Merge pull request #1 from ShibraAmin18/azure

added azure support

Author: prajwalakhuj

IAM.md

@@ -1,4 +1,4 @@
-## IAM Permission
+## AWS IAM Permission
 
 The Policy required to deploy this module:
 ```hcl
@@ -33,3 +33,17 @@ The Policy required to deploy this module:
     ]
 }
 ```
+## Azure Role Permissions
+
+```hcl
+  permissions {
+    actions = [
+    "Microsoft.KeyVault/locations/deletedVaults/read",
+    "Microsoft.KeyVault/vaults/delete",
+    "Microsoft.KeyVault/vaults/read",
+    "Microsoft.KeyVault/vaults/write",
+    "Microsoft.Resources/subscriptions/providers/read",
+    "Microsoft.Resources/subscriptions/resourcegroups/read"]
+    not_actions = []
+  }
+```

README.md

@@ -6,42 +6,56 @@
 
 ### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
 <br>
-This module allows users to customize the deployment by providing various input variables. Users can specify the name and environment of the Redis deployment, the chart and app version, the namespace in which the Redis deployment will be created, and whether to enable Grafana monitoring. The module also allows users to set the recovery window for the AWS Secrets Manager that is used to store the Redis password.
+This module allows users to customize the deployment by providing various input variables. Users can specify the name and environment of the Redis deployment, the chart and app version, the namespace in which the Redis deployment will be created, and whether to enable Grafana monitoring. This module provides options to create a new namespace, and to configure recovery windows for AWS Secrets Manager, Azure key vault & GCP secrets manager. With this module, users can easily deploy a highly available redis on AWS EKS, Azure AKS & GCP GKE Kubernetes clusters with the flexibility to customize their configurations according to their needs.
 <br><br>
 This module creates a Redis master and one or more Redis slaves, depending on the specified architecture. The module creates Kubernetes services for the Redis master and slave deployments, and exposes these services as endpoints that can be used to connect to the Redis database. Users can retrieve these endpoints using the module's outputs.
 
 ## Supported Versions :
 
-|  Redis Helm Chart Version    |     K8s supported version   |  
+|  Redis Helm Chart Version    |     K8s supported version (EKS, AKS & GKE)  |  
 | :-----:                       |         :---                |
 | **16.13.2**                     |    **1.23,1.24,1.25,1.26,1.27**           |
 
 ## Usage Example
 
 ```hcl
+module "aws" {
+  source                           = "squareops/redis/kubernetes//provider/aws"
+  environment                      = "prod"
+  name                             = "redis"
+  store_password_to_secret_manager = true
+  custom_credentials_enabled       = true
+  custom_credentials_config        = {
+    password = "aajdhgduy3873683dh"
+  }
+}
+
 module "redis" {
-  source                = "squareops/redis/kubernetes"
+  source = "squareops/redis/kubernetes"
   redis_config = {
     name                             = "redis"
-    values_yaml                      = ""
+    values_yaml                      = file("./helm/values.yaml")
     environment                      = "prod"
     architecture                     = "replication"
     slave_volume_size                = "10Gi"
     master_volume_size               = "10Gi"
     storage_class_name               = "gp3"
     slave_replica_count              = 2
     store_password_to_secret_manager = true
+    secret_provider_type             = "aws"
   }
   grafana_monitoring_enabled = true
-  recovery_window_aws_secret = 0
   custom_credentials_enabled = true
   custom_credentials_config = {
     password = "aajdhgduy3873683dh"
   }
+  redis_password = true ? "" : module.aws.redis_password
 }
 
 ```
-Refer [examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete) for more details.
+- Refer [AWS examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete/aws) for more details.
+- Refer [Azure examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete/azure) for more details.
+- Refer [GCP examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete/agcp) for more details.
 
 ## IAM Permissions
 The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-kubernetes-redis/blob/main/IAM.md)
@@ -54,7 +68,7 @@ The required IAM permissions to create resources from this module can be found [
   5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
   6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
   7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
-  8. This module is compatible with EKS version 1.23, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
+  8. This module is compatible with EKS, AKS & GKE which is great news for users deploying the module on an AWS, Azure & GCP cloud. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 

examples/complete/azure/README.md

@@ -0,0 +1,44 @@
+## Redis Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+<br>
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.70.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_azure"></a> [azure](#module\_azure) | squareops/redis/kubernetes//provider/azure | n/a |
+| <a name="module_redis"></a> [redis](#module\_redis) | squareops/redis/kubernetes | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_redis_credential"></a> [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
+| <a name="output_redis_endpoints"></a> [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
+<!-- END_TF_DOCS -->

examples/complete/azure/helm/values.yaml

@@ -0,0 +1,21 @@
+master:
+    affinity:
+        nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                    - key: "Addons-Services"
+                      operator: In
+                      values:
+                      - "true"
+
+replica:
+    affinity:
+        nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                    - key: "Addons-Services"
+                      operator: In
+                      values:
+                      - "true"

examples/complete/azure/main.tf

@@ -0,0 +1,46 @@
+locals {
+  name        = "redis"
+  region      = "eastus"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  store_password_to_secret_manager = true
+  custom_credentials_enabled       = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
+}
+
+module "azure" {
+  source                           = "squareops/redis/kubernetes//provider/azure"
+  resource_group_name              = "prod-skaf-rg"
+  resource_group_location          = local.region
+  environment                      = local.environment
+  name                             = local.name
+  store_password_to_secret_manager = local.store_password_to_secret_manager
+  custom_credentials_enabled       = local.custom_credentials_enabled
+  custom_credentials_config        = local.custom_credentials_config
+}
+
+module "redis" {
+  source = "squareops/redis/kubernetes"
+  redis_config = {
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "infra-service-sc"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+    secret_provider_type             = "azure"
+  }
+  grafana_monitoring_enabled = true
+  custom_credentials_enabled = local.custom_credentials_enabled
+  custom_credentials_config  = local.custom_credentials_config
+  redis_password             = local.custom_credentials_enabled ? "" : module.azure.redis_password
+}

examples/complete/azure/output.tf

@@ -0,0 +1,9 @@
+output "redis_endpoints" {
+  description = "Redis endpoints in the Kubernetes cluster."
+  value       = module.redis.redis_endpoints
+}
+
+output "redis_credential" {
+  description = "Redis credentials used for accessing the database."
+  value       = local.store_password_to_secret_manager ? null : module.redis.redis_credential
+}

examples/complete/azure/provider.tf

@@ -0,0 +1,26 @@
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_kubernetes_cluster" "primary" {
+  name                = "prod-skaf-aks"
+  resource_group_name = "prod-skaf-rg"
+}
+
+provider "kubernetes" {
+  host                   = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+  username               = data.azurerm_kubernetes_cluster.primary.kube_config.0.username
+  password               = data.azurerm_kubernetes_cluster.primary.kube_config.0.password
+  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+  client_key             = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
+    client_key             = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
+    client_certificate     = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
+    cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
+  }
+}

provider/azure/README.md

@@ -0,0 +1,46 @@
+# Azure Terraform Redis Kubernetes Module
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_key_vault.redis-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
+| [azurerm_key_vault_secret.redis-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [random_password.redis_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_custom_credentials_config"></a> [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | <pre>{<br>  "password": ""<br>}</pre> | no |
+| <a name="input_custom_credentials_enabled"></a> [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Azure resource group location | `string` | `""` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Azure resource group name | `string` | `""` | no |
+| <a name="input_store_password_to_secret_manager"></a> [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_redis_password"></a> [redis\_password](#output\_redis\_password) | n/a |
+<!-- END_TF_DOCS -->

provider/azure/main.tf

@@ -0,0 +1,58 @@
+data "azurerm_client_config" "current" {}
+
+data "azurerm_subscription" "current" {}
+
+resource "random_password" "redis_password" {
+  count   = var.custom_credentials_enabled ? 0 : 1
+  length  = 20
+  special = false
+}
+
+resource "azurerm_key_vault" "redis-secret" {
+  count                       = var.store_password_to_secret_manager ? 1 : 0
+  name                        = format("%s-%s-%s", var.environment, var.name, "key-vault")
+  resource_group_name         = var.resource_group_name
+  location                    = var.resource_group_location
+  sku_name                    = "standard"
+  tenant_id                   = data.azurerm_client_config.current.tenant_id
+  enabled_for_disk_encryption = true
+  soft_delete_retention_days  = 7
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+    key_permissions = [
+      "Get",
+      "List",
+    ]
+    secret_permissions = [
+      "Set",
+      "Get",
+      "List",
+      "Delete",
+      "Purge",
+    ]
+  }
+}
+
+resource "azurerm_key_vault_secret" "redis-secret" {
+  count      = var.store_password_to_secret_manager ? 1 : 0
+  depends_on = [azurerm_key_vault.redis-secret[0]]
+  name       = format("%s-%s-%s", var.environment, var.name, "secret")
+  value = var.custom_credentials_enabled ? jsonencode(
+    {
+      "redis_username" : "root",
+      "redis_password" : "${var.custom_credentials_config.password}"
+
+    }) : jsonencode(
+    {
+      "redis_username" : "root",
+      "redis_password" : "${random_password.redis_password[0].result}"
+  })
+  content_type = "application/json"
+  key_vault_id = azurerm_key_vault.redis-secret[0].id
+}
+
+output "redis_password" {
+  value = var.custom_credentials_enabled ? null : nonsensitive(random_password.redis_password[0].result)
+}