From 13f21a8186f18532b50fdccb63e964f2892130ac Mon Sep 17 00:00:00 2001 From: ankur64 Date: Wed, 16 Aug 2023 18:01:48 +0530 Subject: [PATCH 1/2] Added variable to store credential at secret manager and pass custom credentials --- README.md | 23 ++++++++++++++--------- examples/complete/main.tf | 22 ++++++++++++++-------- examples/complete/output.tf | 17 ++++++----------- examples/complete/provider.tf | 2 -- main.tf | 23 +++++++++++++++-------- output.tf | 24 +++++++++++++----------- variables.tf | 33 ++++++++++++++++++++++++--------- 7 files changed, 86 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 90d2e94..59519fb 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ This module creates a Redis master and one or more Redis slaves, depending on th | Redis Helm Chart Version | K8s supported version | | :-----: | :--- | -| **16.13.2** | **1.23,1.24,1.25** | +| **16.13.2** | **1.23,1.24,1.25,1.26,1.27** | ## Usage Example @@ -22,17 +22,22 @@ This module creates a Redis master and one or more Redis slaves, depending on th module "redis" { source = "squareops/redis/kubernetes" redis_config = { - name = "redis" - values_yaml = "" - environment = "prod" - architecture = "replication" - slave_volume_size = "10Gi" - master_volume_size = "10Gi" - storage_class_name = "gp3" - slave_replica_count = 2 + name = "redis" + values_yaml = "" + environment = "prod" + architecture = "replication" + slave_volume_size = "10Gi" + master_volume_size = "10Gi" + storage_class_name = "gp3" + slave_replica_count = 2 + store_password_to_secret_manager = true } grafana_monitoring_enabled = true recovery_window_aws_secret = 0 + custom_credentials_enabled = true + custom_credentials_config = { + password = "aajdhgduy3873683dh" + } } ``` diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 24ba9ae..5532c27 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -7,20 +7,26 @@ locals { Expires = "Never" Department = "Engineering" } + store_password_to_secret_manager = true } module "redis" { source = "squareops/redis/kubernetes" redis_config = { - name = local.name - values_yaml = file("./helm/values.yaml") - environment = local.environment - architecture = "replication" - slave_volume_size = "10Gi" - master_volume_size = "10Gi" - storage_class_name = "gp3" - slave_replica_count = 2 + name = local.name + values_yaml = file("./helm/values.yaml") + environment = local.environment + architecture = "replication" + slave_volume_size = "10Gi" + master_volume_size = "10Gi" + storage_class_name = "gp3" + slave_replica_count = 2 + store_password_to_secret_manager = local.store_password_to_secret_manager } grafana_monitoring_enabled = true recovery_window_aws_secret = 0 + custom_credentials_enabled = true + custom_credentials_config = { + password = "aajdhgduy3873683dh" + } } diff --git a/examples/complete/output.tf b/examples/complete/output.tf index 38add55..a7f5261 100644 --- a/examples/complete/output.tf +++ b/examples/complete/output.tf @@ -1,14 +1,9 @@ -output "redis_port" { - value = "6379" - description = "The port number on which Redis is running." +output "redis_endpoints" { + description = "Redis endpoints in the Kubernetes cluster." + value = module.redis.redis_endpoints } -output "redis_master_endpoint" { - value = module.redis.redis_master_endpoint - description = "The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations." -} - -output "redis_slave_endpoint" { - value = module.redis.redis_slave_endpoint - description = "The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations." +output "redis_credential" { + description = "Redis credentials used for accessing the database." + value = local.store_password_to_secret_manager ? null : module.redis.redis_credential } diff --git a/examples/complete/provider.tf b/examples/complete/provider.tf index 82ac4d9..10c5af8 100644 --- a/examples/complete/provider.tf +++ b/examples/complete/provider.tf @@ -18,7 +18,6 @@ provider "kubernetes" { host = data.aws_eks_cluster.cluster.endpoint cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token - } provider "helm" { @@ -26,6 +25,5 @@ provider "helm" { host = data.aws_eks_cluster.cluster.endpoint cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) token = data.aws_eks_cluster_auth.cluster.token - } } diff --git a/main.tf b/main.tf index 4ca4932..7e7a17f 100644 --- a/main.tf +++ b/main.tf @@ -1,21 +1,28 @@ resource "random_password" "redis_password" { + count = var.custom_credentials_enabled ? 0 : 1 length = 20 special = false } resource "aws_secretsmanager_secret" "redis_password" { + count = var.redis_config.store_password_to_secret_manager ? 1 : 0 name = format("%s/%s/%s", var.redis_config.environment, var.redis_config.name, "redis") recovery_window_in_days = var.recovery_window_aws_secret } resource "aws_secretsmanager_secret_version" "redis_password" { - secret_id = aws_secretsmanager_secret.redis_password.id - secret_string = < Date: Wed, 16 Aug 2023 18:03:33 +0530 Subject: [PATCH 2/2] run-pre-commit --- README.md | 9 +++++---- examples/complete/README.md | 7 +++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 59519fb..c1a7c6c 100644 --- a/README.md +++ b/README.md @@ -90,18 +90,19 @@ No modules. | [app\_version](#input\_app\_version) | Version of the Redis application that will be deployed. | `string` | `"6.2.7-debian-11-r11"` | no | | [chart\_version](#input\_chart\_version) | Version of the chart for the Redis application that will be deployed. | `string` | `"16.13.2"` | no | | [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `true` | no | +| [custom\_credentials\_config](#input\_custom\_credentials\_config) | Specify the configuration settings for Redis to pass custom credentials during creation. | `any` | 
{
  "password": ""
}
| no | +| [custom\_credentials\_enabled](#input\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for Redis. | `bool` | `false` | no | | [grafana\_monitoring\_enabled](#input\_grafana\_monitoring\_enabled) | Specify whether or not to deploy Redis exporter to collect Redis metrics for monitoring in Grafana. | `bool` | `false` | no | | [namespace](#input\_namespace) | Namespace where the Redis resources will be deployed. | `string` | `"redis"` | no | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before it can delete the secret. The value can be 0 to force deletion without recovery, or a range from 7 to 30 days. | `number` | `0` | no | -| [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | 
{
  "architecture": "replication",
  "environment": "",
  "master_volume_size": "",
  "name": "",
  "slave_replica_count": 1,
  "slave_volume_size": "",
  "storage_class_name": "",
  "values_yaml": ""
}
| no | +| [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | 
{
  "architecture": "replication",
  "environment": "",
  "master_volume_size": "",
  "name": "",
  "slave_replica_count": 1,
  "slave_volume_size": "",
  "storage_class_name": "",
  "store_password_to_secret_manager": "",
  "values_yaml": ""
}
| no | ## Outputs | Name | Description | |------|-------------| -| [redis\_master\_endpoint](#output\_redis\_master\_endpoint) | The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations. | -| [redis\_port](#output\_redis\_port) | The port number on which Redis is running. | -| [redis\_slave\_endpoint](#output\_redis\_slave\_endpoint) | The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations. | +| [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. | +| [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. | ## Contribution & Issue Reporting diff --git a/examples/complete/README.md b/examples/complete/README.md index 4857a71..47e04c2 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -21,7 +21,7 @@ No requirements. | Name | Source | Version | |------|--------|---------| -| [redis](#module\_redis) | squareops/redis/kubernetes.git | n/a | +| [redis](#module\_redis) | squareops/redis/kubernetes | n/a | ## Resources @@ -38,7 +38,6 @@ No inputs. | Name | Description | |------|-------------| -| [redis\_master\_endpoint](#output\_redis\_master\_endpoint) | The endpoint for the Redis Master Service, which is the primary node in the Redis cluster responsible for handling read-write operations. | -| [redis\_port](#output\_redis\_port) | The port number on which Redis is running. | -| [redis\_slave\_endpoint](#output\_redis\_slave\_endpoint) | The endpoint for the Redis Slave Service, which is a secondary node in the Redis cluster responsible for handling read-only operations. | +| [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. | +| [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |