + resource_group_name = var.vnet_resource_group + subnet_id = data.azurerm_subnet.subnet.id + tags = { + IaC = "terraform" + } + + private_service_connection { + name = "pe-${var.name}-${each.key}" + private_connection_resource_id = azurerm_redis_cache.this[each.key].id + subresource_names = ["redisCache"] + is_manual_connection = false + } +} + +data "azurerm_private_dns_zone" "dns_zone" { + name = "privatelink.redis.cache.windows.net" + resource_group_name = var.vnet_resource_group +} +resource "azurerm_private_dns_a_record" "dns_record" { + for_each = toset(["qa", "prod"]) + name = "${var.name}-${each.key}" + zone_name = "privatelink.redis.cache.windows.net" + resource_group_name = var.vnet_resource_group + ttl = 300 + records = azurerm_private_endpoint.endpoint[each.key].custom_dns_configs[0].ip_addresses + tags = { + IaC = "terraform" + } +} diff --git a/terraform/subscriptions/modules/redis_cache/variables.tf b/terraform/subscriptions/modules/redis_cache/variables.tf new file mode 100644 index 000000000..8913ba965 --- /dev/null +++ b/terraform/subscriptions/modules/redis_cache/variables.tf @@ -0,0 +1,27 @@ +variable "name" { + description = "Name of the Redis Cache." + type = string +} + +variable "location" { + default = "northeurope" + type = string +} + +variable "rg_name" { + type = string +} + +variable "sku_name" { + default = "Basic" + type = string +} + +variable "vnet_resource_group" { + type = string +} + +variable "virtual_network" { + type = string + default = "vnet-hub" +} \ No newline at end of file diff --git a/terraform/subscriptions/s940/globals/common/main.tf b/terraform/subscriptions/s940/globals/common/main.tf index aa5af5fa9..068c5931e 100644 --- a/terraform/subscriptions/s940/globals/common/main.tf +++ b/terraform/subscriptions/s940/globals/common/main.tf @@ -52,7 +52,7 @@ resource "azurerm_role_definition" "privatelink_role" { actions = [ "Microsoft.Resources/deployments/*", "Microsoft.Resources/subscriptions/resourceGroups/read", - + "Microsoft.Network/privateEndpoints/read", "Microsoft.Network/privateEndpoints/write", "Microsoft.Network/privateEndpoints/delete", diff --git a/terraform/subscriptions/s941/dev/pre-clusters/main.tf b/terraform/subscriptions/s941/dev/pre-clusters/main.tf index aea80047c..8004f74c2 100644 --- a/terraform/subscriptions/s941/dev/pre-clusters/main.tf +++ b/terraform/subscriptions/s941/dev/pre-clusters/main.tf @@ -24,6 +24,14 @@ module "clusternetwork" { enviroment = module.config.environment } +module "rediscache" { + source = "../../../modules/redis_cache" + for_each = { for k in jsondecode(nonsensitive(data.azurerm_key_vault_secret.this.value)).clusters : k.name => k } + rg_name = module.config.cluster_resource_group + name = each.key + vnet_resource_group = "cluster-vnet-hub-${module.config.environment}" +} + locals { flattened_vnets = { for key, value in module.clusternetwork : key => { diff --git a/terraform/subscriptions/s941/globals/common/main.tf b/terraform/subscriptions/s941/globals/common/main.tf index aef5834a0..810b4c66b 100644 --- a/terraform/subscriptions/s941/globals/common/main.tf +++ b/terraform/subscriptions/s941/globals/common/main.tf @@ -53,7 +53,7 @@ resource "azurerm_role_definition" "privatelink_role" { actions = [ "Microsoft.Resources/deployments/*", "Microsoft.Resources/subscriptions/resourceGroups/read", - + "Microsoft.Network/privateEndpoints/read", "Microsoft.Network/privateEndpoints/write", "Microsoft.Network/privateEndpoints/delete", diff --git a/terraform/subscriptions/s941/playground/pre-clusters/main.tf b/terraform/subscriptions/s941/playground/pre-clusters/main.tf index 35c53b44e..97b744553 100644 --- a/terraform/subscriptions/s941/playground/pre-clusters/main.tf +++ b/terraform/subscriptions/s941/playground/pre-clusters/main.tf @@ -24,6 +24,15 @@ module "clusternetwork" { enviroment = module.config.environment } +module "rediscache" { + source = "../../../modules/redis_cache" + for_each = { for k in jsondecode(nonsensitive(data.azurerm_key_vault_secret.this.value)).clusters : k.name => k } + rg_name = module.config.cluster_resource_group + name = each.key + vnet_resource_group = "cluster-vnet-hub-${module.config.environment}" + sku_name = "Standard" +} + locals { flattened_vnets = { for key, value in module.clusternetwork : key => {