feat: CHK-3696 add dns entry checkout domain auth service (#2795)

* feat: add dns a record for checkout across all environments * chore: pre commit fixes --------- Co-authored-by: Simone infante <[email protected]>
pagopa · Feb 14, 2025 · 945f514 · 945f514
1 parent 0e1cc7a
commit 945f514
Show file tree

Hide file tree

Showing 7 changed files with 42 additions and 15 deletions.
diff --git a/src/domains/checkout-common/00_dns_private.tf b/src/domains/checkout-common/00_dns_private.tf
@@ -2,3 +2,17 @@ data "azurerm_private_dns_zone" "privatelink_redis_cache_windows_net" {
   name                = "privatelink.redis.cache.windows.net"
   resource_group_name = data.azurerm_resource_group.rg_vnet.name
 }
+
+
+data "azurerm_private_dns_zone" "internal" {
+  name                = local.internal_dns_zone_name
+  resource_group_name = local.internal_dns_zone_resource_group_name
+}
+
+resource "azurerm_private_dns_a_record" "ingress" {
+  name                = local.ingress_hostname
+  zone_name           = data.azurerm_private_dns_zone.internal.name
+  resource_group_name = local.internal_dns_zone_resource_group_name
+  ttl                 = 3600
+  records             = [var.ingress_load_balancer_ip]
+}
diff --git a/src/domains/checkout-common/01_network.tf b/src/domains/checkout-common/01_network.tf
@@ -35,15 +35,15 @@ data "azurerm_api_management" "apim" {
   resource_group_name = data.azurerm_resource_group.rg_api.name
 }
 
-# DevOps Agent subnet
+# DevOps Agent subnet
 
 data "azurerm_subnet" "azdoa_snet" {
   name                 = format("%s-azdoa-snet", local.parent_project)
   resource_group_name  = data.azurerm_resource_group.rg_vnet.name
   virtual_network_name = data.azurerm_virtual_network.vnet.name
 }
 
-# pagopa-proxy Redis subnet
+# pagopa-proxy Redis subnet
 
 module "pagopa_proxy_redis_snet" {
   source                                    = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v8.42.3"

diff --git a/src/domains/checkout-common/99_locals.tf b/src/domains/checkout-common/99_locals.tf
@@ -7,4 +7,8 @@ locals {
 
   aks_name                = "${local.product}-${var.location_short}-${var.env}-aks"
   aks_resource_group_name = "${local.product}-${var.location_short}-${var.env}-aks-rg"
+
+  ingress_hostname                      = "${var.location_short}${var.env}.${var.domain}"
+  internal_dns_zone_name                = "${var.dns_zone_internal_prefix}.${var.external_domain}"
+  internal_dns_zone_resource_group_name = "${local.product}-vnet-rg"
 }
diff --git a/src/domains/checkout-common/99_variables.tf b/src/domains/checkout-common/99_variables.tf
@@ -163,3 +163,6 @@ variable "enable_iac_pipeline" {
   default     = false
 }
 
+variable "ingress_load_balancer_ip" {
+  type = string
+}
diff --git a/src/domains/checkout-common/env/weu-dev/terraform.tfvars b/src/domains/checkout-common/env/weu-dev/terraform.tfvars
@@ -19,17 +19,19 @@ monitor_resource_group_name                 = "pagopa-d-monitor-rg"
 log_analytics_workspace_name                = "pagopa-d-law"
 log_analytics_workspace_resource_group_name = "pagopa-d-monitor-rg"
 
-# DNS
+# DNS
 
-external_domain   = "pagopa.it"
-dns_zone_prefix   = "dev.platform"
-dns_zone_checkout = "dev.checkout"
+external_domain          = "pagopa.it"
+dns_zone_prefix          = "dev.platform"
+dns_zone_checkout        = "dev.checkout"
+dns_zone_internal_prefix = "internal.dev.platform"
 
 # Networking
 
 cidr_subnet_pagopa_proxy_redis = ["10.1.131.0/24"]
+ingress_load_balancer_ip       = "10.1.100.250"
 
-# pagopa-proxy Redis
+# pagopa-proxy Redis
 
 pagopa_proxy_redis_capacity = 0
 pagopa_proxy_redis_sku_name = "Basic"

diff --git a/src/domains/checkout-common/env/weu-prod/terraform.tfvars b/src/domains/checkout-common/env/weu-prod/terraform.tfvars
@@ -19,15 +19,17 @@ monitor_resource_group_name                 = "pagopa-p-monitor-rg"
 log_analytics_workspace_name                = "pagopa-p-law"
 log_analytics_workspace_resource_group_name = "pagopa-p-monitor-rg"
 
-# DNS
+# DNS
 
-external_domain   = "pagopa.it"
-dns_zone_prefix   = "platform"
-dns_zone_checkout = "checkout"
+external_domain          = "pagopa.it"
+dns_zone_prefix          = "platform"
+dns_zone_checkout        = "checkout"
+dns_zone_internal_prefix = "internal.platform"
 
 # Networking
 
 cidr_subnet_pagopa_proxy_redis = ["10.1.131.0/24"]
+ingress_load_balancer_ip       = "10.1.100.250"
 
 # pagopa-proxy Redis
 

diff --git a/src/domains/checkout-common/env/weu-uat/terraform.tfvars b/src/domains/checkout-common/env/weu-uat/terraform.tfvars
@@ -19,15 +19,17 @@ monitor_resource_group_name                 = "pagopa-u-monitor-rg"
 log_analytics_workspace_name                = "pagopa-u-law"
 log_analytics_workspace_resource_group_name = "pagopa-u-monitor-rg"
 
-# DNS
+# DNS
 
-external_domain   = "pagopa.it"
-dns_zone_prefix   = "uat.platform"
-dns_zone_checkout = "uat.checkout"
+external_domain          = "pagopa.it"
+dns_zone_prefix          = "uat.platform"
+dns_zone_checkout        = "uat.checkout"
+dns_zone_internal_prefix = "internal.uat.platform"
 
 # Networking
 
 cidr_subnet_pagopa_proxy_redis = ["10.1.131.0/24"]
+ingress_load_balancer_ip       = "10.1.100.250"
 
 # pagopa-proxy Redis