From 1a06bb4f6d3b83723e5b73ad66981d6f2a43e43f Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Mon, 21 Jun 2021 21:59:51 +0530 Subject: [PATCH 1/7] added zonal resiliency for gateway and aks --- infra/modules/providers/azure/aks/main.tf | 1 + infra/modules/providers/azure/aks/variables.tf | 7 +++++++ infra/modules/providers/azure/appgw/main.tf | 2 ++ .../modules/providers/azure/appgw/variables.tf | 6 ++++++ .../osdu-r3-mvp/service_resources/main.tf | 17 +++++++++++++++++ 5 files changed, 33 insertions(+) diff --git a/infra/modules/providers/azure/aks/main.tf b/infra/modules/providers/azure/aks/main.tf index 3299572b..341d4c94 100644 --- a/infra/modules/providers/azure/aks/main.tf +++ b/infra/modules/providers/azure/aks/main.tf @@ -87,6 +87,7 @@ resource "azurerm_kubernetes_cluster" "main" { max_pods = var.max_pods max_count = var.auto_scaling_default_node == true ? var.max_node_count : null min_count = var.auto_scaling_default_node == true ? var.agent_vm_count : null + availability_zones = var.availability_zones } network_profile { diff --git a/infra/modules/providers/azure/aks/variables.tf b/infra/modules/providers/azure/aks/variables.tf index c143865f..3dd2bcb8 100644 --- a/infra/modules/providers/azure/aks/variables.tf +++ b/infra/modules/providers/azure/aks/variables.tf @@ -161,3 +161,10 @@ variable "enable_kube_dashboard" { type = bool default = true } + +variable "availability_zones" { + description = "Availability zones for the aks nodepools" + type = list(string) + default = null +} + diff --git a/infra/modules/providers/azure/appgw/main.tf b/infra/modules/providers/azure/appgw/main.tf index 66802c0c..3ef0693f 100644 --- a/infra/modules/providers/azure/appgw/main.tf +++ b/infra/modules/providers/azure/appgw/main.tf @@ -188,6 +188,8 @@ resource "azurerm_application_gateway" "main" { min_protocol_version = var.ssl_policy_min_protocol_version } + zones = var.gateway_zones + lifecycle { ignore_changes = [ ssl_certificate, diff --git a/infra/modules/providers/azure/appgw/variables.tf b/infra/modules/providers/azure/appgw/variables.tf index 7a803a52..260a0a3d 100644 --- a/infra/modules/providers/azure/appgw/variables.tf +++ b/infra/modules/providers/azure/appgw/variables.tf @@ -102,3 +102,9 @@ variable "ssl_policy_min_protocol_version" { type = string default = "TLSv1_2" } + +variable "gateway_zones" { + description = "" + type = list(string) + default = null +} \ No newline at end of file diff --git a/infra/templates/osdu-r3-mvp/service_resources/main.tf b/infra/templates/osdu-r3-mvp/service_resources/main.tf index 5b5cb6bc..2d39af10 100644 --- a/infra/templates/osdu-r3-mvp/service_resources/main.tf +++ b/infra/templates/osdu-r3-mvp/service_resources/main.tf @@ -128,6 +128,18 @@ locals { cosmosdb_name = "${local.base_name}-system-db" + availability_zones = [ + "1", + "2", + "3" + ] + + gateway_zones = [ + "Zone 1", + "Zone 2", + "Zone 3" + ] + role = "Contributor" rbac_principals = [ // OSDU Identity @@ -288,9 +300,13 @@ module "appgateway" { ssl_policy_cipher_suites = var.ssl_policy_cipher_suites ssl_policy_min_protocol_version = var.ssl_policy_min_protocol_version + gateway_zones = local.gateway_zones + resource_tags = var.resource_tags min_capacity = var.appgw_min_capacity max_capacity = var.appgw_max_capacity + + } // Give AGIC Identity Access rights to Change the Application Gateway @@ -325,6 +341,7 @@ module "aks" { resource_group_name = azurerm_resource_group.main.name dns_prefix = local.aks_dns_prefix + availability_zones = local.availability_zones agent_vm_count = var.aks_agent_vm_count agent_vm_size = var.aks_agent_vm_size agent_vm_disk = var.aks_agent_vm_disk -- GitLab From a903a6c73126c6b22354c8e305ea9c4c5e5af657 Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Tue, 22 Jun 2021 00:09:57 +0530 Subject: [PATCH 2/7] create separate nodepool for multi-zone availab --- infra/modules/providers/azure/aks/main.tf | 15 ++++++++++++++- .../osdu-r3-mvp/service_resources/main.tf | 6 +++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/infra/modules/providers/azure/aks/main.tf b/infra/modules/providers/azure/aks/main.tf index 341d4c94..d0805e91 100644 --- a/infra/modules/providers/azure/aks/main.tf +++ b/infra/modules/providers/azure/aks/main.tf @@ -59,6 +59,20 @@ resource "azurerm_log_analytics_solution" "main" { } } +resource "azurerm_kubernetes_cluster_node_pool" "internal" { + kubernetes_cluster_id = azurerm_kubernetes_cluster.main.id + name = "internal" + node_count = var.agent_vm_count + vm_size = var.agent_vm_size + os_disk_size_gb = var.agent_vm_disk + vnet_subnet_id = var.vnet_subnet_id + enable_auto_scaling = var.auto_scaling_default_node + max_pods = var.max_pods + max_count = var.auto_scaling_default_node == true ? var.max_node_count : null + min_count = var.auto_scaling_default_node == true ? var.agent_vm_count : null + availability_zones = var.availability_zones +} + resource "azurerm_kubernetes_cluster" "main" { name = var.name resource_group_name = data.azurerm_resource_group.main.name @@ -87,7 +101,6 @@ resource "azurerm_kubernetes_cluster" "main" { max_pods = var.max_pods max_count = var.auto_scaling_default_node == true ? var.max_node_count : null min_count = var.auto_scaling_default_node == true ? var.agent_vm_count : null - availability_zones = var.availability_zones } network_profile { diff --git a/infra/templates/osdu-r3-mvp/service_resources/main.tf b/infra/templates/osdu-r3-mvp/service_resources/main.tf index 2d39af10..e2be5976 100644 --- a/infra/templates/osdu-r3-mvp/service_resources/main.tf +++ b/infra/templates/osdu-r3-mvp/service_resources/main.tf @@ -30,7 +30,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=2.41.0" + version = "=2.64.0" } azuread = { source = "hashicorp/azuread" @@ -128,7 +128,7 @@ locals { cosmosdb_name = "${local.base_name}-system-db" - availability_zones = [ + nodepool_zones = [ "1", "2", "3" @@ -341,7 +341,7 @@ module "aks" { resource_group_name = azurerm_resource_group.main.name dns_prefix = local.aks_dns_prefix - availability_zones = local.availability_zones + availability_zones = local.nodepool_zones agent_vm_count = var.aks_agent_vm_count agent_vm_size = var.aks_agent_vm_size agent_vm_disk = var.aks_agent_vm_disk -- GitLab From b0393080e079960642447502aa5310557ac863b3 Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Tue, 22 Jun 2021 00:14:51 +0530 Subject: [PATCH 3/7] lint resolution for terraform --- infra/modules/providers/azure/aks/main.tf | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/infra/modules/providers/azure/aks/main.tf b/infra/modules/providers/azure/aks/main.tf index d0805e91..f73e0447 100644 --- a/infra/modules/providers/azure/aks/main.tf +++ b/infra/modules/providers/azure/aks/main.tf @@ -61,16 +61,16 @@ resource "azurerm_log_analytics_solution" "main" { resource "azurerm_kubernetes_cluster_node_pool" "internal" { kubernetes_cluster_id = azurerm_kubernetes_cluster.main.id - name = "internal" - node_count = var.agent_vm_count - vm_size = var.agent_vm_size - os_disk_size_gb = var.agent_vm_disk - vnet_subnet_id = var.vnet_subnet_id - enable_auto_scaling = var.auto_scaling_default_node - max_pods = var.max_pods - max_count = var.auto_scaling_default_node == true ? var.max_node_count : null - min_count = var.auto_scaling_default_node == true ? var.agent_vm_count : null - availability_zones = var.availability_zones + name = "internal" + node_count = var.agent_vm_count + vm_size = var.agent_vm_size + os_disk_size_gb = var.agent_vm_disk + vnet_subnet_id = var.vnet_subnet_id + enable_auto_scaling = var.auto_scaling_default_node + max_pods = var.max_pods + max_count = var.auto_scaling_default_node == true ? var.max_node_count : null + min_count = var.auto_scaling_default_node == true ? var.agent_vm_count : null + availability_zones = var.availability_zones } resource "azurerm_kubernetes_cluster" "main" { -- GitLab From 161eb79cfa49ea392326da067ee9e3fc9160aa9b Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Tue, 22 Jun 2021 10:30:25 +0530 Subject: [PATCH 4/7] updated unit tests expected resource count --- .../osdu-r3-mvp/service_resources/tests/unit/unit_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/templates/osdu-r3-mvp/service_resources/tests/unit/unit_test.go b/infra/templates/osdu-r3-mvp/service_resources/tests/unit/unit_test.go index 0a9959c6..2c357c9a 100644 --- a/infra/templates/osdu-r3-mvp/service_resources/tests/unit/unit_test.go +++ b/infra/templates/osdu-r3-mvp/service_resources/tests/unit/unit_test.go @@ -49,7 +49,7 @@ func TestTemplate(t *testing.T) { TfOptions: tfOptions, Workspace: workspace, PlanAssertions: nil, - ExpectedResourceCount: 107, + ExpectedResourceCount: 108, ExpectedResourceAttributeValues: resourceDescription, } -- GitLab From 07853b30be61e4bb0aa4580b5cb69bc8e7acf289 Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Tue, 22 Jun 2021 12:24:19 +0530 Subject: [PATCH 5/7] added correct zones for gateway --- infra/templates/osdu-r3-mvp/service_resources/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infra/templates/osdu-r3-mvp/service_resources/main.tf b/infra/templates/osdu-r3-mvp/service_resources/main.tf index d9a16f4d..409b6e58 100644 --- a/infra/templates/osdu-r3-mvp/service_resources/main.tf +++ b/infra/templates/osdu-r3-mvp/service_resources/main.tf @@ -136,9 +136,9 @@ locals { ] gateway_zones = [ - "Zone 1", - "Zone 2", - "Zone 3" + "1", + "2", + "3" ] role = "Contributor" -- GitLab From 034ae7c61379a38c6699fc487b2d05ec2bc4c12f Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Tue, 22 Jun 2021 13:21:13 +0530 Subject: [PATCH 6/7] zone fix for redis cache standard --- infra/modules/providers/azure/redis-cache/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/modules/providers/azure/redis-cache/variables.tf b/infra/modules/providers/azure/redis-cache/variables.tf index 89a417a3..62023ca0 100644 --- a/infra/modules/providers/azure/redis-cache/variables.tf +++ b/infra/modules/providers/azure/redis-cache/variables.tf @@ -82,7 +82,7 @@ variable "premium_tier_config" { variable "zones" { description = "A list of a one or more Availability Zones, where the Redis Cache should be allocated." type = list(string) - default = ["1"] + default = null } -- GitLab From 02208510caf7ce7a0c5690bc41b0dd97be1186dc Mon Sep 17 00:00:00 2001 From: Vivek Ojha Date: Tue, 22 Jun 2021 13:33:32 +0530 Subject: [PATCH 7/7] Ommited null default value for redis cache --- infra/modules/providers/azure/redis-cache/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/infra/modules/providers/azure/redis-cache/variables.tf b/infra/modules/providers/azure/redis-cache/variables.tf index 62023ca0..92deae68 100644 --- a/infra/modules/providers/azure/redis-cache/variables.tf +++ b/infra/modules/providers/azure/redis-cache/variables.tf @@ -82,7 +82,6 @@ variable "premium_tier_config" { variable "zones" { description = "A list of a one or more Availability Zones, where the Redis Cache should be allocated." type = list(string) - default = null } -- GitLab