Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: [PPANTT-190] infra ebollo #2568

Merged
merged 39 commits into from
Dec 4, 2024
Merged

feat: [PPANTT-190] infra ebollo #2568

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
335cdd4
[PPANTT-137] feat: updated modules and workload identity for aks-leon…
alessio-cialini Oct 14, 2024
c9ef711
[PPANTT-137] feat: updated modules and workload identity for aks-leon…
alessio-cialini Oct 14, 2024
2b126da
[PPANTT-190] feat: Introducing ebollo domain
alessio-cialini Nov 20, 2024
f149c0e
Merge branch 'PPANTT-137-feat-update-aks-and-identity-on-payopts' int…
alessio-cialini Nov 20, 2024
152b8c1
[PPANTT-190] feat: Updated domain terraform modules and aks to worklo…
alessio-cialini Nov 20, 2024
1bb8064
Merge branch 'main' into PPANTT-190-feat-infra-ebollo
alessio-cialini Nov 20, 2024
723c89d
[PPANTT-190] feat: Updated 00_alerts.tf
alessio-cialini Nov 20, 2024
997f970
Merge remote-tracking branch 'origin/PPANTT-190-feat-infra-ebollo' in…
alessio-cialini Nov 20, 2024
a72f928
[PPANTT-190] feat: Updated 02_namespace.tf, 05_aks_middleware_tools.t…
alessio-cialini Nov 21, 2024
e88dd70
[PPANTT-190] feat: Updated 00_data.tf
alessio-cialini Nov 21, 2024
35fe62f
Merge branch 'main' into PPANTT-190-feat-infra-ebollo
pasqualespica Nov 21, 2024
919ae70
apply secrets ebollo
pasqualespica Nov 21, 2024
802532b
fix
pasqualespica Nov 22, 2024
b5e9298
merge main
pasqualespica Nov 28, 2024
663a584
fix
pasqualespica Nov 28, 2024
5988b96
fix
pasqualespica Nov 28, 2024
21b898e
fix
pasqualespica Nov 28, 2024
0c74a55
fix
pasqualespica Nov 28, 2024
58c3203
fix
pasqualespica Nov 28, 2024
5c6bd4d
fix
pasqualespica Nov 28, 2024
df21d4b
[PPANTT-190] create apim product for mbd gps service
gioelemella Dec 2, 2024
cefe95c
[PPANTT-190] chore: Clean delete payopt
svariant Dec 2, 2024
4dd98ea
Merge branch 'main' into PPANTT-190-feat-infra-ebollo
svariant Dec 2, 2024
72653b2
Revert "fix"
svariant Dec 2, 2024
c67ba6e
Revert "fix"
svariant Dec 2, 2024
d51a341
Revert "fix"
svariant Dec 2, 2024
33323da
[PPANTT-190] Revert payopt merge
svariant Dec 2, 2024
ff721ee
[PPANTT-190] Delete duplicated folder
svariant Dec 2, 2024
ef26540
Merge branch 'PPANTT-190-feat-infra-ebollo' of https://github.com/pag…
gioelemella Dec 2, 2024
398e7b7
[PPANTT-190] fix: Typo mdb -> mbd
svariant Dec 2, 2024
5509f5d
Revert typo nodo-app
svariant Dec 2, 2024
7b11446
[PPANTT-190] feat: Update ebollo worload identity
svariant Dec 3, 2024
8f31d28
[PPANTT-190] feat: Add mbd-gps-service repo to ebollo github identity
svariant Dec 3, 2024
f0d3ed3
Merge branch 'main' into PPANTT-190-feat-infra-ebollo
gioelemella Dec 3, 2024
22e4458
[PPANTT-190] added gh runner configuration and fixed repo name
gioelemella Dec 3, 2024
4af8bef
merge main
pasqualespica Dec 4, 2024
a140663
fix
pasqualespica Dec 4, 2024
0e0aa0f
Merge branch 'PPANTT-190-feat-infra-ebollo' of https://github.com/pag…
gioelemella Dec 4, 2024
1110106
fix
pasqualespica Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/aks-leonardo/.terraform.lock.hcl
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

102 changes: 102 additions & 0 deletions src/domains/ebollo-app/.terraform.lock.hcl
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

143 changes: 143 additions & 0 deletions src/domains/ebollo-app/00_alerts.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
## MBD Service ##

resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-mbd-service-get-mbd-responsetime-upd" {
count = var.env_short == "p" ? 1 : 0
resource_group_name = "dashboards"
name = "pagopa-${var.env_short}-pagopa-ebollo-mbd-service-get-mbd-rest-responsetime @ _pagopa-mbd-service"
location = var.location

action {
action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
email_subject = "Email Header"
custom_webhook_payload = "{}"
}

data_source_id = data.azurerm_api_management.apim.id
description = "Response time for /mbd less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-mbd-service"
enabled = true
query = (<<-QUERY
let threshold = 1500;
AzureDiagnostics
| where url_s matches regex "/mbd"
| summarize
watermark=threshold,
duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m)
| where duration_percentile_95 > threshold
QUERY
)
severity = 2
frequency = 5
time_window = 10
trigger {
operator = "GreaterThanOrEqual"
threshold = 2
}
}

resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-mbd-service-get-mbd-rest-availability-upd" {
count = var.env_short == "p" ? 1 : 0
resource_group_name = "dashboards"
name = "pagopa-${var.env_short}-pagopa-mbd-service-get-mbd-rest-availability @ _pagopa-mbd-service"
location = var.location

action {
action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
email_subject = "Email Header"
custom_webhook_payload = "{}"
}

data_source_id = data.azurerm_api_management.apim.id
description = "Availability for /mbd is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-mbd-service"
enabled = true
query = (<<-QUERY
let threshold = 0.99;
AzureDiagnostics
| where url_s matches regex "/mbd'"
| summarize
Total=count(),
Success=count(responseCode_d < 500)
by bin(TimeGenerated, 5m)
| extend availability=toreal(Success) / Total
| where availability < threshold
QUERY
)
severity = 1
frequency = 5
time_window = 5
trigger {
operator = "GreaterThanOrEqual"
threshold = 1
}
}

resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-mbd-service-get-mbd-payment-responsetime-upd" {
count = var.env_short == "p" ? 1 : 0
resource_group_name = "dashboards"
name = "pagopa-${var.env_short}-pagopa-ebollo-mbd-service-get-mbd-payment-rest-responsetime @ _pagopa-mbd-service"
location = var.location

action {
action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
email_subject = "Email Header"
custom_webhook_payload = "{}"
}

data_source_id = data.azurerm_api_management.apim.id
description = "Response time for /mbd-payment less than or equal to 1.5s - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-mbd-service"
enabled = true
query = (<<-QUERY
let threshold = 1500;
AzureDiagnostics
| where url_s matches regex "/mbd-payment"
| summarize
watermark=threshold,
duration_percentile_95=percentiles(DurationMs, 95) by bin(TimeGenerated, 5m)
| where duration_percentile_95 > threshold
QUERY
)
severity = 2
frequency = 5
time_window = 10
trigger {
operator = "GreaterThanOrEqual"
threshold = 2
}
}

resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-mbd-service-get-mbd-payment-rest-availability-upd" {
count = var.env_short == "p" ? 1 : 0
resource_group_name = "dashboards"
name = "pagopa-${var.env_short}-pagopa-mbd-service-get-mbd-payment-rest-availability @ _pagopa-mbd-service"
location = var.location

action {
action_group = can(data.azurerm_monitor_action_group.opsgenie[0]) ? [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id, data.azurerm_monitor_action_group.opsgenie[0].id] : [data.azurerm_monitor_action_group.email.id, data.azurerm_monitor_action_group.slack.id]
email_subject = "Email Header"
custom_webhook_payload = "{}"
}

data_source_id = data.azurerm_api_management.apim.id
description = "Availability for /mbd-payment is less than or equal to 99% - https://portal.azure.com/?l=en.en-us#@pagopait.onmicrosoft.com/dashboard/arm/subscriptions/b9fc9419-6097-45fe-9f74-ba0641c91912/resourcegroups/dashboards/providers/microsoft.portal/dashboards/pagopa-p-opex_pagopa-mbd-service"
enabled = true
query = (<<-QUERY
let threshold = 0.99;
AzureDiagnostics
| where url_s matches regex "/mbd-payment'"
| summarize
Total=count(),
Success=count(responseCode_d < 500)
by bin(TimeGenerated, 5m)
| extend availability=toreal(Success) / Total
| where availability < threshold
QUERY
)
severity = 1
frequency = 5
time_window = 5
trigger {
operator = "GreaterThanOrEqual"
threshold = 1
}
}


26 changes: 26 additions & 0 deletions src/domains/ebollo-app/00_data.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
data "azurerm_api_management" "apim" {
name = "${var.prefix}-${var.env_short}-apim"
resource_group_name = "${var.prefix}-${var.env_short}-api-rg"
}

data "azurerm_api_management_product" "apim_node_for_psp_product" {
product_id = "nodo-auth"
api_management_name = local.pagopa_apim_name
resource_group_name = local.pagopa_apim_rg
}

data "azurerm_api_management_product" "apim_carts_product" {
product_id = "checkout-carts"
api_management_name = local.pagopa_apim_name
resource_group_name = local.pagopa_apim_rg
}

data "azurerm_api_management_product" "apim_gpd_payments_rest" {
product_id = "gpd-payments-rest-aks"
api_management_name = local.pagopa_apim_name
resource_group_name = local.pagopa_apim_rg
}

data "azurerm_resource_group" "identity_rg" {
name = "${local.product}-identity-rg"
}
9 changes: 9 additions & 0 deletions src/domains/ebollo-app/00_keyvault.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
data "azurerm_key_vault" "kv" {
name = "${local.project}-kv"
resource_group_name = "${local.project}-sec-rg"
}

data "azurerm_kubernetes_cluster" "aks" {
name = local.aks_name
resource_group_name = local.aks_resource_group_name
}
35 changes: 35 additions & 0 deletions src/domains/ebollo-app/00_monitor.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#
# 🇮🇹 Monitor Italy
#
data "azurerm_resource_group" "monitor_italy_rg" {
name = var.monitor_italy_resource_group_name
}

data "azurerm_log_analytics_workspace" "log_analytics_italy" {
name = var.log_analytics_italy_workspace_name
resource_group_name = var.log_analytics_italy_workspace_resource_group_name
}

data "azurerm_application_insights" "application_insights_italy" {
name = local.monitor_appinsights_italy_name
resource_group_name = data.azurerm_resource_group.monitor_italy_rg.name
}

#
# Actions Group
#
data "azurerm_monitor_action_group" "slack" {
name = local.monitor_action_group_slack_name
resource_group_name = var.monitor_italy_resource_group_name
}

data "azurerm_monitor_action_group" "email" {
resource_group_name = var.monitor_italy_resource_group_name
name = local.monitor_action_group_email_name
}

data "azurerm_monitor_action_group" "opsgenie" {
count = var.env_short == "p" ? 1 : 0
resource_group_name = var.monitor_resource_group_name
name = local.monitor_action_group_opsgenie_name
}
15 changes: 15 additions & 0 deletions src/domains/ebollo-app/00_network.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
data "azurerm_virtual_network" "vnet" {
name = local.vnet_name
resource_group_name = local.vnet_resource_group_name
}

data "azurerm_private_dns_zone" "internal" {
name = local.internal_dns_zone_name
resource_group_name = local.internal_dns_zone_resource_group_name
}

data "azurerm_subnet" "apim_vnet" {
name = local.pagopa_apim_snet
resource_group_name = local.pagopa_vnet_rg
virtual_network_name = local.pagopa_vnet_integration
}
9 changes: 9 additions & 0 deletions src/domains/ebollo-app/01_network.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#--------------------------------------------------

resource "azurerm_private_dns_a_record" "ingress" {
name = local.ingress_hostname
zone_name = data.azurerm_private_dns_zone.internal.name
resource_group_name = local.internal_dns_zone_resource_group_name
ttl = 3600
records = [var.ingress_load_balancer_ip]
}
20 changes: 20 additions & 0 deletions src/domains/ebollo-app/02_namespace.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
resource "kubernetes_namespace" "namespace" {
metadata {
name = var.domain
}
}

module "workload_identity" {
source = "./.terraform/modules/__v3__/kubernetes_workload_identity_configuration"

workload_identity_name_prefix = var.domain
workload_identity_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
aks_name = data.azurerm_kubernetes_cluster.aks.name
aks_resource_group_name = data.azurerm_kubernetes_cluster.aks.resource_group_name
namespace = var.domain

key_vault_id = data.azurerm_key_vault.kv.id
key_vault_certificate_permissions = ["Get"]
key_vault_key_permissions = ["Get"]
key_vault_secret_permissions = ["Get"]
}
Loading
Loading