added alarms configuration

pagopa · Nov 23, 2023 · 4640cbf · 4640cbf
1 parent 9d4f08e
commit 4640cbf
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 0 deletions.
diff --git a/kubernetes_velero_backup/02_alarms.tf b/kubernetes_velero_backup/02_alarms.tf
@@ -0,0 +1,36 @@
+resource "azurerm_monitor_scheduled_query_rules_alert" "backup_alert" {
+  for_each = var.alert_enabled ? toset(var.namespaces) : toset([])
+
+  name                = "${var.backup_name}-${each.value}-execution-alert"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+
+
+   dynamic "action" {
+    for_each = var.alert_action
+    content {
+      action_group = action.value["action_group_id"]
+      custom_webhook_payload = action.value["webhook_properties"]
+      email_subject          = "AKS backup for ${each.value} not performed"
+    }
+  }
+
+  data_source_id = var.log_analytics_workspace_id
+  description    = "Alert when AKS backup execution for namespace ${each.value} is missing"
+  enabled        = true
+  # Count all records containing "bakup completed" and the namespace of the backup of the backup
+  query       = <<-QUERY
+  ContainerLog
+  | where LogEntry has "Backup completed"
+  | where LogEntry has "${lower(each.value)}"
+  | summarize count()
+  QUERY
+  severity    = 1
+  frequency   = var.alert_frequency
+  time_window = var.alert_window
+  trigger {
+    operator  = "LessThan"
+    threshold = var.alert_min_events
+  }
+  tags = var.tags
+}
diff --git a/kubernetes_velero_backup/99_variables.tf b/kubernetes_velero_backup/99_variables.tf
@@ -30,3 +30,59 @@ variable "aks_cluster_name" {
   type        = string
   description = "(Required) Name of the aks cluster on which Velero will be installed"
 }
+
+variable "tags" {
+  type = map(any)
+}
+
+variable "location" {
+  type        = string
+  description = " (Required) Specifies the Azure Region where the resource should exist. Changing this forces a new resource to be created."
+}
+
+variable "resource_group_name" {
+  type = string
+  description = "(Required) The name of the resource group in which to create the scheduled query rule instance. Changing this forces a new resource to be created."
+}
+
+
+variable "alert_action" {
+  description = "The ID of the Action Group and optional map of custom string properties to include with the post webhook operation."
+  type = set(object(
+    {
+      action_group_id    = string
+      webhook_properties = map(string)
+    }
+  ))
+  default = []
+}
+
+variable "log_analytics_workspace_id" {
+  type = string
+  description = "(Optional) Required if alert enabled. The log analytics workspace id where to run the query to analyze logs"
+  default = null
+}
+
+variable "alert_frequency" {
+  type = number
+  description = "(Optional) Required when alert enabled. frequency in minutes for which the alarm should be evaluated. min 5 max 1440"
+  default = 1440
+}
+
+variable "alert_window" {
+  type = number
+  description = "(Optional) Required when alert enabled. Number of minutes for which the data should be fetched. min 5 max 2880"
+  default = 1440
+}
+
+variable "alert_min_events" {
+  type = number
+  description = "(Optional) minimum number of backup events that should be found in the query result to not trigger the alert"
+  default = 1
+}
+
+variable "alert_enabled" {
+  type = bool
+  description = "(Optional) If true creates log insight alerts for each backed up namespace"
+  default = false
+}