Merge pull request #8 from ShibraAmin18/gcp

1. Added Azure and GCP cloud Compatibility
2. Enhanced Security:
    a. Credential Storage and Retrieval

Author: RohitSquareops

IAM.md

@@ -1,4 +1,4 @@
-## IAM Permission
+## AWS IAM Permission
 
 The Policy required to deploy this module:
 ```hcl
@@ -33,3 +33,17 @@ The Policy required to deploy this module:
     ]
 }
 ```
+## Azure Role Permissions
+
+```hcl
+  permissions {
+    actions = [
+    "Microsoft.KeyVault/locations/deletedVaults/read",
+    "Microsoft.KeyVault/vaults/delete",
+    "Microsoft.KeyVault/vaults/read",
+    "Microsoft.KeyVault/vaults/write",
+    "Microsoft.Resources/subscriptions/providers/read",
+    "Microsoft.Resources/subscriptions/resourcegroups/read"]
+    not_actions = []
+  }
+```

README.md

@@ -6,42 +6,77 @@
 
 ### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
 <br>
-This module allows users to customize the deployment by providing various input variables. Users can specify the name and environment of the Redis deployment, the chart and app version, the namespace in which the Redis deployment will be created, and whether to enable Grafana monitoring. The module also allows users to set the recovery window for the AWS Secrets Manager that is used to store the Redis password.
+This module allows users to customize the deployment by providing various input variables. Users can specify the name and environment of the Redis deployment, the chart and app version, the namespace in which the Redis deployment will be created, and whether to enable Grafana monitoring. This module provides options to create a new namespace, and to configure recovery windows for AWS Secrets Manager, Azure key vault & GCP secrets manager. With this module, users can easily deploy a highly available redis on AWS EKS, Azure AKS & GCP GKE Kubernetes clusters with the flexibility to customize their configurations according to their needs.
 <br><br>
 This module creates a Redis master and one or more Redis slaves, depending on the specified architecture. The module creates Kubernetes services for the Redis master and slave deployments, and exposes these services as endpoints that can be used to connect to the Redis database. Users can retrieve these endpoints using the module's outputs.
 
 ## Supported Versions :
 
-|  Redis Helm Chart Version    |     K8s supported version   |  
+|  Redis Helm Chart Version    |     K8s supported version (EKS, AKS & GKE)  |  
 | :-----:                       |         :---                |
 | **16.13.2**                     |    **1.23,1.24,1.25,1.26,1.27**           |
 
 ## Usage Example
 
 ```hcl
+locals {
+  name        = "redis"
+  region      = "eastus"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  create_namespace                 = true
+  namespace                        = "redis"
+  store_password_to_secret_manager = true
+  custom_credentials_enabled       = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
+}
+
+module "azure" {
+  source                           = "squareops/redis/kubernetes//modules/resources/azure"
+  resource_group_name              = "prod-skaf-rg"
+  resource_group_location          = local.region
+  environment                      = local.environment
+  name                             = local.name
+  store_password_to_secret_manager = local.store_password_to_secret_manager
+  custom_credentials_enabled       = local.custom_credentials_enabled
+  custom_credentials_config        = local.custom_credentials_config
+}
+
 module "redis" {
-  source                = "squareops/redis/kubernetes"
+  source           = "squareops/redis/kubernetes"
+  create_namespace = local.create_namespace
+  namespace        = local.namespace
   redis_config = {
-    name                             = "redis"
+    name                             = local.name
     values_yaml                      = ""
-    environment                      = "prod"
+    environment                      = local.environment
+    app_version                      = "6.2.7-debian-11-r11"
     architecture                     = "replication"
     slave_volume_size                = "10Gi"
     master_volume_size               = "10Gi"
-    storage_class_name               = "gp3"
+    storage_class_name               = "infra-service-sc"
     slave_replica_count              = 2
-    store_password_to_secret_manager = true
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+    secret_provider_type             = "azure"
   }
   grafana_monitoring_enabled = true
-  recovery_window_aws_secret = 0
-  custom_credentials_enabled = true
-  custom_credentials_config = {
-    password = "aajdhgduy3873683dh"
-  }
+  custom_credentials_enabled = local.custom_credentials_enabled
+  custom_credentials_config  = local.custom_credentials_config
+  redis_password             = local.custom_credentials_enabled ? "" : module.azure.redis_password
 }
 
+
+
 ```
-Refer [examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete) for more details.
+- Refer [AWS examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete/aws) for more details.
+- Refer [Azure examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete/azure) for more details.
+- Refer [GCP examples](https://github.com/squareops/terraform-kubernetes-redis/tree/main/examples/complete/gcp) for more details.
 
 ## IAM Permissions
 The required IAM permissions to create resources from this module can be found [here](https://github.com/squareops/terraform-kubernetes-redis/blob/main/IAM.md)
@@ -54,7 +89,7 @@ The required IAM permissions to create resources from this module can be found [
   5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
   6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
   7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
-  8. This module is compatible with EKS version 1.23, which is great news for users deploying the module on an EKS cluster running that version. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
+  8. This module is compatible with EKS, AKS & GKE which is great news for users deploying the module on an AWS, Azure & GCP cloud. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
@@ -64,10 +99,8 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | n/a |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ## Modules
 
@@ -77,11 +110,8 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_secretsmanager_secret.redis_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
-| [aws_secretsmanager_secret_version.redis_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [helm_release.redis](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.redis](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
-| [random_password.redis_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 
 ## Inputs
 
@@ -95,7 +125,8 @@ No modules.
 | <a name="input_grafana_monitoring_enabled"></a> [grafana\_monitoring\_enabled](#input\_grafana\_monitoring\_enabled) | Specify whether or not to deploy Redis exporter to collect Redis metrics for monitoring in Grafana. | `bool` | `false` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace where the Redis resources will be deployed. | `string` | `"redis"` | no |
 | <a name="input_recovery_window_aws_secret"></a> [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before it can delete the secret. The value can be 0 to force deletion without recovery, or a range from 7 to 30 days. | `number` | `0` | no |
-| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | <pre>{<br>  "architecture": "replication",<br>  "environment": "",<br>  "master_volume_size": "",<br>  "name": "",<br>  "slave_replica_count": 1,<br>  "slave_volume_size": "",<br>  "storage_class_name": "",<br>  "store_password_to_secret_manager": "",<br>  "values_yaml": ""<br>}</pre> | no |
+| <a name="input_redis_config"></a> [redis\_config](#input\_redis\_config) | Specify the configuration settings for Redis, including the name, environment, storage options, replication settings, store password to secret manager and custom YAML values. | `any` | <pre>{<br>  "architecture": "replication",<br>  "environment": "",<br>  "master_volume_size": "",<br>  "name": "",<br>  "slave_replica_count": 1,<br>  "slave_volume_size": "",<br>  "storage_class_name": "",<br>  "store_password_to_secret_manager": true,<br>  "values_yaml": ""<br>}</pre> | no |
+| <a name="input_redis_password"></a> [redis\_password](#input\_redis\_password) | n/a | `string` | `""` | no |
 
 ## Outputs
 

examples/complete/README.md renamed to examples/complete/aws/README.md

@@ -6,6 +6,7 @@
 ### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
 <br>
 This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements
 
@@ -16,7 +17,6 @@ No requirements.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-
 ## Modules
 
 | Name | Source | Version |
@@ -29,6 +29,8 @@ No requirements.
 |------|------|
 | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
 | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
+| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
+| [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source |
 
 ## Inputs
 

examples/complete/helm/values.yaml renamed to examples/complete/aws/helm/values.yaml

@@ -0,0 +1,49 @@
+locals {
+  name        = "redis"
+  region      = "us-east-2"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  create_namespace                 = true
+  namespace                        = "redis"
+  store_password_to_secret_manager = false
+  custom_credentials_enabled       = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
+}
+
+module "aws" {
+  source                           = "squareops/redis/kubernetes//modules/resources/aws"
+  environment                      = local.environment
+  name                             = local.name
+  store_password_to_secret_manager = local.store_password_to_secret_manager
+  custom_credentials_enabled       = local.custom_credentials_enabled
+  custom_credentials_config        = local.custom_credentials_config
+}
+
+module "redis" {
+  source           = "squareops/redis/kubernetes"
+  create_namespace = local.create_namespace
+  namespace        = local.namespace
+  redis_config = {
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    app_version                      = "6.2.7-debian-11-r11"
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "gp2"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+    secret_provider_type             = "aws"
+  }
+  grafana_monitoring_enabled = true
+  custom_credentials_enabled = local.custom_credentials_enabled
+  custom_credentials_config  = local.custom_credentials_config
+  redis_password             = local.custom_credentials_enabled ? "" : module.aws.redis_password
+}

examples/complete/aws/main.tf

@@ -0,0 +1,44 @@
+## Redis Example
+![squareops_avatar]
+
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
+
+### [SquareOps Technologies](https://squareops.com/) Your DevOps Partner for Accelerating cloud journey.
+<br>
+This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.70.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_azure"></a> [azure](#module\_azure) | squareops/redis/kubernetes//modules/resources/azure | n/a |
+| <a name="module_redis"></a> [redis](#module\_redis) | squareops/redis/kubernetes | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_redis_credential"></a> [redis\_credential](#output\_redis\_credential) | Redis credentials used for accessing the database. |
+| <a name="output_redis_endpoints"></a> [redis\_endpoints](#output\_redis\_endpoints) | Redis endpoints in the Kubernetes cluster. |
+<!-- END_TF_DOCS -->

examples/complete/output.tf renamed to examples/complete/aws/output.tf

@@ -0,0 +1,21 @@
+master:
+    affinity:
+        nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                    - key: "Addons-Services"
+                      operator: In
+                      values:
+                      - "true"
+
+replica:
+    affinity:
+        nodeAffinity:
+            requiredDuringSchedulingIgnoredDuringExecution:
+                nodeSelectorTerms:
+                - matchExpressions:
+                    - key: "Addons-Services"
+                      operator: In
+                      values:
+                      - "true"

examples/complete/provider.tf renamed to examples/complete/aws/provider.tf

@@ -0,0 +1,51 @@
+locals {
+  name        = "redis"
+  region      = "eastus"
+  environment = "prod"
+  additional_tags = {
+    Owner      = "organization_name"
+    Expires    = "Never"
+    Department = "Engineering"
+  }
+  create_namespace                 = true
+  namespace                        = "redis"
+  store_password_to_secret_manager = true
+  custom_credentials_enabled       = true
+  custom_credentials_config = {
+    password = "aajdhgduy3873683dh"
+  }
+}
+
+module "azure" {
+  source                           = "squareops/redis/kubernetes//modules/resources/azure"
+  resource_group_name              = "prod-skaf-rg"
+  resource_group_location          = local.region
+  environment                      = local.environment
+  name                             = local.name
+  store_password_to_secret_manager = local.store_password_to_secret_manager
+  custom_credentials_enabled       = local.custom_credentials_enabled
+  custom_credentials_config        = local.custom_credentials_config
+}
+
+module "redis" {
+  source           = "squareops/redis/kubernetes"
+  create_namespace = local.create_namespace
+  namespace        = local.namespace
+  redis_config = {
+    name                             = local.name
+    values_yaml                      = file("./helm/values.yaml")
+    environment                      = local.environment
+    app_version                      = "6.2.7-debian-11-r11"
+    architecture                     = "replication"
+    slave_volume_size                = "10Gi"
+    master_volume_size               = "10Gi"
+    storage_class_name               = "infra-service-sc"
+    slave_replica_count              = 2
+    store_password_to_secret_manager = local.store_password_to_secret_manager
+    secret_provider_type             = "azure"
+  }
+  grafana_monitoring_enabled = true
+  custom_credentials_enabled = local.custom_credentials_enabled
+  custom_credentials_config  = local.custom_credentials_config
+  redis_password             = local.custom_credentials_enabled ? "" : module.azure.redis_password
+}