Mcdaniel 202301 redis (#36)

* add stack-level redis module

* testing

* testing

* refactor redis to use stack-level redis cache

* move kubernetes_secret service_redis to route53

* lint

* add tags

* documentation

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.0.15] (2023-1-16)
+
+- move redis module from environment to stack
+- add tags to all redis resources
+- fix all redis module deprecation warnings
+- refactor redis security group from module to direct terraform resource declaration
+
 ## [1.0.14] (2023-1-15)
 
 - set stack mysql k8s secret HOST to route53 subdomain

{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/kubernetes.tf

@@ -21,13 +21,13 @@ provider "kubernetes" {
   token                  = data.aws_eks_cluster_auth.eks.token
 }
 
-resource "kubernetes_secret" "secret" {
+resource "kubernetes_secret" "environment_redis" {
   metadata {
     name      = "redis"
     namespace = var.environment_namespace
   }
 
   data = {
-    REDIS_HOST = module.redis.primary_endpoint_address
+    REDIS_HOST = "redis.primary.${var.environment_domain}"
   }
 }

{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/main.tf

@@ -1,71 +0,0 @@
-#------------------------------------------------------------------------------
-# written by: Miguel Afonso
-#             https://www.linkedin.com/in/mmafonso/
-#
-# date: Aug-2021
-#
-# usage: create an ElastiCache Redis cache
-#
-# FIX NOTE: get rid of module dependency
-#------------------------------------------------------------------------------
-locals {
-  name = var.replication_group_description
-}
-
-
-################################################################################
-# Supporting Resources
-################################################################################
-
-module "security_group" {
-  source  = "terraform-aws-modules/security-group/aws"
-  version = "{{ cookiecutter.terraform_aws_modules_sg }}"
-
-  name        = local.name
-  description = "openedx_devops: Allow access to MySQL"
-  vpc_id      = var.vpc_id
-
-  # ingress
-  ingress_with_cidr_blocks = [
-    {
-      description = "openedx_devops: Redis access from within VPC"
-      from_port   = var.port
-      to_port     = var.port
-      protocol    = "tcp"
-      cidr_blocks = join(",", var.ingress_cidr_blocks)
-    },
-  ]
-
-  egress_with_cidr_blocks = [
-    {
-      description      = "openedx_devops: Node all egress"
-      protocol         = "-1"
-      from_port        = 0
-      to_port          = 0
-      type             = "egress"
-      cidr_blocks      = "0.0.0.0/0"
-      ipv6_cidr_blocks = "::/0"
-    },
-  ]
-
-  tags = var.tags
-
-}
-
-
-module "redis" {
-  source = "./modules/elasticache"
-
-  description                = local.name
-  create_random_auth_token   = var.create_random_auth_token
-  subnet_ids                 = var.subnet_ids
-  engine                     = var.engine
-  engine_version             = var.engine_version
-  num_cache_clusters         = var.num_cache_clusters
-  port                       = var.port
-  vpc_security_group_ids     = [module.security_group.security_group_id]
-  transit_encryption_enabled = var.transit_encryption_enabled
-  family                     = var.family
-  node_type                  = var.node_type
-  tags                       = var.tags
-}

{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/outputs.tf

@@ -6,23 +6,3 @@
 #
 # usage: create an ElastiCache Redis cache
 #------------------------------------------------------------------------------
-output "configuration_endpoint_address" {
-  description = "The configuration endpoint address to allow host discovery."
-  value       = module.redis.configuration_endpoint_address
-}
-
-output "primary_endpoint_address" {
-  description = "The address of the endpoint for the primary node in the replication group, if the cluster mode is disabled."
-  value       = module.redis.primary_endpoint_address
-}
-
-output "member_clusters" {
-  description = "The identifiers of all the nodes that are part of this replication group."
-  value       = module.redis.member_clusters
-}
-
-output "auth_token" {
-  description = "The password used to access the Redis protected server."
-  value       = module.redis.auth_token
-  sensitive   = true
-}

{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/route53.tf

@@ -6,12 +6,17 @@ data "aws_route53_zone" "environment_domain" {
   }
 }
 
-resource "aws_route53_record" "primary" {
+data "kubernetes_secret" "service_redis" {
+  metadata {
+    name      = "redis"
+    namespace = var.shared_resource_namespace
+  }
+}
 
+resource "aws_route53_record" "redis_primary" {
   zone_id = data.aws_route53_zone.environment_domain.id
   name    = "redis.primary"
   type    = "CNAME"
   ttl     = "300"
-  records = ["${module.redis.primary_endpoint_address}"]
-
+  records = ["${data.kubernetes_secret.service_redis.data.REDIS_HOST}"]
 }

{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/variables.tf

@@ -9,187 +9,20 @@
 variable "environment_domain" {
   type = string
 }
-
-variable "shared_resource_namespace" {
+variable "services_subdomain" {
   type = string
 }
-variable "create_elasticache_instance" {
-  description = "Whether to create a cache instance"
-  type        = bool
-  default     = true
-}
-
-variable "replication_group_description" {
-  description = "A user-created description for the replication group."
-  type        = string
-}
-
-variable "node_type" {
-  description = "The instance type of the ElastiCache instance"
-  type        = string
-}
-
-variable "multi_az" {
-  description = "Specifies if the ElastiCache cluster is multi-AZ"
-  type        = bool
-  default     = false
-}
-
-variable "num_cache_clusters" {
-  description = "The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2."
-  type        = number
-  default     = "2"
-}
-
-variable "engine" {
-  description = "he name of the cache engine to be used for the clusters in this replication group. The only valid value is redis"
-  type        = string
-  default     = "redis"
-}
-
-variable "engine_version" {
-  description = "The engine version that your ElastiCache Cluster will use. This will differ between the use of 'redis' or 'memcached'. The default is '5.0.6' with redis being the assumed engine."
-  type        = string
-  default     = "6.x"
-}
-
-variable "port" {
-  description = "The port on which the ElastiCache accepts connections"
-  type        = string
-}
-
-variable "create_random_auth_token" {
-  description = "Whether to create random password for RDS primary cluster"
-  type        = bool
-  default     = false
-}
-
-variable "auth_token" {
-  description = "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file"
-  type        = string
-  default     = null
-}
-
-variable "transit_encryption_enabled" {
-  description = "Whether to enable encryption in transit."
-  type        = bool
-  default     = null
-}
-
-# ElastiCache subnet group
-variable "create_elasticache_subnet_group" {
-  description = "Whether to create a elasticache subnet group"
-  type        = bool
-  default     = true
-}
-
-variable "elasticache_subnet_group_name" {
-  description = "Name of ElastiCache subnet group. ElastiCache instance will be created in the VPC associated with the ElastiCache subnet group. If unspecified, will be created in the default VPC"
-  type        = string
-  default     = null
-}
-
-variable "elasticache_subnet_group_use_name_prefix" {
-  description = "Determines whether to use `subnet_group_name` as is or create a unique name beginning with the `subnet_group_name` as the prefix"
-  type        = bool
-  default     = true
-}
-
-variable "elasticache_subnet_group_description" {
-  description = "Description of the ElastiCache subnet group to create"
-  type        = string
-  default     = ""
-}
-
-variable "subnet_ids" {
-  description = "A list of VPC subnet IDs"
-  type        = list(string)
-  default     = []
-}
-
-
-
-variable "elasticache_instance_tags" {
-  description = "Additional tags for the ElastiCache instance"
-  type        = map(string)
-  default     = {}
-}
-
-variable "elasticache_option_group_tags" {
-  description = "Additional tags for the ElastiCache option group"
-  type        = map(string)
-  default     = {}
-}
-
-variable "elasticache_parameter_group_tags" {
-  description = "Additional tags for the  ElastiCache parameter group"
-  type        = map(string)
-  default     = {}
-}
-
-variable "elasticache_subnet_group_tags" {
-  description = "Additional tags for the ElastiCache subnet group"
-  type        = map(string)
-  default     = {}
-}
-
-
-# ElastiCache parameter group
-variable "create_elasticache_parameter_group" {
-  description = "Whether to create a database parameter group"
-  type        = bool
-  default     = true
-}
-
-variable "parameter_group_name" {
-  description = "Name of the parameter group to associate with this cache cluster. Again this will differ between the use of 'redis' or 'memcached' and your engine version. The default is 'default.redis6.x'."
-  type        = string
-  default     = null
-}
-
-variable "parameter_group_description" {
-  description = "Description of the ElastiCache parameter group to create"
-  type        = string
-  default     = ""
-}
-
-variable "family" {
-  description = "The family of the ElastiCache parameter group"
-  type        = string
-  default     = ""
-}
-
-variable "parameters" {
-  description = "A list of ElastiCache parameters (map) to apply"
-  type        = list(map(string))
-  default     = []
-}
-
-variable "vpc_id" {
-  description = "ID of  the VPC where to create security groups"
-  type        = string
-  default     = null
-}
-
-variable "ingress_cidr_blocks" {
-  description = "List of IPv4 CIDR ranges to use on all ingress rules"
-  type        = list(string)
-  default     = []
-}
-
 variable "environment_namespace" {
   description = "kubernetes namespace where to place resources"
   type        = string
 }
 
-variable "resource_name" {
-  description = "the full environment-qualified name of this resource."
-  type        = string
-}
-
-
 variable "tags" {
   description = "collection of all tags to add to this resource. execting the combination of global + environment + resouce tags."
   type        = map(string)
   default     = {}
 }
+
+variable "shared_resource_namespace" {
+  type = string
+}