feat: Added velero (#84)

* added velero * wip * added velero uninstall * wip * integrated velero
pagopa · Sep 12, 2023 · 3ccc66b · 3ccc66b
1 parent b8ddc03
commit 3ccc66b
Show file tree

Hide file tree

Showing 10 changed files with 101 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,9 @@ state.json
 # Crash log files
 crash.log
 
+# velero credentials generated file
+src/aks-platform/credentials-velero.txt
+
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.

diff --git a/src/.env/dev/terraform.tfvars b/src/.env/dev/terraform.tfvars
@@ -174,9 +174,9 @@ app_service_diego_app_is_enabled = false
 is_cosmosdb_mongo_enabled = false
 is_cosmosdb_core_enabled  = false
 
-law_daily_quota_gb = 0.1
+law_daily_quota_gb = 1
 
-azdoa_image_name = "azdo-agent-ubuntu2204-image-v1"
+azdoa_image_name = "azdo-agent-ubuntu2204-image-velero-v1"
 
 #
 # Feature Flags

diff --git a/src/aks-platform/00_network.tf b/src/aks-platform/00_network.tf
@@ -30,3 +30,16 @@ data "azurerm_public_ip" "pip_aks_outboud" {
   name                = var.public_ip_aksoutbound_name
   resource_group_name = data.azurerm_resource_group.vnet_aks_rg.name
 }
+
+
+
+
+data "azurerm_subnet" "private_endpoint_subnet" {
+  name                 = "${local.product}-private-endpoints-snet"
+  resource_group_name  = data.azurerm_resource_group.vnet_core_rg.name
+  virtual_network_name = data.azurerm_virtual_network.vnet_core.name
+}
+
+data "azurerm_private_dns_zone" "storage_account_private_dns_zone" {
+  name = "privatelink.blob.core.windows.net"
+}
diff --git a/src/aks-platform/02_aks.tf b/src/aks-platform/02_aks.tf
@@ -4,6 +4,15 @@ resource "azurerm_resource_group" "rg_aks" {
   tags     = var.tags
 }
 
+
+resource "azurerm_resource_group" "rg_aks_backup" {
+  name     = local.aks_backup_rg_name
+  location = var.location
+  tags     = var.tags
+}
+
+
+
 module "aks" {
   source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v7.2.0"
 
@@ -87,6 +96,9 @@ module "aks" {
       webhook_properties = null
     }
   ]
+
+
+
   tags = var.tags
 
   depends_on = [
@@ -96,6 +108,42 @@ module "aks" {
   ]
 }
 
+module "velero" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster_velero?ref=8171afb"
+  count = var.aks_enabled ? 1 : 0
+  backup_storage_container_name = "velero-backup"
+  subscription_id = data.azurerm_subscription.current.subscription_id
+  tenant_id = data.azurerm_subscription.current.tenant_id
+  resource_group_name = azurerm_resource_group.rg_aks_backup.name
+  prefix = "devopla"
+  aks_cluster_name = module.aks[count.index].name
+  aks_cluster_rg = azurerm_resource_group.rg_aks.name
+  location = var.location
+  use_storage_private_endpoint = true
+  private_endpoint_subnet_id = data.azurerm_subnet.private_endpoint_subnet.id
+  storage_account_private_dns_zone_id = data.azurerm_private_dns_zone.storage_account_private_dns_zone.id
+
+  tags = var.tags
+}
+
+module "aks_namespace_backup" {
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_velero_backup?ref=f38e1ca"
+  count = var.aks_enabled ? 1 : 0
+  # required
+  backup_name = "daily-backup"
+  namespaces = ["ALL"]
+  aks_cluster_name = module.aks[count.index].name
+
+  # optional
+  ttl = "72h0m0s"
+  schedule = "0 3 * * *" #refers to UTC timezone
+  volume_snapshot = false
+
+  depends_on = [
+    module.velero
+  ]
+}
+
 resource "azurerm_role_assignment" "managed_identity_operator_vs_aks_managed_identity" {
   scope                = azurerm_resource_group.rg_aks.id
   role_definition_name = "Managed Identity Operator"

diff --git a/src/aks-platform/99_locals.tf b/src/aks-platform/99_locals.tf
@@ -4,7 +4,9 @@ locals {
 
   # AKS
   aks_rg_name      = "${local.project}-aks-rg"
+  aks_backup_rg_name = "${local.project}-aks-backup-rg"
   aks_cluster_name = "${local.project}-aks"
+  velero_rg_name   = "${local.project}-velero"
 
   # VNET
   vnet_core_resource_group_name = "${local.product}-vnet-rg"

diff --git a/src/core/02_dns_private.tf b/src/core/02_dns_private.tf
@@ -39,3 +39,19 @@ resource "azurerm_private_dns_zone_virtual_network_link" "privatelink_postgres_d
 
   tags = var.tags
 }
+
+
+resource "azurerm_private_dns_zone" "storage_account" {
+  name                = "privatelink.blob.core.windows.net"
+  resource_group_name = azurerm_resource_group.rg_vnet.name
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "storage_account_vnet" {
+  name                  = "${local.project}-storage-account-vnet-private-dns-zone-link"
+  resource_group_name   = azurerm_resource_group.rg_vnet.name
+  private_dns_zone_name = azurerm_private_dns_zone.storage_account.name
+  virtual_network_id    = module.vnet.id
+}
+
+
+
diff --git a/src/coreplus/00_network.tf b/src/coreplus/00_network.tf
@@ -12,6 +12,11 @@ data "azurerm_private_dns_zone" "internal" {
   resource_group_name = data.azurerm_resource_group.rg_vnet.name
 }
 
+data "azurerm_private_dns_zone" "storage" {
+  name                = local.dns_zone_private_name_storage
+  resource_group_name = data.azurerm_resource_group.rg_vnet.name
+}
+
 data "azurerm_private_dns_zone" "privatelink_postgres_database_azure_com" {
   name                = local.dns_zone_private_name_postgres
   resource_group_name = data.azurerm_resource_group.rg_vnet.name

diff --git a/src/coreplus/01_network_aks_platform.tf b/src/coreplus/01_network_aks_platform.tf
@@ -82,3 +82,12 @@ resource "azurerm_private_dns_zone_virtual_network_link" "vnet_aks" {
 
   tags = var.tags
 }
+
+
+resource "azurerm_private_dns_zone_virtual_network_link" "storage_account_vnet" {
+  for_each = { for n in var.aks_networks : n.domain_name => n }
+  name                  = module.vnet_aks[each.key].name
+  resource_group_name   = data.azurerm_resource_group.rg_vnet.name
+  private_dns_zone_name = data.azurerm_private_dns_zone.storage.name
+  virtual_network_id    = module.vnet_aks[each.key].id
+}
diff --git a/src/coreplus/99_variables.tf b/src/coreplus/99_variables.tf
@@ -33,6 +33,7 @@ locals {
   cosmosdb_enable = 1
 
   dns_zone_private_name          = "internal.${var.prod_dns_zone_prefix}.${var.external_domain}"
+  dns_zone_private_name_storage  = "privatelink.blob.core.windows.net"
   dns_zone_private_name_postgres = "privatelink.postgres.database.azure.com"
 
   #

diff --git a/src/packer/01_azure_devops_agent.tf b/src/packer/01_azure_devops_agent.tf
@@ -4,10 +4,10 @@ data "azurerm_resource_group" "resource_group" {
 
 
 module "azdoa_custom_image" {
-  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=v6.20.0"
+  source              = "git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent_custom_image?ref=3a39074"
   resource_group_name = data.azurerm_resource_group.resource_group.name
   location            = var.location
-  image_name          = "azdo-agent-ubuntu2204-image"
+  image_name          = "azdo-agent-ubuntu2204-image-velero"
   image_version       = "v1"
   subscription_id     = data.azurerm_subscription.current.subscription_id