diff --git a/.gitignore b/.gitignore
index 6e255ef..f0174c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,4 @@
*.tfvars
*.pem
vars
-.helmignore
\ No newline at end of file
+.helmignore
diff --git a/README.md b/README.md
index e5f5550..b8893f8 100644
--- a/README.md
+++ b/README.md
@@ -166,9 +166,9 @@ The required IAM permissions to create resources from this module can be found [
| [performance\_insights\_enabled](#input\_performance\_insights\_enabled) | Specifies whether Performance Insights are enabled | `bool` | `false` | no |
| [performance\_insights\_retention\_period](#input\_performance\_insights\_retention\_period) | The amount of time in days to retain Performance Insights data. Valid values are `7`, `731` (2 years) or a multiple of `31` | `number` | `7` | no |
| [port](#input\_port) | The port number for the database | `number` | `5432` | no |
-| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | {
"bucket_uri": "",
"cron_for_full_backup": "",
"postgres_database_name": "",
"s3_bucket_region": ""
} | no |
+| [postgresdb\_backup\_config](#input\_postgresdb\_backup\_config) | configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `map(string)` | {
"bucket_uri": "",
"cron_for_full_backup": "",
"postgres_database_name": ""
} | no |
| [postgresdb\_backup\_enabled](#input\_postgresdb\_backup\_enabled) | Specifies whether to enable backups for MySQL database. | `bool` | `false` | no |
-| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | {
"bucket_uri": "",
"file_name": "",
"s3_bucket_region": ""
} | no |
+| [postgresdb\_restore\_config](#input\_postgresdb\_restore\_config) | Configuration options for restoring dump to the MySQL database. | `any` | {
"bucket_uri": "",
"file_name": ""
} | no |
| [postgresdb\_restore\_enabled](#input\_postgresdb\_restore\_enabled) | Specifies whether to enable restoring dump to the MySQL database. | `bool` | `false` | no |
| [publicly\_accessible](#input\_publicly\_accessible) | Specifies whether the RDS instance is publicly accessible over the internet | `bool` | `false` | no |
| [random\_password\_length](#input\_random\_password\_length) | The length of the randomly generated password for the RDS primary cluster (default: 16) | `number` | `16` | no |
diff --git a/examples/complete-psql-replica/main.tf b/examples/complete-psql-replica/main.tf
index 3e2d328..b7245f7 100644
--- a/examples/complete-psql-replica/main.tf
+++ b/examples/complete-psql-replica/main.tf
@@ -115,16 +115,16 @@ module "rds-pg" {
slack_channel = "postgresql-notification"
slack_webhook_url = "https://hooks/xxxxxxxx"
custom_user_password = local.custom_user_password
- #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn.
+ #if you want backup and restore then you have to create your cluster with rds vpc , subnet, key_arn.
#And allow cluster security group in rds security group
- # cluster_name = "cluster-name"
+ # cluster_name = "cluster-name"
# namespace = local.namespace
# create_namespace = local.create_namespace
# postgresdb_backup_enabled = false
# postgresdb_backup_config = {
# postgres_database_name = "" # which database backup you want
# s3_bucket_region = "" #s3 bucket region
- # cron_for_full_backup = "*/3 * * * *"
+ # cron_for_full_backup = "*/3 * * * *"
# bucket_uri = "s3://xyz" #s3 bucket uri
# }
# postgresdb_restore_enabled = false
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 780dc90..8a26232 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -112,7 +112,7 @@ module "rds-pg" {
storage_type = local.storage_type
engine_version = local.engine_version
instance_class = local.instance_class
- master_username = "admin"
+ master_username = "pguser"
allocated_storage = "20"
max_allocated_storage = 120
publicly_accessible = false
diff --git a/helm/values/backup/values.yaml b/helm/values/backup/values.yaml
index 15fe1a8..ae304b5 100644
--- a/helm/values/backup/values.yaml
+++ b/helm/values/backup/values.yaml
@@ -1,7 +1,6 @@
## Enable Full backup
backup:
bucket_uri: ${bucket_uri}
- aws_default_region: ${s3_bucket_region}
cron_for_full_backup: "${cron_for_full_backup}"
postgres_database_name: "${postgres_database_name}"
database_endpoint: "${db_endpoint}"
diff --git a/helm/values/restore/values.yaml b/helm/values/restore/values.yaml
index 5c9874b..13dbf8d 100644
--- a/helm/values/restore/values.yaml
+++ b/helm/values/restore/values.yaml
@@ -1,10 +1,8 @@
restore:
bucket_uri: ${bucket_uri}
- aws_default_region: ${s3_bucket_region}
db_endpoint: "${db_endpoint}"
db_password: "${db_password}"
db_username: "${db_username}"
- DB_NAME: "${DB_NAME}"
backup_file_name: "${backup_file_name}"
auth:
diff --git a/main.tf b/main.tf
index 7c31468..9aa3795 100644
--- a/main.tf
+++ b/main.tf
@@ -2,6 +2,11 @@ data "aws_region" "current" {}
data "aws_availability_zones" "available" {}
locals {
+
+ db_password = var.custom_user_password != "" ? var.custom_user_password : (
+ length(random_password.master) > 0 ? element(random_password.master, 0).result : var.custom_user_password
+ )
+
tags = {
Automation = "true"
Environment = var.environment
@@ -167,16 +172,13 @@ resource "random_password" "master" {
}
resource "aws_secretsmanager_secret_version" "rds_credentials" {
- count = length(random_password.master) > 0 ? 1 : 0
- secret_id = aws_secretsmanager_secret.secret_master_db.id
- secret_string = < 0 ? element(random_password.master, 0).result : var.custom_password,
- "engine": "${var.engine}",
- "host": "${module.db.db_instance_endpoint}"
-}
-EOF
+ secret_id = aws_secretsmanager_secret.secret_master_db.id
+ secret_string = jsonencode({
+ username = module.db.db_instance_username
+ password = local.db_password
+ engine = var.engine
+ host = module.db.db_instance_endpoint
+ })
}
# Cloudwatch alarms
@@ -319,30 +321,30 @@ resource "aws_lambda_permission" "sns_lambda_slack_invoke" {
}
module "backup_restore" {
- depends_on = [module.db]
- source = "./modules/db-backup-restore"
- cluster_name = var.cluster_name
- namespace = var.namespace
- create_namespace = var.create_namespace
+ depends_on = [module.db]
+ source = "./modules/db-backup-restore"
+ cluster_name = var.cluster_name
+ namespace = var.namespace
+ create_namespace = var.create_namespace
postgresdb_backup_enabled = var.postgresdb_backup_enabled
postgresdb_backup_config = {
- db_username = var.master_username
- db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
- postgres_database_name = var.postgresdb_backup_config.postgres_database_name
- s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region
- cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup
+ db_username = var.master_username
+ db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
+ postgres_database_name = var.postgresdb_backup_config.postgres_database_name
+ # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region
+ cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup
bucket_uri = var.postgresdb_backup_config.bucket_uri
db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
}
postgresdb_restore_enabled = var.postgresdb_restore_enabled
- postgresdb_restore_config = {
- db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
- db_username = var.master_username
- db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
- bucket_uri = var.postgresdb_restore_config.bucket_uri
- s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region
- DB_NAME = var.postgresdb_restore_config.DB_NAME,
- backup_file_name = var.postgresdb_restore_config.backup_file_name,
+ postgresdb_restore_config = {
+ db_endpoint = replace(var.replica_enable ? module.db_replica[0].db_instance_endpoint : module.db.db_instance_endpoint, ":5432", "")
+ db_username = var.master_username
+ db_password = var.custom_user_password != "" ? var.custom_user_password : nonsensitive(random_password.master[0].result)
+ bucket_uri = var.postgresdb_restore_config.bucket_uri
+ # s3_bucket_region = var.postgresdb_restore_config.s3_bucket_region
+ # DB_NAME = var.postgresdb_restore_config.DB_NAME,
+ backup_file_name = var.postgresdb_restore_config.backup_file_name,
}
}
diff --git a/modules/db-backup-restore/backup/templates/cronjob.yaml b/modules/db-backup-restore/backup/templates/cronjob.yaml
index 3f83bcd..f32d59e 100644
--- a/modules/db-backup-restore/backup/templates/cronjob.yaml
+++ b/modules/db-backup-restore/backup/templates/cronjob.yaml
@@ -18,20 +18,20 @@ spec:
serviceAccountName: sa-postgres-backup
containers:
- name: backup-postgresdb
- image: divyanshujain11/rds:postgres-backup-restore
+ image: amanravi12/postgresql-backup:v5
imagePullPolicy: Always
- command: ["./backup.sh"]
+ command: ["/backup/backup_script.sh"]
env:
- - name: db_endpoint
+ - name: DB_HOST
value: {{ .Values.backup.database_endpoint }}
- - name: db_username
+ - name: DB_USER
value: {{ .Values.backup.database_user }}
- - name: db_password
+ - name: DB_PASSWORD
value: {{ .Values.backup.database_password }}
- - name: bucket_uri
+ - name: S3_BUCKET
value: {{ .Values.backup.bucket_uri }}
- - name: AWS_DEFAULT_REGION
- value: {{ .Values.backup.aws_default_region}}
- - name: postgres_database_name
+ - name: DB_PORT
+ value: "5432"
+ - name: DB_NAME
value: {{ .Values.backup.postgres_database_name }}
resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }}
diff --git a/modules/db-backup-restore/main.tf b/modules/db-backup-restore/main.tf
index 2ac2342..60c0f71 100644
--- a/modules/db-backup-restore/main.tf
+++ b/modules/db-backup-restore/main.tf
@@ -8,21 +8,22 @@ resource "kubernetes_namespace" "postgresdb" {
resource "helm_release" "postgresdb_backup" {
count = var.postgresdb_backup_enabled ? 1 : 0
+ depends_on = [kubernetes_namespace.postgresdb]
name = "postgresdb-backup"
chart = "../../modules/db-backup-restore/backup"
timeout = 600
namespace = var.namespace
values = [
templatefile("../../helm/values/backup/values.yaml", {
- bucket_uri = var.postgresdb_backup_config.bucket_uri,
- postgres_database_name = var.postgresdb_backup_config.postgres_database_name,
- db_endpoint = var.postgresdb_backup_config.db_endpoint,
- db_password = var.postgresdb_backup_config.db_password ,
- db_username = var.postgresdb_backup_config.db_username ,
- s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region ,
- cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup,
- annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
- })
+ bucket_uri = var.postgresdb_backup_config.bucket_uri,
+ postgres_database_name = var.postgresdb_backup_config.postgres_database_name,
+ db_endpoint = var.postgresdb_backup_config.db_endpoint,
+ db_password = var.postgresdb_backup_config.db_password,
+ db_username = var.postgresdb_backup_config.db_username,
+ # s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region ,
+ cron_for_full_backup = var.postgresdb_backup_config.cron_for_full_backup,
+ annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_backup_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_backup}"
+ })
]
}
@@ -30,20 +31,19 @@ resource "helm_release" "postgresdb_backup" {
## DB dump restore
resource "helm_release" "postgresdb_restore" {
count = var.postgresdb_restore_enabled ? 1 : 0
+ depends_on = [kubernetes_namespace.postgresdb]
name = "postgresdb-restore"
chart = "../../modules/db-backup-restore/restore"
timeout = 600
namespace = var.namespace
values = [
templatefile("../../helm/values/restore/values.yaml", {
- bucket_uri = var.postgresdb_restore_config.bucket_uri,
- db_endpoint = var.postgresdb_restore_config.db_endpoint ,
- db_password = var.postgresdb_restore_config.db_password,
- s3_bucket_region = var.postgresdb_backup_config.s3_bucket_region ,
- db_username = var.postgresdb_restore_config.db_username ,
- DB_NAME = var.postgresdb_restore_config.DB_NAME,
- backup_file_name = var.postgresdb_restore_config.backup_file_name,
- annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
+ bucket_uri = var.postgresdb_restore_config.bucket_uri,
+ db_endpoint = var.postgresdb_restore_config.db_endpoint,
+ db_password = var.postgresdb_restore_config.db_password,
+ db_username = var.postgresdb_restore_config.db_username,
+ backup_file_name = var.postgresdb_restore_config.backup_file_name,
+ annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn: ${aws_iam_role.postgres_restore_role.arn}" : "iam.gke.io/gcp-service-account: ${var.service_account_restore}"
})
]
-}
\ No newline at end of file
+}
diff --git a/modules/db-backup-restore/restore/templates/job.yaml b/modules/db-backup-restore/restore/templates/job.yaml
index f39b80d..fa2e0fd 100644
--- a/modules/db-backup-restore/restore/templates/job.yaml
+++ b/modules/db-backup-restore/restore/templates/job.yaml
@@ -9,9 +9,9 @@ spec:
serviceAccountName: sa-postgres-restore
containers:
- name: restore-postgresdb
- image: divyanshujain11/rds:postgres-backup-restore
+ image: amanravi12/postgresql-restore:v6
imagePullPolicy: Always
- command: ["./restore.sh"]
+ command: ["/restore/restore_script.sh"]
env:
- name: DB_HOST
value: {{ .Values.restore.db_endpoint }}
@@ -19,12 +19,14 @@ spec:
value: {{ .Values.restore.db_username }}
- name: DB_PASSWORD
value: {{ .Values.restore.db_password }}
- - name: bucket_uri
+ - name: POSTGRESQL_BUCKET_RESTORE_URI
value: {{ .Values.restore.bucket_uri }}
- - name: DB_NAME
- value: {{ .Values.restore.DB_NAME }}
- - name: backup_file_name
+ - name: DB_PORT
+ value: "5432"
+ # - name: DB_NAME
+ # value: {{ .Values.restore.DB_NAME }}
+ - name: RESTORE_FILE_NAME
value: {{ .Values.restore.backup_file_name }}
resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }}
restartPolicy: Never
- backoffLimit: 4
\ No newline at end of file
+ backoffLimit: 4
diff --git a/modules/db-backup-restore/roles.tf b/modules/db-backup-restore/roles.tf
index a19589b..0abc253 100644
--- a/modules/db-backup-restore/roles.tf
+++ b/modules/db-backup-restore/roles.tf
@@ -95,4 +95,4 @@ resource "aws_iam_role" "postgres_restore_role" {
]
})
}
-}
\ No newline at end of file
+}
diff --git a/modules/db-backup-restore/variables.tf b/modules/db-backup-restore/variables.tf
index d2e7f8d..1a23f03 100644
--- a/modules/db-backup-restore/variables.tf
+++ b/modules/db-backup-restore/variables.tf
@@ -66,9 +66,9 @@ variable "cluster_name" {
}
variable "postgresdb_permission" {
- default = false
+ default = false
description = "access"
- type = bool
+ type = bool
}
variable "bucket_provider_type" {
@@ -93,10 +93,10 @@ variable "postgresdb_restore_enabled" {
variable "postgresdb_backup_config" {
type = map(string)
default = {
- bucket_uri = ""
- s3_bucket_region = ""
- cron_for_full_backup = ""
- postgres_database_name = ""
+ bucket_uri = ""
+ s3_bucket_region = ""
+ cron_for_full_backup = ""
+ postgres_database_name = ""
# db_endpoint=""
}
description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups."
@@ -105,10 +105,10 @@ variable "postgresdb_backup_config" {
variable "postgresdb_restore_config" {
type = any
default = {
- bucket_uri = ""
- file_name = ""
- s3_bucket_region = ""
- DB_NAME = ""
+ bucket_uri = ""
+ file_name = ""
+ # s3_bucket_region = ""
+ DB_NAME = ""
backup_file_name = ""
}
description = "Configuration options for restoring dump to the MySQL database."
diff --git a/variables.tf b/variables.tf
index b8dc7b7..db9bf05 100644
--- a/variables.tf
+++ b/variables.tf
@@ -346,10 +346,10 @@ variable "bucket_provider_type" {
variable "postgresdb_backup_config" {
type = map(string)
default = {
- bucket_uri = ""
- s3_bucket_region = ""
- cron_for_full_backup = ""
- postgres_database_name = ""
+ bucket_uri = ""
+ # s3_bucket_region = ""
+ cron_for_full_backup = ""
+ postgres_database_name = ""
# db_endpoint=""
}
description = "configuration options for MySQL database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups."
@@ -358,9 +358,9 @@ variable "postgresdb_backup_config" {
variable "postgresdb_restore_config" {
type = any
default = {
- bucket_uri = ""
- file_name = ""
- s3_bucket_region = ""
+ bucket_uri = ""
+ file_name = ""
+ # s3_bucket_region = ""
}
description = "Configuration options for restoring dump to the MySQL database."
}
@@ -369,4 +369,4 @@ variable "cluster_name" {
type = string
default = ""
description = "Specifies the name of the EKS cluster to deploy the MySQL application on."
-}
\ No newline at end of file
+}