feat(infra): enable HA and increase retention for postgresql (#1955)

## Description Enables High Availability for Staging and Production instances using availability zones: https://learn.microsoft.com/en-us/azure/reliability/reliability-postgresql-flexible-server?toc=%2Fazure%2Fpostgresql%2Ftoc.json&bc=%2Fazure%2Fpostgresql%2Fbreadcrumb%2Ftoc.json#availability-zone-support Add retention to 32 days in production, using the default 7 days for other environments. ## Related Issue(s) - #164 ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)
Altinn · Feb 26, 2025 · 84a3fc6 · 84a3fc6
1 parent f9d2099
commit 84a3fc6
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 0 deletions.
diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep
@@ -62,6 +62,8 @@ param postgresConfiguration {
   storage: PostgresStorageConfig
   enableIndexTuning: bool
   enableQueryPerformanceInsight: bool
+  enableHighAvailability: bool
+  backupRetentionDays: int
 }
 
 import { Sku as ServiceBusSku } from '../modules/serviceBus/main.bicep'
@@ -214,6 +216,8 @@ module postgresql '../modules/postgreSql/create.bicep' = {
     enableQueryPerformanceInsight: postgresConfiguration.enableQueryPerformanceInsight
     subnetId: vnet.outputs.postgresqlSubnetId
     vnetId: vnet.outputs.virtualNetworkId
+    enableHighAvailability: postgresConfiguration.enableHighAvailability
+    backupRetentionDays: postgresConfiguration.backupRetentionDays
     tags: tags
   }
 }

diff --git a/.azure/infrastructure/prod.bicepparam b/.azure/infrastructure/prod.bicepparam
@@ -36,6 +36,8 @@ param postgresConfiguration = {
   }
   enableIndexTuning: false
   enableQueryPerformanceInsight: false
+  enableHighAvailability: true
+  backupRetentionDays: 32
 }
 
 param redisSku = {

diff --git a/.azure/infrastructure/staging.bicepparam b/.azure/infrastructure/staging.bicepparam
@@ -36,6 +36,8 @@ param postgresConfiguration = {
   }
   enableIndexTuning: true
   enableQueryPerformanceInsight: true
+  enableHighAvailability: false
+  backupRetentionDays: 7
 }
 
 param redisSku = {

diff --git a/.azure/infrastructure/test.bicepparam b/.azure/infrastructure/test.bicepparam
@@ -36,6 +36,8 @@ param postgresConfiguration = {
   }
   enableIndexTuning: false
   enableQueryPerformanceInsight: true
+  enableHighAvailability: false
+  backupRetentionDays: 7
 }
 
 param redisSku = {

diff --git a/.azure/infrastructure/yt01.bicepparam b/.azure/infrastructure/yt01.bicepparam
@@ -38,6 +38,8 @@ param postgresConfiguration = {
   }
   enableIndexTuning: true
   enableQueryPerformanceInsight: true
+  enableHighAvailability: false
+  backupRetentionDays: 7
 }
 
 param redisSku = {

diff --git a/.azure/modules/postgreSql/create.bicep b/.azure/modules/postgreSql/create.bicep
@@ -52,6 +52,14 @@ param enableIndexTuning bool
 @description('The name of the Application Insights workspace')
 param appInsightWorkspaceName string
 
+@description('Enable high availability')
+param enableHighAvailability bool
+
+@description('The number of days to retain backups. If not specified, the default value of 7 days will be used.')
+@minValue(7)
+@maxValue(35)
+param backupRetentionDays int
+
 @description('The Key Vault to store the PostgreSQL administrator login password')
 @secure()
 param srcKeyVault object
@@ -86,6 +94,11 @@ module privateDnsZone '../privateDnsZone/main.bicep' = {
   }
 }
 
+var highAvailabilityConfig = enableHighAvailability ? {
+  mode: 'ZoneRedundant'
+  standbyAvailabilityZone: '2'
+} : null
+
 resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
   name: postgresServerName
   location: location
@@ -98,6 +111,10 @@ resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
       autoGrow: storage.autoGrow
       type: storage.type
     }
+    backup: {
+      backupRetentionDays: backupRetentionDays
+      geoRedundantBackup: 'Disabled'
+    }
     dataEncryption: {
       type: 'SystemManaged'
     }
@@ -106,6 +123,7 @@ resource postgres 'Microsoft.DBforPostgreSQL/flexibleServers@2024-08-01' = {
       delegatedSubnetResourceId: subnetId
       privateDnsZoneArmResourceId: privateDnsZone.outputs.id
     }
+    highAvailability: highAvailabilityConfig
   }
   sku: sku
   resource database 'databases' = {