diff --git a/src/core/.terraform.lock.hcl b/src/core/.terraform.lock.hcl index 75908be7..dba66fcf 100644 --- a/src/core/.terraform.lock.hcl +++ b/src/core/.terraform.lock.hcl @@ -24,47 +24,114 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.45.0" - constraints = ">= 3.30.0, >= 3.33.0, <= 3.53.0" + version = "3.36.0" + constraints = ">= 3.30.0, <= 3.38.0, <= 3.53.0" hashes = [ - "h1:4BOYXFMiLk4ozEZHUhquRnE5urebcWvaCUV3uys646o=", - "h1:V3CLlXij3vZzxw51hvCBnqriy73llPG21NjO+7sLr+U=", - "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", - "h1:gQLNY1I5e9kcle1p/VYEWb0eteQ/t5kUfnqVu2/GBNY=", - "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", - "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", - "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", - "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38", - "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65", - "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760", - "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688", - "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e", - "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa", - "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28", - "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902", + "h1:5QKOFigw44W3w/HfV8o+k8+UyhAXf+4E7MPh14C3Gbg=", + "h1:FUwQUSs5nWDpP5isF3SiTPe+K927/L07yXumr6gQ1GQ=", + "h1:W7oq9M6gplv2g8nHFR3lkwBmVaUxWj289eWNwwe0wek=", + "h1:iVUkJ0kqVTdiU4RLU8TjX1QgOK1tc+Bi+rn0qGqsMvg=", + "zh:1f33ba9f4e4d7aac33ba414a978e3aa76fee355eb5e213adca52fd3b3e04a709", + "zh:1f812d28672f8693dd8f13aa4d94a13724d5985c62e0e9f2154bc8f1e34a8b99", + "zh:422c4da1f56a5c6a20ceee10782e6f21db97bfe978676bf8b108f23c028ae12f", + "zh:4890a7032a4075c2a900670efdcbf6cda240aa270e3ddda8936fea0708fbb0d2", + "zh:5dfeace4cd5f90e255307d55b6a9b57590103b4eec07ec44aa4d29cb414067f4", + "zh:828d156e1deee82fb49738c6b3011f5dafd9043976e8d353e7f2d90ede85a984", + "zh:8df2bb82da3551c7837e5c893d839ae0174305cb17815c0fb0f64f40ef06d00e", + "zh:c22a3e151872d082ea323b85b4731f9371c30369eb50a84b08638b36ddcae967", + "zh:d938f8aff30bd48d3fab96dc162c1b78680226fa8509042dad742e7218311855", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fc85a4b1d6df95188d0e12e15f1fc292f9781362c8da9c2bc70ff56ae313f3ac", + "zh:fee5a19577b195bf38b7ad1cb0f4f98c218b95b8679ba12766ce67e7674e2505", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.2.3" + constraints = "<= 2.3.0" + hashes = [ + "h1:3bH88Z7tlWvcoubm6hQUBk3s9bSIJC8bVHQz749B87E=", + "h1:FvRIEgCmAezgZUqb2F+PZ9WnSSnR5zbEM2ZI+GLmbMk=", + "h1:KmHz81iYgw9Xn2L3Carc2uAzvFZ1XsE7Js3qlVeC77k=", + "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", + "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", + "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa", + "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797", + "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb", + "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3", + "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c", + "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8", + "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e", + "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9", + "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "<= 3.2.1" + version = "3.1.0" + constraints = "3.1.0, <= 3.2.1" + hashes = [ + "h1:SFT7X3zY18CLWjoH2GfQyapxsRv6GDKsy9cF1aRwncc=", + "h1:grYDj8/Lvp1OwME+g1AsECPN1czO5ssSf+8fCluCHQY=", + "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=", + "h1:xhbHC6in3nQryvTQBWKxebi3inG5OCgHgc4fRxL0ymc=", + "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2", + "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515", + "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521", + "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2", + "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e", + "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53", + "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d", + "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8", + "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70", + "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b", + "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + constraints = "<= 3.4.3" hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "h1:hXUPrH8igYBhatzatkp80RCeeUJGu9lQFDyKemOlsTo=", + "h1:saZR+mhthL0OZl4SyHXZraxyaBNVMxiZzks78nWcZ2o=", + "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=", + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.4" + hashes = [ + "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", + "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", + "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", + "h1:rKKMyIEBZwR+8j6Tx3PwqBrStuH+J+pxcbCR5XN8WAw=", + "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", + "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", + "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", + "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", + "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", + "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", + "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", + "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", + "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", + "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", + "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/src/pillar/01_keyvault.tf b/src/core/01_keyvault.tf similarity index 100% rename from src/pillar/01_keyvault.tf rename to src/core/01_keyvault.tf diff --git a/src/core/01_network.tf b/src/core/01_network.tf index f4c79a5e..ba33db04 100644 --- a/src/core/01_network.tf +++ b/src/core/01_network.tf @@ -1,16 +1,59 @@ -# Subnet to host the api config -module "private_endpoints_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.3.1" - name = "${local.program}-private-endpoints-snet" - address_prefixes = var.cidr_subnet_private_endpoints - virtual_network_name = data.azurerm_virtual_network.vnet.name - - resource_group_name = data.azurerm_resource_group.rg_vnet.name - - private_endpoint_network_policies_enabled = false - service_endpoints = [ - "Microsoft.Web", - "Microsoft.AzureCosmosDB", - "Microsoft.Storage", - ] +resource "azurerm_resource_group" "rg_vnet" { + name = local.vnet_resource_group_name + location = var.location + + tags = var.tags +} + +# vnet +module "vnet" { + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v4.1.0" + name = local.vnet_name + location = azurerm_resource_group.rg_vnet.location + resource_group_name = azurerm_resource_group.rg_vnet.name + address_space = var.cidr_vnet + + tags = var.tags +} + +## Application gateway public ip ## +resource "azurerm_public_ip" "appgateway_public_ip" { + name = local.appgateway_public_ip_name + resource_group_name = azurerm_resource_group.rg_vnet.name + location = azurerm_resource_group.rg_vnet.location + sku = "Standard" + allocation_method = "Static" + + zones = [1, 2, 3] + + tags = var.tags +} + +resource "azurerm_public_ip" "appgateway_beta_public_ip" { + name = local.appgateway_beta_public_ip_name + resource_group_name = azurerm_resource_group.rg_vnet.name + location = azurerm_resource_group.rg_vnet.location + sku = "Standard" + allocation_method = "Static" + + zones = [1, 2, 3] + + tags = var.tags +} + +# +# โ›ด AKS public IP +# +resource "azurerm_public_ip" "aks_outbound" { + count = var.aks_num_outbound_ips + + name = "${local.aks_public_ip_name}-${count.index + 1}" + location = azurerm_resource_group.rg_vnet.location + resource_group_name = azurerm_resource_group.rg_vnet.name + sku = "Standard" + allocation_method = "Static" + + zones = [1, 2, 3] + + tags = var.tags } diff --git a/src/pillar/02_dns_private.tf b/src/core/02_dns_private.tf similarity index 100% rename from src/pillar/02_dns_private.tf rename to src/core/02_dns_private.tf diff --git a/src/pillar/02_dns_public.tf b/src/core/02_dns_public.tf similarity index 100% rename from src/pillar/02_dns_public.tf rename to src/core/02_dns_public.tf diff --git a/src/pillar/02_vpn.tf b/src/core/02_vpn.tf similarity index 100% rename from src/pillar/02_vpn.tf rename to src/core/02_vpn.tf diff --git a/src/pillar/04_azure_devops_agent.tf b/src/core/04_azure_devops_agent.tf similarity index 100% rename from src/pillar/04_azure_devops_agent.tf rename to src/core/04_azure_devops_agent.tf diff --git a/src/pillar/04_docker_registry.tf b/src/core/04_docker_registry.tf similarity index 100% rename from src/pillar/04_docker_registry.tf rename to src/core/04_docker_registry.tf diff --git a/src/pillar/04_monitor.tf b/src/core/04_monitor.tf similarity index 100% rename from src/pillar/04_monitor.tf rename to src/core/04_monitor.tf diff --git a/src/pillar/05_postgres_sql.tf b/src/core/05_postgres_sql.tf similarity index 100% rename from src/pillar/05_postgres_sql.tf rename to src/core/05_postgres_sql.tf diff --git a/src/pillar/07_web_test_preview.tf b/src/core/07_web_test_preview.tf similarity index 100% rename from src/pillar/07_web_test_preview.tf rename to src/core/07_web_test_preview.tf diff --git a/src/pillar/08_redis.tf b/src/core/08_redis.tf similarity index 100% rename from src/pillar/08_redis.tf rename to src/core/08_redis.tf diff --git a/src/core/99_main.tf b/src/core/99_main.tf index fedf8dea..cf7f2339 100644 --- a/src/core/99_main.tf +++ b/src/core/99_main.tf @@ -1,14 +1,17 @@ terraform { - required_version = ">=1.3.0" required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.33.0,<= 3.53.0" + version = "<= 3.53.0" } azuread = { source = "hashicorp/azuread" version = "= 2.10.0" } + null = { + version = "= 3.1.0" + } + } backend "azurerm" {} diff --git a/src/core/99_main.tf.ci b/src/core/99_main.tf.ci index 4a3ace7a..c923b513 100644 --- a/src/core/99_main.tf.ci +++ b/src/core/99_main.tf.ci @@ -1,14 +1,17 @@ terraform { - required_version = ">=1.3.0" required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.33.0,<= 3.53.0" + version = "<= 3.53.0" } azuread = { source = "hashicorp/azuread" version = "= 2.10.0" } + null = { + version = "= 3.1.0" + } + } } diff --git a/src/core/99_variables.tf b/src/core/99_variables.tf index 1afd827d..03528002 100644 --- a/src/core/99_variables.tf +++ b/src/core/99_variables.tf @@ -1,44 +1,41 @@ # general -# -# Locals -# locals { - program = "${var.prefix}-${var.env_short}" - project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" + project = "${var.prefix}-${var.env_short}" # VNET - vnet_resource_group_name = "${local.program}-vnet-rg" - vnet_name = "${local.program}-vnet" + vnet_resource_group_name = "${local.project}-vnet-rg" + vnet_name = "${local.project}-vnet" + + # VNET Ephemeral + vnet_ephemeral_resource_group_name = "${local.project}-ephemeral-vnet-rg" + vnet_ephemeral_name = "${local.project}-ephemeral-vnet" + + appgateway_public_ip_name = "${local.project}-gw-pip" + appgateway_beta_public_ip_name = "${local.project}-gw-beta-pip" - appgateway_public_ip_name = "${local.program}-gw-pip" - appgateway_beta_public_ip_name = "${local.program}-gw-beta-pip" + aks_public_ip_name = "${local.project}-aksoutbound-pip" + aks_ephemeral_public_ip_name = "${local.project}-aks-ephemeral-outbound-pip" - # api.internal.*.devopslab.pagopa.it - api_internal_domain = "api.internal.${var.prod_dns_zone_prefix}.${var.external_domain}" + prod_dns_zone_public_name = "${var.prod_dns_zone_prefix}.${var.external_domain}" + lab_dns_zone_public_name = "${var.lab_dns_zone_prefix}.${var.external_domain}" + dns_zone_private_name = "internal.${var.prod_dns_zone_prefix}.${var.external_domain}" + dns_zone_lab_private_name = "internal.${var.lab_dns_zone_prefix}.${var.external_domain}" # ACR DOCKER - docker_rg_name = "${local.program}-dockerreg-rg" + docker_rg_name = "${local.project}-dockerreg-rg" docker_registry_name = replace("${var.prefix}-${var.env_short}-${var.location_short}-acr", "-", "") # monitor - monitor_rg_name = "${local.program}-monitor-rg" - monitor_log_analytics_workspace_name = "${local.program}-law" - monitor_appinsights_name = "${local.program}-appinsights" - monitor_security_storage_name = replace("${local.program}-sec-monitor-st", "-", "") - - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "PagoPA" - - cosmosdb_enable = 1 - - dns_zone_private_name = "internal.${var.prod_dns_zone_prefix}.${var.external_domain}" + monitor_rg_name = "${local.project}-monitor-rg" + monitor_log_analytics_workspace_name = "${local.project}-law" + monitor_appinsights_name = "${local.project}-appinsights" + monitor_security_storage_name = replace("${local.project}-sec-monitor-st", "-", "") - # - # Container App - # - container_app_github_runner_env_name = "${local.project}-github-runner-cae" - container_app_github_runner_env_rg = "${local.project}-github-runner-rg" + # Azure DevOps + azuredevops_rg_name = "${local.project}-azdoa-rg" + azuredevops_agent_vm_name = "${local.project}-vmss-ubuntu-azdoa" + azuredevops_subnet_name = "${local.project}-azdoa-snet" } variable "prefix" { @@ -72,16 +69,6 @@ variable "env_short" { } } -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - variable "location" { type = string default = "westeurope" @@ -105,111 +92,33 @@ variable "tags" { } } -# -# ๐Ÿ” Key Vault -# -variable "key_vault_name" { - type = string - description = "Key Vault name" - default = "" -} - -variable "key_vault_rg_name" { - type = string - default = "" - description = "Key Vault - rg name" -} - -# # โ˜๏ธ network -# variable "cidr_vnet" { type = list(string) description = "Virtual network address space." } -variable "cidr_subnet_appgateway" { +variable "cidr_subnet_postgres" { type = list(string) - description = "Application gateway address space." -} - -variable "cidr_subnet_appgateway_beta" { - type = list(string) - description = "Application gateway beta address space." -} - -variable "cidr_subnet_azdoa" { - type = list(string) - description = "Azure DevOps agent network address space." -} - -variable "cidr_subnet_apim" { - type = list(string) - description = "Address prefixes subnet api management." - default = null -} - -variable "cidr_subnet_k8s" { - type = list(string) - description = "Subnet cluster kubernetes." -} - -variable "cidr_subnet_app_docker" { - type = list(string) - description = "Subnet web app docker." -} - -variable "cidr_subnet_flex_dbms" { - type = list(string) - description = "Subnet cidr postgres flex." -} - -variable "cidr_subnet_private_endpoints" { - type = list(string) - description = "Subnet cidr postgres flex." + description = "Database network address space." } variable "cidr_subnet_vpn" { type = list(string) - description = "Subnet cidr postgres flex." -} - -variable "cidr_subnet_eventhub" { - type = list(string) - description = "Eventhub network address space." + description = "VPN network address space." } -variable "cidr_subnet_app_diego_app" { +variable "cidr_subnet_dnsforwarder" { type = list(string) - description = "Subnet diego app." + description = "DNS Forwarder network address space." } -variable "cidr_subnet_funcs_diego_domain" { +variable "cidr_subnet_redis" { type = list(string) - description = "Subnet for funcs in diego domain" + description = "Redis." } -variable "cidr_subnet_github_runner_self_hosted" { - type = list(string) - description = "Subnet for funcs in diego domain" -} - -## VPN ## -variable "vpn_sku" { - type = string - default = "VpnGw1" - description = "VPN Gateway SKU" -} - -variable "vpn_pip_sku" { - type = string - default = "Basic" - description = "VPN GW PIP SKU" -} - -# -# ๐Ÿ“‡ dns -# +# ๐Ÿงต dns variable "dns_default_ttl_sec" { type = number description = "value" @@ -234,590 +143,144 @@ variable "lab_dns_zone_prefix" { description = "The dns subdomain." } -# โ‡๏ธ app gateway -variable "app_gateway_is_enabled" { +variable "enable_azdoa" { type = bool - description = "Enable App GW Beta" - default = false -} - -variable "app_gateway_sku_name" { - type = string - description = "SKU Name of the App GW" - default = "Standard_v2" -} - -variable "app_gateway_sku_tier" { - type = string - description = "SKU tier of the App GW" - default = "Standard_v2" + description = "Enable Azure DevOps agent." } -variable "app_gateway_alerts_enabled" { - type = bool - description = "Enable alerts" - default = false -} - -variable "app_gateway_waf_enabled" { - type = bool - description = "Enable WAF" - default = false +variable "cidr_subnet_azdoa" { + type = list(string) + description = "Azure DevOps agent network address space." } -# -# Beta -# -variable "app_gw_beta_is_enabled" { +variable "enable_iac_pipeline" { type = bool - description = "Enable App GW Beta" + description = "If true create the key vault policy to allow used by azure devops iac pipelines." default = false } -## appgateway: Scaling - -variable "app_gateway_min_capacity" { - type = number - default = 0 -} - -variable "app_gateway_max_capacity" { - type = number - default = 2 -} - -variable "app_gateway_api_certificate_name" { +## ๐Ÿ”ญ Monitor +variable "law_sku" { type = string - description = "Application gateway api certificate name on Key Vault" + description = "Sku of the Log Analytics Workspace" + default = "PerGB2018" } -variable "app_gateway_beta_certificate_name" { - type = string - description = "Application gateway beta certificate name on Key Vault" -} - -# # ๐Ÿš€ azure devops -# variable "enable_azdoa" { -# type = bool -# description = "Enable Azure DevOps agent." -# } - -# variable "enable_iac_pipeline" { -# type = bool -# description = "If true create the key vault policy to allow used by azure devops iac pipelines." -# default = false -# } - -# -# ๐Ÿ—บ APIM -# - -variable "apim_publisher_name" { - type = string - default = "" - description = "Apim publisher name" +variable "law_retention_in_days" { + type = number + description = "The workspace data retention in days" + default = 30 } -variable "apim_sku" { - type = string - default = "Developer_1" - description = "APIM SKU type" +variable "law_daily_quota_gb" { + type = number + description = "The workspace daily quota for ingestion in GB." + default = -1 } -variable "apim_api_internal_certificate_name" { - type = string - description = "KeyVault certificate name" +variable "postgres_private_endpoint_enabled" { + type = bool + description = "Enable vnet private endpoint for postgres" } -# -# โ›ด AKS -# -variable "aks_private_cluster_enabled" { +variable "postgres_public_network_access_enabled" { type = bool - description = "Enable or not public visibility of AKS" default = false + description = "Enable/Disable public network access" } -variable "aks_num_outbound_ips" { - type = number - default = 1 - description = "How many outbound ips allocate for AKS cluster" -} - -variable "aks_system_node_pool" { - type = object({ - name = string, - vm_size = string, - os_disk_type = string, - os_disk_size_gb = string, - node_count_min = number, - node_count_max = number, - node_labels = map(any), - node_tags = map(any) - }) - description = "AKS node pool system configuration" -} - -variable "aks_user_node_pool" { +variable "postgres_network_rules" { type = object({ - enabled = bool, - name = string, - vm_size = string, - os_disk_type = string, - os_disk_size_gb = string, - node_count_min = number, - node_count_max = number, - node_labels = map(any), - node_taints = list(string), - node_tags = map(any), + ip_rules = list(string) + allow_access_to_azure_services = bool }) - description = "AKS node pool user configuration" -} - -variable "kubernetes_version" { - type = string - description = "Kubernetes version of cluster aks" -} - -variable "reverse_proxy_ip" { - type = string - default = "127.0.0.1" - description = "AKS external ip. Also the ingress-nginx-controller external ip. Value known after installing the ingress controller." -} - -variable "aks_metric_alerts" { - description = < ## Requirements | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >=1.3.0 | | [azuread](#requirement\_azuread) | = 2.10.0 | -| [azurerm](#requirement\_azurerm) | >= 3.33.0,<= 3.53.0 | +| [azurerm](#requirement\_azurerm) | <= 3.53.0 | +| [null](#requirement\_null) | = 3.1.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [apim](#module\_apim) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management | v6.10.0 | -| [apim\_devopslab\_webapp\_python\_alpha\_api\_v1](#module\_apim\_devopslab\_webapp\_python\_alpha\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.1 | -| [apim\_devopslab\_webapp\_python\_beta\_api\_v1](#module\_apim\_devopslab\_webapp\_python\_beta\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.1 | -| [apim\_devopslab\_webapp\_python\_proxy\_api\_v1](#module\_apim\_devopslab\_webapp\_python\_proxy\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.1 | -| [apim\_product\_devopslab](#module\_apim\_product\_devopslab) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.3.1 | -| [apim\_snet](#module\_apim\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [app\_gw](#module\_app\_gw) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway | v6.3.1 | -| [app\_gw\_beta](#module\_app\_gw\_beta) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway | v6.3.1 | -| [app\_service\_docker\_snet](#module\_app\_service\_docker\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [appgateway\_beta\_snet](#module\_appgateway\_beta\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [appgateway\_snet](#module\_appgateway\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [core\_cosmos\_db](#module\_core\_cosmos\_db) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_database | v6.3.1 | -| [core\_cosmosdb\_containers](#module\_core\_cosmosdb\_containers) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_container | v6.3.1 | -| [cosmos\_core](#module\_cosmos\_core) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.3.1 | -| [cosmos\_mongo](#module\_cosmos\_mongo) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.3.1 | -| [event\_hub](#module\_event\_hub) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v6.3.1 | -| [eventhub\_snet](#module\_eventhub\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [funcs\_diego\_snet](#module\_funcs\_diego\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [mongdb\_collection\_name](#module\_mongdb\_collection\_name) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection | v6.3.1 | -| [postgres\_flexible\_server\_private](#module\_postgres\_flexible\_server\_private) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server | v6.3.1 | -| [postgres\_flexible\_server\_public](#module\_postgres\_flexible\_server\_public) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server | v6.3.1 | -| [postgres\_flexible\_snet](#module\_postgres\_flexible\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [private\_endpoints\_snet](#module\_private\_endpoints\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | -| [vnet\_aks](#module\_vnet\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v6.3.1 | -| [vnet\_peering\_core\_2\_aks](#module\_vnet\_peering\_core\_2\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v6.3.1 | +| [azdoa\_snet](#module\_azdoa\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | +| [azdoa\_vmss\_li](#module\_azdoa\_vmss\_li) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent | v6.20.0 | +| [container\_registry\_private](#module\_container\_registry\_private) | git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry | v4.1.0 | +| [dns\_forwarder](#module\_dns\_forwarder) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder | v6.20.0 | +| [dns\_forwarder\_snet](#module\_dns\_forwarder\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.20.0 | +| [postgres](#module\_postgres) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgresql_server | v4.1.0 | +| [postgres\_snet](#module\_postgres\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | +| [redis](#module\_redis) | git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache | v4.1.0 | +| [redis\_snet](#module\_redis\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | +| [security\_monitoring\_storage](#module\_security\_monitoring\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v4.1.0 | +| [vnet](#module\_vnet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v4.1.0 | +| [vpn](#module\_vpn) | git::https://github.com/pagopa/terraform-azurerm-v3.git//vpn_gateway | v4.1.0 | +| [vpn\_snet](#module\_vpn\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | +| [web\_test\_availability\_alert\_rules\_for\_api](#module\_web\_test\_availability\_alert\_rules\_for\_api) | git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview | v4.1.0 | ## Resources | Name | Type | |------|------| -| [azurerm_api_management_custom_domain.api_custom_domain](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_custom_domain) | resource | -| [azurerm_app_service_plan.app_docker](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_plan) | resource | -| [azurerm_app_service_plan.funcs_diego](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_plan) | resource | -| [azurerm_cosmosdb_mongo_database.mongo_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource | -| [azurerm_key_vault_access_policy.api_management_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.app_gateway_beta_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.app_gateway_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | -| [azurerm_private_dns_a_record.api_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [azurerm_private_dns_zone.privatelink_postgres_database_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | -| [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_public_ip.outbound_ip_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | -| [azurerm_resource_group.app_service_docker_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.cosmos_mongo_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.cosmos_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.eventhub_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.funcs_diego_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.github_runner_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.postgres_dbs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.rg_vnet_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_subnet.github_runner_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | -| [azurerm_user_assigned_identity.appgateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource | -| [azurerm_user_assigned_identity.appgateway_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource | -| [null_resource.container_app_create_env_github_runner](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.update_az_cli](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | -| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | -| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | -| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | -| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | +| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource | +| [azurerm_dns_a_record.api_devopslab_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource | +| [azurerm_dns_a_record.helm_template_ingress_devopslab_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource | +| [azurerm_dns_cname_record.lab_healthy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource | +| [azurerm_dns_cname_record.public_healthy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource | +| [azurerm_dns_ns_record.lab_it_ns](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_ns_record) | resource | +| [azurerm_dns_zone.lab](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) | resource | +| [azurerm_dns_zone.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) | resource | +| [azurerm_key_vault_secret.application_insights_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | +| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | +| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | +| [azurerm_private_dns_zone.internal_devopslab](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_public_ip.aks_outbound](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_public_ip.appgateway_beta_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_resource_group.azdo_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.data_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.dns_forwarder](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.redis](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.rg_docker](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azuread_application.vpn_app](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/application) | data source | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_registry) | data source | | [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault_certificate.apim_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | -| [azurerm_key_vault_certificate.apim_internal_certificate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | -| [azurerm_key_vault_certificate.app_gw_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | -| [azurerm_key_vault_certificate.app_gw_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | -| [azurerm_key_vault_certificate.app_gw_platform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | -| [azurerm_key_vault_secret.alert_error_notification_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.alert_error_notification_slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.apim_publisher_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.pgres_flex_admin_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.pgres_flex_admin_pwd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_public_ip.appgateway_beta_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source | -| [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source | -| [azurerm_resource_group.kv_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_resource_group.rg_monitor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_storage_account.security_monitoring_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [azurerm_key_vault_secret.monitor_notification_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.monitor_notification_slack_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.postgres_administrator_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.postgres_administrator_login_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [aks\_addons](#input\_aks\_addons) | AKS addons configuration | 
object({
    azure_policy                     = bool,
    azure_key_vault_secrets_provider = bool,
    pod_identity_enabled             = bool,
  })
| 
{
  "azure_key_vault_secrets_provider": true,
  "azure_policy": true,
  "pod_identity_enabled": true
}
| no | -| [aks\_alerts\_enabled](#input\_aks\_alerts\_enabled) | Aks alert enabled? | `bool` | `true` | no | -| [aks\_metric\_alerts](#input\_aks\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    # "Insights.Container/pods" "Insights.Container/nodes"
    metric_namespace = string
    metric_name      = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string

    dimension = list(object(
      {
        name     = string
        operator = string
        values   = list(string)
      }
    ))
  }))
| 
{
  "container_cpu": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "cpuExceededPercentage",
    "metric_namespace": "Insights.Container/containers",
    "operator": "GreaterThan",
    "threshold": 95,
    "window_size": "PT5M"
  },
  "container_memory": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "memoryWorkingSetExceededPercentage",
    "metric_namespace": "Insights.Container/containers",
    "operator": "GreaterThan",
    "threshold": 95,
    "window_size": "PT5M"
  },
  "container_oom": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "oomKilledContainerCount",
    "metric_namespace": "Insights.Container/pods",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT1M"
  },
  "container_restart": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "restartingContainerCount",
    "metric_namespace": "Insights.Container/pods",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT1M"
  },
  "node_cpu": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "host",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "cpuUsagePercentage",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 80,
    "window_size": "PT5M"
  },
  "node_disk": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "host",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "device",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "DiskUsedPercentage",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 80,
    "window_size": "PT5M"
  },
  "node_memory": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "host",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "memoryWorkingSetPercentage",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 80,
    "window_size": "PT5M"
  },
  "node_not_ready": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "status",
        "operator": "Include",
        "values": [
          "NotReady"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "nodesCount",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT5M"
  },
  "pods_failed": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "phase",
        "operator": "Include",
        "values": [
          "Failed"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "podCount",
    "metric_namespace": "Insights.Container/pods",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT5M"
  },
  "pods_ready": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "PodReadyPercentage",
    "metric_namespace": "Insights.Container/pods",
    "operator": "LessThan",
    "threshold": 80,
    "window_size": "PT5M"
  }
}
| no | -| [aks\_networks](#input\_aks\_networks) | VNETs configuration for AKS | 
list(
    object({
      domain_name = string
      vnet_cidr   = list(string)
    })
  )
| n/a | yes | +| [aks\_ephemeral\_num\_outbound\_ips](#input\_aks\_ephemeral\_num\_outbound\_ips) | How many outbound ips allocate for AKS prod cluster | `number` | `1` | no | | [aks\_num\_outbound\_ips](#input\_aks\_num\_outbound\_ips) | How many outbound ips allocate for AKS cluster | `number` | `1` | no | -| [aks\_private\_cluster\_enabled](#input\_aks\_private\_cluster\_enabled) | Enable or not public visibility of AKS | `bool` | `false` | no | -| [aks\_system\_node\_pool](#input\_aks\_system\_node\_pool) | AKS node pool system configuration | 
object({
    name            = string,
    vm_size         = string,
    os_disk_type    = string,
    os_disk_size_gb = string,
    node_count_min  = number,
    node_count_max  = number,
    node_labels     = map(any),
    node_tags       = map(any)
  })
| n/a | yes | -| [aks\_user\_node\_pool](#input\_aks\_user\_node\_pool) | AKS node pool user configuration | 
object({
    enabled         = bool,
    name            = string,
    vm_size         = string,
    os_disk_type    = string,
    os_disk_size_gb = string,
    node_count_min  = number,
    node_count_max  = number,
    node_labels     = map(any),
    node_taints     = list(string),
    node_tags       = map(any),
  })
| n/a | yes | -| [apim\_api\_internal\_certificate\_name](#input\_apim\_api\_internal\_certificate\_name) | KeyVault certificate name | `string` | n/a | yes | -| [apim\_publisher\_name](#input\_apim\_publisher\_name) | Apim publisher name | `string` | `""` | no | -| [apim\_sku](#input\_apim\_sku) | APIM SKU type | `string` | `"Developer_1"` | no | -| [app\_gateway\_alerts\_enabled](#input\_app\_gateway\_alerts\_enabled) | Enable alerts | `bool` | `false` | no | -| [app\_gateway\_api\_certificate\_name](#input\_app\_gateway\_api\_certificate\_name) | Application gateway api certificate name on Key Vault | `string` | n/a | yes | -| [app\_gateway\_beta\_certificate\_name](#input\_app\_gateway\_beta\_certificate\_name) | Application gateway beta certificate name on Key Vault | `string` | n/a | yes | -| [app\_gateway\_is\_enabled](#input\_app\_gateway\_is\_enabled) | Enable App GW Beta | `bool` | `false` | no | -| [app\_gateway\_max\_capacity](#input\_app\_gateway\_max\_capacity) | n/a | `number` | `2` | no | -| [app\_gateway\_min\_capacity](#input\_app\_gateway\_min\_capacity) | n/a | `number` | `0` | no | -| [app\_gateway\_sku\_name](#input\_app\_gateway\_sku\_name) | SKU Name of the App GW | `string` | `"Standard_v2"` | no | -| [app\_gateway\_sku\_tier](#input\_app\_gateway\_sku\_tier) | SKU tier of the App GW | `string` | `"Standard_v2"` | no | -| [app\_gateway\_waf\_enabled](#input\_app\_gateway\_waf\_enabled) | Enable WAF | `bool` | `false` | no | -| [app\_gw\_beta\_is\_enabled](#input\_app\_gw\_beta\_is\_enabled) | Enable App GW Beta | `bool` | `false` | no | -| [app\_service\_diego\_app\_is\_enabled](#input\_app\_service\_diego\_app\_is\_enabled) | n/a | `bool` | n/a | yes | -| [app\_service\_plan\_enabled](#input\_app\_service\_plan\_enabled) | App service | `bool` | n/a | yes | -| [cidr\_subnet\_apim](#input\_cidr\_subnet\_apim) | Address prefixes subnet api management. | `list(string)` | `null` | no | -| [cidr\_subnet\_app\_diego\_app](#input\_cidr\_subnet\_app\_diego\_app) | Subnet diego app. | `list(string)` | n/a | yes | -| [cidr\_subnet\_app\_docker](#input\_cidr\_subnet\_app\_docker) | Subnet web app docker. | `list(string)` | n/a | yes | -| [cidr\_subnet\_appgateway](#input\_cidr\_subnet\_appgateway) | Application gateway address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_appgateway\_beta](#input\_cidr\_subnet\_appgateway\_beta) | Application gateway beta address space. | `list(string)` | n/a | yes | +| [azdoa\_image\_name](#input\_azdoa\_image\_name) | Azure DevOps Agent image name | `string` | n/a | yes | | [cidr\_subnet\_azdoa](#input\_cidr\_subnet\_azdoa) | Azure DevOps agent network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_eventhub](#input\_cidr\_subnet\_eventhub) | Eventhub network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_flex\_dbms](#input\_cidr\_subnet\_flex\_dbms) | Subnet cidr postgres flex. | `list(string)` | n/a | yes | -| [cidr\_subnet\_funcs\_diego\_domain](#input\_cidr\_subnet\_funcs\_diego\_domain) | Subnet for funcs in diego domain | `list(string)` | n/a | yes | -| [cidr\_subnet\_github\_runner\_self\_hosted](#input\_cidr\_subnet\_github\_runner\_self\_hosted) | Subnet for funcs in diego domain | `list(string)` | n/a | yes | -| [cidr\_subnet\_k8s](#input\_cidr\_subnet\_k8s) | Subnet cluster kubernetes. | `list(string)` | n/a | yes | -| [cidr\_subnet\_private\_endpoints](#input\_cidr\_subnet\_private\_endpoints) | Subnet cidr postgres flex. | `list(string)` | n/a | yes | -| [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | Subnet cidr postgres flex. | `list(string)` | n/a | yes | +| [cidr\_subnet\_dnsforwarder](#input\_cidr\_subnet\_dnsforwarder) | DNS Forwarder network address space. | `list(string)` | n/a | yes | +| [cidr\_subnet\_postgres](#input\_cidr\_subnet\_postgres) | Database network address space. | `list(string)` | n/a | yes | +| [cidr\_subnet\_redis](#input\_cidr\_subnet\_redis) | Redis. | `list(string)` | n/a | yes | +| [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | VPN network address space. | `list(string)` | n/a | yes | | [cidr\_vnet](#input\_cidr\_vnet) | Virtual network address space. | `list(string)` | n/a | yes | | [dns\_default\_ttl\_sec](#input\_dns\_default\_ttl\_sec) | value | `number` | `3600` | no | -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | `false` | no | -| [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | `null` | no | -| [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | `null` | no | -| [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | `"Basic"` | no | -| [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | `false` | no | +| [dns\_forwarder\_enabled](#input\_dns\_forwarder\_enabled) | Enable dns forwarder setup | `bool` | `false` | no | +| [enable\_azdoa](#input\_enable\_azdoa) | Enable Azure DevOps agent. | `bool` | n/a | yes | +| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [eventhubs](#input\_eventhubs) | A list of event hubs to add to namespace for BPD application. | 
list(object({
    name              = string
    partitions        = number
    message_retention = number
    consumers         = list(string)
    keys = list(object({
      name   = string
      listen = bool
      send   = bool
      manage = bool
    }))
  }))
| `[]` | no | | [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | -| [function\_python\_diego\_enabled](#input\_function\_python\_diego\_enabled) | Is function python enabled. | `bool` | `false` | no | -| [is\_cosmosdb\_core\_enabled](#input\_is\_cosmosdb\_core\_enabled) | n/a | `bool` | n/a | yes | -| [is\_cosmosdb\_mongo\_enabled](#input\_is\_cosmosdb\_mongo\_enabled) | CosmosDB | `bool` | n/a | yes | -| [is\_web\_app\_service\_docker\_enabled](#input\_is\_web\_app\_service\_docker\_enabled) | Enable or disable this resources | `bool` | n/a | yes | | [key\_vault\_name](#input\_key\_vault\_name) | Key Vault name | `string` | `""` | no | | [key\_vault\_rg\_name](#input\_key\_vault\_rg\_name) | Key Vault - rg name | `string` | `""` | no | -| [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version of cluster aks | `string` | n/a | yes | | [lab\_dns\_zone\_prefix](#input\_lab\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no | +| [law\_daily\_quota\_gb](#input\_law\_daily\_quota\_gb) | The workspace daily quota for ingestion in GB. | `number` | `-1` | no | +| [law\_retention\_in\_days](#input\_law\_retention\_in\_days) | The workspace data retention in days | `number` | `30` | no | +| [law\_sku](#input\_law\_sku) | Sku of the Log Analytics Workspace | `string` | `"PerGB2018"` | no | | [location](#input\_location) | n/a | `string` | `"westeurope"` | no | | [location\_short](#input\_location\_short) | Location short like eg: neu, weu.. | `string` | n/a | yes | | [lock\_enable](#input\_lock\_enable) | Apply locks to block accedentaly deletions. | `bool` | `false` | no | -| [pgflex\_private\_config](#input\_pgflex\_private\_config) | Configuration parameter for postgres flexible private | 
object({
    enabled = bool
  })
| n/a | yes | -| [pgflex\_public\_config](#input\_pgflex\_public\_config) | Configuration parameter for postgres flexible public | 
object({
    enabled = bool
  })
| n/a | yes | -| [pgflex\_public\_metric\_alerts](#input\_pgflex\_public\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    # "Insights.Container/pods" "Insights.Container/nodes"
    metric_namespace = string
    metric_name      = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string
    # severity: The severity of this Metric Alert. Possible values are 0, 1, 2, 3 and 4. Defaults to 3. Lower is worst
    severity = number
  }))
| 
{
  "active_connections": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "active_connections",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "connections_failed": {
    "aggregation": "Total",
    "frequency": "PT1M",
    "metric_name": "connections_failed",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "cpu_percent": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "cpu_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "memory_percent": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "memory_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "storage_percent": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "storage_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  }
}
| no | -| [postgres\_private\_endpoint\_enabled](#input\_postgres\_private\_endpoint\_enabled) | Enabled private comunication for postgres flexible | `bool` | n/a | yes | +| [postgres\_alerts\_enabled](#input\_postgres\_alerts\_enabled) | Database alerts enabled? | `bool` | `false` | no | +| [postgres\_byok\_enabled](#input\_postgres\_byok\_enabled) | Enable postgresql encryption with Customer Managed Key (BYOK) | `bool` | `false` | no | +| [postgres\_network\_rules](#input\_postgres\_network\_rules) | Database network rules | 
object({
    ip_rules                       = list(string)
    allow_access_to_azure_services = bool
  })
| 
{
  "allow_access_to_azure_services": false,
  "ip_rules": []
}
| no | +| [postgres\_private\_endpoint\_enabled](#input\_postgres\_private\_endpoint\_enabled) | Enable vnet private endpoint for postgres | `bool` | n/a | yes | +| [postgres\_public\_network\_access\_enabled](#input\_postgres\_public\_network\_access\_enabled) | Enable/Disable public network access | `bool` | `false` | no | | [prefix](#input\_prefix) | n/a | `string` | `"dvopla"` | no | | [prod\_dns\_zone\_prefix](#input\_prod\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no | -| [reverse\_proxy\_ip](#input\_reverse\_proxy\_ip) | AKS external ip. Also the ingress-nginx-controller external ip. Value known after installing the ingress controller. | `string` | `"127.0.0.1"` | no | +| [redis\_enabled](#input\_redis\_enabled) | Redis | `bool` | `false` | no | | [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | +| [vpn\_enabled](#input\_vpn\_enabled) | Enable VPN setup | `bool` | `false` | no | | [vpn\_pip\_sku](#input\_vpn\_pip\_sku) | VPN GW PIP SKU | `string` | `"Basic"` | no | | [vpn\_sku](#input\_vpn\_sku) | VPN Gateway SKU | `string` | `"VpnGw1"` | no | diff --git a/src/core/terraform.sh b/src/core/terraform.sh index 6745f671..4014c182 100755 --- a/src/core/terraform.sh +++ b/src/core/terraform.sh @@ -24,27 +24,11 @@ if [ -z "$ENV" ]; then exit 0 fi -# -# ๐Ÿ Source & init shell -# - # shellcheck source=/dev/null source "../.env/$ENV/backend.ini" -# Subscription set az account set -s "${subscription}" -# if using cygwin, we have to transcode the WORKDIR -if [[ $WORKDIR == /cygdrive/* ]]; then - WORKDIR=$(cygpath -w $WORKDIR) -fi - -# Helm -export HELM_DEBUG=1 - -# -# ๐ŸŒŽ Terraform -# if echo "init plan apply refresh import output state taint destroy" | grep -w "$ACTION" > /dev/null; then if [ "$ACTION" = "init" ]; then echo "[INFO] init tf on ENV: ${ENV}" @@ -56,14 +40,11 @@ if echo "init plan apply refresh import output state taint destroy" | grep -w "$ else # init terraform backend echo "[INFO] init tf on ENV: ${ENV}" - terraform init \ - -reconfigure \ - -backend-config="${BACKEND_CONFIG_PATH}" + terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}" echo "[INFO] run tf with: ${ACTION} on ENV: ${ENV} and other: >${other}<" terraform "${ACTION}" \ -var-file="../.env/${ENV}/terraform.tfvars" \ - -var-file="../.env/${ENV}/kubernetes.tfvars" \ -compact-warnings \ $other fi diff --git a/src/coreplus/.terraform.lock.hcl b/src/coreplus/.terraform.lock.hcl new file mode 100644 index 00000000..75908be7 --- /dev/null +++ b/src/coreplus/.terraform.lock.hcl @@ -0,0 +1,70 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azuread" { + version = "2.10.0" + constraints = "2.10.0" + hashes = [ + "h1:PW8Nwk1j7mm77Mlpc8DWnqjHqnSvBcvcOXDLbS1PACo=", + "h1:cP6vfuXYR5suhxO6SK/O+payBUt0pF7y+H00dmK9BDQ=", + "h1:gdC9ZhsqA/WAP6XIKO1EJyS9JEz+NYzxbpwNtMATprI=", + "h1:ufHQieXkEfagCV6KcXCawmg5lx0bLbYiXxeDFrJugtg=", + "zh:0c7540003a9ce0926dbb945b07dbd853f0d476d8fa3ba9660f3419201d6ec424", + "zh:16564bc569bf1202353aa2827257b65bd84e447ccbd777c4c79840b45421d39a", + "zh:26b1e51d83d12561a90d917606c34a615a448338a8bb9464e2f186fca9128873", + "zh:55c7d6a375b90d642de983dbc0217c23b6221251fa7499d351725885fde5ae0f", + "zh:612aa0bd17ca54117d8b65b4d7119a415aa47f3c573e793ca59ec46bd027f28c", + "zh:710fa7920e4cff3f8ce2c0f5650a8ff533b8ee1408da59ffd35b878dfa0cfb85", + "zh:7cb51092cf40a4ae92c31ac28cb547419dac675efe02990b3d6f2c80a4d70ef4", + "zh:81f5785beadf83be022ce009e995f744e47bcec0bb8d5d6c76ef7daf8f36159f", + "zh:8b833f623e873438f58f2e8dd5a2c17aaa38b945c0aa7338f80a2913b32fac88", + "zh:e85576db09c5bc4adf5ef3f3b0d1703dfad8578360961d7a68d1b01a8469443c", + "zh:eedb8939221efbab68ea89d561c33354d4066a5b22656ca23314053be4962fe0", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.45.0" + constraints = ">= 3.30.0, >= 3.33.0, <= 3.53.0" + hashes = [ + "h1:4BOYXFMiLk4ozEZHUhquRnE5urebcWvaCUV3uys646o=", + "h1:V3CLlXij3vZzxw51hvCBnqriy73llPG21NjO+7sLr+U=", + "h1:VQWxV5+qelZeUCjpdLvZ7iAom4RvG+fVVgK6ELvw/cs=", + "h1:gQLNY1I5e9kcle1p/VYEWb0eteQ/t5kUfnqVu2/GBNY=", + "zh:04c5dbb8845366ce5eb0dc2d55e151270cc2c0ace20993867fdae9af43b953ad", + "zh:2589585da615ccae341400d45d672ee3fae413fdd88449b5befeff12a85a44b2", + "zh:603869ed98fff5d9bf841a51afd9e06b628533c59356c8433aef4b15df63f5f7", + "zh:853fecab9c987b6772c8d9aa10362675f6c626b60ebc7118aa33ce91366fcc38", + "zh:979848c45e8e058862c36ba3a661457f7c81ef26ebb6634f479600de9c203d65", + "zh:9b512c8588ecc9c1b803b746a3a8517422561a918f0dfb0faaa707ed53ef1760", + "zh:a9601ffb58043426bcff1220662d6d137f0b2857a24f2dcf180aeac2c9cea688", + "zh:d52d2652328f0ed3ba202561d88cb9f43c174edbfaab1abf69f772125dbfe15e", + "zh:d92d91ca597c47f575bf3ae129f4b723be9b7dcb71b906ec6ec740fac29b1aaa", + "zh:ded73b730e4197b70fda9e83447c119f92f75dc37be3ff2ed45730c8f0348c28", + "zh:ec37ac332d50f8ca5827f97198346b0f8ecbf470e2e3ba1e027bb389d826b902", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + constraints = "<= 3.2.1" + hashes = [ + "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", + "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", + "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", + "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} diff --git a/src/core/00_acr.tf b/src/coreplus/00_acr.tf similarity index 100% rename from src/core/00_acr.tf rename to src/coreplus/00_acr.tf diff --git a/src/core/00_azuread.tf b/src/coreplus/00_azuread.tf similarity index 100% rename from src/core/00_azuread.tf rename to src/coreplus/00_azuread.tf diff --git a/src/core/00_key_vault.tf b/src/coreplus/00_key_vault.tf similarity index 100% rename from src/core/00_key_vault.tf rename to src/coreplus/00_key_vault.tf diff --git a/src/core/00_monitor.tf b/src/coreplus/00_monitor.tf similarity index 100% rename from src/core/00_monitor.tf rename to src/coreplus/00_monitor.tf diff --git a/src/core/00_network.tf b/src/coreplus/00_network.tf similarity index 100% rename from src/core/00_network.tf rename to src/coreplus/00_network.tf diff --git a/src/coreplus/01_network.tf b/src/coreplus/01_network.tf new file mode 100644 index 00000000..f4c79a5e --- /dev/null +++ b/src/coreplus/01_network.tf @@ -0,0 +1,16 @@ +# Subnet to host the api config +module "private_endpoints_snet" { + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v6.3.1" + name = "${local.program}-private-endpoints-snet" + address_prefixes = var.cidr_subnet_private_endpoints + virtual_network_name = data.azurerm_virtual_network.vnet.name + + resource_group_name = data.azurerm_resource_group.rg_vnet.name + + private_endpoint_network_policies_enabled = false + service_endpoints = [ + "Microsoft.Web", + "Microsoft.AzureCosmosDB", + "Microsoft.Storage", + ] +} diff --git a/src/core/01_network_aks_platform.tf b/src/coreplus/01_network_aks_platform.tf similarity index 100% rename from src/core/01_network_aks_platform.tf rename to src/coreplus/01_network_aks_platform.tf diff --git a/src/core/02_apim_0.tf b/src/coreplus/02_apim_0.tf similarity index 100% rename from src/core/02_apim_0.tf rename to src/coreplus/02_apim_0.tf diff --git a/src/core/02_apim_api_configurations.tf b/src/coreplus/02_apim_api_configurations.tf similarity index 100% rename from src/core/02_apim_api_configurations.tf rename to src/coreplus/02_apim_api_configurations.tf diff --git a/src/core/02_appgateway_0.tf b/src/coreplus/02_appgateway_0.tf similarity index 100% rename from src/core/02_appgateway_0.tf rename to src/coreplus/02_appgateway_0.tf diff --git a/src/core/02_appgateway_beta.tf b/src/coreplus/02_appgateway_beta.tf similarity index 100% rename from src/core/02_appgateway_beta.tf rename to src/coreplus/02_appgateway_beta.tf diff --git a/src/core/03_app_service.tf b/src/coreplus/03_app_service.tf similarity index 100% rename from src/core/03_app_service.tf rename to src/coreplus/03_app_service.tf diff --git a/src/core/04_function_0.tf b/src/coreplus/04_function_0.tf similarity index 100% rename from src/core/04_function_0.tf rename to src/coreplus/04_function_0.tf diff --git a/src/core/04_function_python.tf b/src/coreplus/04_function_python.tf similarity index 100% rename from src/core/04_function_python.tf rename to src/coreplus/04_function_python.tf diff --git a/src/core/05_monitoring.tf b/src/coreplus/05_monitoring.tf similarity index 100% rename from src/core/05_monitoring.tf rename to src/coreplus/05_monitoring.tf diff --git a/src/core/05_postgres_flexible.tf b/src/coreplus/05_postgres_flexible.tf similarity index 100% rename from src/core/05_postgres_flexible.tf rename to src/coreplus/05_postgres_flexible.tf diff --git a/src/core/06_cosmosdb_mongo.tf b/src/coreplus/06_cosmosdb_mongo.tf similarity index 100% rename from src/core/06_cosmosdb_mongo.tf rename to src/coreplus/06_cosmosdb_mongo.tf diff --git a/src/core/06_cosmosdb_sql.tf b/src/coreplus/06_cosmosdb_sql.tf similarity index 100% rename from src/core/06_cosmosdb_sql.tf rename to src/coreplus/06_cosmosdb_sql.tf diff --git a/src/core/07_eventhub.tf b/src/coreplus/07_eventhub.tf similarity index 100% rename from src/core/07_eventhub.tf rename to src/coreplus/07_eventhub.tf diff --git a/src/core/08_github_runner_self_hosted.tf b/src/coreplus/08_github_runner_self_hosted.tf similarity index 100% rename from src/core/08_github_runner_self_hosted.tf rename to src/coreplus/08_github_runner_self_hosted.tf diff --git a/src/pillar/99_main.tf b/src/coreplus/99_main.tf similarity index 84% rename from src/pillar/99_main.tf rename to src/coreplus/99_main.tf index cf7f2339..fedf8dea 100644 --- a/src/pillar/99_main.tf +++ b/src/coreplus/99_main.tf @@ -1,17 +1,14 @@ terraform { + required_version = ">=1.3.0" required_providers { azurerm = { source = "hashicorp/azurerm" - version = "<= 3.53.0" + version = ">= 3.33.0,<= 3.53.0" } azuread = { source = "hashicorp/azuread" version = "= 2.10.0" } - null = { - version = "= 3.1.0" - } - } backend "azurerm" {} diff --git a/src/pillar/99_main.tf.ci b/src/coreplus/99_main.tf.ci similarity index 83% rename from src/pillar/99_main.tf.ci rename to src/coreplus/99_main.tf.ci index c923b513..4a3ace7a 100644 --- a/src/pillar/99_main.tf.ci +++ b/src/coreplus/99_main.tf.ci @@ -1,17 +1,14 @@ terraform { + required_version = ">=1.3.0" required_providers { azurerm = { source = "hashicorp/azurerm" - version = "<= 3.53.0" + version = ">= 3.33.0,<= 3.53.0" } azuread = { source = "hashicorp/azuread" version = "= 2.10.0" } - null = { - version = "= 3.1.0" - } - } } diff --git a/src/coreplus/99_variables.tf b/src/coreplus/99_variables.tf new file mode 100644 index 00000000..1afd827d --- /dev/null +++ b/src/coreplus/99_variables.tf @@ -0,0 +1,823 @@ +# general + +# +# Locals +# +locals { + program = "${var.prefix}-${var.env_short}" + project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" + + # VNET + vnet_resource_group_name = "${local.program}-vnet-rg" + vnet_name = "${local.program}-vnet" + + appgateway_public_ip_name = "${local.program}-gw-pip" + appgateway_beta_public_ip_name = "${local.program}-gw-beta-pip" + + # api.internal.*.devopslab.pagopa.it + api_internal_domain = "api.internal.${var.prod_dns_zone_prefix}.${var.external_domain}" + + # ACR DOCKER + docker_rg_name = "${local.program}-dockerreg-rg" + docker_registry_name = replace("${var.prefix}-${var.env_short}-${var.location_short}-acr", "-", "") + + # monitor + monitor_rg_name = "${local.program}-monitor-rg" + monitor_log_analytics_workspace_name = "${local.program}-law" + monitor_appinsights_name = "${local.program}-appinsights" + monitor_security_storage_name = replace("${local.program}-sec-monitor-st", "-", "") + + monitor_action_group_slack_name = "SlackPagoPA" + monitor_action_group_email_name = "PagoPA" + + cosmosdb_enable = 1 + + dns_zone_private_name = "internal.${var.prod_dns_zone_prefix}.${var.external_domain}" + + # + # Container App + # + container_app_github_runner_env_name = "${local.project}-github-runner-cae" + container_app_github_runner_env_rg = "${local.project}-github-runner-rg" +} + +variable "prefix" { + type = string + default = "dvopla" + validation { + condition = ( + length(var.prefix) <= 6 + ) + error_message = "Max length is 6 chars." + } +} + +variable "env" { + type = string + validation { + condition = ( + length(var.env) <= 3 + ) + error_message = "Max length is 3 chars." + } +} + +variable "env_short" { + type = string + validation { + condition = ( + length(var.env_short) <= 1 + ) + error_message = "Max length is 1 chars." + } +} + +variable "domain" { + type = string + validation { + condition = ( + length(var.domain) <= 12 + ) + error_message = "Max length is 12 chars." + } +} + +variable "location" { + type = string + default = "westeurope" +} + +variable "location_short" { + type = string + description = "Location short like eg: neu, weu.." +} + +variable "lock_enable" { + type = bool + default = false + description = "Apply locks to block accedentaly deletions." +} + +variable "tags" { + type = map(any) + default = { + CreatedBy = "Terraform" + } +} + +# +# ๐Ÿ” Key Vault +# +variable "key_vault_name" { + type = string + description = "Key Vault name" + default = "" +} + +variable "key_vault_rg_name" { + type = string + default = "" + description = "Key Vault - rg name" +} + +# +# โ˜๏ธ network +# +variable "cidr_vnet" { + type = list(string) + description = "Virtual network address space." +} + +variable "cidr_subnet_appgateway" { + type = list(string) + description = "Application gateway address space." +} + +variable "cidr_subnet_appgateway_beta" { + type = list(string) + description = "Application gateway beta address space." +} + +variable "cidr_subnet_azdoa" { + type = list(string) + description = "Azure DevOps agent network address space." +} + +variable "cidr_subnet_apim" { + type = list(string) + description = "Address prefixes subnet api management." + default = null +} + +variable "cidr_subnet_k8s" { + type = list(string) + description = "Subnet cluster kubernetes." +} + +variable "cidr_subnet_app_docker" { + type = list(string) + description = "Subnet web app docker." +} + +variable "cidr_subnet_flex_dbms" { + type = list(string) + description = "Subnet cidr postgres flex." +} + +variable "cidr_subnet_private_endpoints" { + type = list(string) + description = "Subnet cidr postgres flex." +} + +variable "cidr_subnet_vpn" { + type = list(string) + description = "Subnet cidr postgres flex." +} + +variable "cidr_subnet_eventhub" { + type = list(string) + description = "Eventhub network address space." +} + +variable "cidr_subnet_app_diego_app" { + type = list(string) + description = "Subnet diego app." +} + +variable "cidr_subnet_funcs_diego_domain" { + type = list(string) + description = "Subnet for funcs in diego domain" +} + +variable "cidr_subnet_github_runner_self_hosted" { + type = list(string) + description = "Subnet for funcs in diego domain" +} + +## VPN ## +variable "vpn_sku" { + type = string + default = "VpnGw1" + description = "VPN Gateway SKU" +} + +variable "vpn_pip_sku" { + type = string + default = "Basic" + description = "VPN GW PIP SKU" +} + +# +# ๐Ÿ“‡ dns +# +variable "dns_default_ttl_sec" { + type = number + description = "value" + default = 3600 +} + +variable "external_domain" { + type = string + default = null + description = "Domain for delegation" +} + +variable "prod_dns_zone_prefix" { + type = string + default = null + description = "The dns subdomain." +} + +variable "lab_dns_zone_prefix" { + type = string + default = null + description = "The dns subdomain." +} + +# โ‡๏ธ app gateway +variable "app_gateway_is_enabled" { + type = bool + description = "Enable App GW Beta" + default = false +} + +variable "app_gateway_sku_name" { + type = string + description = "SKU Name of the App GW" + default = "Standard_v2" +} + +variable "app_gateway_sku_tier" { + type = string + description = "SKU tier of the App GW" + default = "Standard_v2" +} + +variable "app_gateway_alerts_enabled" { + type = bool + description = "Enable alerts" + default = false +} + +variable "app_gateway_waf_enabled" { + type = bool + description = "Enable WAF" + default = false +} + +# +# Beta +# +variable "app_gw_beta_is_enabled" { + type = bool + description = "Enable App GW Beta" + default = false +} + +## appgateway: Scaling + +variable "app_gateway_min_capacity" { + type = number + default = 0 +} + +variable "app_gateway_max_capacity" { + type = number + default = 2 +} + +variable "app_gateway_api_certificate_name" { + type = string + description = "Application gateway api certificate name on Key Vault" +} + +variable "app_gateway_beta_certificate_name" { + type = string + description = "Application gateway beta certificate name on Key Vault" +} + +# # ๐Ÿš€ azure devops +# variable "enable_azdoa" { +# type = bool +# description = "Enable Azure DevOps agent." +# } + +# variable "enable_iac_pipeline" { +# type = bool +# description = "If true create the key vault policy to allow used by azure devops iac pipelines." +# default = false +# } + +# +# ๐Ÿ—บ APIM +# + +variable "apim_publisher_name" { + type = string + default = "" + description = "Apim publisher name" +} + +variable "apim_sku" { + type = string + default = "Developer_1" + description = "APIM SKU type" +} + +variable "apim_api_internal_certificate_name" { + type = string + description = "KeyVault certificate name" +} + +# +# โ›ด AKS +# +variable "aks_private_cluster_enabled" { + type = bool + description = "Enable or not public visibility of AKS" + default = false +} + +variable "aks_num_outbound_ips" { + type = number + default = 1 + description = "How many outbound ips allocate for AKS cluster" +} + +variable "aks_system_node_pool" { + type = object({ + name = string, + vm_size = string, + os_disk_type = string, + os_disk_size_gb = string, + node_count_min = number, + node_count_max = number, + node_labels = map(any), + node_tags = map(any) + }) + description = "AKS node pool system configuration" +} + +variable "aks_user_node_pool" { + type = object({ + enabled = bool, + name = string, + vm_size = string, + os_disk_type = string, + os_disk_size_gb = string, + node_count_min = number, + node_count_max = number, + node_labels = map(any), + node_taints = list(string), + node_tags = map(any), + }) + description = "AKS node pool user configuration" +} + +variable "kubernetes_version" { + type = string + description = "Kubernetes version of cluster aks" +} + +variable "reverse_proxy_ip" { + type = string + default = "127.0.0.1" + description = "AKS external ip. Also the ingress-nginx-controller external ip. Value known after installing the ingress controller." +} + +variable "aks_metric_alerts" { + description = < + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >=1.3.0 | +| [azuread](#requirement\_azuread) | = 2.10.0 | +| [azurerm](#requirement\_azurerm) | >= 3.33.0,<= 3.53.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [apim](#module\_apim) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management | v6.10.0 | +| [apim\_devopslab\_webapp\_python\_alpha\_api\_v1](#module\_apim\_devopslab\_webapp\_python\_alpha\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.1 | +| [apim\_devopslab\_webapp\_python\_beta\_api\_v1](#module\_apim\_devopslab\_webapp\_python\_beta\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.1 | +| [apim\_devopslab\_webapp\_python\_proxy\_api\_v1](#module\_apim\_devopslab\_webapp\_python\_proxy\_api\_v1) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_api | v6.3.1 | +| [apim\_product\_devopslab](#module\_apim\_product\_devopslab) | git::https://github.com/pagopa/terraform-azurerm-v3.git//api_management_product | v6.3.1 | +| [apim\_snet](#module\_apim\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [app\_gw](#module\_app\_gw) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway | v6.3.1 | +| [app\_gw\_beta](#module\_app\_gw\_beta) | git::https://github.com/pagopa/terraform-azurerm-v3.git//app_gateway | v6.3.1 | +| [app\_service\_docker\_snet](#module\_app\_service\_docker\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [appgateway\_beta\_snet](#module\_appgateway\_beta\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [appgateway\_snet](#module\_appgateway\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [core\_cosmos\_db](#module\_core\_cosmos\_db) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_database | v6.3.1 | +| [core\_cosmosdb\_containers](#module\_core\_cosmosdb\_containers) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_container | v6.3.1 | +| [cosmos\_core](#module\_cosmos\_core) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.3.1 | +| [cosmos\_mongo](#module\_cosmos\_mongo) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.3.1 | +| [event\_hub](#module\_event\_hub) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v6.3.1 | +| [eventhub\_snet](#module\_eventhub\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [funcs\_diego\_snet](#module\_funcs\_diego\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [mongdb\_collection\_name](#module\_mongdb\_collection\_name) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_mongodb_collection | v6.3.1 | +| [postgres\_flexible\_server\_private](#module\_postgres\_flexible\_server\_private) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server | v6.3.1 | +| [postgres\_flexible\_server\_public](#module\_postgres\_flexible\_server\_public) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgres_flexible_server | v6.3.1 | +| [postgres\_flexible\_snet](#module\_postgres\_flexible\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [private\_endpoints\_snet](#module\_private\_endpoints\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.3.1 | +| [vnet\_aks](#module\_vnet\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v6.3.1 | +| [vnet\_peering\_core\_2\_aks](#module\_vnet\_peering\_core\_2\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network_peering | v6.3.1 | + +## Resources + +| Name | Type | +|------|------| +| [azurerm_api_management_custom_domain.api_custom_domain](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_custom_domain) | resource | +| [azurerm_app_service_plan.app_docker](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_plan) | resource | +| [azurerm_app_service_plan.funcs_diego](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_plan) | resource | +| [azurerm_cosmosdb_mongo_database.mongo_db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_mongo_database) | resource | +| [azurerm_key_vault_access_policy.api_management_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.app_gateway_beta_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_key_vault_access_policy.app_gateway_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | +| [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | +| [azurerm_private_dns_a_record.api_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | +| [azurerm_private_dns_zone.privatelink_postgres_database_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | +| [azurerm_private_dns_zone_virtual_network_link.privatelink_postgres_database_azure_com_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.vnet_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_public_ip.outbound_ip_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | +| [azurerm_resource_group.app_service_docker_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.cosmos_mongo_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.cosmos_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.eventhub_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.funcs_diego_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.github_runner_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.postgres_dbs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.rg_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_resource_group.rg_vnet_aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | +| [azurerm_subnet.github_runner_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource | +| [azurerm_user_assigned_identity.appgateway](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource | +| [azurerm_user_assigned_identity.appgateway_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource | +| [null_resource.container_app_create_env_github_runner](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [null_resource.update_az_cli](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | +| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | +| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | +| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | +| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/group) | data source | +| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | +| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | +| [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_registry) | data source | +| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | +| [azurerm_key_vault_certificate.apim_internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | +| [azurerm_key_vault_certificate.apim_internal_certificate](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | +| [azurerm_key_vault_certificate.app_gw_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | +| [azurerm_key_vault_certificate.app_gw_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | +| [azurerm_key_vault_certificate.app_gw_platform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_certificate) | data source | +| [azurerm_key_vault_secret.alert_error_notification_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.alert_error_notification_slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.apim_publisher_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.pgres_flex_admin_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_key_vault_secret.pgres_flex_admin_pwd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | +| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | +| [azurerm_public_ip.appgateway_beta_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source | +| [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source | +| [azurerm_resource_group.kv_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_resource_group.rg_monitor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | +| [azurerm_storage_account.security_monitoring_storage](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source | +| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | +| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aks\_addons](#input\_aks\_addons) | AKS addons configuration | 
object({
    azure_policy                     = bool,
    azure_key_vault_secrets_provider = bool,
    pod_identity_enabled             = bool,
  })
| 
{
  "azure_key_vault_secrets_provider": true,
  "azure_policy": true,
  "pod_identity_enabled": true
}
| no | +| [aks\_alerts\_enabled](#input\_aks\_alerts\_enabled) | Aks alert enabled? | `bool` | `true` | no | +| [aks\_metric\_alerts](#input\_aks\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    # "Insights.Container/pods" "Insights.Container/nodes"
    metric_namespace = string
    metric_name      = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string

    dimension = list(object(
      {
        name     = string
        operator = string
        values   = list(string)
      }
    ))
  }))
| 
{
  "container_cpu": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "cpuExceededPercentage",
    "metric_namespace": "Insights.Container/containers",
    "operator": "GreaterThan",
    "threshold": 95,
    "window_size": "PT5M"
  },
  "container_memory": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "memoryWorkingSetExceededPercentage",
    "metric_namespace": "Insights.Container/containers",
    "operator": "GreaterThan",
    "threshold": 95,
    "window_size": "PT5M"
  },
  "container_oom": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "oomKilledContainerCount",
    "metric_namespace": "Insights.Container/pods",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT1M"
  },
  "container_restart": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "restartingContainerCount",
    "metric_namespace": "Insights.Container/pods",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT1M"
  },
  "node_cpu": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "host",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "cpuUsagePercentage",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 80,
    "window_size": "PT5M"
  },
  "node_disk": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "host",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "device",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "DiskUsedPercentage",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 80,
    "window_size": "PT5M"
  },
  "node_memory": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "host",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "memoryWorkingSetPercentage",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 80,
    "window_size": "PT5M"
  },
  "node_not_ready": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "status",
        "operator": "Include",
        "values": [
          "NotReady"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "nodesCount",
    "metric_namespace": "Insights.Container/nodes",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT5M"
  },
  "pods_failed": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "phase",
        "operator": "Include",
        "values": [
          "Failed"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "podCount",
    "metric_namespace": "Insights.Container/pods",
    "operator": "GreaterThan",
    "threshold": 0,
    "window_size": "PT5M"
  },
  "pods_ready": {
    "aggregation": "Average",
    "dimension": [
      {
        "name": "kubernetes namespace",
        "operator": "Include",
        "values": [
          "*"
        ]
      },
      {
        "name": "controllerName",
        "operator": "Include",
        "values": [
          "*"
        ]
      }
    ],
    "frequency": "PT1M",
    "metric_name": "PodReadyPercentage",
    "metric_namespace": "Insights.Container/pods",
    "operator": "LessThan",
    "threshold": 80,
    "window_size": "PT5M"
  }
}
| no | +| [aks\_networks](#input\_aks\_networks) | VNETs configuration for AKS | 
list(
    object({
      domain_name = string
      vnet_cidr   = list(string)
    })
  )
| n/a | yes | +| [aks\_num\_outbound\_ips](#input\_aks\_num\_outbound\_ips) | How many outbound ips allocate for AKS cluster | `number` | `1` | no | +| [aks\_private\_cluster\_enabled](#input\_aks\_private\_cluster\_enabled) | Enable or not public visibility of AKS | `bool` | `false` | no | +| [aks\_system\_node\_pool](#input\_aks\_system\_node\_pool) | AKS node pool system configuration | 
object({
    name            = string,
    vm_size         = string,
    os_disk_type    = string,
    os_disk_size_gb = string,
    node_count_min  = number,
    node_count_max  = number,
    node_labels     = map(any),
    node_tags       = map(any)
  })
| n/a | yes | +| [aks\_user\_node\_pool](#input\_aks\_user\_node\_pool) | AKS node pool user configuration | 
object({
    enabled         = bool,
    name            = string,
    vm_size         = string,
    os_disk_type    = string,
    os_disk_size_gb = string,
    node_count_min  = number,
    node_count_max  = number,
    node_labels     = map(any),
    node_taints     = list(string),
    node_tags       = map(any),
  })
| n/a | yes | +| [apim\_api\_internal\_certificate\_name](#input\_apim\_api\_internal\_certificate\_name) | KeyVault certificate name | `string` | n/a | yes | +| [apim\_publisher\_name](#input\_apim\_publisher\_name) | Apim publisher name | `string` | `""` | no | +| [apim\_sku](#input\_apim\_sku) | APIM SKU type | `string` | `"Developer_1"` | no | +| [app\_gateway\_alerts\_enabled](#input\_app\_gateway\_alerts\_enabled) | Enable alerts | `bool` | `false` | no | +| [app\_gateway\_api\_certificate\_name](#input\_app\_gateway\_api\_certificate\_name) | Application gateway api certificate name on Key Vault | `string` | n/a | yes | +| [app\_gateway\_beta\_certificate\_name](#input\_app\_gateway\_beta\_certificate\_name) | Application gateway beta certificate name on Key Vault | `string` | n/a | yes | +| [app\_gateway\_is\_enabled](#input\_app\_gateway\_is\_enabled) | Enable App GW Beta | `bool` | `false` | no | +| [app\_gateway\_max\_capacity](#input\_app\_gateway\_max\_capacity) | n/a | `number` | `2` | no | +| [app\_gateway\_min\_capacity](#input\_app\_gateway\_min\_capacity) | n/a | `number` | `0` | no | +| [app\_gateway\_sku\_name](#input\_app\_gateway\_sku\_name) | SKU Name of the App GW | `string` | `"Standard_v2"` | no | +| [app\_gateway\_sku\_tier](#input\_app\_gateway\_sku\_tier) | SKU tier of the App GW | `string` | `"Standard_v2"` | no | +| [app\_gateway\_waf\_enabled](#input\_app\_gateway\_waf\_enabled) | Enable WAF | `bool` | `false` | no | +| [app\_gw\_beta\_is\_enabled](#input\_app\_gw\_beta\_is\_enabled) | Enable App GW Beta | `bool` | `false` | no | +| [app\_service\_diego\_app\_is\_enabled](#input\_app\_service\_diego\_app\_is\_enabled) | n/a | `bool` | n/a | yes | +| [app\_service\_plan\_enabled](#input\_app\_service\_plan\_enabled) | App service | `bool` | n/a | yes | +| [cidr\_subnet\_apim](#input\_cidr\_subnet\_apim) | Address prefixes subnet api management. | `list(string)` | `null` | no | +| [cidr\_subnet\_app\_diego\_app](#input\_cidr\_subnet\_app\_diego\_app) | Subnet diego app. | `list(string)` | n/a | yes | +| [cidr\_subnet\_app\_docker](#input\_cidr\_subnet\_app\_docker) | Subnet web app docker. | `list(string)` | n/a | yes | +| [cidr\_subnet\_appgateway](#input\_cidr\_subnet\_appgateway) | Application gateway address space. | `list(string)` | n/a | yes | +| [cidr\_subnet\_appgateway\_beta](#input\_cidr\_subnet\_appgateway\_beta) | Application gateway beta address space. | `list(string)` | n/a | yes | +| [cidr\_subnet\_azdoa](#input\_cidr\_subnet\_azdoa) | Azure DevOps agent network address space. | `list(string)` | n/a | yes | +| [cidr\_subnet\_eventhub](#input\_cidr\_subnet\_eventhub) | Eventhub network address space. | `list(string)` | n/a | yes | +| [cidr\_subnet\_flex\_dbms](#input\_cidr\_subnet\_flex\_dbms) | Subnet cidr postgres flex. | `list(string)` | n/a | yes | +| [cidr\_subnet\_funcs\_diego\_domain](#input\_cidr\_subnet\_funcs\_diego\_domain) | Subnet for funcs in diego domain | `list(string)` | n/a | yes | +| [cidr\_subnet\_github\_runner\_self\_hosted](#input\_cidr\_subnet\_github\_runner\_self\_hosted) | Subnet for funcs in diego domain | `list(string)` | n/a | yes | +| [cidr\_subnet\_k8s](#input\_cidr\_subnet\_k8s) | Subnet cluster kubernetes. | `list(string)` | n/a | yes | +| [cidr\_subnet\_private\_endpoints](#input\_cidr\_subnet\_private\_endpoints) | Subnet cidr postgres flex. | `list(string)` | n/a | yes | +| [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | Subnet cidr postgres flex. | `list(string)` | n/a | yes | +| [cidr\_vnet](#input\_cidr\_vnet) | Virtual network address space. | `list(string)` | n/a | yes | +| [dns\_default\_ttl\_sec](#input\_dns\_default\_ttl\_sec) | value | `number` | `3600` | no | +| [domain](#input\_domain) | n/a | `string` | n/a | yes | +| [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | `false` | no | +| [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | `null` | no | +| [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | `null` | no | +| [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | `"Basic"` | no | +| [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | `false` | no | +| [env](#input\_env) | n/a | `string` | n/a | yes | +| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | +| [eventhubs](#input\_eventhubs) | A list of event hubs to add to namespace for BPD application. | 
list(object({
    name              = string
    partitions        = number
    message_retention = number
    consumers         = list(string)
    keys = list(object({
      name   = string
      listen = bool
      send   = bool
      manage = bool
    }))
  }))
| `[]` | no | +| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | +| [function\_python\_diego\_enabled](#input\_function\_python\_diego\_enabled) | Is function python enabled. | `bool` | `false` | no | +| [is\_cosmosdb\_core\_enabled](#input\_is\_cosmosdb\_core\_enabled) | n/a | `bool` | n/a | yes | +| [is\_cosmosdb\_mongo\_enabled](#input\_is\_cosmosdb\_mongo\_enabled) | CosmosDB | `bool` | n/a | yes | +| [is\_web\_app\_service\_docker\_enabled](#input\_is\_web\_app\_service\_docker\_enabled) | Enable or disable this resources | `bool` | n/a | yes | +| [key\_vault\_name](#input\_key\_vault\_name) | Key Vault name | `string` | `""` | no | +| [key\_vault\_rg\_name](#input\_key\_vault\_rg\_name) | Key Vault - rg name | `string` | `""` | no | +| [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version of cluster aks | `string` | n/a | yes | +| [lab\_dns\_zone\_prefix](#input\_lab\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no | +| [location](#input\_location) | n/a | `string` | `"westeurope"` | no | +| [location\_short](#input\_location\_short) | Location short like eg: neu, weu.. | `string` | n/a | yes | +| [lock\_enable](#input\_lock\_enable) | Apply locks to block accedentaly deletions. | `bool` | `false` | no | +| [pgflex\_private\_config](#input\_pgflex\_private\_config) | Configuration parameter for postgres flexible private | 
object({
    enabled = bool
  })
| n/a | yes | +| [pgflex\_public\_config](#input\_pgflex\_public\_config) | Configuration parameter for postgres flexible public | 
object({
    enabled = bool
  })
| n/a | yes | +| [pgflex\_public\_metric\_alerts](#input\_pgflex\_public\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    # "Insights.Container/pods" "Insights.Container/nodes"
    metric_namespace = string
    metric_name      = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string
    # severity: The severity of this Metric Alert. Possible values are 0, 1, 2, 3 and 4. Defaults to 3. Lower is worst
    severity = number
  }))
| 
{
  "active_connections": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "active_connections",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "connections_failed": {
    "aggregation": "Total",
    "frequency": "PT1M",
    "metric_name": "connections_failed",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "cpu_percent": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "cpu_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "memory_percent": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "memory_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  },
  "storage_percent": {
    "aggregation": "Average",
    "frequency": "PT1M",
    "metric_name": "storage_percent",
    "metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
    "operator": "GreaterThan",
    "severity": 2,
    "threshold": 80,
    "window_size": "PT5M"
  }
}
| no | +| [postgres\_private\_endpoint\_enabled](#input\_postgres\_private\_endpoint\_enabled) | Enabled private comunication for postgres flexible | `bool` | n/a | yes | +| [prefix](#input\_prefix) | n/a | `string` | `"dvopla"` | no | +| [prod\_dns\_zone\_prefix](#input\_prod\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no | +| [reverse\_proxy\_ip](#input\_reverse\_proxy\_ip) | AKS external ip. Also the ingress-nginx-controller external ip. Value known after installing the ingress controller. | `string` | `"127.0.0.1"` | no | +| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | +| [vpn\_pip\_sku](#input\_vpn\_pip\_sku) | VPN GW PIP SKU | `string` | `"Basic"` | no | +| [vpn\_sku](#input\_vpn\_sku) | VPN Gateway SKU | `string` | `"VpnGw1"` | no | + +## Outputs + +No outputs. + diff --git a/src/core/api/devopslab/webapp-python-proxy/_base_policy.xml b/src/coreplus/api/devopslab/webapp-python-proxy/_base_policy.xml similarity index 100% rename from src/core/api/devopslab/webapp-python-proxy/_base_policy.xml rename to src/coreplus/api/devopslab/webapp-python-proxy/_base_policy.xml diff --git a/src/core/api/devopslab/webapp-python-proxy/openapi_webapp_python.json.tftpl b/src/coreplus/api/devopslab/webapp-python-proxy/openapi_webapp_python.json.tftpl similarity index 100% rename from src/core/api/devopslab/webapp-python-proxy/openapi_webapp_python.json.tftpl rename to src/coreplus/api/devopslab/webapp-python-proxy/openapi_webapp_python.json.tftpl diff --git a/src/core/api/devopslab/webapp-python/_base_policy.xml b/src/coreplus/api/devopslab/webapp-python/_base_policy.xml similarity index 100% rename from src/core/api/devopslab/webapp-python/_base_policy.xml rename to src/coreplus/api/devopslab/webapp-python/_base_policy.xml diff --git a/src/core/api/devopslab/webapp-python/openapi_webapp_python.json.tftpl b/src/coreplus/api/devopslab/webapp-python/openapi_webapp_python.json.tftpl similarity index 100% rename from src/core/api/devopslab/webapp-python/openapi_webapp_python.json.tftpl rename to src/coreplus/api/devopslab/webapp-python/openapi_webapp_python.json.tftpl diff --git a/src/core/api_product/devopslab/_base_policy.xml b/src/coreplus/api_product/devopslab/_base_policy.xml similarity index 100% rename from src/core/api_product/devopslab/_base_policy.xml rename to src/coreplus/api_product/devopslab/_base_policy.xml diff --git a/src/core/grafana_db/README.md b/src/coreplus/grafana_db/README.md similarity index 100% rename from src/core/grafana_db/README.md rename to src/coreplus/grafana_db/README.md diff --git a/src/core/grafana_db/grafana.db b/src/coreplus/grafana_db/grafana.db similarity index 100% rename from src/core/grafana_db/grafana.db rename to src/coreplus/grafana_db/grafana.db diff --git a/src/pillar/terraform.sh b/src/coreplus/terraform.sh similarity index 80% rename from src/pillar/terraform.sh rename to src/coreplus/terraform.sh index 4014c182..6745f671 100755 --- a/src/pillar/terraform.sh +++ b/src/coreplus/terraform.sh @@ -24,11 +24,27 @@ if [ -z "$ENV" ]; then exit 0 fi +# +# ๐Ÿ Source & init shell +# + # shellcheck source=/dev/null source "../.env/$ENV/backend.ini" +# Subscription set az account set -s "${subscription}" +# if using cygwin, we have to transcode the WORKDIR +if [[ $WORKDIR == /cygdrive/* ]]; then + WORKDIR=$(cygpath -w $WORKDIR) +fi + +# Helm +export HELM_DEBUG=1 + +# +# ๐ŸŒŽ Terraform +# if echo "init plan apply refresh import output state taint destroy" | grep -w "$ACTION" > /dev/null; then if [ "$ACTION" = "init" ]; then echo "[INFO] init tf on ENV: ${ENV}" @@ -40,11 +56,14 @@ if echo "init plan apply refresh import output state taint destroy" | grep -w "$ else # init terraform backend echo "[INFO] init tf on ENV: ${ENV}" - terraform init -reconfigure -backend-config="${BACKEND_CONFIG_PATH}" + terraform init \ + -reconfigure \ + -backend-config="${BACKEND_CONFIG_PATH}" echo "[INFO] run tf with: ${ACTION} on ENV: ${ENV} and other: >${other}<" terraform "${ACTION}" \ -var-file="../.env/${ENV}/terraform.tfvars" \ + -var-file="../.env/${ENV}/kubernetes.tfvars" \ -compact-warnings \ $other fi diff --git a/src/pillar/.terraform.lock.hcl b/src/pillar/.terraform.lock.hcl deleted file mode 100644 index dba66fcf..00000000 --- a/src/pillar/.terraform.lock.hcl +++ /dev/null @@ -1,137 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.10.0" - constraints = "2.10.0" - hashes = [ - "h1:PW8Nwk1j7mm77Mlpc8DWnqjHqnSvBcvcOXDLbS1PACo=", - "h1:cP6vfuXYR5suhxO6SK/O+payBUt0pF7y+H00dmK9BDQ=", - "h1:gdC9ZhsqA/WAP6XIKO1EJyS9JEz+NYzxbpwNtMATprI=", - "h1:ufHQieXkEfagCV6KcXCawmg5lx0bLbYiXxeDFrJugtg=", - "zh:0c7540003a9ce0926dbb945b07dbd853f0d476d8fa3ba9660f3419201d6ec424", - "zh:16564bc569bf1202353aa2827257b65bd84e447ccbd777c4c79840b45421d39a", - "zh:26b1e51d83d12561a90d917606c34a615a448338a8bb9464e2f186fca9128873", - "zh:55c7d6a375b90d642de983dbc0217c23b6221251fa7499d351725885fde5ae0f", - "zh:612aa0bd17ca54117d8b65b4d7119a415aa47f3c573e793ca59ec46bd027f28c", - "zh:710fa7920e4cff3f8ce2c0f5650a8ff533b8ee1408da59ffd35b878dfa0cfb85", - "zh:7cb51092cf40a4ae92c31ac28cb547419dac675efe02990b3d6f2c80a4d70ef4", - "zh:81f5785beadf83be022ce009e995f744e47bcec0bb8d5d6c76ef7daf8f36159f", - "zh:8b833f623e873438f58f2e8dd5a2c17aaa38b945c0aa7338f80a2913b32fac88", - "zh:e85576db09c5bc4adf5ef3f3b0d1703dfad8578360961d7a68d1b01a8469443c", - "zh:eedb8939221efbab68ea89d561c33354d4066a5b22656ca23314053be4962fe0", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.36.0" - constraints = ">= 3.30.0, <= 3.38.0, <= 3.53.0" - hashes = [ - "h1:5QKOFigw44W3w/HfV8o+k8+UyhAXf+4E7MPh14C3Gbg=", - "h1:FUwQUSs5nWDpP5isF3SiTPe+K927/L07yXumr6gQ1GQ=", - "h1:W7oq9M6gplv2g8nHFR3lkwBmVaUxWj289eWNwwe0wek=", - "h1:iVUkJ0kqVTdiU4RLU8TjX1QgOK1tc+Bi+rn0qGqsMvg=", - "zh:1f33ba9f4e4d7aac33ba414a978e3aa76fee355eb5e213adca52fd3b3e04a709", - "zh:1f812d28672f8693dd8f13aa4d94a13724d5985c62e0e9f2154bc8f1e34a8b99", - "zh:422c4da1f56a5c6a20ceee10782e6f21db97bfe978676bf8b108f23c028ae12f", - "zh:4890a7032a4075c2a900670efdcbf6cda240aa270e3ddda8936fea0708fbb0d2", - "zh:5dfeace4cd5f90e255307d55b6a9b57590103b4eec07ec44aa4d29cb414067f4", - "zh:828d156e1deee82fb49738c6b3011f5dafd9043976e8d353e7f2d90ede85a984", - "zh:8df2bb82da3551c7837e5c893d839ae0174305cb17815c0fb0f64f40ef06d00e", - "zh:c22a3e151872d082ea323b85b4731f9371c30369eb50a84b08638b36ddcae967", - "zh:d938f8aff30bd48d3fab96dc162c1b78680226fa8509042dad742e7218311855", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fc85a4b1d6df95188d0e12e15f1fc292f9781362c8da9c2bc70ff56ae313f3ac", - "zh:fee5a19577b195bf38b7ad1cb0f4f98c218b95b8679ba12766ce67e7674e2505", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.2.3" - constraints = "<= 2.3.0" - hashes = [ - "h1:3bH88Z7tlWvcoubm6hQUBk3s9bSIJC8bVHQz749B87E=", - "h1:FvRIEgCmAezgZUqb2F+PZ9WnSSnR5zbEM2ZI+GLmbMk=", - "h1:KmHz81iYgw9Xn2L3Carc2uAzvFZ1XsE7Js3qlVeC77k=", - "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=", - "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0", - "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa", - "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797", - "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb", - "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3", - "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c", - "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8", - "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e", - "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9", - "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.1.0" - constraints = "3.1.0, <= 3.2.1" - hashes = [ - "h1:SFT7X3zY18CLWjoH2GfQyapxsRv6GDKsy9cF1aRwncc=", - "h1:grYDj8/Lvp1OwME+g1AsECPN1czO5ssSf+8fCluCHQY=", - "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=", - "h1:xhbHC6in3nQryvTQBWKxebi3inG5OCgHgc4fRxL0ymc=", - "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2", - "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515", - "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521", - "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2", - "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e", - "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53", - "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d", - "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8", - "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70", - "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b", - "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.4.3" - constraints = "<= 3.4.3" - hashes = [ - "h1:hXUPrH8igYBhatzatkp80RCeeUJGu9lQFDyKemOlsTo=", - "h1:saZR+mhthL0OZl4SyHXZraxyaBNVMxiZzks78nWcZ2o=", - "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=", - "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", - "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", - "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", - "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", - "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", - "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", - "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", - "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", - "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", - "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", - "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" - hashes = [ - "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=", - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=", - "h1:rKKMyIEBZwR+8j6Tx3PwqBrStuH+J+pxcbCR5XN8WAw=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/src/pillar/01_network.tf b/src/pillar/01_network.tf deleted file mode 100644 index ba33db04..00000000 --- a/src/pillar/01_network.tf +++ /dev/null @@ -1,59 +0,0 @@ -resource "azurerm_resource_group" "rg_vnet" { - name = local.vnet_resource_group_name - location = var.location - - tags = var.tags -} - -# vnet -module "vnet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network?ref=v4.1.0" - name = local.vnet_name - location = azurerm_resource_group.rg_vnet.location - resource_group_name = azurerm_resource_group.rg_vnet.name - address_space = var.cidr_vnet - - tags = var.tags -} - -## Application gateway public ip ## -resource "azurerm_public_ip" "appgateway_public_ip" { - name = local.appgateway_public_ip_name - resource_group_name = azurerm_resource_group.rg_vnet.name - location = azurerm_resource_group.rg_vnet.location - sku = "Standard" - allocation_method = "Static" - - zones = [1, 2, 3] - - tags = var.tags -} - -resource "azurerm_public_ip" "appgateway_beta_public_ip" { - name = local.appgateway_beta_public_ip_name - resource_group_name = azurerm_resource_group.rg_vnet.name - location = azurerm_resource_group.rg_vnet.location - sku = "Standard" - allocation_method = "Static" - - zones = [1, 2, 3] - - tags = var.tags -} - -# -# โ›ด AKS public IP -# -resource "azurerm_public_ip" "aks_outbound" { - count = var.aks_num_outbound_ips - - name = "${local.aks_public_ip_name}-${count.index + 1}" - location = azurerm_resource_group.rg_vnet.location - resource_group_name = azurerm_resource_group.rg_vnet.name - sku = "Standard" - allocation_method = "Static" - - zones = [1, 2, 3] - - tags = var.tags -} diff --git a/src/pillar/99_variables.tf b/src/pillar/99_variables.tf deleted file mode 100644 index 03528002..00000000 --- a/src/pillar/99_variables.tf +++ /dev/null @@ -1,286 +0,0 @@ -# general - -locals { - project = "${var.prefix}-${var.env_short}" - - # VNET - vnet_resource_group_name = "${local.project}-vnet-rg" - vnet_name = "${local.project}-vnet" - - # VNET Ephemeral - vnet_ephemeral_resource_group_name = "${local.project}-ephemeral-vnet-rg" - vnet_ephemeral_name = "${local.project}-ephemeral-vnet" - - appgateway_public_ip_name = "${local.project}-gw-pip" - appgateway_beta_public_ip_name = "${local.project}-gw-beta-pip" - - aks_public_ip_name = "${local.project}-aksoutbound-pip" - aks_ephemeral_public_ip_name = "${local.project}-aks-ephemeral-outbound-pip" - - prod_dns_zone_public_name = "${var.prod_dns_zone_prefix}.${var.external_domain}" - lab_dns_zone_public_name = "${var.lab_dns_zone_prefix}.${var.external_domain}" - dns_zone_private_name = "internal.${var.prod_dns_zone_prefix}.${var.external_domain}" - dns_zone_lab_private_name = "internal.${var.lab_dns_zone_prefix}.${var.external_domain}" - - # ACR DOCKER - docker_rg_name = "${local.project}-dockerreg-rg" - docker_registry_name = replace("${var.prefix}-${var.env_short}-${var.location_short}-acr", "-", "") - - # monitor - monitor_rg_name = "${local.project}-monitor-rg" - monitor_log_analytics_workspace_name = "${local.project}-law" - monitor_appinsights_name = "${local.project}-appinsights" - monitor_security_storage_name = replace("${local.project}-sec-monitor-st", "-", "") - - # Azure DevOps - azuredevops_rg_name = "${local.project}-azdoa-rg" - azuredevops_agent_vm_name = "${local.project}-vmss-ubuntu-azdoa" - azuredevops_subnet_name = "${local.project}-azdoa-snet" -} - -variable "prefix" { - type = string - default = "dvopla" - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string - validation { - condition = ( - length(var.env) <= 3 - ) - error_message = "Max length is 3 chars." - } -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) <= 1 - ) - error_message = "Max length is 1 chars." - } -} - -variable "location" { - type = string - default = "westeurope" -} - -variable "location_short" { - type = string - description = "Location short like eg: neu, weu.." -} - -variable "lock_enable" { - type = bool - default = false - description = "Apply locks to block accedentaly deletions." -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -# โ˜๏ธ network -variable "cidr_vnet" { - type = list(string) - description = "Virtual network address space." -} - -variable "cidr_subnet_postgres" { - type = list(string) - description = "Database network address space." -} - -variable "cidr_subnet_vpn" { - type = list(string) - description = "VPN network address space." -} - -variable "cidr_subnet_dnsforwarder" { - type = list(string) - description = "DNS Forwarder network address space." -} - -variable "cidr_subnet_redis" { - type = list(string) - description = "Redis." -} - -# ๐Ÿงต dns -variable "dns_default_ttl_sec" { - type = number - description = "value" - default = 3600 -} - -variable "external_domain" { - type = string - default = null - description = "Domain for delegation" -} - -variable "prod_dns_zone_prefix" { - type = string - default = null - description = "The dns subdomain." -} - -variable "lab_dns_zone_prefix" { - type = string - default = null - description = "The dns subdomain." -} - -variable "enable_azdoa" { - type = bool - description = "Enable Azure DevOps agent." -} - -variable "cidr_subnet_azdoa" { - type = list(string) - description = "Azure DevOps agent network address space." -} - -variable "enable_iac_pipeline" { - type = bool - description = "If true create the key vault policy to allow used by azure devops iac pipelines." - default = false -} - -## ๐Ÿ”ญ Monitor -variable "law_sku" { - type = string - description = "Sku of the Log Analytics Workspace" - default = "PerGB2018" -} - -variable "law_retention_in_days" { - type = number - description = "The workspace data retention in days" - default = 30 -} - -variable "law_daily_quota_gb" { - type = number - description = "The workspace daily quota for ingestion in GB." - default = -1 -} - -variable "postgres_private_endpoint_enabled" { - type = bool - description = "Enable vnet private endpoint for postgres" -} - -variable "postgres_public_network_access_enabled" { - type = bool - default = false - description = "Enable/Disable public network access" -} - -variable "postgres_network_rules" { - type = object({ - ip_rules = list(string) - allow_access_to_azure_services = bool - }) - default = { - ip_rules = [] - allow_access_to_azure_services = false - } - description = "Database network rules" -} - -variable "postgres_alerts_enabled" { - type = bool - default = false - description = "Database alerts enabled?" -} - -variable "postgres_byok_enabled" { - type = bool - default = false - description = "Enable postgresql encryption with Customer Managed Key (BYOK)" -} - -# -# ๐Ÿ” Key Vault -# -variable "key_vault_name" { - type = string - description = "Key Vault name" - default = "" -} - -variable "key_vault_rg_name" { - type = string - default = "" - description = "Key Vault - rg name" -} - -# -# โ›ด AKS -# -variable "aks_num_outbound_ips" { - type = number - default = 1 - description = "How many outbound ips allocate for AKS cluster" -} - -variable "aks_ephemeral_num_outbound_ips" { - type = number - default = 1 - description = "How many outbound ips allocate for AKS prod cluster" -} - -# -# VPN -# -variable "vpn_enabled" { - type = bool - description = "Enable VPN setup" - default = false -} - -variable "dns_forwarder_enabled" { - type = bool - description = "Enable dns forwarder setup" - default = false -} - -## VPN ## -variable "vpn_sku" { - type = string - default = "VpnGw1" - description = "VPN Gateway SKU" -} - -variable "vpn_pip_sku" { - type = string - default = "Basic" - description = "VPN GW PIP SKU" -} - -# -# Redis -# -variable "redis_enabled" { - type = bool - default = false -} - - -variable "azdoa_image_name" { - type = string - description = "Azure DevOps Agent image name" -} diff --git a/src/pillar/README.md b/src/pillar/README.md deleted file mode 100644 index 1bd00ff6..00000000 --- a/src/pillar/README.md +++ /dev/null @@ -1,135 +0,0 @@ -# Pillar - -## DNS setup devopslab.pagopa.it - -```bash -az network dns zone show \ - --name "devopslab.pagopa.it" \ - --resource-group "dvopla-d-vnet-rg" \ - --subscription "DevOpsLab" \ - --query nameServers -``` - -## DNS Setup lab.devopslab.pagopa.it - -```bash -az network dns zone show \ - --name "lab.devopslab.pagopa.it" \ - --resource-group "dvopla-d-vnet-rg" \ - --subscription "DevOpsLab" \ - --query nameServers -``` - - - - -## Requirements - -| Name | Version | -|------|---------| -| [azuread](#requirement\_azuread) | = 2.10.0 | -| [azurerm](#requirement\_azurerm) | <= 3.53.0 | -| [null](#requirement\_null) | = 3.1.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [azdoa\_snet](#module\_azdoa\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | -| [azdoa\_vmss\_li](#module\_azdoa\_vmss\_li) | git::https://github.com/pagopa/terraform-azurerm-v3.git//azure_devops_agent | v6.20.0 | -| [container\_registry\_private](#module\_container\_registry\_private) | git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry | v4.1.0 | -| [dns\_forwarder](#module\_dns\_forwarder) | git::https://github.com/pagopa/terraform-azurerm-v3.git//dns_forwarder | v6.20.0 | -| [dns\_forwarder\_snet](#module\_dns\_forwarder\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.20.0 | -| [postgres](#module\_postgres) | git::https://github.com/pagopa/terraform-azurerm-v3.git//postgresql_server | v4.1.0 | -| [postgres\_snet](#module\_postgres\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | -| [redis](#module\_redis) | git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache | v4.1.0 | -| [redis\_snet](#module\_redis\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | -| [security\_monitoring\_storage](#module\_security\_monitoring\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v4.1.0 | -| [vnet](#module\_vnet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//virtual_network | v4.1.0 | -| [vpn](#module\_vpn) | git::https://github.com/pagopa/terraform-azurerm-v3.git//vpn_gateway | v4.1.0 | -| [vpn\_snet](#module\_vpn\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v4.1.0 | -| [web\_test\_availability\_alert\_rules\_for\_api](#module\_web\_test\_availability\_alert\_rules\_for\_api) | git::https://github.com/pagopa/terraform-azurerm-v3.git//application_insights_web_test_preview | v4.1.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_insights) | resource | -| [azurerm_dns_a_record.api_devopslab_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource | -| [azurerm_dns_a_record.helm_template_ingress_devopslab_pagopa_it](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_a_record) | resource | -| [azurerm_dns_cname_record.lab_healthy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource | -| [azurerm_dns_cname_record.public_healthy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_cname_record) | resource | -| [azurerm_dns_ns_record.lab_it_ns](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_ns_record) | resource | -| [azurerm_dns_zone.lab](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) | resource | -| [azurerm_dns_zone.public](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/dns_zone) | resource | -| [azurerm_key_vault_secret.application_insights_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | -| [azurerm_private_dns_zone.internal_devopslab](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | -| [azurerm_private_dns_zone_virtual_network_link.vnet_core](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | -| [azurerm_public_ip.aks_outbound](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | -| [azurerm_public_ip.appgateway_beta_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | -| [azurerm_public_ip.appgateway_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | -| [azurerm_resource_group.azdo_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.data_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.dns_forwarder](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.redis](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.rg_docker](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.rg_vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azuread_application.vpn_app](https://registry.terraform.io/providers/hashicorp/azuread/2.10.0/docs/data-sources/application) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_key_vault.kv](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_key_vault_secret.monitor_notification_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.monitor_notification_slack_email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.postgres_administrator_login](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_key_vault_secret.postgres_administrator_login_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aks\_ephemeral\_num\_outbound\_ips](#input\_aks\_ephemeral\_num\_outbound\_ips) | How many outbound ips allocate for AKS prod cluster | `number` | `1` | no | -| [aks\_num\_outbound\_ips](#input\_aks\_num\_outbound\_ips) | How many outbound ips allocate for AKS cluster | `number` | `1` | no | -| [azdoa\_image\_name](#input\_azdoa\_image\_name) | Azure DevOps Agent image name | `string` | n/a | yes | -| [cidr\_subnet\_azdoa](#input\_cidr\_subnet\_azdoa) | Azure DevOps agent network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_dnsforwarder](#input\_cidr\_subnet\_dnsforwarder) | DNS Forwarder network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_postgres](#input\_cidr\_subnet\_postgres) | Database network address space. | `list(string)` | n/a | yes | -| [cidr\_subnet\_redis](#input\_cidr\_subnet\_redis) | Redis. | `list(string)` | n/a | yes | -| [cidr\_subnet\_vpn](#input\_cidr\_subnet\_vpn) | VPN network address space. | `list(string)` | n/a | yes | -| [cidr\_vnet](#input\_cidr\_vnet) | Virtual network address space. | `list(string)` | n/a | yes | -| [dns\_default\_ttl\_sec](#input\_dns\_default\_ttl\_sec) | value | `number` | `3600` | no | -| [dns\_forwarder\_enabled](#input\_dns\_forwarder\_enabled) | Enable dns forwarder setup | `bool` | `false` | no | -| [enable\_azdoa](#input\_enable\_azdoa) | Enable Azure DevOps agent. | `bool` | n/a | yes | -| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no | -| [key\_vault\_name](#input\_key\_vault\_name) | Key Vault name | `string` | `""` | no | -| [key\_vault\_rg\_name](#input\_key\_vault\_rg\_name) | Key Vault - rg name | `string` | `""` | no | -| [lab\_dns\_zone\_prefix](#input\_lab\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no | -| [law\_daily\_quota\_gb](#input\_law\_daily\_quota\_gb) | The workspace daily quota for ingestion in GB. | `number` | `-1` | no | -| [law\_retention\_in\_days](#input\_law\_retention\_in\_days) | The workspace data retention in days | `number` | `30` | no | -| [law\_sku](#input\_law\_sku) | Sku of the Log Analytics Workspace | `string` | `"PerGB2018"` | no | -| [location](#input\_location) | n/a | `string` | `"westeurope"` | no | -| [location\_short](#input\_location\_short) | Location short like eg: neu, weu.. | `string` | n/a | yes | -| [lock\_enable](#input\_lock\_enable) | Apply locks to block accedentaly deletions. | `bool` | `false` | no | -| [postgres\_alerts\_enabled](#input\_postgres\_alerts\_enabled) | Database alerts enabled? | `bool` | `false` | no | -| [postgres\_byok\_enabled](#input\_postgres\_byok\_enabled) | Enable postgresql encryption with Customer Managed Key (BYOK) | `bool` | `false` | no | -| [postgres\_network\_rules](#input\_postgres\_network\_rules) | Database network rules | 
object({
    ip_rules                       = list(string)
    allow_access_to_azure_services = bool
  })
| 
{
  "allow_access_to_azure_services": false,
  "ip_rules": []
}
| no | -| [postgres\_private\_endpoint\_enabled](#input\_postgres\_private\_endpoint\_enabled) | Enable vnet private endpoint for postgres | `bool` | n/a | yes | -| [postgres\_public\_network\_access\_enabled](#input\_postgres\_public\_network\_access\_enabled) | Enable/Disable public network access | `bool` | `false` | no | -| [prefix](#input\_prefix) | n/a | `string` | `"dvopla"` | no | -| [prod\_dns\_zone\_prefix](#input\_prod\_dns\_zone\_prefix) | The dns subdomain. | `string` | `null` | no | -| [redis\_enabled](#input\_redis\_enabled) | Redis | `bool` | `false` | no | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | -| [vpn\_enabled](#input\_vpn\_enabled) | Enable VPN setup | `bool` | `false` | no | -| [vpn\_pip\_sku](#input\_vpn\_pip\_sku) | VPN GW PIP SKU | `string` | `"Basic"` | no | -| [vpn\_sku](#input\_vpn\_sku) | VPN Gateway SKU | `string` | `"VpnGw1"` | no | - -## Outputs - -No outputs. -