From 2ca102fc9133a0fd2e05e4fe4c656f4b469a9c51 Mon Sep 17 00:00:00 2001 From: Andrea Grillo Date: Wed, 13 Nov 2024 16:40:36 +0100 Subject: [PATCH] [CES-73] Delete Beta AKS cluster (#1310) --- .devops/messages-code-review-pipelines.yml | 45 +-- .devops/messages-deploy-pipelines.yml | 51 +-- .devops/payments-code-review-pipelines.yml | 37 +- .devops/payments-deploy-pipelines.yml | 48 +-- .devops/profile-code-review-pipelines.yml | 37 +- .devops/profile-deploy-pipelines.yml | 48 +-- .github/workflows/ioweb_prod_cd.yml | 1 - .utils/terraform_run_all.sh | 65 ---- src/_modules/common_values/data.tf | 5 - src/_modules/common_values/outputs_network.tf | 6 +- src/aks-platform/.terraform.lock.hcl | 36 +- src/aks-platform/01_network.tf | 4 +- src/aks-platform/02_aks.tf | 3 +- src/aks-platform/03_keda.tf | 2 +- src/aks-platform/99_main.tf | 2 +- src/aks-platform/README.md | 12 +- src/aks-platform/env/weu-beta/backend.ini | 1 - src/aks-platform/env/weu-beta/backend.tfvars | 4 - .../env/weu-beta/terraform.tfvars | 144 -------- src/aks-platform/env/weu-prod02/backend.ini | 1 - .../env/weu-prod02/backend.tfvars | 4 - .../env/weu-prod02/terraform.tfvars | 132 ------- src/common/prod/README.md | 1 - src/common/prod/data.tf | 5 - src/common/prod/global.tf | 5 - src/common/prod/westeurope.tf | 2 - src/core/prod/README.md | 1 - src/core/prod/data.tf | 5 - src/core/prod/italynorth.tf | 10 - src/core/prod/westeurope.tf | 12 - src/domains/citizen-auth-app/99_variables.tf | 2 +- src/domains/citizen-auth-app/README.md | 2 +- .../citizen-auth-common/99_variables.tf | 2 +- src/domains/citizen-auth-common/README.md | 2 +- src/domains/elk/.terraform.lock.hcl | 142 -------- src/domains/elk/00_azuread.tf | 16 - src/domains/elk/01_aks.tf | 54 --- src/domains/elk/01_monitor.tf | 53 --- src/domains/elk/01_network.tf | 75 ---- src/domains/elk/02_key_vault.tf | 68 ---- src/domains/elk/02_namespace.tf | 138 -------- src/domains/elk/03_ingress.tf | 85 ----- src/domains/elk/04_storage.tf | 13 - src/domains/elk/05_elastic_stack.tf | 115 ------- src/domains/elk/99_locals.tf | 30 -- src/domains/elk/99_main.tf | 48 --- src/domains/elk/99_variables.tf | 323 ------------------ src/domains/elk/README.md | 131 ------- ...-4f9f-948a-9600095edc2f-orchestration.json | 1 - src/domains/elk/env/weu-beta/backend.ini | 1 - src/domains/elk/env/weu-beta/backend.tfvars | 4 - src/domains/elk/env/weu-beta/terraform.tfvars | 109 ------ src/domains/elk/ingress/autoscaling.yaml.tpl | 9 - src/domains/elk/ingress/loadbalancer.yaml.tpl | 5 - src/domains/elk/templates/tls-cert.yaml.tpl | 56 --- src/domains/elk/terraform.sh | 64 ---- src/domains/ioweb-app/99_variables.tf | 2 +- src/domains/ioweb-app/README.md | 2 +- src/domains/ioweb-common/99_variables.tf | 2 +- src/domains/ioweb-common/README.md | 2 +- src/domains/messages-app/99_variables.tf | 2 +- src/domains/messages-app/README.md | 2 +- .../messages-app/env/weu-beta/backend.ini | 1 - .../messages-app/env/weu-beta/backend.tfvars | 4 - .../env/weu-beta/terraform.tfvars | 76 ----- .../messages-app/env/weu-prod02/backend.ini | 1 - .../env/weu-prod02/backend.tfvars | 4 - .../env/weu-prod02/terraform.tfvars | 46 --- src/domains/messages-common/99_variables.tf | 2 +- src/domains/messages-common/README.md | 2 +- src/domains/payments-app/99_variables.tf | 2 +- src/domains/payments-app/README.md | 2 +- .../payments-app/env/weu-beta/backend.ini | 1 - .../payments-app/env/weu-beta/backend.tfvars | 4 - .../env/weu-beta/terraform.tfvars | 44 --- .../payments-app/env/weu-prod02/backend.ini | 1 - .../env/weu-prod02/backend.tfvars | 4 - .../env/weu-prod02/terraform.tfvars | 44 --- src/domains/payments-common/99_variables.tf | 2 +- src/domains/payments-common/README.md | 2 +- src/domains/profile-app/99_variables.tf | 2 +- src/domains/profile-app/README.md | 2 +- .../profile-app/env/weu-beta/backend.ini | 1 - .../profile-app/env/weu-beta/backend.tfvars | 4 - .../profile-app/env/weu-beta/terraform.tfvars | 44 --- .../profile-app/env/weu-prod02/backend.ini | 1 - .../profile-app/env/weu-prod02/backend.tfvars | 4 - .../env/weu-prod02/terraform.tfvars | 44 --- src/domains/profile-common/99_variables.tf | 2 +- src/domains/profile-common/README.md | 2 +- 90 files changed, 58 insertions(+), 2579 deletions(-) delete mode 100755 .utils/terraform_run_all.sh delete mode 100644 src/aks-platform/env/weu-beta/backend.ini delete mode 100644 src/aks-platform/env/weu-beta/backend.tfvars delete mode 100644 src/aks-platform/env/weu-beta/terraform.tfvars delete mode 100644 src/aks-platform/env/weu-prod02/backend.ini delete mode 100644 src/aks-platform/env/weu-prod02/backend.tfvars delete mode 100644 src/aks-platform/env/weu-prod02/terraform.tfvars delete mode 100644 src/domains/elk/.terraform.lock.hcl delete mode 100644 src/domains/elk/00_azuread.tf delete mode 100644 src/domains/elk/01_aks.tf delete mode 100644 src/domains/elk/01_monitor.tf delete mode 100644 src/domains/elk/01_network.tf delete mode 100644 src/domains/elk/02_key_vault.tf delete mode 100644 src/domains/elk/02_namespace.tf delete mode 100644 src/domains/elk/03_ingress.tf delete mode 100644 src/domains/elk/04_storage.tf delete mode 100644 src/domains/elk/05_elastic_stack.tf delete mode 100644 src/domains/elk/99_locals.tf delete mode 100644 src/domains/elk/99_main.tf delete mode 100644 src/domains/elk/99_variables.tf delete mode 100644 src/domains/elk/README.md delete mode 100644 src/domains/elk/env/eck_license/pagopa-spa-4a1285e5-9c2c-4f9f-948a-9600095edc2f-orchestration.json delete mode 100644 src/domains/elk/env/weu-beta/backend.ini delete mode 100644 src/domains/elk/env/weu-beta/backend.tfvars delete mode 100644 src/domains/elk/env/weu-beta/terraform.tfvars delete mode 100644 src/domains/elk/ingress/autoscaling.yaml.tpl delete mode 100644 src/domains/elk/ingress/loadbalancer.yaml.tpl delete mode 100644 src/domains/elk/templates/tls-cert.yaml.tpl delete mode 100755 src/domains/elk/terraform.sh delete mode 100644 src/domains/messages-app/env/weu-beta/backend.ini delete mode 100644 src/domains/messages-app/env/weu-beta/backend.tfvars delete mode 100644 src/domains/messages-app/env/weu-beta/terraform.tfvars delete mode 100644 src/domains/messages-app/env/weu-prod02/backend.ini delete mode 100644 src/domains/messages-app/env/weu-prod02/backend.tfvars delete mode 100644 src/domains/messages-app/env/weu-prod02/terraform.tfvars delete mode 100644 src/domains/payments-app/env/weu-beta/backend.ini delete mode 100644 src/domains/payments-app/env/weu-beta/backend.tfvars delete mode 100644 src/domains/payments-app/env/weu-beta/terraform.tfvars delete mode 100644 src/domains/payments-app/env/weu-prod02/backend.ini delete mode 100644 src/domains/payments-app/env/weu-prod02/backend.tfvars delete mode 100644 src/domains/payments-app/env/weu-prod02/terraform.tfvars delete mode 100644 src/domains/profile-app/env/weu-beta/backend.ini delete mode 100644 src/domains/profile-app/env/weu-beta/backend.tfvars delete mode 100644 src/domains/profile-app/env/weu-beta/terraform.tfvars delete mode 100644 src/domains/profile-app/env/weu-prod02/backend.ini delete mode 100644 src/domains/profile-app/env/weu-prod02/backend.tfvars delete mode 100644 src/domains/profile-app/env/weu-prod02/terraform.tfvars diff --git a/.devops/messages-code-review-pipelines.yml b/.devops/messages-code-review-pipelines.yml index e8429f267..c793c6101 100644 --- a/.devops/messages-code-review-pipelines.yml +++ b/.devops/messages-code-review-pipelines.yml @@ -19,13 +19,6 @@ parameters: values: - False - True - - name: 'APP_BETA' - displayName: 'code-review APP folder@AKS BETA' - type: boolean - default: True - values: - - False - - True - name: 'APP_PROD01' displayName: 'code-review APP folder@AKS PROD01' type: boolean @@ -36,10 +29,6 @@ parameters: variables: TIME_OUT: 30 - AKS_PLATFORM_BETA_PROD_NAME: '$(TF_AKS_PLATFORM_BETA_PROD_NAME)' - BETA_AKS_APISERVER_URL: '$(TF_BETA_AKS_APISERVER_URL)' - BETA_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_CACRT)' - BETA_AKS_AZURE_DEVOPS_SA_TOKEN: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_TOKEN)' AKS_PLATFORM_PROD01_PROD_NAME: '$(TF_AKS_PLATFORM_PROD01_PROD_NAME)' PROD01_AKS_APISERVER_URL: '$(TF_PROD01_AKS_APISERVER_URL)' PROD01_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_PROD01_AKS_AZURE_DEVOPS_SA_CACRT)' @@ -84,39 +73,9 @@ stages: # # APP # - - stage: tf_plan_app_on_aks_beta - dependsOn: [tf_plan_common_on_prod] - condition: and(succeeded(), eq(${{parameters.APP_BETA}}, true)) - pool: - name: io-prod-linux - jobs: - - job: tf_plan_app_on_aks_beta - timeoutInMinutes: $[variables.TIME_OUT] - strategy: - parallel: 1 - steps: - - checkout: self - # 1. Install terraform - - template: templates/terraform-setup/template.yaml@terraform - # Run terraform plan messages-app - - template: templates/terraform-plan/template.yaml@terraform - parameters: - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/messages-app' - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - stage: tf_plan_app_on_aks_on_prod01 - dependsOn: [tf_plan_common_on_prod, tf_plan_app_on_aks_beta] - condition: and( - or - ( - in(dependencies.tf_plan_common_on_prod.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'), - in(dependencies.tf_plan_app_on_aks_beta.result, 'Succeeded', 'SucceededWithIssues', 'Skipped') - ), - eq(${{parameters.APP_PROD01}}, true)) + dependsOn: [tf_plan_common_on_prod] + condition: and(succeeded(), eq(${{parameters.APP_PROD01}}, true)) pool: name: io-prod-linux jobs: diff --git a/.devops/messages-deploy-pipelines.yml b/.devops/messages-deploy-pipelines.yml index 8e3586114..d5fc4ad81 100644 --- a/.devops/messages-deploy-pipelines.yml +++ b/.devops/messages-deploy-pipelines.yml @@ -10,13 +10,6 @@ parameters: values: - False - True - - name: 'APP_BETA' - displayName: 'apply APP folder@AKS BETA' - type: boolean - default: True - values: - - False - - True - name: 'APP_PROD01' displayName: 'apply APP folder@AKS PROD01' type: boolean @@ -27,10 +20,6 @@ parameters: variables: TIME_OUT: 30 - AKS_PLATFORM_BETA_PROD_NAME: '$(TF_AKS_PLATFORM_BETA_PROD_NAME)' - BETA_AKS_APISERVER_URL: '$(TF_BETA_AKS_APISERVER_URL)' - BETA_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_CACRT)' - BETA_AKS_AZURE_DEVOPS_SA_TOKEN: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_TOKEN)' AKS_PLATFORM_PROD01_PROD_NAME: '$(TF_AKS_PLATFORM_PROD01_PROD_NAME)' PROD01_AKS_APISERVER_URL: '$(TF_PROD01_AKS_APISERVER_URL)' PROD01_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_PROD01_AKS_AZURE_DEVOPS_SA_CACRT)' @@ -81,49 +70,13 @@ stages: # # APP # - - stage: tf_apply_app_on_aks_beta - dependsOn: [tf_apply_common_on_prod] - condition: and(succeeded(), eq(${{parameters.APP_BETA}}, true)) - pool: - name: io-prod-linux - jobs: - - job: tf_apply_app_on_aks_beta - timeoutInMinutes: $[variables.TIME_OUT] - strategy: - parallel: 1 - steps: - - checkout: self - # 1. Install terraform - - template: templates/terraform-setup/template.yaml@terraform - # 2. Run terraform plan messages-app - - template: templates/terraform-plan/template.yaml@terraform - parameters: - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/messages-app' - # 3. Run terraform apply - - template: templates/terraform-apply/template.yaml@terraform - parameters: - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/messages-app' - - stage: tf_apply_app_on_aks_on_prod01 - dependsOn: [tf_apply_common_on_prod, tf_apply_app_on_aks_beta] + dependsOn: [tf_apply_common_on_prod] condition: and( or ( in(dependencies.tf_apply_common_on_prod.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'), - in(dependencies.tf_apply_app_on_aks_beta.result, 'Succeeded', 'SucceededWithIssues', 'Skipped') - ), + ), eq(${{parameters.APP_PROD01}}, true)) pool: name: io-prod-linux diff --git a/.devops/payments-code-review-pipelines.yml b/.devops/payments-code-review-pipelines.yml index 33e225b6e..610705f0c 100644 --- a/.devops/payments-code-review-pipelines.yml +++ b/.devops/payments-code-review-pipelines.yml @@ -19,13 +19,6 @@ parameters: values: - False - True - - name: 'APP_BETA' - displayName: 'code-review APP folder@AKS BETA' - type: boolean - default: True - values: - - False - - True - name: 'APP_PROD01' displayName: 'code-review APP folder@AKS PROD01' type: boolean @@ -36,10 +29,6 @@ parameters: variables: TIME_OUT: 30 - AKS_PLATFORM_BETA_PROD_NAME: '$(TF_AKS_PLATFORM_BETA_PROD_NAME)' - BETA_AKS_APISERVER_URL: '$(TF_BETA_AKS_APISERVER_URL)' - BETA_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_CACRT)' - BETA_AKS_AZURE_DEVOPS_SA_TOKEN: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_TOKEN)' AKS_PLATFORM_PROD01_PROD_NAME: '$(TF_AKS_PLATFORM_PROD01_PROD_NAME)' PROD01_AKS_APISERVER_URL: '$(TF_PROD01_AKS_APISERVER_URL)' PROD01_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_PROD01_AKS_AZURE_DEVOPS_SA_CACRT)' @@ -84,32 +73,8 @@ stages: # # APP # - - stage: tf_plan_app_on_aks_beta - dependsOn: [tf_plan_common_on_prod] - condition: and(succeeded(), eq(${{parameters.APP_BETA}}, true)) - pool: - name: io-prod-linux - jobs: - - job: tf_plan_app_on_aks_beta - timeoutInMinutes: $[variables.TIME_OUT] - strategy: - parallel: 1 - steps: - - checkout: self - # 1. Install terraform - - template: templates/terraform-setup/template.yaml@terraform - # Run terraform plan payments-app - - template: templates/terraform-plan/template.yaml@terraform - parameters: - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/payments-app' - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - stage: tf_plan_app_on_aks_on_prod01 - dependsOn: [tf_plan_app_on_aks_beta] + dependsOn: [tf_plan_common_on_prod] condition: and(succeeded(), eq(${{parameters.APP_PROD01}}, true)) pool: name: io-prod-linux diff --git a/.devops/payments-deploy-pipelines.yml b/.devops/payments-deploy-pipelines.yml index d2e186e38..9bfc73b59 100644 --- a/.devops/payments-deploy-pipelines.yml +++ b/.devops/payments-deploy-pipelines.yml @@ -10,13 +10,6 @@ parameters: values: - False - True - - name: 'APP_BETA' - displayName: 'apply APP folder@AKS BETA' - type: boolean - default: True - values: - - False - - True - name: 'APP_PROD01' displayName: 'apply APP folder@AKS PROD01' type: boolean @@ -27,10 +20,6 @@ parameters: variables: TIME_OUT: 30 - AKS_PLATFORM_BETA_PROD_NAME: '$(TF_AKS_PLATFORM_BETA_PROD_NAME)' - BETA_AKS_APISERVER_URL: '$(TF_BETA_AKS_APISERVER_URL)' - BETA_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_CACRT)' - BETA_AKS_AZURE_DEVOPS_SA_TOKEN: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_TOKEN)' AKS_PLATFORM_PROD01_PROD_NAME: '$(TF_AKS_PLATFORM_PROD01_PROD_NAME)' PROD01_AKS_APISERVER_URL: '$(TF_PROD01_AKS_APISERVER_URL)' PROD01_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_PROD01_AKS_AZURE_DEVOPS_SA_CACRT)' @@ -81,43 +70,8 @@ stages: # # APP # - - stage: tf_apply_app_on_aks_beta - dependsOn: [tf_apply_common_on_prod] - condition: and(succeeded(), eq(${{parameters.APP_BETA}}, true)) - pool: - name: io-prod-linux - jobs: - - job: tf_apply_app_on_aks_beta - timeoutInMinutes: $[variables.TIME_OUT] - strategy: - parallel: 1 - steps: - - checkout: self - # 1. Install terraform - - template: templates/terraform-setup/template.yaml@terraform - # 2. Run terraform plan payments-app - - template: templates/terraform-plan/template.yaml@terraform - parameters: - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/payments-app' - # 3. Run terraform apply - - template: templates/terraform-apply/template.yaml@terraform - parameters: - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/payments-app' - - stage: tf_apply_app_on_aks_on_prod01 - dependsOn: [tf_apply_app_on_aks_beta] + dependsOn: [tf_apply_common_on_prod] condition: and(succeeded(), eq(${{parameters.APP_PROD01}}, true)) pool: name: io-prod-linux diff --git a/.devops/profile-code-review-pipelines.yml b/.devops/profile-code-review-pipelines.yml index eb20c3a68..ad067b6b1 100644 --- a/.devops/profile-code-review-pipelines.yml +++ b/.devops/profile-code-review-pipelines.yml @@ -19,13 +19,6 @@ parameters: values: - False - True - - name: 'APP_BETA' - displayName: 'code-review APP folder@AKS BETA' - type: boolean - default: True - values: - - False - - True - name: 'APP_PROD01' displayName: 'code-review APP folder@AKS PROD01' type: boolean @@ -36,10 +29,6 @@ parameters: variables: TIME_OUT: 30 - AKS_PLATFORM_BETA_PROD_NAME: '$(TF_AKS_PLATFORM_BETA_PROD_NAME)' - BETA_AKS_APISERVER_URL: '$(TF_BETA_AKS_APISERVER_URL)' - BETA_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_CACRT)' - BETA_AKS_AZURE_DEVOPS_SA_TOKEN: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_TOKEN)' AKS_PLATFORM_PROD01_PROD_NAME: '$(TF_AKS_PLATFORM_PROD01_PROD_NAME)' PROD01_AKS_APISERVER_URL: '$(TF_PROD01_AKS_APISERVER_URL)' PROD01_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_PROD01_AKS_AZURE_DEVOPS_SA_CACRT)' @@ -84,32 +73,8 @@ stages: # # APP # - - stage: tf_plan_app_on_aks_beta - dependsOn: [tf_plan_common_on_prod] - condition: and(succeeded(), eq(${{parameters.APP_BETA}}, true)) - pool: - name: io-prod-linux - jobs: - - job: tf_plan_app_on_aks_beta - timeoutInMinutes: $[variables.TIME_OUT] - strategy: - parallel: 1 - steps: - - checkout: self - # 1. Install terraform - - template: templates/terraform-setup/template.yaml@terraform - # Run terraform plan profile-app - - template: templates/terraform-plan/template.yaml@terraform - parameters: - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/profile-app' - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - stage: tf_plan_app_on_aks_on_prod01 - dependsOn: [tf_plan_app_on_aks_beta] + dependsOn: [tf_plan_common_on_prod] condition: and(succeeded(), eq(${{parameters.APP_PROD01}}, true)) pool: name: io-prod-linux diff --git a/.devops/profile-deploy-pipelines.yml b/.devops/profile-deploy-pipelines.yml index 3f0156ad2..8b2c242f9 100644 --- a/.devops/profile-deploy-pipelines.yml +++ b/.devops/profile-deploy-pipelines.yml @@ -10,13 +10,6 @@ parameters: values: - False - True - - name: 'APP_BETA' - displayName: 'apply APP folder@AKS BETA' - type: boolean - default: True - values: - - False - - True - name: 'APP_PROD01' displayName: 'apply APP folder@AKS PROD01' type: boolean @@ -27,10 +20,6 @@ parameters: variables: TIME_OUT: 30 - AKS_PLATFORM_BETA_PROD_NAME: '$(TF_AKS_PLATFORM_BETA_PROD_NAME)' - BETA_AKS_APISERVER_URL: '$(TF_BETA_AKS_APISERVER_URL)' - BETA_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_CACRT)' - BETA_AKS_AZURE_DEVOPS_SA_TOKEN: '$(TF_BETA_AKS_AZURE_DEVOPS_SA_TOKEN)' AKS_PLATFORM_PROD01_PROD_NAME: '$(TF_AKS_PLATFORM_PROD01_PROD_NAME)' PROD01_AKS_APISERVER_URL: '$(TF_PROD01_AKS_APISERVER_URL)' PROD01_AKS_AZURE_DEVOPS_SA_CACRT: '$(TF_PROD01_AKS_AZURE_DEVOPS_SA_CACRT)' @@ -81,43 +70,8 @@ stages: # # APP # - - stage: tf_apply_app_on_aks_beta - dependsOn: [tf_apply_common_on_prod] - condition: and(succeeded(), eq(${{parameters.APP_BETA}}, true)) - pool: - name: io-prod-linux - jobs: - - job: tf_apply_app_on_aks_beta - timeoutInMinutes: $[variables.TIME_OUT] - strategy: - parallel: 1 - steps: - - checkout: self - # 1. Install terraform - - template: templates/terraform-setup/template.yaml@terraform - # 2. Run terraform plan profile-app - - template: templates/terraform-plan/template.yaml@terraform - parameters: - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/profile-app' - # 3. Run terraform apply - - template: templates/terraform-apply/template.yaml@terraform - parameters: - AZURE_SERVICE_CONNECTION_NAME: PROD-IO-SERVICE-CONN - AKS_NAME: ${{ variables.AKS_PLATFORM_BETA_PROD_NAME }} - AKS_API_SERVER_URL: ${{ variables.BETA_AKS_APISERVER_URL }} - AKS_AZURE_DEVOPS_SA_CA_CRT: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_CACRT }} - AKS_AZURE_DEVOPS_SA_TOKEN: ${{ variables.BETA_AKS_AZURE_DEVOPS_SA_TOKEN }} - ENVIRONMENT: "weu-beta" - WORKINGDIR: 'src/domains/profile-app' - - stage: tf_apply_app_on_aks_on_prod01 - dependsOn: [tf_apply_app_on_aks_beta] + dependsOn: [tf_apply_common_on_prod] condition: and(succeeded(), eq(${{parameters.APP_PROD01}}, true)) pool: name: io-prod-linux diff --git a/.github/workflows/ioweb_prod_cd.yml b/.github/workflows/ioweb_prod_cd.yml index 64cc4e941..aaf0cbf73 100644 --- a/.github/workflows/ioweb_prod_cd.yml +++ b/.github/workflows/ioweb_prod_cd.yml @@ -83,7 +83,6 @@ jobs: if-no-files-found: error path: | **/tfplan-prod-* - **/tfplan-weu-beta-* **/tfplan-weu-prod01-* outputs: diff --git a/.utils/terraform_run_all.sh b/.utils/terraform_run_all.sh deleted file mode 100755 index 11889f9da..000000000 --- a/.utils/terraform_run_all.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash - - - -# -# bash .utils/terraform_run_all.sh -# bash .utils/terraform_run_all.sh init -# - -# 'set -e' tells the shell to exit if any of the foreground command fails, -# i.e. exits with a non-zero status. -set -eu - -pids=() -ACTION="$1" - -array=( - 'src/.template::weu-beta' - 'src/.template-common::prod' - 'src/core::prod' - 'src/aks-platform::weu-beta' - 'src/domains/messages-app::weu-beta' - 'src/domains/messages-common::prod' - 'src/domains/payments-app::weu-beta' - 'src/domains/payments-common::prod' - 'src/domains/profile-app::weu-beta' - 'src/domains/profile-common::prod' - 'src/domains/reminder::prod' - 'src/domains/sign::prod' -) - -function rm_terraform { - find . \( -iname ".terraform*" ! -iname ".terraform-docs*" ! -iname ".terraform-version" \) -print0 | xargs -0 rm -rf -} - -echo "[INFO] 🪚 Delete all .terraform folders" -rm_terraform - -echo "[INFO] 🏁 Init all terraform repos" -for index in "${array[@]}" ; do - FOLDER="${index%%::*}" - COMMAND="${index##*::}" - pushd "$(pwd)/${FOLDER}" - echo "$FOLDER - $COMMAND" - echo "🔬 folder: $(pwd) in under terraform: $ACTION action" - sh terraform.sh "$ACTION" "$COMMAND" & - - pids+=($!) - popd -done - - -# Wait for each specific process to terminate. -# Instead of this loop, a single call to 'wait' would wait for all the jobs -# to terminate, but it would not give us their exit status. -# -for pid in "${pids[@]}"; do - # - # Waiting on a specific PID makes the wait command return with the exit - # status of that process. Because of the 'set -e' setting, any exit status - # other than zero causes the current shell to terminate with that exit - # status as well. - # - wait "$pid" -done diff --git a/src/_modules/common_values/data.tf b/src/_modules/common_values/data.tf index 607af12a3..bab08d328 100644 --- a/src/_modules/common_values/data.tf +++ b/src/_modules/common_values/data.tf @@ -1,8 +1,3 @@ -data "azurerm_virtual_network" "weu_beta" { - name = "${local.project_weu}-beta-vnet" - resource_group_name = "${local.project_weu}-beta-vnet-rg" -} - data "azurerm_virtual_network" "weu_prod01" { name = "${local.project_weu}-prod01-vnet" resource_group_name = "${local.project_weu}-prod01-vnet-rg" diff --git a/src/_modules/common_values/outputs_network.tf b/src/_modules/common_values/outputs_network.tf index c58c33a0d..1add04b11 100644 --- a/src/_modules/common_values/outputs_network.tf +++ b/src/_modules/common_values/outputs_network.tf @@ -9,10 +9,6 @@ output "virtual_networks" { } weu = { common = local.core.networking.weu.vnet_common - beta = { - name = data.azurerm_virtual_network.weu_beta.name - resource_group_name = data.azurerm_virtual_network.weu_beta.resource_group_name - } prod01 = { name = data.azurerm_virtual_network.weu_prod01.name resource_group_name = data.azurerm_virtual_network.weu_prod01.resource_group_name @@ -61,4 +57,4 @@ output "dns_zones" { resource_group_name = "${local.project_weu_legacy}-rg-external" } } -} \ No newline at end of file +} diff --git a/src/aks-platform/.terraform.lock.hcl b/src/aks-platform/.terraform.lock.hcl index daa327e81..d4216098d 100644 --- a/src/aks-platform/.terraform.lock.hcl +++ b/src/aks-platform/.terraform.lock.hcl @@ -25,25 +25,25 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.71.0" - constraints = ">= 3.30.0, <= 3.71.0" + version = "3.116.0" + constraints = "~> 3.30, ~> 3.100, <= 3.116.0" hashes = [ - "h1:QI0iaPNi0qAOIbXptd4ZObi0D5X1jojom5774GtEspA=", - "h1:nTc6DFS9euNgUkNylQ/AxNYN9Ln1dyL+WVIBNcict7Y=", - "h1:vhmOvVQgCyxXeS25wKuPTNpOAAtocPj5faL1yFS/Bcc=", - "h1:xySu+5dS0H9KYVsQoFp61uc5XLRKif9FrFs//OPNDrM=", - "zh:06f0d225b1711dfad256ff33134f878acc8f84624d9da66b075b075cc4d75892", - "zh:09ff74056818babe02ea5a633bffe2b8223eaf79916dc1db169651ef7725c22f", - "zh:27687e0f8458e6d88ebea94352eb523f56e8f5cdc468268af8f38dc4a4265bf4", - "zh:2d81bfab3c6a9b897fa8fbb5256c9e5a944e6ecbf7f73a2a3e2b53a2c4fbcfc5", - "zh:4cfc744cfc37aeeeecd82800c70e2591b38447af9e3c51bcbf06a5efe842ed65", - "zh:734fbb81508b264f772a076338ddf1c7b25534d2007a1738a7d55587478ed258", - "zh:9a5502c364f58073599fff8cdd8adc32e7f7bcd00a4d9b57d2fff678fd8a8319", - "zh:9bc528f7e78dbfd106f94b741b68dedd3dd3d31c3defcddcc1972c8e52a6b7db", - "zh:c30db03d877f9a7ae0c19d3fd338bbf95cdddbf6df1023709dbfa99689abac14", - "zh:c51d4065145b8f4ca45fc9a0f3ca7f2d933bc0302af2eead74f3ce64a9221ae8", - "zh:e23029fc7f81723795d7da770131adb1ce6f4d32f0a57eb75d47e036a0a19833", + "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=", + "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=", + "h1:SJM/KQDW9blKFmLMaupsZVYtcZ0fYpjLHEriMgCBGCY=", + "h1:jwwbQ09fH1RdcNsknt1AkvfSUbULsl7nZQn6S8fabFI=", + "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d", + "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7", + "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24", + "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a", + "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880", + "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70", + "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc", + "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953", + "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa", + "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab", ] } @@ -95,7 +95,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" { provider "registry.terraform.io/hashicorp/null" { version = "3.2.1" - constraints = "<= 3.2.1" + constraints = "~> 3.2, <= 3.2.1" hashes = [ "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", diff --git a/src/aks-platform/01_network.tf b/src/aks-platform/01_network.tf index d60a1a4e2..331806fcb 100644 --- a/src/aks-platform/01_network.tf +++ b/src/aks-platform/01_network.tf @@ -10,7 +10,7 @@ data "azurerm_virtual_network" "vnet_common" { # System Node Pool Subnet module "aks_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.26.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.54.0" name = "${local.project}-aks-snet" address_prefixes = var.aks_system_cidr_subnet resource_group_name = data.azurerm_virtual_network.vnet.resource_group_name @@ -20,7 +20,7 @@ module "aks_snet" { # User Node Pool Subnet module "aks_user_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.26.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.54.0" name = "${local.project}-aks-user-snet" address_prefixes = var.aks_user_cidr_subnet resource_group_name = data.azurerm_virtual_network.vnet.resource_group_name diff --git a/src/aks-platform/02_aks.tf b/src/aks-platform/02_aks.tf index 6c05b8acc..04652b641 100644 --- a/src/aks-platform/02_aks.tf +++ b/src/aks-platform/02_aks.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "aks_rg" { } module "aks" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v7.27.2" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.54.0" name = local.aks_name location = var.location @@ -68,7 +68,6 @@ module "aks" { } # end network - rbac_enabled = true aad_admin_group_ids = [data.azuread_group.adgroup_admin.object_id, data.azuread_group.adgroup_developers.object_id] addon_azure_policy_enabled = true diff --git a/src/aks-platform/03_keda.tf b/src/aks-platform/03_keda.tf index 5a3f1e5d9..b3fb2d932 100644 --- a/src/aks-platform/03_keda.tf +++ b/src/aks-platform/03_keda.tf @@ -7,7 +7,7 @@ resource "kubernetes_namespace" "keda" { } module "keda_pod_identity" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v7.26.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v8.54.0" resource_group_name = azurerm_resource_group.aks_rg.name location = var.location diff --git a/src/aks-platform/99_main.tf b/src/aks-platform/99_main.tf index b87de2e24..b3917f41c 100644 --- a/src/aks-platform/99_main.tf +++ b/src/aks-platform/99_main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "<= 3.71.0" + version = "<= 3.116.0" } azuread = { source = "hashicorp/azuread" diff --git a/src/aks-platform/README.md b/src/aks-platform/README.md index 3f7bed85b..07c1f6bba 100644 --- a/src/aks-platform/README.md +++ b/src/aks-platform/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| | [azuread](#requirement\_azuread) | <= 2.33.0 | -| [azurerm](#requirement\_azurerm) | <= 3.71.0 | +| [azurerm](#requirement\_azurerm) | <= 3.116.0 | | [helm](#requirement\_helm) | = 2.8.0 | | [kubernetes](#requirement\_kubernetes) | = 2.17.0 | | [null](#requirement\_null) | <= 3.2.1 | @@ -15,7 +15,7 @@ | Name | Version | |------|---------| | [azuread](#provider\_azuread) | 2.33.0 | -| [azurerm](#provider\_azurerm) | 3.71.0 | +| [azurerm](#provider\_azurerm) | 3.116.0 | | [helm](#provider\_helm) | 2.8.0 | | [kubernetes](#provider\_kubernetes) | 2.17.0 | | [null](#provider\_null) | 3.2.1 | @@ -24,10 +24,10 @@ | Name | Source | Version | |------|--------|---------| -| [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v7.27.2 | -| [aks\_snet](#module\_aks\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.26.0 | -| [aks\_user\_snet](#module\_aks\_user\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.26.0 | -| [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v7.26.0 | +| [aks](#module\_aks) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.54.0 | +| [aks\_snet](#module\_aks\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.54.0 | +| [aks\_user\_snet](#module\_aks\_user\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.54.0 | +| [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.54.0 | | [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.8.0 | ## Resources diff --git a/src/aks-platform/env/weu-beta/backend.ini b/src/aks-platform/env/weu-beta/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/aks-platform/env/weu-beta/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/aks-platform/env/weu-beta/backend.tfvars b/src/aks-platform/env/weu-beta/backend.tfvars deleted file mode 100644 index e1b2c7fbc..000000000 --- a/src/aks-platform/env/weu-beta/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.aks-platform-weu-beta.tfstate" diff --git a/src/aks-platform/env/weu-beta/terraform.tfvars b/src/aks-platform/env/weu-beta/terraform.tfvars deleted file mode 100644 index 73a7982d2..000000000 --- a/src/aks-platform/env/weu-beta/terraform.tfvars +++ /dev/null @@ -1,144 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "beta" -location = "westeurope" -location_string = "West Europe" -location_short = "weu" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/aks" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### Aks - -aks_kubernetes_version = "1.27.3" - -aks_sku_tier = "Free" - -aks_system_node_pool = { - name = "system01" - vm_size = "Standard_D2ds_v5" - os_disk_type = "Ephemeral" - os_disk_size_gb = "75" - node_count_min = "1" #TODO change to 2 - node_count_max = "2" #TODO change to 2 - only_critical_addons_enabled = true - node_labels = { node_name : "aks-system-01", node_type : "system" }, - node_tags = { node_tag_1 : "1" }, -} - -aks_user_node_pool = { - enabled = true - name = "user01" - vm_size = "Standard_D8ds_v5" - os_disk_type = "Ephemeral" - os_disk_size_gb = "300" - node_count_min = "1" #TODO change to 2 - node_count_max = "2" #TODO change to 2 - node_labels = { node_name : "aks-user-01", node_type : "user" }, - node_taints = [], - node_tags = { node_tag_1 : "1" }, -} - -aks_system_cidr_subnet = ["10.10.0.0/24"] -aks_cidr_subnet = ["10.10.0.0/24"] -aks_user_cidr_subnet = ["10.10.1.0/24"] -aks_num_outbound_ips = 1 - -ingress_min_replica_count = "1" -ingress_max_replica_count = "30" -ingress_load_balancer_ip = "10.10.0.254" - -# ingress-nginx helm charts releases 4.X.X: https://github.com/kubernetes/ingress-nginx/releases?expanded=true&page=1&q=tag%3Ahelm-chart-4 -# Pinned versions from "4.8.3" release: https://github.com/kubernetes/ingress-nginx/blob/helm-chart-4.8.3/charts/ingress-nginx/values.yaml -nginx_helm = { - version = "4.8.3" - controller = { - image = { - registry = "registry.k8s.io" - image = "ingress-nginx/controller" - tag = "v1.9.4" - digest = "sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3" - digestchroot = "sha256:5976b1067cfbca8a21d0ba53d71f83543a73316a61ea7f7e436d6cf84ddf9b26" - } - } -} - -# chart releases: https://github.com/kedacore/charts/releases -# keda image tags: https://github.com/kedacore/keda/pkgs/container/keda/versions -# keda-metrics-apiserver image tags: https://github.com/kedacore/keda/pkgs/container/keda-metrics-apiserver/versions -keda_helm = { - chart_version = "2.12.0" - keda = { - image_name = "ghcr.io/kedacore/keda" - image_tag = "2.12.0@sha256:01a232774016f186ff91983521323a80ead047b42d695fc0236b43c296b6cff8" - } - metrics_api_server = { - image_name = "ghcr.io/kedacore/keda-metrics-apiserver" - image_tag = "2.12.0@sha256:1c254dcf859b93bbcaa532fcb5d6de5ff14b67f904a7ae1068ab1dbc19f60479" - } -} - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} - -# chart releases: https://github.com/prometheus-community/helm-charts/releases?q=tag%3Aprometheus-15&expanded=true -# quay.io/prometheus/alertmanager image tags: https://quay.io/repository/prometheus/alertmanager?tab=tags -# jimmidyson/configmap-reload image tags: https://hub.docker.com/r/jimmidyson/configmap-reload/tags -# quay.io/prometheus/node-exporter image tags: https://quay.io/repository/prometheus/node-exporter?tab=tags -# quay.io/prometheus/prometheus image tags: https://quay.io/repository/prometheus/prometheus?tab=tags -# prom/pushgateway image tags:https://hub.docker.com/r/prom/pushgateway/tags -prometheus_helm = { - chart_version = "15.12.0" - alertmanager = { - image_name = "quay.io/prometheus/alertmanager" - image_tag = "v0.24.0@sha256:088464f949de8065b9da7dfce7302a633d700e9d598e2bebc03310712f083b31" - } - configmap_reload_prometheus = { - image_name = "jimmidyson/configmap-reload" - image_tag = "v0.5.0@sha256:91467ba755a0c41199a63fe80a2c321c06edc4d3affb4f0ab6b3d20a49ed88d1" - } - configmap_reload_alertmanager = { - image_name = "jimmidyson/configmap-reload" - image_tag = "v0.5.0@sha256:91467ba755a0c41199a63fe80a2c321c06edc4d3affb4f0ab6b3d20a49ed88d1" - } - node_exporter = { - image_name = "quay.io/prometheus/node-exporter" - image_tag = "v1.3.1@sha256:f2269e73124dd0f60a7d19a2ce1264d33d08a985aed0ee6b0b89d0be470592cd" - } - server = { - image_name = "quay.io/prometheus/prometheus" - image_tag = "v2.36.2@sha256:df0cd5887887ec393c1934c36c1977b69ef3693611932c3ddeae8b7a412059b9" - } - pushgateway = { - image_name = "prom/pushgateway" - image_tag = "v1.4.3@sha256:9e4e2396009751f1dc66ebb2b59e07d5abb009eb26d637eb0cf89b9a3738f146" - } -} - -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -# grafana_helm_version = "6.32.3" diff --git a/src/aks-platform/env/weu-prod02/backend.ini b/src/aks-platform/env/weu-prod02/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/aks-platform/env/weu-prod02/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/aks-platform/env/weu-prod02/backend.tfvars b/src/aks-platform/env/weu-prod02/backend.tfvars deleted file mode 100644 index efe8ceedf..000000000 --- a/src/aks-platform/env/weu-prod02/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.aks-platform-weu-prod02.tfstate" diff --git a/src/aks-platform/env/weu-prod02/terraform.tfvars b/src/aks-platform/env/weu-prod02/terraform.tfvars deleted file mode 100644 index 49cdd275d..000000000 --- a/src/aks-platform/env/weu-prod02/terraform.tfvars +++ /dev/null @@ -1,132 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "prod02" -location = "westeurope" -location_string = "West Europe" -location_short = "weu" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/aks" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### Aks - -aks_sku_tier = "Paid" - -aks_system_node_pool = { - name = "system01" - vm_size = "Standard_D2ds_v5" - os_disk_type = "Ephemeral" - os_disk_size_gb = "75" - node_count_min = "2" - node_count_max = "3" - only_critical_addons_enabled = true - node_labels = { node_name : "aks-system-01", node_type : "system" }, - node_tags = { node_tag_1 : "1" }, -} - -aks_user_node_pool = { - enabled = true - name = "user01" - vm_size = "Standard_D8ds_v5" - os_disk_type = "Ephemeral" - os_disk_size_gb = "300" - node_count_min = "2" - node_count_max = "3" - node_labels = { node_name : "aks-user-01", node_type : "user" }, - node_taints = [], - node_tags = { node_tag_1 : "1" }, -} - -aks_cidr_subnet = ["10.12.0.0/17"] -aks_num_outbound_ips = 1 - -ingress_min_replica_count = "2" -ingress_max_replica_count = "30" -ingress_load_balancer_ip = "10.12.100.250" - -# ingress-nginx helm charts releases 4.X.X: https://github.com/kubernetes/ingress-nginx/releases?expanded=true&page=1&q=tag%3Ahelm-chart-4 -# Pinned versions from "4.1.0" release: https://github.com/kubernetes/ingress-nginx/blob/helm-chart-4.1.0/charts/ingress-nginx/values.yaml -nginx_helm = { - version = "4.1.0" - controller = { - image = { - registry = "k8s.gcr.io" - image = "ingress-nginx/controller" - tag = "v1.2.0" - digest = "sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185" - digestchroot = "sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5" - } - } -} - -# chart releases: https://github.com/kedacore/charts/releases -# keda image tags: https://github.com/kedacore/keda/pkgs/container/keda/versions -# keda-metrics-apiserver image tags: https://github.com/kedacore/keda/pkgs/container/keda-metrics-apiserver/versions -keda_helm = { - chart_version = "2.9.1" - keda = { - image_name = "ghcr.io/kedacore/keda" - image_tag = "2.9.1@sha256:52c41dbbc0cb7ba41800201f5140ec87bd942c04207143615474060a0662fa01" - } - metrics_api_server = { - image_name = "ghcr.io/kedacore/keda-metrics-apiserver" - image_tag = "2.9.1@sha256:8bd2410409fc6554a0e4e8fc1e08704b05ce98ed6158d6d6c9746241a55e0730" - } -} - -# chart releases: https://github.com/prometheus-community/helm-charts/releases?q=tag%3Aprometheus-15&expanded=true -# quay.io/prometheus/alertmanager image tags: https://quay.io/repository/prometheus/alertmanager?tab=tags -# jimmidyson/configmap-reload image tags: https://hub.docker.com/r/jimmidyson/configmap-reload/tags -# quay.io/prometheus/node-exporter image tags: https://quay.io/repository/prometheus/node-exporter?tab=tags -# quay.io/prometheus/prometheus image tags: https://quay.io/repository/prometheus/prometheus?tab=tags -# prom/pushgateway image tags:https://hub.docker.com/r/prom/pushgateway/tags -prometheus_helm = { - chart_version = "15.12.0" - alertmanager = { - image_name = "quay.io/prometheus/alertmanager" - image_tag = "v0.24.0@sha256:088464f949de8065b9da7dfce7302a633d700e9d598e2bebc03310712f083b31" - } - configmap_reload_prometheus = { - image_name = "jimmidyson/configmap-reload" - image_tag = "v0.5.0@sha256:91467ba755a0c41199a63fe80a2c321c06edc4d3affb4f0ab6b3d20a49ed88d1" - } - configmap_reload_alertmanager = { - image_name = "jimmidyson/configmap-reload" - image_tag = "v0.5.0@sha256:91467ba755a0c41199a63fe80a2c321c06edc4d3affb4f0ab6b3d20a49ed88d1" - } - node_exporter = { - image_name = "quay.io/prometheus/node-exporter" - image_tag = "v1.3.1@sha256:f2269e73124dd0f60a7d19a2ce1264d33d08a985aed0ee6b0b89d0be470592cd" - } - server = { - image_name = "quay.io/prometheus/prometheus" - image_tag = "v2.36.2@sha256:df0cd5887887ec393c1934c36c1977b69ef3693611932c3ddeae8b7a412059b9" - } - pushgateway = { - image_name = "prom/pushgateway" - image_tag = "v1.4.3@sha256:9e4e2396009751f1dc66ebb2b59e07d5abb009eb26d637eb0cf89b9a3738f146" - } -} - -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -# grafana_helm_version = "6.32.3" diff --git a/src/common/prod/README.md b/src/common/prod/README.md index 7d1458574..217132dea 100644 --- a/src/common/prod/README.md +++ b/src/common/prod/README.md @@ -54,7 +54,6 @@ | [azurerm_subnet.itn_auth_lv_func_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.itn_msgs_sending_func_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.services_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | [azurerm_virtual_network.weu_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | [terraform_remote_state.core](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | diff --git a/src/common/prod/data.tf b/src/common/prod/data.tf index 2a218ea20..e3fdd7780 100644 --- a/src/common/prod/data.tf +++ b/src/common/prod/data.tf @@ -1,8 +1,3 @@ -data "azurerm_virtual_network" "weu_beta" { - name = "${local.project_weu}-beta-vnet" - resource_group_name = "${local.project_weu}-beta-vnet-rg" -} - data "azurerm_virtual_network" "weu_prod01" { name = "${local.project_weu}-prod01-vnet" resource_group_name = "${local.project_weu}-prod01-vnet-rg" diff --git a/src/common/prod/global.tf b/src/common/prod/global.tf index 7221eb876..19b4f93c6 100644 --- a/src/common/prod/global.tf +++ b/src/common/prod/global.tf @@ -22,11 +22,6 @@ module "global" { name = local.core.networking.itn.vnet_common.name } - beta = { - id = data.azurerm_virtual_network.weu_beta.id - name = data.azurerm_virtual_network.weu_beta.name - } - prod01 = { id = data.azurerm_virtual_network.weu_prod01.id name = data.azurerm_virtual_network.weu_prod01.name diff --git a/src/common/prod/westeurope.tf b/src/common/prod/westeurope.tf index ac55cc75b..ebc2f10f3 100644 --- a/src/common/prod/westeurope.tf +++ b/src/common/prod/westeurope.tf @@ -498,8 +498,6 @@ module "app_backend_li_weu" { slot_allowed_subnets = concat([local.azdoa_snet_id["weu"]], data.azurerm_subnet.services_snet.*.id, [data.azurerm_subnet.admin_snet.id]) allowed_ips = concat(module.monitoring_weu.appi.reserved_ips, [ - // aks beta - "51.124.16.195/32", // aks prod01 "51.105.109.140/32" ]) diff --git a/src/core/prod/README.md b/src/core/prod/README.md index 47cb929c0..dc2a14051 100644 --- a/src/core/prod/README.md +++ b/src/core/prod/README.md @@ -49,7 +49,6 @@ | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | | [azurerm_user_assigned_identity.managed_identity_io_infra_cd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | | [azurerm_user_assigned_identity.managed_identity_io_infra_ci](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/user_assigned_identity) | data source | -| [azurerm_virtual_network.weu_beta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | | [azurerm_virtual_network.weu_prod01](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | ## Inputs diff --git a/src/core/prod/data.tf b/src/core/prod/data.tf index 0f19ec33e..6b309eedb 100644 --- a/src/core/prod/data.tf +++ b/src/core/prod/data.tf @@ -2,11 +2,6 @@ data "azurerm_client_config" "current" {} data "azurerm_subscription" "current" {} -data "azurerm_virtual_network" "weu_beta" { - name = "${local.project_weu}-beta-vnet" - resource_group_name = "${local.project_weu}-beta-vnet-rg" -} - data "azurerm_virtual_network" "weu_prod01" { name = "${local.project_weu}-prod01-vnet" resource_group_name = "${local.project_weu}-prod01-vnet-rg" diff --git a/src/core/prod/italynorth.tf b/src/core/prod/italynorth.tf index 9d02c1ea6..228ae3616 100644 --- a/src/core/prod/italynorth.tf +++ b/src/core/prod/italynorth.tf @@ -33,16 +33,6 @@ module "vnet_peering_itn" { use_remote_gateways = true } - beta = { - name = data.azurerm_virtual_network.weu_beta.name - id = data.azurerm_virtual_network.weu_beta.id - resource_group_name = data.azurerm_virtual_network.weu_beta.resource_group_name - use_remote_gateways = false - symmetrical = { - enabled = true - } - } - prod01 = { name = data.azurerm_virtual_network.weu_prod01.name id = data.azurerm_virtual_network.weu_prod01.id diff --git a/src/core/prod/westeurope.tf b/src/core/prod/westeurope.tf index 5b29f97db..34cdab7de 100644 --- a/src/core/prod/westeurope.tf +++ b/src/core/prod/westeurope.tf @@ -33,18 +33,6 @@ module "vnet_peering_weu" { use_remote_gateways = false } - beta = { - name = data.azurerm_virtual_network.weu_beta.name - id = data.azurerm_virtual_network.weu_beta.id - resource_group_name = data.azurerm_virtual_network.weu_beta.resource_group_name - use_remote_gateways = false - symmetrical = { - enabled = true - use_remote_gateways = true - allow_gateway_transit = false - } - } - prod01 = { name = data.azurerm_virtual_network.weu_prod01.name id = data.azurerm_virtual_network.weu_prod01.id diff --git a/src/domains/citizen-auth-app/99_variables.tf b/src/domains/citizen-auth-app/99_variables.tf index 26037784f..af8917e42 100644 --- a/src/domains/citizen-auth-app/99_variables.tf +++ b/src/domains/citizen-auth-app/99_variables.tf @@ -57,7 +57,7 @@ variable "location_string" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01, prod02" } variable "tags" { diff --git a/src/domains/citizen-auth-app/README.md b/src/domains/citizen-auth-app/README.md index a9f2b7dd4..0f9216d50 100644 --- a/src/domains/citizen-auth-app/README.md +++ b/src/domains/citizen-auth-app/README.md @@ -220,7 +220,7 @@ | [function\_public\_autoscale\_maximum](#input\_function\_public\_autoscale\_maximum) | The maximum number of instances for this resource. | `number` | `3` | no | | [function\_public\_autoscale\_minimum](#input\_function\_public\_autoscale\_minimum) | The minimum number of instances for this resource. | `number` | `1` | no | | [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01, prod02 | `string` | n/a | yes | | [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | diff --git a/src/domains/citizen-auth-common/99_variables.tf b/src/domains/citizen-auth-common/99_variables.tf index affb24784..cd35ca818 100644 --- a/src/domains/citizen-auth-common/99_variables.tf +++ b/src/domains/citizen-auth-common/99_variables.tf @@ -57,7 +57,7 @@ variable "location_full" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01, prod02" } variable "tags" { diff --git a/src/domains/citizen-auth-common/README.md b/src/domains/citizen-auth-common/README.md index e1ff4a59d..3b4df5901 100644 --- a/src/domains/citizen-auth-common/README.md +++ b/src/domains/citizen-auth-common/README.md @@ -132,7 +132,7 @@ | [enable\_azdoa](#input\_enable\_azdoa) | Specifies Azure Devops Agent enabling | `bool` | `true` | no | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01, prod02 | `string` | n/a | yes | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_full](#input\_location\_full) | One of West Europe, North Europe | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | diff --git a/src/domains/elk/.terraform.lock.hcl b/src/domains/elk/.terraform.lock.hcl deleted file mode 100644 index 2c6f6b539..000000000 --- a/src/domains/elk/.terraform.lock.hcl +++ /dev/null @@ -1,142 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/alekc/kubectl" { - version = "2.0.3" - constraints = "~> 2.0" - hashes = [ - "h1:Gv6kXs5zudbEpLLyipTlBXkcVywnxFVaVHTYPShnwJ0=", - "h1:MqnMRHsgILZ697SBICSAzBK0dnmEgGCYGEs6Qe5ORu8=", - "h1:cupk6JdgjzqXsw/0GE8RmKNycf7yJLakzAMlQI4+bsk=", - "h1:i661kXTFIX1JwK9q+oD2ySxgN0FIqDKhCCImwO03AQI=", - "zh:0573cc46fcdf43410114ba42a3d5bee1b2074072a5d7774e90c7ebbf279a4d9a", - "zh:195a5bac71df2e962c5857916aae8b0546fa283b9644b81a5579d87456b3b268", - "zh:19cffc851e779e3715753a312fa0dc49c5429363de9f10466dab6f0c63ad5dc1", - "zh:1acd66873dd114b0a433e74c1971068f44ba327f549a9784565fd26a49b2511d", - "zh:2e043875a2ea09fef17d165a39c305c8fb5b80990efa8eb668d41de290531b5c", - "zh:4a129b540ca0e45ac9b7e5fe29413e88f5c4f6d356df069962e3c73673c5a439", - "zh:8ffec16848393a92a4b9ed577758b396db0d898718823f49c50ebe14fc426fc5", - "zh:aa933d3f7603b4bf411160f23b2f0ca9d564dae143cefa526b1012aebbe814e6", - "zh:ad1199152300687c40863c973050bff4fc031ebca6e9e19e59053c9154d3788f", - "zh:b72834b595be6eafcf04c8f01c2241d5939d6bd65949b8f5bca525ef38320129", - "zh:d18320d9a30aa8c6124f140b7cda41b3289adefdae88a2e096aba7854b9f6a25", - "zh:db391acb58b3362137518db81b7fd118a14732a06094f736ff286024531990cf", - "zh:e9b832fda20c79b2cfb216de9a535e30579d8a02eaafe2dbf4461e2f54fe4383", - "zh:fc51af1d63b8bbaba36d5ee10e3b19176836ebed4f0e61b58d8d372df98d3989", - ] -} - -provider "registry.terraform.io/hashicorp/azuread" { - version = "2.33.0" - constraints = "<= 2.33.0" - hashes = [ - "h1:PDiZA9QpXCkaSuWu6jiCRcjVtKJETqjcOZq4I434zfE=", - "h1:QAQe2+WSqGnHYAVoA+NN4Oeuoqg5sXq3U9Qmj6S1P5M=", - "h1:XIvCW3Nl4bW1bc9f8jyGhft+fQjaed4yy/LFzDAeVJ8=", - "h1:Z28tjly5UfKOE+HL/oALxCPhmCuBwUgZ4uaYt68VR3M=", - "zh:0602d03d7d7e38819f78dc377e64f365427496edf1065bfbb113e3921ab1c34e", - "zh:08843838f4fe146084592472648d4ea7191931eabe042a96c3b3c6eaf8ddfb43", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:26a0d8a186e3b47ea0b7217a8e420b03fda59b7a680bb3ea52cf7d3e6d965ef3", - "zh:352a1cacaacd39e796de15a52d192ab0e6eb98dd36b5fbf8ebddd37e6dafa4ac", - "zh:3702ad4c534e67e2e07b060bfe5e6edc244c59c911906c8b15b96e7fecb0ff2c", - "zh:93b5248d26bdd44845b2ab051a2168c7edad788ae9836f62ea5fb632fd59d7ea", - "zh:a7b880155f4a67b52a5bfe78de33dc55254ef80006234f00e36aaf6533b1de4a", - "zh:a7cf0829364127c9bca26ec01ea3d66988b43987b2d26a3290487d1fc0da50eb", - "zh:b1f82b0d30af733b36a2f849799e0b1ed6a72888fa32a438c829c4e5cff88e20", - "zh:b6c2b23770852de8f56b549579c2f5a82afd84a9ca0616d53a25d48488f7aaf0", - "zh:d87dfbdfe8ab9d3a2e33f210333d40f211ea7d33bfa671063e6807c6ddd85a52", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.71.0" - constraints = ">= 3.30.0, <= 3.71.0" - hashes = [ - "h1:QI0iaPNi0qAOIbXptd4ZObi0D5X1jojom5774GtEspA=", - "h1:nTc6DFS9euNgUkNylQ/AxNYN9Ln1dyL+WVIBNcict7Y=", - "h1:vhmOvVQgCyxXeS25wKuPTNpOAAtocPj5faL1yFS/Bcc=", - "h1:xySu+5dS0H9KYVsQoFp61uc5XLRKif9FrFs//OPNDrM=", - "zh:06f0d225b1711dfad256ff33134f878acc8f84624d9da66b075b075cc4d75892", - "zh:09ff74056818babe02ea5a633bffe2b8223eaf79916dc1db169651ef7725c22f", - "zh:27687e0f8458e6d88ebea94352eb523f56e8f5cdc468268af8f38dc4a4265bf4", - "zh:2d81bfab3c6a9b897fa8fbb5256c9e5a944e6ecbf7f73a2a3e2b53a2c4fbcfc5", - "zh:4cfc744cfc37aeeeecd82800c70e2591b38447af9e3c51bcbf06a5efe842ed65", - "zh:734fbb81508b264f772a076338ddf1c7b25534d2007a1738a7d55587478ed258", - "zh:9a5502c364f58073599fff8cdd8adc32e7f7bcd00a4d9b57d2fff678fd8a8319", - "zh:9bc528f7e78dbfd106f94b741b68dedd3dd3d31c3defcddcc1972c8e52a6b7db", - "zh:c30db03d877f9a7ae0c19d3fd338bbf95cdddbf6df1023709dbfa99689abac14", - "zh:c51d4065145b8f4ca45fc9a0f3ca7f2d933bc0302af2eead74f3ce64a9221ae8", - "zh:e23029fc7f81723795d7da770131adb1ce6f4d32f0a57eb75d47e036a0a19833", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.8.0" - constraints = ">= 2.0.0, 2.8.0" - hashes = [ - "h1:SAwW8iYsXVDhCs8UL5ElzfN6iP3q3tdObPwJiTpCkKI=", - "h1:U0w0mUT0SwZCR0poGNSxGaZJKWcOiu4GerpGztYBiMM=", - "h1:a98mBNghv9odh5PVmgdXapgyYJmO/ncAWkwLWdXLuY4=", - "h1:abRryu69lsIGXctqjMVoaKqi74eE12Vzd2FLpds1/PI=", - "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54", - "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f", - "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575", - "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1", - "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e", - "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b", - "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447", - "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca", - "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb", - "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2", - "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.17.0" - constraints = "2.17.0, <= 2.17.0" - hashes = [ - "h1:Dq/EHg8mKP9wDDTJx5CzZ+w44wutIZJGfQLrAIznAqY=", - "h1:I1L2R+OPgGSh+P6uBSycvvoyRIey/FqMwSvlJ9ccw0o=", - "h1:Nu0bV0ehFE3aiAl8+qxBCxi8u+dfjvvhoQOW30rFGPo=", - "h1:p2sgF62c2svJSKuImL3/zq/SSPOZFyd4Vj7K0UF2VrQ=", - "zh:1cbafea8c404195d8ad2490d75dbeebef131563d3e38dec87231ceb3923a3012", - "zh:26d9584423ee77e607999b082de7d9dc3e937934aa83341e0832e7253caf4f51", - "zh:333527fc15fb43bbf1898a2f058598c596468a01d88c415627bb617878dc4d4d", - "zh:391b8c80e3115af485977d6e949d7260b7fc0b641089b884256bfd36a7077db2", - "zh:4d18ba55247486181759d60195777945bcd68e17ccd980820ca18e8a8b94aeb5", - "zh:607ae94d85d1c1ed3845bd71095daadea4b2468e16f57fa05c98eab0de6b14ae", - "zh:95c6cf22f8ef14e7a4f85e33cff5d6f11056c7880041b71d425d1b5ebbe246e7", - "zh:b077edcedb46a313b461ac1e49317872063b3871f2acbe1a50498612cefff387", - "zh:c6a7891683e44148b0c928fd4748b7abac727266ab551d679015f5fe8b72d1e6", - "zh:e5cebfdf873770c37a4304362003d3fea8d6c2fd819663ad121bc65bb81e4738", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:feb19269e7c0de473ad412b37818b48da0cc91e5c93dd4c77a72676ca97a16b1", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.1" - constraints = "<= 3.2.1" - hashes = [ - "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=", - "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", - "h1:vUW21lLLsKlxtBf0QF7LKJreKxs0CM7YXGzqW1N/ODY=", - "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=", - "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", - "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", - "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", - "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", - "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", - "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", - "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", - "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", - "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", - "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", - ] -} diff --git a/src/domains/elk/00_azuread.tf b/src/domains/elk/00_azuread.tf deleted file mode 100644 index bfffd3a8b..000000000 --- a/src/domains/elk/00_azuread.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Azure AD -data "azuread_group" "adgroup_admin" { - display_name = format("%s-adgroup-admin", local.product) -} - -data "azuread_group" "adgroup_developers" { - display_name = format("%s-adgroup-developers", local.product) -} - -data "azuread_group" "adgroup_externals" { - display_name = format("%s-adgroup-externals", local.product) -} - -data "azuread_group" "adgroup_security" { - display_name = format("%s-adgroup-security", local.product) -} diff --git a/src/domains/elk/01_aks.tf b/src/domains/elk/01_aks.tf deleted file mode 100644 index dbda4c79a..000000000 --- a/src/domains/elk/01_aks.tf +++ /dev/null @@ -1,54 +0,0 @@ -data "azurerm_kubernetes_cluster" "aks" { - name = local.aks_name - resource_group_name = local.aks_resource_group_name -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "aks_apiserver_url" { - name = "${local.aks_name}-apiserver-url" - value = "https://${data.azurerm_kubernetes_cluster.aks.private_fqdn}:443" - content_type = "text/plain" - - key_vault_id = module.key_vault.id -} - -resource "azurerm_kubernetes_cluster_node_pool" "elastic" { - - kubernetes_cluster_id = data.azurerm_kubernetes_cluster.aks.id - - name = var.elastic_node_pool.name - - ### vm configuration - vm_size = var.elastic_node_pool.vm_size - # https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-general - os_disk_type = var.elastic_node_pool.os_disk_type # Managed or Ephemeral - os_disk_size_gb = var.elastic_node_pool.os_disk_size_gb - zones = ["1", "2", "3"] - - os_type = "Linux" - - ### autoscaling - enable_auto_scaling = true - #node_count = var.elastic_node_pool.node_count_min - min_count = var.elastic_node_pool.node_count_min - max_count = var.elastic_node_pool.node_count_max - - ### K8s node configuration - max_pods = var.elastic_node_pool.elastic_pool_max_pods - node_labels = var.elastic_node_pool.node_labels - node_taints = var.elastic_node_pool.node_taints - - ### networking - vnet_subnet_id = module.aks_elk_snet.id - enable_node_public_ip = false - - - tags = merge(var.tags, var.elastic_node_pool.node_tags) - - #lifecycle { - # ignore_changes = [ - # node_count - # ] - #} - -} diff --git a/src/domains/elk/01_monitor.tf b/src/domains/elk/01_monitor.tf deleted file mode 100644 index 96fe91ba0..000000000 --- a/src/domains/elk/01_monitor.tf +++ /dev/null @@ -1,53 +0,0 @@ -data "azurerm_log_analytics_workspace" "log_analytics" { - name = var.log_analytics_workspace_name - resource_group_name = var.log_analytics_workspace_resource_group_name -} - -data "azurerm_application_insights" "application_insights" { - name = var.application_insights_name - resource_group_name = var.monitor_resource_group_name -} - -data "azurerm_resource_group" "monitor_rg" { - name = var.monitor_resource_group_name -} - -data "azurerm_monitor_action_group" "error_action_group" { - resource_group_name = var.monitor_resource_group_name - name = "${var.prefix}${var.env_short}error" -} - -data "azurerm_monitor_action_group" "slack" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_slack_name -} - -data "azurerm_monitor_action_group" "email" { - resource_group_name = var.monitor_resource_group_name - name = local.monitor_action_group_email_name -} - -data "azurerm_subnet" "azdoa_snet" { - count = var.enable_azdoa ? 1 : 0 - name = "azure-devops" - virtual_network_name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "appinsights_instrumentation_key" { - name = "appinsights-instrumentation-key" - value = data.azurerm_application_insights.application_insights.instrumentation_key - content_type = "only instrumentation key" - - key_vault_id = module.key_vault.id -} - -#tfsec:ignore:AZU023 -resource "azurerm_key_vault_secret" "appinsights_connection_string" { - name = "appinsights-connection-string" - value = data.azurerm_application_insights.application_insights.connection_string - content_type = "full connection string, example InstrumentationKey=XXXXX" - - key_vault_id = module.key_vault.id -} \ No newline at end of file diff --git a/src/domains/elk/01_network.tf b/src/domains/elk/01_network.tf deleted file mode 100644 index 6ba80975c..000000000 --- a/src/domains/elk/01_network.tf +++ /dev/null @@ -1,75 +0,0 @@ -data "azurerm_virtual_network" "vnet" { - name = local.vnet_name - resource_group_name = local.vnet_resource_group_name -} - -data "azurerm_virtual_network" "vnet_common" { - name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} - -data "azurerm_private_dns_zone" "internal" { - name = local.internal_dns_zone_name - resource_group_name = local.internal_dns_zone_resource_group_name -} - -data "azurerm_private_dns_zone" "privatelink_blob_core_windows_net" { - name = "privatelink.blob.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_queue_core_windows_net" { - name = "privatelink.queue.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_file_core_windows_net" { - name = "privatelink.file.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_table_core_windows_net" { - name = "privatelink.table.core.windows.net" - resource_group_name = format("%s-rg-common", local.product) -} - -data "azurerm_private_dns_zone" "privatelink_documents_azure_com" { - name = "privatelink.documents.azure.com" - resource_group_name = format("%s-rg-common", local.product) -} - -resource "azurerm_private_dns_a_record" "ingress" { - name = local.ingress_hostname - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} - -data "azurerm_subnet" "private_endpoints_subnet" { - name = "pendpoints" - virtual_network_name = local.vnet_common_name - resource_group_name = local.vnet_common_resource_group_name -} - -data "azurerm_private_dns_zone" "privatelink_servicebus_windows_net" { - name = "privatelink.servicebus.windows.net" - resource_group_name = format("%s-evt-rg", local.product) -} - -resource "azurerm_private_dns_a_record" "kibana_ingress" { - name = local.kibana_hostname_short - zone_name = data.azurerm_private_dns_zone.internal.name - resource_group_name = local.internal_dns_zone_resource_group_name - ttl = 3600 - records = [var.ingress_load_balancer_ip] -} - -module "aks_elk_snet" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v7.28.0" - name = "${local.project}-aks-${var.domain}-snet" - address_prefixes = var.aks_elk_cidr_subnet - resource_group_name = data.azurerm_virtual_network.vnet.resource_group_name - virtual_network_name = data.azurerm_virtual_network.vnet.name - private_endpoint_network_policies_enabled = false -} \ No newline at end of file diff --git a/src/domains/elk/02_key_vault.tf b/src/domains/elk/02_key_vault.tf deleted file mode 100644 index 5f402e596..000000000 --- a/src/domains/elk/02_key_vault.tf +++ /dev/null @@ -1,68 +0,0 @@ -resource "azurerm_resource_group" "sec_rg" { - name = "${local.product}-${var.domain}-sec-rg" - location = var.location - - tags = var.tags -} - -module "key_vault" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3//key_vault?ref=v7.28.0" - - name = "${local.product}-${var.domain}-kv" - location = azurerm_resource_group.sec_rg.location - resource_group_name = azurerm_resource_group.sec_rg.name - tenant_id = data.azurerm_client_config.current.tenant_id - soft_delete_retention_days = 90 - - tags = var.tags -} - -## adgroup_admin group policy ## -resource "azurerm_key_vault_access_policy" "adgroup_admin" { - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_admin.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", ] - secret_permissions = ["Get", "List", "Set", "Delete", "Restore", "Recover", ] - storage_permissions = [] - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Recover", ] -} - -## adgroup_developers group policy ## -resource "azurerm_key_vault_access_policy" "adgroup_developers" { - key_vault_id = module.key_vault.id - - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_group.adgroup_developers.object_id - - key_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", ] - secret_permissions = ["Get", "List", "Set", "Delete", "Restore", "Recover", ] - storage_permissions = [] - certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Recover", ] -} - -# -# azure devops policy -# - -#pagopaspa-cstar-platform-iac-projects-{subscription} -data "azuread_service_principal" "platform_iac_sp" { - display_name = "pagopaspa-io-platform-iac-projects-${data.azurerm_subscription.current.subscription_id}" -} - -resource "azurerm_key_vault_access_policy" "azdevops_platform_iac_policy" { - key_vault_id = module.key_vault.id - tenant_id = data.azurerm_client_config.current.tenant_id - object_id = data.azuread_service_principal.platform_iac_sp.object_id - - secret_permissions = ["Get", "List", "Set", ] - storage_permissions = [] - certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get", "ManageContacts", ] -} - -data "azurerm_key_vault" "common" { - name = format("%s-kv-common", local.product) - resource_group_name = format("%s-rg-common", local.product) -} \ No newline at end of file diff --git a/src/domains/elk/02_namespace.tf b/src/domains/elk/02_namespace.tf deleted file mode 100644 index d472e5d00..000000000 --- a/src/domains/elk/02_namespace.tf +++ /dev/null @@ -1,138 +0,0 @@ -resource "kubernetes_namespace" "namespace" { - metadata { - name = var.domain - } -} - -module "pod_identity" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity?ref=v7.28.0" - - resource_group_name = local.aks_resource_group_name - location = var.location - tenant_id = data.azurerm_subscription.current.tenant_id - cluster_name = local.aks_name - - identity_name = "${var.domain}-pod-identity" - namespace = kubernetes_namespace.namespace.metadata[0].name - key_vault_id = module.key_vault.id - - secret_permissions = ["Get"] - certificate_permissions = ["Get"] -} - -resource "azurerm_key_vault_access_policy" "common" { - key_vault_id = data.azurerm_key_vault.common.id - tenant_id = data.azurerm_subscription.current.tenant_id - - # The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. - object_id = module.pod_identity.identity.principal_id - - secret_permissions = ["Get"] -} - -resource "helm_release" "reloader" { - name = "reloader" - repository = "https://stakater.github.io/stakater-charts" - chart = "reloader" - version = var.reloader_helm.chart_version - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "reloader.watchGlobally" - value = "false" - } - set { - name = "reloader.deployment.image.name" - value = var.reloader_helm.image_name - } - set { - name = "reloader.deployment.image.tag" - value = var.reloader_helm.image_tag - } -} - -resource "helm_release" "tls_cert_check" { - name = "tls-cert-check" - chart = "microservice-chart" - repository = "https://pagopa.github.io/aks-microservice-chart-blueprint" - version = var.tls_cert_check_helm.chart_version - namespace = kubernetes_namespace.namespace.metadata[0].name - - values = [ - "${templatefile("${path.module}/templates/tls-cert.yaml.tpl", - { - namespace = var.domain - image_name = var.tls_cert_check_helm.image_name - image_tag = var.tls_cert_check_helm.image_tag - website_site_name = "tls-cert-check-${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - time_trigger = "*/1 * * * *" - function_name = "${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - region = var.location_string - expiration_delta_in_days = "7" - host = "${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - appinsights_instrumentationkey = "appinsights-connection-string" - keyvault_name = module.key_vault.name - keyvault_tenantid = data.azurerm_client_config.current.tenant_id - })}", - ] -} - -resource "azurerm_monitor_metric_alert" "tls_cert_check" { - name = "tls-cert-check-${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it" - resource_group_name = data.azurerm_resource_group.monitor_rg.name - scopes = [data.azurerm_application_insights.application_insights.id] - description = "Whenever the average availabilityresults/availabilitypercentage is less than 100%" - severity = 0 - frequency = "PT5M" - auto_mitigate = false - - criteria { - metric_namespace = "microsoft.insights/components" - metric_name = "availabilityResults/availabilityPercentage" - aggregation = "Average" - operator = "LessThan" - threshold = 50 - - dimension { - name = "availabilityResult/name" - operator = "Include" - values = ["${var.location_short}${var.instance}.${var.domain}.internal.io.pagopa.it"] - } - } - action { - action_group_id = data.azurerm_monitor_action_group.error_action_group.id - } -} - -resource "helm_release" "cert-mounter" { - name = "cert-mounter-blueprint" - chart = "cert-mounter-blueprint" - repository = "https://pagopa.github.io/aks-helm-cert-mounter-blueprint" - version = "1.0.4" - namespace = kubernetes_namespace.namespace.metadata[0].name - - set { - name = "namespace" - value = kubernetes_namespace.namespace.metadata[0].name - } - - set { - name = "deployment.create" - value = "true" - } - - set { - name = "kvCertificatesName[0]" - value = replace("${local.ingress_hostname}.${local.internal_dns_zone_name}", ".", "-") - } - - set { - name = "keyvault.name" - value = module.key_vault.name - } - - set { - name = "keyvault.tenantId" - value = data.azurerm_client_config.current.tenant_id - } -} diff --git a/src/domains/elk/03_ingress.tf b/src/domains/elk/03_ingress.tf deleted file mode 100644 index 7980a97a7..000000000 --- a/src/domains/elk/03_ingress.tf +++ /dev/null @@ -1,85 +0,0 @@ -resource "kubernetes_namespace" "ingress" { - metadata { - name = "ingress-${var.domain}" - } -} - -# from Microsoft docs https://docs.microsoft.com/it-it/azure/aks/ingress-internal-ip -module "nginx_ingress" { - source = "terraform-module/release/helm" - version = "2.8.0" - - namespace = kubernetes_namespace.ingress.metadata[0].name - repository = "https://kubernetes.github.io/ingress-nginx" - app = { - name = "nginx-ingress-${var.domain}" - version = var.nginx_helm.version - chart = "ingress-nginx" - recreate_pods = false #https://github.com/helm/helm/issues/6378 -> fixed in k8s 1.22 - deploy = 1 - } - - values = [ - "${templatefile("${path.module}/ingress/loadbalancer.yaml.tpl", { load_balancer_ip = var.ingress_load_balancer_ip })}", - templatefile( - "${path.module}/ingress/autoscaling.yaml.tpl", - { - min_replicas = var.ingress_min_replica_count - max_replicas = var.ingress_max_replica_count - polling_interval = 30 # seconds - cooldown_period = 300 # seconds - triggers = [ - { - type = "cpu" - metadata = { - type = "Utilization" - value = "60" - } - } - ] - } - ), - ] - - set = [ - { - name = "controller.nodeSelector.beta\\.kubernetes\\.io/os" - value = "linux" - }, - { - name = "defaultBackend.nodeSelector.beta\\.kubernetes\\.io/os" - value = "linux" - }, - { - name = "controller.admissionWebhooks.patch.nodeSelector.beta\\.kubernetes\\.io/os" - value = "linux" - }, - { - name = "controller.ingressClassResource.name" - value = "nginxelk" - }, - { - name = "controller.ingressClass" - value = "nginxelk" - }, - { - name = "controller.ingressClassResource.default" - value = "false" - }, - { - name = "controller.ingressClassResource.controllerValue" - value = "k8s.io/nginxelk-controller" - }, - { - name = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/azure-load-balancer-health-probe-request-path" - value = "/healthz" - - }, - { - # To overcome 1m size limit of https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#proxy-body-size - # Setting size to 0 disables checking of client request body size - name = "controller.config.proxy-body-size" - value = var.nginx_helm.controller.config.proxy-body-size - } - ] -} diff --git a/src/domains/elk/04_storage.tf b/src/domains/elk/04_storage.tf deleted file mode 100644 index 87bebaffe..000000000 --- a/src/domains/elk/04_storage.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "kubernetes_storage_class" "kubernetes_storage_class_hot" { - metadata { - name = "${local.project}-elastic-aks-storage-hot" - } - storage_provisioner = "disk.csi.azure.com" - reclaim_policy = "Delete" - volume_binding_mode = "WaitForFirstConsumer" - parameters = { - skuName = var.elastic_hot_storage.storage_type - } - allow_volume_expansion = var.elastic_hot_storage.allow_volume_expansion - -} \ No newline at end of file diff --git a/src/domains/elk/05_elastic_stack.tf b/src/domains/elk/05_elastic_stack.tf deleted file mode 100644 index 88ab94486..000000000 --- a/src/domains/elk/05_elastic_stack.tf +++ /dev/null @@ -1,115 +0,0 @@ -locals { - snapshot_secret_name = "snapshot-secret" - deafult_snapshot_container_name = "snapshotblob" -} - -resource "azurerm_resource_group" "elk_rg" { - name = "${local.project}-rg" - location = var.location - - tags = var.tags -} - -resource "azurerm_storage_account" "elk_snapshot_sa" { - name = replace(format("%s-sa", local.project), "-", "") - resource_group_name = azurerm_resource_group.elk_rg.name - location = azurerm_resource_group.elk_rg.location - account_tier = "Standard" - account_replication_type = "GZRS" - min_tls_version = "TLS1_2" - - blob_properties { - change_feed_enabled = var.elk_snapshot_sa.backup_enabled - dynamic "container_delete_retention_policy" { - for_each = var.elk_snapshot_sa.backup_enabled ? [1] : [] - content { - days = var.elk_snapshot_sa.blob_delete_retention_days - } - - } - # change_feed_retention_in_days = var.elk_snapshot_sa.backup_enabled ? var.elk_snapshot_sa.blob_delete_retention_days : null - # restore_policy { - # days = var.elk_snapshot_sa.blob_delete_retention_days - # } - versioning_enabled = var.elk_snapshot_sa.backup_enabled - dynamic "delete_retention_policy" { - for_each = var.elk_snapshot_sa.backup_enabled ? [1] : [] - content { - days = var.elk_snapshot_sa.blob_delete_retention_days - } - - } - } -} - -resource "azurerm_storage_container" "snapshot_container" { - name = local.deafult_snapshot_container_name - storage_account_name = azurerm_storage_account.elk_snapshot_sa.name - container_access_type = "private" -} - -resource "kubernetes_secret" "snapshot_secret" { - metadata { - name = local.snapshot_secret_name - namespace = kubernetes_namespace.namespace.metadata[0].name - } - data = { - "azure.client.default.account" = replace(format("%s-sa", local.project), "-", "") - "azure.client.default.key" = azurerm_storage_account.elk_snapshot_sa.primary_access_key - } - -} - -module "elastic_stack" { - depends_on = [ - azurerm_kubernetes_cluster_node_pool.elastic, - ] - - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//elastic_stack?ref=v7.29.0" - - namespace = kubernetes_namespace.namespace.metadata[0].name - nodeset_config = var.nodeset_config - - dedicated_log_instance_name = [] - - eck_version = "2.9" - eck_license = file("${path.module}/env/eck_license/pagopa-spa-4a1285e5-9c2c-4f9f-948a-9600095edc2f-orchestration.json") - - env_short = var.env_short - env = var.env - - kibana_external_domain = "https://kibana.${var.prefix}.pagopa.it/kibana" - - secret_name = "${var.location_short}${var.instance}-kibana-internal-${var.prefix}-pagopa-it" - keyvault_name = module.key_vault.name - - kibana_internal_hostname = "${var.location_short}${var.instance}.kibana.internal.${var.prefix}.pagopa.it" - - snapshot_secret_name = local.snapshot_secret_name -} - -data "kubernetes_secret" "get_elastic_credential" { - depends_on = [ - module.elastic_stack - ] - - metadata { - name = "quickstart-es-elastic-user" - namespace = kubernetes_namespace.namespace.metadata[0].name - } -} - -# origInal -# locals { -# kibana_url = var.env_short == "p" ? "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@kibana.platform.pagopa.it/kibana" : "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@kibana.${var.env}.platform.pagopa.it/kibana" -# elastic_url = var.env_short == "p" ? "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@kibana.platform.pagopa.it/elastic" : "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@kibana.${var.env}.platform.pagopa.it/elastic" -# } - -# workaround -#TODO fix url values -locals { - kibana_url = var.env_short == "d" ? "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@kibana.${var.env}.platform.pagopa.it/kibana" : "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@${local.kibana_hostname}/kibana" - elastic_url = var.env_short == "d" ? "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@kibana.${var.env}.platform.pagopa.it/elastic" : "https://elastic:${data.kubernetes_secret.get_elastic_credential.data.elastic}@${local.kibana_hostname}/elastic" - -} - diff --git a/src/domains/elk/99_locals.tf b/src/domains/elk/99_locals.tf deleted file mode 100644 index 166a210a2..000000000 --- a/src/domains/elk/99_locals.tf +++ /dev/null @@ -1,30 +0,0 @@ -locals { - project = "${var.prefix}-${var.env_short}-${var.domain}-${var.location_short}-${var.instance}" - product = "${var.prefix}-${var.env_short}" - common_project = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}" - - monitor_action_group_slack_name = "SlackPagoPA" - monitor_action_group_email_name = "EmailPagoPA" - - vnet_name = "${local.product}-${var.location_short}-${var.instance}-vnet" - vnet_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-vnet-rg" - - vnet_common_name = "${local.product}-vnet-common" - vnet_common_resource_group_name = "${local.product}-rg-common" - - ingress_hostname = "${var.location_short}${var.instance}.${var.domain}" - internal_dns_zone_name = "internal.${var.prefix}.pagopa.it" - internal_dns_zone_resource_group_name = "${local.product}-rg-internal" - - acr_name = replace("${local.product}commonacr", "-", "") - acr_resource_group_name = "${local.product}-container-registry-rg" - - aks_name = "${local.product}-${var.location_short}-${var.instance}-aks" - aks_resource_group_name = "${local.product}-${var.location_short}-${var.instance}-aks-rg" - aks_snet_name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.instance}-aks-user-snet" - - kibana_hostname = var.env_short == "p" ? "weu${var.env}.kibana.internal.platform.pagopa.it" : "weu${var.env}.kibana.internal.${var.env}.platform.pagopa.it" - kibana_hostname_short = "weu${var.instance}.kibana" - - -} diff --git a/src/domains/elk/99_main.tf b/src/domains/elk/99_main.tf deleted file mode 100644 index b87de2e24..000000000 --- a/src/domains/elk/99_main.tf +++ /dev/null @@ -1,48 +0,0 @@ -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "<= 3.71.0" - } - azuread = { - source = "hashicorp/azuread" - version = "<= 2.33.0" - } - null = { - source = "hashicorp/null" - version = "<= 3.2.1" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "= 2.17.0" - } - helm = { - source = "hashicorp/helm" - version = "= 2.8.0" - } - } - - backend "azurerm" {} -} - -provider "azurerm" { - features { - key_vault { - purge_soft_delete_on_destroy = false - } - } -} - -data "azurerm_subscription" "current" {} - -data "azurerm_client_config" "current" {} - -provider "kubernetes" { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" -} - -provider "helm" { - kubernetes { - config_path = "${var.k8s_kube_config_path_prefix}/config-${local.aks_name}" - } -} diff --git a/src/domains/elk/99_variables.tf b/src/domains/elk/99_variables.tf deleted file mode 100644 index c024bc878..000000000 --- a/src/domains/elk/99_variables.tf +++ /dev/null @@ -1,323 +0,0 @@ -# general - -variable "prefix" { - type = string - validation { - condition = ( - length(var.prefix) <= 6 - ) - error_message = "Max length is 6 chars." - } -} - -variable "env" { - type = string -} - -variable "env_short" { - type = string - validation { - condition = ( - length(var.env_short) == 1 - ) - error_message = "Length must be 1 chars." - } -} - -variable "domain" { - type = string - validation { - condition = ( - length(var.domain) <= 12 - ) - error_message = "Max length is 12 chars." - } -} - -variable "location" { - type = string - description = "One of westeurope, northeurope" -} - -variable "location_short" { - type = string - validation { - condition = ( - length(var.location_short) == 3 - ) - error_message = "Length must be 3 chars." - } - description = "One of wue, neu" -} - -variable "location_string" { - type = string - description = "One of West Europe, North Europe" -} - -variable "instance" { - type = string - description = "One of beta, prod01, prod02" -} - -variable "tags" { - type = map(any) - default = { - CreatedBy = "Terraform" - } -} - -### External resources - -variable "monitor_resource_group_name" { - type = string - description = "Monitor resource group name" -} - -variable "log_analytics_workspace_name" { - type = string - description = "Specifies the name of the Log Analytics Workspace." -} - -variable "log_analytics_workspace_resource_group_name" { - type = string - description = "The name of the resource group in which the Log Analytics workspace is located in." -} - -variable "application_insights_name" { - type = string - description = "Specifies the name of the Application Insights." -} - -### Aks - -variable "k8s_kube_config_path_prefix" { - type = string - default = "~/.kube" -} - -variable "ingress_load_balancer_ip" { - type = string -} - -variable "reloader_helm" { - type = object({ - chart_version = string, - image_name = string, - image_tag = string - }) - description = "reloader helm chart configuration" -} - -variable "tls_cert_check_helm" { - type = object({ - chart_version = string, - image_name = string, - image_tag = string - }) - description = "tls cert helm chart configuration" -} - -## Event hub - -variable "ehns_enabled" { - type = bool - description = "Enable event hub namespace" - default = false -} - -variable "ehns_sku_name" { - type = string - description = "Defines which tier to use." - default = "Basic" -} - -variable "ehns_capacity" { - type = number - description = "Specifies the Capacity / Throughput Units for a Standard SKU namespace." - default = null -} - -variable "ehns_maximum_throughput_units" { - type = number - description = "Specifies the maximum number of throughput units when Auto Inflate is Enabled" - default = null -} - -variable "ehns_auto_inflate_enabled" { - type = bool - description = "Is Auto Inflate enabled for the EventHub Namespace?" - default = false -} - -variable "ehns_zone_redundant" { - type = bool - description = "Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones)." - default = false -} - -variable "eventhubs" { - description = "A list of event hubs to add to namespace." - type = list(object({ - name = string - partitions = number - message_retention = number - consumers = list(string) - keys = list(object({ - name = string - listen = bool - send = bool - manage = bool - })) - })) - default = [] -} - -variable "ehns_ip_rules" { - description = "eventhub network rules" - type = list(object({ - ip_mask = string - action = string - })) - default = [] -} - -variable "ehns_virtual_network_rules" { - description = "eventhub virtual network rules" - type = list(object({ - ip_mask = string - action = string - })) - default = [] -} - -variable "ehns_alerts_enabled" { - type = bool - default = true - description = "Event hub alerts enabled?" -} - -variable "ehns_metric_alerts" { - default = {} - - description = < - -## Requirements - -| Name | Version | -|------|---------| -| [azuread](#requirement\_azuread) | <= 2.33.0 | -| [azurerm](#requirement\_azurerm) | <= 3.71.0 | -| [helm](#requirement\_helm) | = 2.8.0 | -| [kubernetes](#requirement\_kubernetes) | = 2.17.0 | -| [null](#requirement\_null) | <= 3.2.1 | - -## Providers - -| Name | Version | -|------|---------| -| [azuread](#provider\_azuread) | 2.33.0 | -| [azurerm](#provider\_azurerm) | 3.71.0 | -| [helm](#provider\_helm) | 2.8.0 | -| [kubernetes](#provider\_kubernetes) | 2.17.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [aks\_elk\_snet](#module\_aks\_elk\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.28.0 | -| [elastic\_stack](#module\_elastic\_stack) | git::https://github.com/pagopa/terraform-azurerm-v3.git//elastic_stack | v7.29.0 | -| [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3//key_vault | v7.28.0 | -| [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.8.0 | -| [pod\_identity](#module\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v7.28.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_key_vault_access_policy.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.azdevops_platform_iac_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_access_policy.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource | -| [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.appinsights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | -| [azurerm_kubernetes_cluster_node_pool.elastic](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource | -| [azurerm_monitor_metric_alert.tls_cert_check](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_metric_alert) | resource | -| [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [azurerm_private_dns_a_record.kibana_ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource | -| [azurerm_resource_group.elk_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | -| [azurerm_storage_account.elk_snapshot_sa](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource | -| [azurerm_storage_container.snapshot_container](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_container) | resource | -| [helm_release.cert-mounter](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | -| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | -| [helm_release.tls_cert_check](https://registry.terraform.io/providers/hashicorp/helm/2.8.0/docs/resources/release) | resource | -| [kubernetes_namespace.ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource | -| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/namespace) | resource | -| [kubernetes_secret.snapshot_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/secret) | resource | -| [kubernetes_storage_class.kubernetes_storage_class_hot](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/resources/storage_class) | resource | -| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_group.adgroup_security](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source | -| [azuread_service_principal.platform_iac_sp](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source | -| [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source | -| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source | -| [azurerm_key_vault.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source | -| [azurerm_kubernetes_cluster.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source | -| [azurerm_log_analytics_workspace.log_analytics](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/log_analytics_workspace) | data source | -| [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | -| [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_documents_azure_com](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_file_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_queue_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_servicebus_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_private_dns_zone.privatelink_table_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | -| [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | -| [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | -| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | -| [azurerm_virtual_network.vnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | -| [azurerm_virtual_network.vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source | -| [kubernetes_secret.get_elastic_credential](https://registry.terraform.io/providers/hashicorp/kubernetes/2.17.0/docs/data-sources/secret) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aks\_elk\_cidr\_subnet](#input\_aks\_elk\_cidr\_subnet) | Aks network address space. | `list(string)` | n/a | yes | -| [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes | -| [domain](#input\_domain) | n/a | `string` | n/a | yes | -| [ehns\_alerts\_enabled](#input\_ehns\_alerts\_enabled) | Event hub alerts enabled? | `bool` | `true` | no | -| [ehns\_auto\_inflate\_enabled](#input\_ehns\_auto\_inflate\_enabled) | Is Auto Inflate enabled for the EventHub Namespace? | `bool` | `false` | no | -| [ehns\_capacity](#input\_ehns\_capacity) | Specifies the Capacity / Throughput Units for a Standard SKU namespace. | `number` | `null` | no | -| [ehns\_enabled](#input\_ehns\_enabled) | Enable event hub namespace | `bool` | `false` | no | -| [ehns\_ip\_rules](#input\_ehns\_ip\_rules) | eventhub network rules | 
list(object({
    ip_mask = string
    action  = string
  }))
| `[]` | no | -| [ehns\_maximum\_throughput\_units](#input\_ehns\_maximum\_throughput\_units) | Specifies the maximum number of throughput units when Auto Inflate is Enabled | `number` | `null` | no | -| [ehns\_metric\_alerts](#input\_ehns\_metric\_alerts) | Map of name = criteria objects | 
map(object({
    # criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
    aggregation = string
    metric_name = string
    description = string
    # criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
    operator  = string
    threshold = number
    # Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
    frequency = string
    # Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
    window_size = string

    dimension = list(object(
      {
        name     = string
        operator = string
        values   = list(string)
      }
    ))
  }))
| `{}` | no | -| [ehns\_sku\_name](#input\_ehns\_sku\_name) | Defines which tier to use. | `string` | `"Basic"` | no | -| [ehns\_virtual\_network\_rules](#input\_ehns\_virtual\_network\_rules) | eventhub virtual network rules | 
list(object({
    ip_mask = string
    action  = string
  }))
| `[]` | no | -| [ehns\_zone\_redundant](#input\_ehns\_zone\_redundant) | Specifies if the EventHub Namespace should be Zone Redundant (created across Availability Zones). | `bool` | `false` | no | -| [elastic\_hot\_storage](#input\_elastic\_hot\_storage) | n/a | 
object({
    storage_type           = string,
    allow_volume_expansion = bool,
    initialStorageSize     = string
  })
| n/a | yes | -| [elastic\_node\_pool](#input\_elastic\_node\_pool) | AKS node pool user configuration | 
object({
    enabled               = bool,
    name                  = string,
    vm_size               = string,
    os_disk_type          = string,
    os_disk_size_gb       = string,
    node_count_min        = number,
    node_count_max        = number,
    node_labels           = map(any),
    node_taints           = list(string),
    node_tags             = map(any),
    elastic_pool_max_pods = number,
  })
| n/a | yes | -| [elk\_snapshot\_sa](#input\_elk\_snapshot\_sa) | n/a | 
object({
    blob_delete_retention_days = number
    backup_enabled             = bool
    blob_versioning_enabled    = bool
    advanced_threat_protection = bool
  })
| 
{
  "advanced_threat_protection": true,
  "backup_enabled": false,
  "blob_delete_retention_days": 0,
  "blob_versioning_enabled": true
}
| no | -| [enable\_azdoa](#input\_enable\_azdoa) | Specifies Azure Devops Agent enabling | `bool` | `true` | no | -| [env](#input\_env) | n/a | `string` | n/a | yes | -| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [eventhubs](#input\_eventhubs) | A list of event hubs to add to namespace. | 
list(object({
    name              = string
    partitions        = number
    message_retention = number
    consumers         = list(string)
    keys = list(object({
      name   = string
      listen = bool
      send   = bool
      manage = bool
    }))
  }))
| `[]` | no | -| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [ingress\_max\_replica\_count](#input\_ingress\_max\_replica\_count) | n/a | `string` | n/a | yes | -| [ingress\_min\_replica\_count](#input\_ingress\_min\_replica\_count) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | -| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | -| [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | -| [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | -| [location\_string](#input\_location\_string) | One of West Europe, North Europe | `string` | n/a | yes | -| [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | -| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes | -| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes | -| [nginx\_helm](#input\_nginx\_helm) | nginx ingress helm chart configuration | 
object({
    version = string,
    controller = object({
      image = object({
        registry     = string,
        image        = string,
        tag          = string,
        digest       = string,
        digestchroot = string,
      }),
      config = object({
        proxy-body-size : string
      })
    })
  })
| n/a | yes | -| [nodeset\_config](#input\_nodeset\_config) | n/a | 
map(object({
    count            = string
    roles            = list(string)
    storage          = string
    storageClassName = string
  }))
| 
{
  "default": {
    "count": 1,
    "roles": [
      "master",
      "data",
      "data_content",
      "data_hot",
      "data_warm",
      "data_cold",
      "data_frozen",
      "ingest",
      "ml",
      "remote_cluster_client",
      "transform"
    ],
    "storage": "5Gi",
    "storageClassName": "standard"
  }
}
| no | -| [prefix](#input\_prefix) | n/a | `string` | n/a | yes | -| [reloader\_helm](#input\_reloader\_helm) | reloader helm chart configuration | 
object({
    chart_version = string,
    image_name    = string,
    image_tag     = string
  })
| n/a | yes | -| [tags](#input\_tags) | n/a | `map(any)` | 
{
  "CreatedBy": "Terraform"
}
| no | -| [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | 
object({
    chart_version = string,
    image_name    = string,
    image_tag     = string
  })
| n/a | yes | - -## Outputs - -No outputs. - diff --git a/src/domains/elk/env/eck_license/pagopa-spa-4a1285e5-9c2c-4f9f-948a-9600095edc2f-orchestration.json b/src/domains/elk/env/eck_license/pagopa-spa-4a1285e5-9c2c-4f9f-948a-9600095edc2f-orchestration.json deleted file mode 100644 index 69b4b82d7..000000000 --- a/src/domains/elk/env/eck_license/pagopa-spa-4a1285e5-9c2c-4f9f-948a-9600095edc2f-orchestration.json +++ /dev/null @@ -1 +0,0 @@ -{"license":{"uid":"4a1285e5-9c2c-4f9f-948a-9600095edc2f","type":"enterprise_trial","issue_date_in_millis":1678752000000,"start_date_in_millis":1678752000000,"expiry_date_in_millis":1681603199999,"max_resource_units":5,"issued_to":"PAGOPA SPA","issuer":"API","signature":"AAAABAAAAA2x8i9m6bLRAK9G6W7pAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAo6YmtIRa0iFUQFrhGpdRKAppUtWFXBgLkRoz7jIjEziyrHvflT4JJ8Wm5n2bg+tmXT+MeItuASNzxrzvCVb/jbBrORAMCPwf+89Ve40pprraVGV0VI1OwvL4GyL5cGqZRfWck+GL4xubUpRd7CQD+/PP2f2pC9xA5MiCX2TZR8Xzgljp8tWYBqp44VsxQ+R+ZceGcWdwsqIbQwvRoztqkc5l8Yb0731s0zEKgP0X7wOAimolSAsP+bGWWC1ZHcuINq/uo/n+kmElyToZno1jE88ANYWrF+1dd4NN8Www+DHgQuAv77F+Mq4tED7JH0fZ3l8xhkPi9HlDakUffN+E5","cluster_licenses":[{"license":{"uid":"083c057f-3f45-4fe9-8b07-19c4622b2973","type":"platinum","issue_date_in_millis":1678752000000,"expiry_date_in_millis":1681603199999,"max_nodes":100,"issued_to":"PAGOPA SPA","issuer":"API","signature":"AAAAAwAAAA2i21adIcrqayBP2HUkAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQALnI3bf78Fbn46Jy0TxVG8TQBfIBGqh+cr36JRSOh5sBXQyUs+QzjQIjekTx2HYbCLH4vBsS8T1Hh+HRYEGBncrp9LMC33xFwxHv/dVZIZ/T81Nenz58M53QSoVtsWrWiJYuP+YYIwo5at+P/N7A5Rvkc6sCFoKKgjKWfyT4xQ1b4d8PWPeJMOdzqaGaWdmhWmTM9ZB8HHjRKjGTaJ5pkVVuAxU/luOFaU+4felrwd0EQ05zUAK0fd95N2Gg0ZJ2IV6rF4GJm7uar0duSEk0sIKwznj7E8zYawNlkalniUeR9UeBKCWCy13KCfu857V6qjMLrPdWOVvtWCXsEl3HJA","start_date_in_millis":1678752000000}},{"license":{"uid":"4c1e92e9-e30e-4c48-9fc8-4e002a46b945","type":"enterprise","issue_date_in_millis":1678752000000,"expiry_date_in_millis":1681603199999,"max_nodes":null,"max_resource_units":5,"issued_to":"PAGOPA SPA","issuer":"API","signature":"AAAABQAAAA122zx6JNlw1AWUtuhAAAAAIAo5/x6hrsGh1GqqrJmy4qgmEC7gK0U4zQ6q5ZEMhm4jAAABAFSzSvPZCSqKy9rB1J1cSkNs19mO/CZRvz8wPcYnZNk6xYe+C3MjbWNl7GUrvG7wNZNdwMItUMCpXjgXx40K4pMsOrpcUXUq8UbgE4l4ZaGwTz7+RLpoZZxKDA7TnWN/CJxV79QiucA1eYhHR5+Hb0zWpzCwZG4i9faVuYPasn71PQXZBYHfQ7O/FeHJIIDovIaZHyr6bsv5hLz0MTCRuG9LPJTpctPLEKE9X4FOgdw3Zpx3f9xfzqKJEptaELqaC5ScIBErUutyiGoa59//GukfscFM2d7+/Gj2DSKmpuZzAmRgmxcUA3MsXQljfn63IE1nUnTBSDrv8Fy+vfGFrKk=","start_date_in_millis":1678752000000}}]}} \ No newline at end of file diff --git a/src/domains/elk/env/weu-beta/backend.ini b/src/domains/elk/env/weu-beta/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/elk/env/weu-beta/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/elk/env/weu-beta/backend.tfvars b/src/domains/elk/env/weu-beta/backend.tfvars deleted file mode 100644 index 9958d98df..000000000 --- a/src/domains/elk/env/weu-beta/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.elk-weu-beta.tfstate" diff --git a/src/domains/elk/env/weu-beta/terraform.tfvars b/src/domains/elk/env/weu-beta/terraform.tfvars deleted file mode 100644 index 6c0457f4f..000000000 --- a/src/domains/elk/env/weu-beta/terraform.tfvars +++ /dev/null @@ -1,109 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "elk" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "beta" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/messages" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### - -aks_elk_cidr_subnet = ["10.10.2.0/24"] - -# ingress-nginx helm charts releases 4.X.X: https://github.com/kubernetes/ingress-nginx/releases?expanded=true&page=1&q=tag%3Ahelm-chart-4 -# Pinned versions from "4.1.0" release: https://github.com/kubernetes/ingress-nginx/blob/helm-chart-4.1.0/charts/ingress-nginx/values.yaml -nginx_helm = { - version = "4.5.2" - controller = { - image = { - registry = "k8s.gcr.io" - image = "ingress-nginx/controller" - tag = "v1.2.0" - digest = "sha256:d8196e3bc1e72547c5dec66d6556c0ff92a23f6d0919b206be170bc90d5f9185" - digestchroot = "sha256:fb17f1700b77d4fcc52ca6f83ffc2821861ae887dbb87149cf5cbc52bea425e5" - }, - config = { - proxy-body-size : 0, - } - } -} - -ingress_load_balancer_ip = "10.10.0.253" -ingress_min_replica_count = "1" -ingress_max_replica_count = "3" - -elastic_node_pool = { - enabled = true - name = "elastic01" - vm_size = "Standard_D8ds_v5" - os_disk_type = "Managed" - os_disk_size_gb = "300" - node_count_min = "3" - node_count_max = "3" - node_labels = { - elastic : "eck", - }, - node_taints = [], - node_tags = { elastic : "yes" }, - elastic_pool_max_pods = "250", -} - -elastic_hot_storage = { - storage_type = "StandardSSD_ZRS" - allow_volume_expansion = true - initialStorageSize = "100Gi" -} - -nodeset_config = { - balancer-nodes = { - count = "3" - roles = [] - storage = "20Gi" - storageClassName = "io-p-elk-weu-beta-elastic-aks-storage-hot" - }, - master-nodes = { - count = "3" - roles = ["master"] - storage = "20Gi" - storageClassName = "io-p-elk-weu-beta-elastic-aks-storage-hot" - }, - data-hot-nodes = { - count = "3" - roles = ["ingest", "data_content", "data_hot"] - storage = "500Gi" - storageClassName = "io-p-elk-weu-beta-elastic-aks-storage-hot" - } -} \ No newline at end of file diff --git a/src/domains/elk/ingress/autoscaling.yaml.tpl b/src/domains/elk/ingress/autoscaling.yaml.tpl deleted file mode 100644 index 2fb7deff0..000000000 --- a/src/domains/elk/ingress/autoscaling.yaml.tpl +++ /dev/null @@ -1,9 +0,0 @@ -controller: - keda: - enabled: true - minReplicas: ${min_replicas} - maxReplicas: ${max_replicas} - pollingInterval: ${polling_interval} - cooldownPeriod: ${cooldown_period} - triggers: - ${indent(6, yamlencode(triggers))} \ No newline at end of file diff --git a/src/domains/elk/ingress/loadbalancer.yaml.tpl b/src/domains/elk/ingress/loadbalancer.yaml.tpl deleted file mode 100644 index f00cb77ca..000000000 --- a/src/domains/elk/ingress/loadbalancer.yaml.tpl +++ /dev/null @@ -1,5 +0,0 @@ -controller: - service: - loadBalancerIP: ${load_balancer_ip} - annotations: - service.beta.kubernetes.io/azure-load-balancer-internal: "true" diff --git a/src/domains/elk/templates/tls-cert.yaml.tpl b/src/domains/elk/templates/tls-cert.yaml.tpl deleted file mode 100644 index c05ff866b..000000000 --- a/src/domains/elk/templates/tls-cert.yaml.tpl +++ /dev/null @@ -1,56 +0,0 @@ -namespace: '${namespace}' - -image: - repository: '${image_name}' - tag: '${image_tag}' - -ingress: - create: false - -service: - create: false - -readinessProbe: - httpGet: - port: 8080 - -livenessProbe: - httpGet: - port: 8080 - -resources: - requests: - memory: '96Mi' - cpu: '10m' - limits: - memory: '128Mi' - cpu: '50m' - -envConfig: - WEBSITE_SITE_NAME: '${website_site_name}' - FUNCTION_WORKER_RUNTIME: 'dotnet' - TIME_TRIGGER: '${time_trigger}' - FunctionName: '${function_name}' - Region: '${region}' - ExpirationDeltaInDays: '${expiration_delta_in_days}' - Host: 'https://${host}' - AzureWebJobsStorage: "UseDevelopmentStorage=true" - -envSecret: - APPINSIGHTS_INSTRUMENTATIONKEY: '${appinsights_instrumentationkey}' - -keyvault: - name: '${keyvault_name}' - tenantId: '${keyvault_tenantid}' - -sidecars: - - name: azurite - securityContext: - allowPrivilegeEscalation: false - image: mcr.microsoft.com/azure-storage/azurite:3.18.0@sha256:fbd99a4aa4259827081ff9e5cd133a531f20fa2d1d010891fd474d5798f15d7a - ports: - - containerPort: 10000 - resources: - limits: - memory: 100Mi - cpu: 20m diff --git a/src/domains/elk/terraform.sh b/src/domains/elk/terraform.sh deleted file mode 100755 index 3dd3dc4b5..000000000 --- a/src/domains/elk/terraform.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -set -e - -action=$1 -env=$2 -shift 2 -other=$@ - -subscription="MOCK_VALUE" - -if [ -z "$action" ]; then - echo "Missed action: init, apply, plan" - exit 0 -fi - -if [ -z "$env" ]; then - echo "env should be: dev, uat or prod." - exit 0 -fi - -# shellcheck source=/dev/null -source "./env/$env/backend.ini" - -az account set -s "${subscription}" - -if [ "$action" = "force-unlock" ]; then - echo "🧭 terraform INIT in env: ${env}" - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" $other - warn_message="You are about to unlock Terraform's remote state. - This is a dangerous task you want to be aware of before going on. - This operation won't affect your infrastructure directly. - However, please note that you may lose pieces of information about partially-applied configurations. - - Please refer to the official Terraform documentation about the command: - https://developer.hashicorp.com/terraform/cli/commands/force-unlock" - printf "\n\e[33m%s\e[0m\n\n" "$warn_message" - - read -r -p "Please enter the LOCK ID: " lock_id - terraform force-unlock "$lock_id" - - exit 0 # this line prevents the script to go on -fi - -if echo "init plan apply refresh import output state taint destroy" | grep -w "$action" > /dev/null; then - if [ "$action" = "init" ]; then - echo "🧭 terraform INIT in env: ${env}" - terraform "$action" -reconfigure -backend-config="./env/$env/backend.tfvars" $other - elif [ "$action" = "output" ] || [ "$action" = "state" ] || [ "$action" = "taint" ]; then - # init terraform backend - echo "🧭 terraform (output|state|taint) launched with action: ${action} in env: ${env}" - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform "$action" $other - else - # init terraform backend - echo "🧭 terraform launched with action: ${action} in env: ${env} into folder $(pwd)" - - terraform init -reconfigure -backend-config="./env/$env/backend.tfvars" - terraform "$action" -var-file="./env/$env/terraform.tfvars" $other - fi -else - echo "Action not allowed." - exit 1 -fi diff --git a/src/domains/ioweb-app/99_variables.tf b/src/domains/ioweb-app/99_variables.tf index 8ffff08a6..1f6d31586 100644 --- a/src/domains/ioweb-app/99_variables.tf +++ b/src/domains/ioweb-app/99_variables.tf @@ -57,7 +57,7 @@ variable "location_string" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "lock_enable" { diff --git a/src/domains/ioweb-app/README.md b/src/domains/ioweb-app/README.md index ee387d257..b0ba30b49 100644 --- a/src/domains/ioweb-app/README.md +++ b/src/domains/ioweb-app/README.md @@ -98,7 +98,7 @@ | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [function\_ioweb\_profile](#input\_function\_ioweb\_profile) | n/a | 
object({
    autoscale_minimum = number
    autoscale_maximum = number
    autoscale_default = number
    sku_size          = string
    kind              = string
  })
| n/a | yes | | [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of weu, neu | `string` | n/a | yes | diff --git a/src/domains/ioweb-common/99_variables.tf b/src/domains/ioweb-common/99_variables.tf index a353066c5..65b513ea8 100644 --- a/src/domains/ioweb-common/99_variables.tf +++ b/src/domains/ioweb-common/99_variables.tf @@ -52,7 +52,7 @@ variable "location_short" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/ioweb-common/README.md b/src/domains/ioweb-common/README.md index b408fc2f3..0900e5ff3 100644 --- a/src/domains/ioweb-common/README.md +++ b/src/domains/ioweb-common/README.md @@ -92,7 +92,7 @@ | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | | [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | diff --git a/src/domains/messages-app/99_variables.tf b/src/domains/messages-app/99_variables.tf index e56885159..bd538ddc9 100644 --- a/src/domains/messages-app/99_variables.tf +++ b/src/domains/messages-app/99_variables.tf @@ -57,7 +57,7 @@ variable "location_string" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/messages-app/README.md b/src/domains/messages-app/README.md index 02ebea793..c0ae8c20b 100644 --- a/src/domains/messages-app/README.md +++ b/src/domains/messages-app/README.md @@ -158,7 +158,7 @@ | [eventhubs](#input\_eventhubs) | A list of event hubs to add to namespace. | 
list(object({
    name              = string
    partitions        = number
    message_retention = number
    consumers         = list(string)
    keys = list(object({
      name   = string
      listen = bool
      send   = bool
      manage = bool
    }))
  }))
| `[]` | no | | [function\_service\_messages\_enabled](#input\_function\_service\_messages\_enabled) | Functions service messages enabled? | `bool` | `false` | no | | [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [io\_receipt\_remote\_config\_id](#input\_io\_receipt\_remote\_config\_id) | The Remote Content Config ID of io-receipt service | `string` | `"01HMVM9W74RWH93NT1EYNKKNNR"` | no | | [io\_receipt\_remote\_config\_test\_id](#input\_io\_receipt\_remote\_config\_test\_id) | The Remote Content Config ID of io-receipt service | `string` | `"01HMVMCDD3JFYTPKT4ZN4WQ73B"` | no | | [io\_receipt\_service\_id](#input\_io\_receipt\_service\_id) | The Service ID of io-receipt service | `string` | `"01HD63674XJ1R6XCNHH24PCRR2"` | no | diff --git a/src/domains/messages-app/env/weu-beta/backend.ini b/src/domains/messages-app/env/weu-beta/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/messages-app/env/weu-beta/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/messages-app/env/weu-beta/backend.tfvars b/src/domains/messages-app/env/weu-beta/backend.tfvars deleted file mode 100644 index 5a8494a61..000000000 --- a/src/domains/messages-app/env/weu-beta/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.messages-app-weu-beta.tfstate" diff --git a/src/domains/messages-app/env/weu-beta/terraform.tfvars b/src/domains/messages-app/env/weu-beta/terraform.tfvars deleted file mode 100644 index fe20e1e8f..000000000 --- a/src/domains/messages-app/env/weu-beta/terraform.tfvars +++ /dev/null @@ -1,76 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "messages" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "beta" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/messages" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -tls_cert_check_enabled = false - -### Aks - -ingress_load_balancer_ip = "10.10.0.254" - -## Notification Hub - -nh_resource_group_name = "io-p-rg-common" -nh_name_prefix = "io-p-ntf" -nh_namespace_prefix = "io-p-ntfns" -nh_partition_count = 4 - -################################# -# CIDRS -################################# -cidr_subnet_push_notif = ["10.0.140.0/26"] - -############################### -# Messages functions -############################### -app_messages_count = 1 -cidr_subnet_appmessages = ["10.0.127.0/24", "10.0.128.0/24"] -cidr_subnet_appmessages_xl = ["10.0.210.0/24", "10.0.211.0/24"] - -############################### -# Messages cqrs functions -############################### -cidr_subnet_fnmessagescqrs = ["10.0.129.0/24"] - -############################### -# Service messages functions -############################### -cidr_subnet_fnservicemessages = ["10.0.148.0/26"] -function_service_messages_enabled = false diff --git a/src/domains/messages-app/env/weu-prod02/backend.ini b/src/domains/messages-app/env/weu-prod02/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/messages-app/env/weu-prod02/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/messages-app/env/weu-prod02/backend.tfvars b/src/domains/messages-app/env/weu-prod02/backend.tfvars deleted file mode 100644 index 3639b3bec..000000000 --- a/src/domains/messages-app/env/weu-prod02/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.messages-app-weu-prod02.tfstate" diff --git a/src/domains/messages-app/env/weu-prod02/terraform.tfvars b/src/domains/messages-app/env/weu-prod02/terraform.tfvars deleted file mode 100644 index 333bffdf2..000000000 --- a/src/domains/messages-app/env/weu-prod02/terraform.tfvars +++ /dev/null @@ -1,46 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "messages" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "prod02" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/messages" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -tls_cert_check_enabled = true - -### Aks - -ingress_load_balancer_ip = "10.12.100.250" diff --git a/src/domains/messages-common/99_variables.tf b/src/domains/messages-common/99_variables.tf index 151e1babb..e141ee7e3 100644 --- a/src/domains/messages-common/99_variables.tf +++ b/src/domains/messages-common/99_variables.tf @@ -52,7 +52,7 @@ variable "location_short" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/messages-common/README.md b/src/domains/messages-common/README.md index b45ff4ed0..99a773ccd 100644 --- a/src/domains/messages-common/README.md +++ b/src/domains/messages-common/README.md @@ -145,7 +145,7 @@ | [enable\_azdoa](#input\_enable\_azdoa) | Specifies Azure Devops Agent enabling | `bool` | `true` | no | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | | [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | diff --git a/src/domains/payments-app/99_variables.tf b/src/domains/payments-app/99_variables.tf index 6116b9e05..8c4ac3971 100644 --- a/src/domains/payments-app/99_variables.tf +++ b/src/domains/payments-app/99_variables.tf @@ -57,7 +57,7 @@ variable "location_string" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/payments-app/README.md b/src/domains/payments-app/README.md index 9f6581ca1..49a6966c4 100644 --- a/src/domains/payments-app/README.md +++ b/src/domains/payments-app/README.md @@ -93,7 +93,7 @@ | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [eventhubs](#input\_eventhubs) | A list of event hubs to add to namespace. | 
list(object({
    name              = string
    partitions        = number
    message_retention = number
    consumers         = list(string)
    keys = list(object({
      name   = string
      listen = bool
      send   = bool
      manage = bool
    }))
  }))
| `[]` | no | | [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | diff --git a/src/domains/payments-app/env/weu-beta/backend.ini b/src/domains/payments-app/env/weu-beta/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/payments-app/env/weu-beta/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/payments-app/env/weu-beta/backend.tfvars b/src/domains/payments-app/env/weu-beta/backend.tfvars deleted file mode 100644 index 34383e763..000000000 --- a/src/domains/payments-app/env/weu-beta/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.payments-app-weu-beta.tfstate" diff --git a/src/domains/payments-app/env/weu-beta/terraform.tfvars b/src/domains/payments-app/env/weu-beta/terraform.tfvars deleted file mode 100644 index f2b2da7db..000000000 --- a/src/domains/payments-app/env/weu-beta/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "payments" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "beta" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/payments" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.10.0.254" diff --git a/src/domains/payments-app/env/weu-prod02/backend.ini b/src/domains/payments-app/env/weu-prod02/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/payments-app/env/weu-prod02/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/payments-app/env/weu-prod02/backend.tfvars b/src/domains/payments-app/env/weu-prod02/backend.tfvars deleted file mode 100644 index 98138d171..000000000 --- a/src/domains/payments-app/env/weu-prod02/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.payments-app-weu-prod02.tfstate" diff --git a/src/domains/payments-app/env/weu-prod02/terraform.tfvars b/src/domains/payments-app/env/weu-prod02/terraform.tfvars deleted file mode 100644 index 92452617d..000000000 --- a/src/domains/payments-app/env/weu-prod02/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "payments" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "prod02" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/payments" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.12.100.250" diff --git a/src/domains/payments-common/99_variables.tf b/src/domains/payments-common/99_variables.tf index beb1b1087..1c5fa8fb8 100644 --- a/src/domains/payments-common/99_variables.tf +++ b/src/domains/payments-common/99_variables.tf @@ -52,7 +52,7 @@ variable "location_short" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/payments-common/README.md b/src/domains/payments-common/README.md index a96ada73a..c1ccaa086 100644 --- a/src/domains/payments-common/README.md +++ b/src/domains/payments-common/README.md @@ -69,7 +69,7 @@ | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | | [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes | diff --git a/src/domains/profile-app/99_variables.tf b/src/domains/profile-app/99_variables.tf index 259aca2a1..6ba108f6d 100644 --- a/src/domains/profile-app/99_variables.tf +++ b/src/domains/profile-app/99_variables.tf @@ -57,7 +57,7 @@ variable "location_string" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/profile-app/README.md b/src/domains/profile-app/README.md index 2373f1ff1..6e8d63007 100644 --- a/src/domains/profile-app/README.md +++ b/src/domains/profile-app/README.md @@ -75,7 +75,7 @@ | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | | [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | diff --git a/src/domains/profile-app/env/weu-beta/backend.ini b/src/domains/profile-app/env/weu-beta/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/profile-app/env/weu-beta/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/profile-app/env/weu-beta/backend.tfvars b/src/domains/profile-app/env/weu-beta/backend.tfvars deleted file mode 100644 index 8f4e806cd..000000000 --- a/src/domains/profile-app/env/weu-beta/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.profile-app-weu-beta.tfstate" diff --git a/src/domains/profile-app/env/weu-beta/terraform.tfvars b/src/domains/profile-app/env/weu-beta/terraform.tfvars deleted file mode 100644 index 95caa269c..000000000 --- a/src/domains/profile-app/env/weu-beta/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "profile" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "beta" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/profile" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.10.0.254" diff --git a/src/domains/profile-app/env/weu-prod02/backend.ini b/src/domains/profile-app/env/weu-prod02/backend.ini deleted file mode 100644 index cf83055f5..000000000 --- a/src/domains/profile-app/env/weu-prod02/backend.ini +++ /dev/null @@ -1 +0,0 @@ -subscription=PROD-IO diff --git a/src/domains/profile-app/env/weu-prod02/backend.tfvars b/src/domains/profile-app/env/weu-prod02/backend.tfvars deleted file mode 100644 index 1f3359f44..000000000 --- a/src/domains/profile-app/env/weu-prod02/backend.tfvars +++ /dev/null @@ -1,4 +0,0 @@ -resource_group_name = "terraform-state-rg" -storage_account_name = "tfinfprodio" -container_name = "terraform-state" -key = "io-infra.profile-app-weu-prod02.tfstate" diff --git a/src/domains/profile-app/env/weu-prod02/terraform.tfvars b/src/domains/profile-app/env/weu-prod02/terraform.tfvars deleted file mode 100644 index df0a1eb2d..000000000 --- a/src/domains/profile-app/env/weu-prod02/terraform.tfvars +++ /dev/null @@ -1,44 +0,0 @@ -prefix = "io" -env_short = "p" -env = "prod" -domain = "profile" -location = "westeurope" -location_short = "weu" -location_string = "West Europe" -instance = "prod02" - -tags = { - CreatedBy = "Terraform" - Environment = "Prod" - Owner = "IO" - Source = "https://github.com/pagopa/io-infra/tree/main/src/profile" - CostCenter = "TS310 - PAGAMENTI & SERVIZI" -} - -### External resources - -monitor_resource_group_name = "io-p-rg-common" -log_analytics_workspace_name = "io-p-law-common" -log_analytics_workspace_resource_group_name = "io-p-rg-common" -application_insights_name = "io-p-ai-common" - -### External tools - -# chart releases: https://github.com/stakater/Reloader/releases -# image tags: https://hub.docker.com/r/stakater/reloader/tags -reloader_helm = { - chart_version = "v1.0.41" - image_name = "stakater/reloader" - image_tag = "v1.0.41@sha256:eb7e816f4c38d9c9c25fd8743919075d8ea699d8593f261c7c2e0b52080c6c47" -} -# chart releases: https://github.com/pagopa/aks-microservice-chart-blueprint/releases -# image tags: https://github.com/pagopa/infra-ssl-check/releases -tls_cert_check_helm = { - chart_version = "2.0.0" - image_name = "ghcr.io/pagopa/infra-ssl-check" - image_tag = "v1.3.4@sha256:c3d45736706c981493b6216451fc65e99a69d5d64409ccb1c4ca93fef57c921d" -} - -### Aks - -ingress_load_balancer_ip = "10.12.100.250" diff --git a/src/domains/profile-common/99_variables.tf b/src/domains/profile-common/99_variables.tf index beb1b1087..1c5fa8fb8 100644 --- a/src/domains/profile-common/99_variables.tf +++ b/src/domains/profile-common/99_variables.tf @@ -52,7 +52,7 @@ variable "location_short" { variable "instance" { type = string - description = "One of beta, prod01, prod02" + description = "One of prod01" } variable "tags" { diff --git a/src/domains/profile-common/README.md b/src/domains/profile-common/README.md index 9ef5b58ff..ddd607a01 100644 --- a/src/domains/profile-common/README.md +++ b/src/domains/profile-common/README.md @@ -53,7 +53,7 @@ | [domain](#input\_domain) | n/a | `string` | n/a | yes | | [env](#input\_env) | n/a | `string` | n/a | yes | | [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes | -| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes | +| [instance](#input\_instance) | One of prod01 | `string` | n/a | yes | | [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes | | [location\_short](#input\_location\_short) | One of wue, neu | `string` | n/a | yes | | [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |