Skip to content

Commit

Permalink
[SELC-5509] ops: Set private ip address to Namirial SWS Container (#609)
Browse files Browse the repository at this point in the history
  • Loading branch information
@manuraf
manuraf committed Nov 20, 2024
1 parent a253eff commit fd5d36a
Show file tree
Hide file tree
Showing 8 changed files with 37 additions and 20 deletions.
22 changes: 6 additions & 16 deletions infra/container_apps/namirial-sign/container_group.tf
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,16 @@

# when create a new one container, you should put ./custom.properties file inside selcdnamirialswsst/selc-d-namirial-sws-share
# pay attention to set this file only when you want to reset Namirial config properties

resource "azurerm_container_group" "namirial_sws_cg" {

count = var.enable_sws ? 1 : 0
name = "${local.project}-namirial-sws-cg"
location = data.azurerm_resource_group.rg_contracts_storage.location
resource_group_name = data.azurerm_resource_group.rg_contracts_storage.name
ip_address_type = "Public"
dns_name_label = "${local.project}-namirial-sws-cg"
ip_address_type = "Private"
os_type = "Linux"
subnet_ids = [azurerm_subnet.namirial_sws_snet.id]

image_registry_credential {
server = "index.docker.io"
Expand Down Expand Up @@ -66,19 +70,5 @@ resource "azurerm_container_group" "namirial_sws_cg" {
}
}

provisioner "local-exec" {
command = <<EOT
az storage file upload \
--account-name ${azurerm_storage_account.namirial_sws_storage_account[0].name} \
--account-key ${azurerm_storage_account.namirial_sws_storage_account[0].primary_access_key} \
--share-name ${azurerm_storage_share.namirial_sws_storage_share[0].name} \
--source "custom.properties" \
--path "custom.properties" \
EOT

# Ensure it only runs on first creation
when = create
}

tags = var.tags
}
5 changes: 5 additions & 0 deletions infra/container_apps/namirial-sign/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,9 @@ data "azurerm_key_vault_secret" "hub_docker_pwd" {
data "azurerm_log_analytics_workspace" "log_analytics" {
name = "${local.project}-law"
resource_group_name = "${local.project}-monitor-rg"
}

data "azurerm_virtual_network" "vnet_selc" {
name = "${local.project}-vnet"
resource_group_name = "${local.project}-vnet-rg"
}
2 changes: 1 addition & 1 deletion infra/container_apps/namirial-sign/env/prod/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,5 @@ container_config = {
}

enable_sws = true

cidr_subnet_namirial_sws = ["10.1.150.0/29"]
environment_variables = {}
16 changes: 16 additions & 0 deletions infra/container_apps/namirial-sign/subnet.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
resource "azurerm_subnet" "namirial_sws_snet" {
name = "${local.project}-namirial-sws-snet"
resource_group_name = "${local.project}-vnet-rg"
virtual_network_name = data.azurerm_virtual_network.vnet_selc.name
address_prefixes = var.cidr_subnet_namirial_sws
private_link_service_network_policies_enabled = true
private_endpoint_network_policies_enabled = false

delegation {
name = "delegation"
service_delegation {
name = "Microsoft.ContainerInstance/containerGroups"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}
6 changes: 6 additions & 0 deletions infra/container_apps/namirial-sign/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,4 +41,10 @@ variable "container_config" {
cpu = number
memory = number
})
}

variable "cidr_subnet_namirial_sws" {
type = list(string)
description = "Cosmosdb pnpg address space."
default = ["10.1.154.0/29"]
}
2 changes: 1 addition & 1 deletion infra/functions/onboarding-functions/env/dev/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ app_settings = {

##NAMIRIAL SIGNATURE
"PAGOPA_SIGNATURE_SOURCE" = "disabled",
"NAMIRIAL_BASE_URL" = "http://selc-d-namirial-sws-cg.westeurope.azurecontainer.io:8080",
"NAMIRIAL_BASE_URL" = "http://10.1.154.4:8080",
"NAMIRIAL_SIGN_SERVICE_IDENTITY_USER" = "@Microsoft.KeyVault(SecretUri=https://selc-d-kv.vault.azure.net/secrets/namirial-sign-service-user/)",
"NAMIRIAL_SIGN_SERVICE_IDENTITY_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://selc-d-kv.vault.azure.net/secrets/namirial-sign-service-psw/)"
}
2 changes: 1 addition & 1 deletion infra/functions/onboarding-functions/env/prod/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ app_settings = {
"JWT_TOKEN_KID" = "@Microsoft.KeyVault(SecretUri=https://selc-p-kv.vault.azure.net/secrets/jwt-kid/)"

##NAMIRIAL SIGNATURE
"NAMIRIAL_BASE_URL" = "http://selc-p-namirial-sws-cg.westeurope.azurecontainer.io:8080",
"NAMIRIAL_BASE_URL" = "http://10.1.150.4:8080",
"NAMIRIAL_SIGN_SERVICE_IDENTITY_USER" = "@Microsoft.KeyVault(SecretUri=https://selc-p-kv.vault.azure.net/secrets/namirial-sign-service-user/)",
"NAMIRIAL_SIGN_SERVICE_IDENTITY_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://selc-p-kv.vault.azure.net/secrets/namirial-sign-service-psw/)"
}
2 changes: 1 addition & 1 deletion infra/functions/onboarding-functions/env/uat/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ app_settings = {
"JWT_TOKEN_KID" = "@Microsoft.KeyVault(SecretUri=https://selc-u-kv.vault.azure.net/secrets/jwt-kid/)"

##NAMIRIAL SIGNATURE
"NAMIRIAL_BASE_URL" = "http://selc-u-namirial-sws-cg.westeurope.azurecontainer.io:8080",
"NAMIRIAL_BASE_URL" = "http://10.1.154.4:8080",
"NAMIRIAL_SIGN_SERVICE_IDENTITY_USER" = "@Microsoft.KeyVault(SecretUri=https://selc-u-kv.vault.azure.net/secrets/namirial-sign-service-user/)",
"NAMIRIAL_SIGN_SERVICE_IDENTITY_PASSWORD" = "@Microsoft.KeyVault(SecretUri=https://selc-u-kv.vault.azure.net/secrets/namirial-sign-service-psw/)"
}

0 comments on commit fd5d36a

Please sign in to comment.