From 0cbe69d3b27d8ff0aefa0d43715e2065c33ffb55 Mon Sep 17 00:00:00 2001 From: ffppa Date: Thu, 27 Feb 2025 12:46:09 +0100 Subject: [PATCH] feat: [PAYMCLOUD-255] Add Prometheus Managed for AKS and enhance monitoring setup (#2837) Add Prometheus and monitoring enhancements Introduced Prometheus managed add-on for AKS in non-production environments and enhanced monitoring setup with workspace and private endpoints. Updated Terraform modules and configurations to support these improvements, ensuring better observability and integration. Signed-off-by: Fabio Felici --- src/aks-leonardo/.terraform.lock.hcl | 50 +++++++++++-------------- src/aks-leonardo/03_aks_0.tf | 9 ++++- src/aks-leonardo/03_monitoring.tf | 37 ++++++++++++++++++ src/aks-leonardo/README.md | 4 +- src/aks-platform/05_monitoring.tf | 1 - src/core-itn/01_network.tf | 14 +++++++ src/core-itn/70_monitoring.tf | 52 ++++++++++++++++++++++++++ src/core-itn/99_variables.tf | 5 +++ src/core-itn/README.md | 6 +++ src/core-itn/env/dev/terraform.tfvars | 12 +++--- src/core-itn/env/prod/terraform.tfvars | 1 + src/core-itn/env/uat/terraform.tfvars | 1 + 12 files changed, 155 insertions(+), 37 deletions(-) diff --git a/src/aks-leonardo/.terraform.lock.hcl b/src/aks-leonardo/.terraform.lock.hcl index 1e00c6e8a3..1832a4f7e1 100644 --- a/src/aks-leonardo/.terraform.lock.hcl +++ b/src/aks-leonardo/.terraform.lock.hcl @@ -5,10 +5,6 @@ provider "registry.terraform.io/alekc/kubectl" { version = "2.1.3" constraints = "~> 2.0" hashes = [ - "h1:AymCb0DCWzmyLqn1qEhVs2pcFUZGT/kxPK+I/BObFH8=", - "h1:JlCnFOeGK8AkmA5eaW0qIWXKA1stD8Irij+cttcZLsk=", - "h1:LzkjMzVRQqwvbY+tF3b+Wxj9BDLZ6Qj9rpPKVppodDU=", - "h1:hImtuIg0fyXqKqi2ZPjESGsc/R1jls5VfSWtNyKRTMA=", "h1:poWSAAtK4FI1x79C2OyLaNrvWUGTQdr1ZT58edDz+Rs=", "zh:0e601ae36ebc32eb8c10aff4c48c1125e471fa09f5668465af7581c9057fa22c", "zh:1773f08a412d1a5f89bac174fe1efdfd255ecdda92d31a2e31937e4abf843a2f", @@ -27,15 +23,31 @@ provider "registry.terraform.io/alekc/kubectl" { ] } +provider "registry.terraform.io/azure/azapi" { + version = "2.2.0" + constraints = "2.2.0" + hashes = [ + "h1:Us5LvK2ju2qo3MQlXVtDDKCt5SMFRDIHUL8ubVdCEUg=", + "zh:062be5d8272cac297a88c2057449f449ea6906c4121ba3dfdeb5cecb3ff91178", + "zh:1fd9abec3ffcbf8d0244408334e9bfc8f49ada50978cd73ee0ed5f8560987267", + "zh:48e84b0302af99d7e7f4248a724088fb1c34aeee78c9ca63ec5a9464ec5054a0", + "zh:4e7302883fd9dd83bfbbcd72ebd55f83d8b16ccc6d12d1573d578058e604d5cf", + "zh:5b6e181e32cbf62f5d2ce34f9d6d9ffe17192e24943450bbe335e1baf0494e66", + "zh:62d525d426c6d5f10109ab04a9abc231b204ea413238f5690f69b420a8b8583a", + "zh:90aab23497ec9c7af44ad9ea1a1d6063dc3331334915e1c549527a73c2c6948d", + "zh:91ecf30a01df5e832191e0c55c87f8403a1f584796fd70f9c9c913d35c2e2a37", + "zh:bc3a5db5e4b9695a69dff47cf1e7184eaf5564d3dc50f231cbcbf535dd140d19", + "zh:cb566bec2676511bf4722e24d0dfc9bf58aff78af38b8e0864970f20d263118f", + "zh:d4fa0c1462b389cee313e1c152e00f5dfc175a1be3615d3b23b526a8581e39a5", + "zh:f8136b0f41045a1e5a6dedc6b6fb055faee3d825f84a3192312e3ac5d057ff72", + ] +} + provider "registry.terraform.io/hashicorp/azuread" { version = "2.47.0" constraints = "<= 2.47.0" hashes = [ - "h1:8J74v92UvtqVNucugAtB+Sd44oTgnhfct+Xf8ObOZug=", - "h1:KB9BNRNStbdsfdRmVXUwXtN77qgX5VjBy2UALcqp218=", "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=", - "h1:iRwDQBdXBpVBoYwM9au2RG01RQuJSm3TGQ2kioFVAas=", - "h1:zYMGokLn44KSWir7Nr4t8lEAPMB6JuXd2LlP2Ac2tMY=", "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001", @@ -55,10 +67,6 @@ provider "registry.terraform.io/hashicorp/azurerm" { version = "3.110.0" constraints = "~> 3.30, ~> 3.105, <= 3.110.0" hashes = [ - "h1:4QrrAcbVTUzX2xQIywvAZeM+lrCgcFbFGoADvTAXdhk=", - "h1:EY+IRabj+4NJ3tqB4kVg7dTjoTdwOMHUhIvIoddgRTI=", - "h1:ice1q9zU8gIFSpCvuO7NBvod/zV5FPoZHhaHvXlETss=", - "h1:sxJe/N9/r+UDNQmRMKRRbJN9N1zpijux3iCJYwWs20A=", "h1:uxeKsqfI9LjvYkcMCiFwlDpQzZvrB83pVJIoG9s4t54=", "zh:1a1fe9e1a4c08453f249352d135349f7a06f2973dbb839375c7b802523a87351", "zh:25a9ddeb9b0e1d974aa45ecd67e3f7b8ee333565f0fd99e02b588acf55c46664", @@ -79,10 +87,6 @@ provider "registry.terraform.io/hashicorp/external" { version = "2.3.3" constraints = "<= 2.3.3" hashes = [ - "h1:/x65slrvO8YG5MKxE2DaU5udEbUxBu3BgEiO7EEM9bQ=", - "h1:H+3QlVPs/7CDa3I4KU/a23wYeGeJxeBlgvR7bfK1t1w=", - "h1:Qi72kOSrEYgEt5itloFhDfmiFZ7wnRy3+F74XsRuUOw=", - "h1:Up2xaIhiNYomK8Lhe29U2FcojpbRWZYDtSeS03OhI94=", "h1:gShzO1rJtADK9tDZMvMgjciVAzsBh39LNjtThCwX1Hg=", "zh:03d81462f9578ec91ce8e26f887e34151eda0e100f57e9772dbea86363588239", "zh:37ec2a20f6a3ec3a0fd95d3f3de26da6cb9534b30488bc45723e118a0911c0d8", @@ -103,11 +107,7 @@ provider "registry.terraform.io/hashicorp/helm" { version = "2.12.1" constraints = ">= 2.0.0, ~> 2.12, <= 2.12.1" hashes = [ - "h1:7wfYOAeSEchHB8idNl+2jf+OkFi9zFSOLWkEZFuTCik=", "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=", - "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", - "h1:sjzfyNQAjtF9zXHxB67geryjGkHaPDMMVw9iqPP5pkE=", - "h1:xwHVa6ab/XVfDrZ3h35OzLJ6g0Zte4VAvSnyKw3f9AI=", "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", @@ -127,11 +127,7 @@ provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.27.0" constraints = "~> 2.27, <= 2.27.0" hashes = [ - "h1:/3kLyOR2jTaWS1MKso4xAztrocGBMxi8yVadWiqSWOg=", "h1:GzU0FzYAT/+IgAhnSBcFH3bT+4I5N6oSga6iZgNJAus=", - "h1:TrlG/sofnDv8kAbzKOD5pIPeUiI5VQY61NuWH+cItDw=", - "h1:WuU4rl7szPJr9Nfu5OoQGF84k8yQf+gmS9zU2eZuxcc=", - "h1:w9ENsSqT/3Oj/yt4GcudG202ehSD2Ls5gwqOLoKrBUQ=", "zh:3bdba30ae67c55dc7e9a317ac0da3b208ea7926fe9c2f0ae6587ee88dcc58d1f", "zh:3f35138a831c00b188d2ffee27111dd0cf59afad2dd5653ed9e67d59646de12c", "zh:64066d18f6ae9a316c2bc840ef3e641d7ab94e1ea3a41d12523e77345ad442ef", @@ -151,11 +147,7 @@ provider "registry.terraform.io/hashicorp/null" { version = "3.2.2" constraints = "~> 3.2, <= 3.2.2" hashes = [ - "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=", "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", - "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=", - "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=", - "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", @@ -169,4 +161,4 @@ provider "registry.terraform.io/hashicorp/null" { "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", ] -} \ No newline at end of file +} diff --git a/src/aks-leonardo/03_aks_0.tf b/src/aks-leonardo/03_aks_0.tf index cad32dc45c..b83e1a79a5 100644 --- a/src/aks-leonardo/03_aks_0.tf +++ b/src/aks-leonardo/03_aks_0.tf @@ -6,7 +6,7 @@ resource "azurerm_resource_group" "rg_aks" { } module "aks_leonardo" { - source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.58.0" + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster?ref=v8.80.0" name = local.aks_cluster_name location = var.location @@ -16,6 +16,13 @@ module "aks_leonardo" { log_analytics_workspace_id = var.env_short != "d" ? data.azurerm_log_analytics_workspace.log_analytics_italy.id : data.azurerm_log_analytics_workspace.log_analytics.id sku_tier = var.aks_sku_tier + ## Prometheus managed + # ff: enabled on DEV/UAT + enable_prometheus_monitor_metrics = var.env_short != "p" ? true : false + + # ff: Enabled cost analysis on UAT/PROD + # cost_analysis_enabled = var.env_short != "d" ? true : false + # # 🤖 System node pool # diff --git a/src/aks-leonardo/03_monitoring.tf b/src/aks-leonardo/03_monitoring.tf index d78b91a285..42752b79f6 100644 --- a/src/aks-leonardo/03_monitoring.tf +++ b/src/aks-leonardo/03_monitoring.tf @@ -64,3 +64,40 @@ data "azurerm_key_vault_secret" "opsgenie_kubexporter_api_key" { // TODO mettere nel kv il secret quickstart-es-elastic-user tramite sops + +## PROMETHUES MANAGED ON AKS +# Refer: Resource created on next-core 02_monitor.tf +data "azurerm_monitor_workspace" "workspace" { + count = var.env != "prod" ? 1 : 0 + name = "pagopa-${var.env_short}-${var.location}-monitor-workspace" + resource_group_name = "pagopa-${var.env_short}-monitor-rg" +} + +module "prometheus_managed_addon" { + count = var.env != "prod" ? 1 : 0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_prometheus_managed?ref=v8.84.0" + cluster_name = module.aks_leonardo.name + resource_group_name = module.aks_leonardo.aks_resource_group_name + location = var.location + custom_gf_location = "westeurope" + location_short = var.location_short + monitor_workspace_name = data.azurerm_monitor_workspace.workspace.0.name + monitor_workspace_rg = data.azurerm_monitor_workspace.workspace.0.resource_group_name + grafana_name = "pagopa-${var.env_short}-weu-grafana" # Integrate with weu grafana + grafana_resource_group = "pagopa-${var.env_short}-weu-grafana-rg" # Integrate with weu grafana + + # takes a list and replaces any elements that are lists with a + # flattened sequence of the list contents. + # In this case, we enable OpsGenie only on prod env + action_groups_id = flatten([ + [ + data.azurerm_monitor_action_group.slack.id, + data.azurerm_monitor_action_group.email.id + ], + (var.env == "prod" ? [ + data.azurerm_monitor_action_group.opsgenie.0.id + ] : []) + ]) + + tags = var.tags +} diff --git a/src/aks-leonardo/README.md b/src/aks-leonardo/README.md index e7dfa0e325..98178a0906 100644 --- a/src/aks-leonardo/README.md +++ b/src/aks-leonardo/README.md @@ -40,13 +40,14 @@ Re-enable all the resource, commented before to complete the procedure | Name | Source | Version | |------|--------|---------| -| [aks\_leonardo](#module\_aks\_leonardo) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.58.0 | +| [aks\_leonardo](#module\_aks\_leonardo) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_cluster | v8.80.0 | | [aks\_prometheus\_install](#module\_aks\_prometheus\_install) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_prometheus_install | v8.78.1 | | [aks\_storage\_class](#module\_aks\_storage\_class) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_storage_class | v8.17.1 | | [elastic\_agent](#module\_elastic\_agent) | git::https://github.com/pagopa/terraform-azurerm-v3.git//elastic_agent | v8.50.0 | | [keda\_pod\_identity](#module\_keda\_pod\_identity) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_pod_identity | v8.17.1 | | [kubernetes\_event\_exporter](#module\_kubernetes\_event\_exporter) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_event_exporter | v8.76.0 | | [nginx\_ingress](#module\_nginx\_ingress) | terraform-module/release/helm | 2.7.0 | +| [prometheus\_managed\_addon](#module\_prometheus\_managed\_addon) | git::https://github.com/pagopa/terraform-azurerm-v3.git//kubernetes_prometheus_managed | v8.84.0 | ## Resources @@ -94,6 +95,7 @@ Re-enable all the resource, commented before to complete the procedure | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.opsgenie](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_monitor_workspace.workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_workspace) | data source | | [azurerm_public_ip.pip_aks_outboud](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip) | data source | | [azurerm_resource_group.monitor_italy_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | diff --git a/src/aks-platform/05_monitoring.tf b/src/aks-platform/05_monitoring.tf index 31249e1421..155f5dafe1 100644 --- a/src/aks-platform/05_monitoring.tf +++ b/src/aks-platform/05_monitoring.tf @@ -112,7 +112,6 @@ resource "kubernetes_manifest" "service_monitor" { "app.kubernetes.io/instance" : "prometheus" "app.kubernetes.io/part-of" : "kube-prometheus-stack" "app" : "kube-prometheus-stack-operator" - "release" : helm_release.kube_prometheus_stack.name } } "spec" : { diff --git a/src/core-itn/01_network.tf b/src/core-itn/01_network.tf index eae17a6505..3580cd8ed7 100644 --- a/src/core-itn/01_network.tf +++ b/src/core-itn/01_network.tf @@ -91,3 +91,17 @@ resource "azurerm_subnet" "subnet_container_app_tools" { virtual_network_name = module.vnet_italy[0].name address_prefixes = var.cidr_subnet_tools_cae } + +# subnet acr +module "common_private_endpoint_snet" { + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.83.0" + name = "${local.product}-common-private-endpoint-snet" + address_prefixes = var.cidr_common_private_endpoint_snet + resource_group_name = azurerm_resource_group.rg_ita_vnet.name + virtual_network_name = module.vnet_italy.0.name + + private_link_service_network_policies_enabled = true + + + service_endpoints = var.env_short == "p" ? ["Microsoft.Storage"] : [] +} diff --git a/src/core-itn/70_monitoring.tf b/src/core-itn/70_monitoring.tf index 6b6c9c70b3..6ecd5e1826 100644 --- a/src/core-itn/70_monitoring.tf +++ b/src/core-itn/70_monitoring.tf @@ -24,6 +24,58 @@ resource "azurerm_log_analytics_workspace" "log_analytics_workspace" { } } +# Azure Monitor Workspace +resource "azurerm_monitor_workspace" "monitor_workspace" { + count = var.env != "prod" ? 1 : 0 + name = "${var.prefix}-${var.env_short}-${var.location}-monitor-workspace" + resource_group_name = "${var.prefix}-${var.env_short}-monitor-rg" + location = var.location + public_network_access_enabled = false + tags = var.tags +} + +# Create workspace private DNS zone +resource "azurerm_private_dns_zone" "prometheus_dns_zone" { + count = var.env != "prod" ? 1 : 0 + name = "privatelink.${var.location}.prometheus.monitor.azure.com" + resource_group_name = module.vnet_italy.0.resource_group_name +} + +# Create virtual network link for workspace private dns zone +resource "azurerm_private_dns_zone_virtual_network_link" "prometheus_dns_zone_vnet_link" { + count = var.env != "prod" ? 1 : 0 + name = module.vnet_italy.0.name + resource_group_name = module.vnet_italy.0.resource_group_name + virtual_network_id = module.vnet_italy.0.id + private_dns_zone_name = azurerm_private_dns_zone.prometheus_dns_zone.0.name +} + +resource "azurerm_private_endpoint" "monitor_workspace_private_endpoint" { + count = var.env != "prod" ? 1 : 0 + name = "${var.prefix}-${var.location}-monitor-workspace-pe" + location = azurerm_monitor_workspace.monitor_workspace.0.location + resource_group_name = azurerm_monitor_workspace.monitor_workspace.0.resource_group_name + subnet_id = module.common_private_endpoint_snet.id + + private_service_connection { + name = "monitorworkspaceconnection" + private_connection_resource_id = azurerm_monitor_workspace.monitor_workspace[0].id + is_manual_connection = false + subresource_names = ["prometheusMetrics"] + } + + private_dns_zone_group { + name = "${var.prefix}-workspace-zone-group" + private_dns_zone_ids = [azurerm_private_dns_zone.prometheus_dns_zone.0.id] + } + + + depends_on = [azurerm_monitor_workspace.monitor_workspace] + + tags = var.tags +} + + # Application insights resource "azurerm_application_insights" "application_insights" { name = "${local.project}-appinsights" diff --git a/src/core-itn/99_variables.tf b/src/core-itn/99_variables.tf index c1b2863872..3a07cfd75e 100644 --- a/src/core-itn/99_variables.tf +++ b/src/core-itn/99_variables.tf @@ -108,6 +108,11 @@ variable "cidr_subnet_tools_cae" { description = "Address prefixes for container apps Tools in italy." } +variable "cidr_common_private_endpoint_snet" { + type = list(string) + description = "Common Private Endpoint network address space." +} + ### External resources variable "monitor_resource_group_name" { diff --git a/src/core-itn/README.md b/src/core-itn/README.md index b562b93bf9..edaa25b2d4 100644 --- a/src/core-itn/README.md +++ b/src/core-itn/README.md @@ -108,6 +108,7 @@ No outputs. | Name | Source | Version | |------|--------|---------| +| [common\_private\_endpoint\_snet](#module\_common\_private\_endpoint\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v8.83.0 | | [container\_registry\_ita](#module\_container\_registry\_ita) | git::https://github.com/pagopa/terraform-azurerm-v3.git//container_registry | v8.13.0 | | [domain\_key\_vault\_secrets\_query](#module\_domain\_key\_vault\_secrets\_query) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault_secrets_query | v8.13.0 | | [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.13.0 | @@ -129,6 +130,8 @@ No outputs. | [azurerm_log_analytics_workspace.log_analytics_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource | | [azurerm_monitor_action_group.email](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_action_group) | resource | +| [azurerm_monitor_workspace.monitor_workspace](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_workspace) | resource | +| [azurerm_private_dns_zone.prometheus_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone) | resource | | [azurerm_private_dns_zone_virtual_network_link.db_nodo_pagamenti_com_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.env_platform_pagopa_it_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.internal_env_platform_pagopa_it_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | @@ -143,6 +146,8 @@ No outputs. | [azurerm_private_dns_zone_virtual_network_link.privatelink_servicebus_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_table_core_windows_net_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | | [azurerm_private_dns_zone_virtual_network_link.privatelink_table_cosmos_azure_com_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_dns_zone_virtual_network_link.prometheus_dns_zone_vnet_link](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link) | resource | +| [azurerm_private_endpoint.monitor_workspace_private_endpoint](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_public_ip.aks_leonardo_public_ip](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource | | [azurerm_resource_group.acr_ita_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | @@ -184,6 +189,7 @@ No outputs. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [cidr\_common\_private\_endpoint\_snet](#input\_cidr\_common\_private\_endpoint\_snet) | Common Private Endpoint network address space. | `list(string)` | n/a | yes | | [cidr\_eventhubs\_italy](#input\_cidr\_eventhubs\_italy) | Address prefixes for all evenhubs in italy. | `list(string)` | n/a | yes | | [cidr\_subnet\_pdf\_engine\_app\_service](#input\_cidr\_subnet\_pdf\_engine\_app\_service) | CIDR subnet for App Service | `list(string)` | `null` | no | | [cidr\_subnet\_tools\_cae](#input\_cidr\_subnet\_tools\_cae) | Address prefixes for container apps Tools in italy. | `list(string)` | n/a | yes | diff --git a/src/core-itn/env/dev/terraform.tfvars b/src/core-itn/env/dev/terraform.tfvars index c9ecba3789..247c7c094b 100644 --- a/src/core-itn/env/dev/terraform.tfvars +++ b/src/core-itn/env/dev/terraform.tfvars @@ -23,11 +23,13 @@ is_feature_enabled = { ### Network Italy cidr_vnet_italy = ["10.3.0.0/16"] -cidr_aks_system = ["10.3.1.0/24"] #see aks-leonardo -cidr_aks_user = ["10.3.2.0/24"] #see aks-leonardo -cidr_eventhubs_italy = ["10.3.4.0/24"] -cird_pay_wallet_domain = ["10.3.5.0/24"] #placeholder for domain pay wallet -cird_pay_wallet_domain_aks = ["10.3.6.0/24"] #placeholder for domain pay wallet +cidr_aks_system = ["10.3.1.0/24"] #see aks-leonardo +cidr_aks_user = ["10.3.2.0/24"] #see aks-leonardo +cidr_eventhubs_italy = ["10.3.4.0/24"] +cird_pay_wallet_domain = ["10.3.5.0/24"] #placeholder for domain pay wallet +cird_pay_wallet_domain_aks = ["10.3.6.0/24"] #placeholder for domain pay wallet +cidr_common_private_endpoint_snet = ["10.3.144.0/23"] + cird_printit_domain = ["10.3.12.0/24"] #placeholder for domain printit diff --git a/src/core-itn/env/prod/terraform.tfvars b/src/core-itn/env/prod/terraform.tfvars index eee50c8f6c..fcd35f4cce 100644 --- a/src/core-itn/env/prod/terraform.tfvars +++ b/src/core-itn/env/prod/terraform.tfvars @@ -34,6 +34,7 @@ cidr_cosmosdb_wallet_italy = ["10.3.8.0/24"] #placeholder cird_redis_wallet_italy = ["10.3.9.0/24"] #placeholder cidr_storage_wallet_italy = ["10.3.10.0/24"] #placeholder cidr_subnet_pdf_engine_app_service = ["10.3.11.0/27"] #placeholder +cidr_common_private_endpoint_snet = ["10.3.144.0/23"] cird_printit_domain = ["10.3.12.0/24"] #placeholder for domain printit diff --git a/src/core-itn/env/uat/terraform.tfvars b/src/core-itn/env/uat/terraform.tfvars index fd6df4c7ea..136b231ab9 100644 --- a/src/core-itn/env/uat/terraform.tfvars +++ b/src/core-itn/env/uat/terraform.tfvars @@ -34,6 +34,7 @@ cidr_cosmosdb_wallet_italy = ["10.3.8.0/24"] #placeholder cird_redis_wallet_italy = ["10.3.9.0/24"] #placeholder cidr_storage_wallet_italy = ["10.3.10.0/24"] #placeholder cidr_subnet_pdf_engine_app_service = ["10.3.11.0/27"] #placeholder +cidr_common_private_endpoint_snet = ["10.3.144.0/23"] cird_printit_domain = ["10.3.12.0/24"] #placeholder for domain printit