Skip to content

Commit

Permalink
Add PostgreSQL flexible server and replica Terraform configurations
Browse files Browse the repository at this point in the history 
This commit introduces Terraform modules for creating and managing PostgreSQL flexible servers and replicas. Key features include support for high availability, private endpoints, and metrics/alerts configurations. Also includes outputs and required version/provider specifications for both main and replica modules.
  • Loading branch information
@ffppa
ffppa committed Jan 27, 2025
1 parent f63feb2 commit addc6c6
Show file tree
Hide file tree
Showing 25 changed files with 2,789 additions and 0 deletions.
100 changes: 100 additions & 0 deletions postgres_flexible_server/01_main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
resource "null_resource" "ha_sku_check" {
count = var.high_availability_enabled == true && length(regexall("^B_.*", var.sku_name)) > 0 ? "ERROR: High Availability is not allow for Burstable(B) series" : 0
}

resource "null_resource" "pgbouncer_check" {
count = length(regexall("^B_.*", var.sku_name)) > 0 && var.pgbouncer_enabled ? "ERROR: PgBouncer is not allow for Burstable(B) series" : 0
}

resource "azurerm_postgresql_flexible_server" "this" {

name = var.name
location = var.location
resource_group_name = var.resource_group_name
version = var.db_version

#
# Backup
#
backup_retention_days = var.backup_retention_days
geo_redundant_backup_enabled = var.geo_redundant_backup_enabled
create_mode = var.create_mode
zone = var.zone

#
# Network
#

# The provided subnet should not have any other resource deployed in it and this subnet will be delegated to the PostgreSQL Flexible Server, if not already delegated.
delegated_subnet_id = var.private_endpoint_enabled ? var.delegated_subnet_id : null
# private_dns_zobe_id will be required when setting a delegated_subnet_id
private_dns_zone_id = var.private_endpoint_enabled ? var.private_dns_zone_id : null
public_network_access_enabled = var.public_network_access_enabled

administrator_login = var.administrator_login
administrator_password = var.administrator_password

storage_mb = var.storage_mb
sku_name = var.sku_name

dynamic "high_availability" {
for_each = var.high_availability_enabled && var.standby_availability_zone != null ? ["dummy"] : []

content {
#only possible value
mode = "ZoneRedundant"
standby_availability_zone = var.standby_availability_zone
}
}

# Enable Customer managed key encryption
dynamic "customer_managed_key" {
for_each = var.customer_managed_key_enabled ? [1] : []
content {
key_vault_key_id = var.customer_managed_key_kv_key_id
primary_user_assigned_identity_id = var.primary_user_assigned_identity_id
}
}

dynamic "identity" {
for_each = var.customer_managed_key_enabled ? [1] : []
content {
type = "UserAssigned"
identity_ids = [var.primary_user_assigned_identity_id]
}

}

dynamic "maintenance_window" {
for_each = var.maintenance_window_config != null ? ["dummy"] : []

content {
day_of_week = var.maintenance_window_config.day_of_week
start_hour = var.maintenance_window_config.start_hour
start_minute = var.maintenance_window_config.start_minute
}
}

tags = var.tags

} # end azurerm_postgresql_flexible_server

# Configure: Enable PgBouncer
resource "azurerm_postgresql_flexible_server_configuration" "pgbouncer_enabled" {

count = var.pgbouncer_enabled ? 1 : 0

name = "pgbouncer.enabled"
server_id = azurerm_postgresql_flexible_server.this.id
value = "True"
}


resource "azurerm_private_dns_cname_record" "cname_record" {
count = var.private_dns_registration ? 1 : 0
name = var.private_dns_record_cname
zone_name = var.private_dns_zone_name
resource_group_name = var.private_dns_zone_rg_name
ttl = var.private_dns_cname_record_ttl
record = azurerm_postgresql_flexible_server.this.fqdn
}
52 changes: 52 additions & 0 deletions postgres_flexible_server/02_monitor_flexible.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
#
# Monitor Metrics
#
resource "azurerm_monitor_metric_alert" "this" {
for_each = local.metric_alerts

enabled = var.alerts_enabled
name = "${var.name}-${upper(each.key)}"
resource_group_name = var.resource_group_name
scopes = [azurerm_postgresql_flexible_server.this.id]
frequency = each.value.frequency
window_size = each.value.window_size
severity = each.value.severity

dynamic "action" {
for_each = var.alert_action
content {
# action_group_id - (required) is a type of string
action_group_id = action.value["action_group_id"]
# webhook_properties - (optional) is a type of map of string
webhook_properties = action.value["webhook_properties"]
}
}

criteria {
aggregation = each.value.aggregation
metric_namespace = each.value.metric_namespace
metric_name = each.value.metric_name
operator = each.value.operator
threshold = each.value.threshold
}
}

#
# Diagnostic settings
#
resource "azurerm_monitor_diagnostic_setting" "this" {
count = var.diagnostic_settings_enabled ? 1 : 0
name = "LogSecurity"
target_resource_id = azurerm_postgresql_flexible_server.this.id
log_analytics_workspace_id = var.log_analytics_workspace_id
storage_account_id = var.diagnostic_setting_destination_storage_id

enabled_log {
category = "PostgreSQLLogs"
}

metric {
category = "AllMetrics"
enabled = false
}
}
29 changes: 29 additions & 0 deletions postgres_flexible_server/03_outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
output "id" {
value = azurerm_postgresql_flexible_server.this.id
}

output "name" {
value = azurerm_postgresql_flexible_server.this.name
}

output "fqdn" {
value = azurerm_postgresql_flexible_server.this.fqdn
}

output "public_access_enabled" {
value = azurerm_postgresql_flexible_server.this.public_network_access_enabled
}

output "administrator_login" {
value = var.administrator_login
}

output "administrator_password" {
value = var.administrator_password
sensitive = true
}

output "connection_port" {
value = var.pgbouncer_enabled ? "6432" : "5432"
sensitive = false
}
Loading

0 comments on commit addc6c6

Please sign in to comment.