From 0ea56e25965ec9b6e9045026c9c8ea1800c20b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Caetano?= Date: Tue, 10 Jun 2025 02:28:50 -0300 Subject: [PATCH] CI-CD dejo node --- .gitea/workflows/development-cd.yml | 168 ++++++++++++++++++ .gitignore | 20 +++ Dockerfile | 22 +++ infrastructure/.env.example | 13 ++ infrastructure/docker/.env.dev | 14 ++ .../kubernetes/dev/app/health-probes.yml | 28 +++ .../kubernetes/dev/app/image-tag.yml | 10 ++ infrastructure/kubernetes/dev/app/ingress.yml | 19 ++ .../kubernetes/dev/base/app/configmap.yml | 8 + .../kubernetes/dev/base/app/deployment.yml | 33 ++++ .../kubernetes/dev/base/app/hpa.yml | 19 ++ .../kubernetes/dev/base/app/ingress.yml | 8 + .../kubernetes/dev/base/app/pvc.yml | 13 ++ .../kubernetes/dev/base/app/service.yml | 18 ++ .../kubernetes/dev/base/kustomization.yml | 13 ++ .../kubernetes/dev/kustomization.yml | 15 ++ .../terraform/dev/.terraform.lock.hcl | 25 +++ infrastructure/terraform/dev/dns.tf | 15 ++ infrastructure/terraform/dev/ecr.tf | 3 + infrastructure/terraform/dev/locals.tf | 48 +++++ infrastructure/terraform/dev/output.tf | 4 + infrastructure/terraform/dev/provider.tf | 25 +++ infrastructure/terraform/dev/role.tf | 15 ++ infrastructure/terraform/dev/s3.tf | 41 +++++ infrastructure/terraform/dev/state.tf | 11 ++ 25 files changed, 608 insertions(+) create mode 100644 .gitea/workflows/development-cd.yml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100755 infrastructure/.env.example create mode 100755 infrastructure/docker/.env.dev create mode 100644 infrastructure/kubernetes/dev/app/health-probes.yml create mode 100644 infrastructure/kubernetes/dev/app/image-tag.yml create mode 100644 infrastructure/kubernetes/dev/app/ingress.yml create mode 100644 infrastructure/kubernetes/dev/base/app/configmap.yml create mode 100644 infrastructure/kubernetes/dev/base/app/deployment.yml create mode 100644 infrastructure/kubernetes/dev/base/app/hpa.yml create mode 100644 infrastructure/kubernetes/dev/base/app/ingress.yml create mode 100644 infrastructure/kubernetes/dev/base/app/pvc.yml create mode 100644 infrastructure/kubernetes/dev/base/app/service.yml create mode 100644 infrastructure/kubernetes/dev/base/kustomization.yml create mode 100644 infrastructure/kubernetes/dev/kustomization.yml create mode 100644 infrastructure/terraform/dev/.terraform.lock.hcl create mode 100755 infrastructure/terraform/dev/dns.tf create mode 100755 infrastructure/terraform/dev/ecr.tf create mode 100755 infrastructure/terraform/dev/locals.tf create mode 100755 infrastructure/terraform/dev/output.tf create mode 100755 infrastructure/terraform/dev/provider.tf create mode 100755 infrastructure/terraform/dev/role.tf create mode 100755 infrastructure/terraform/dev/s3.tf create mode 100755 infrastructure/terraform/dev/state.tf diff --git a/.gitea/workflows/development-cd.yml b/.gitea/workflows/development-cd.yml new file mode 100644 index 0000000..8055c8d --- /dev/null +++ b/.gitea/workflows/development-cd.yml @@ -0,0 +1,168 @@ +name: Development | CD + +on: + push: + branches: + - feature/ci-cd + +concurrency: + group: ${{ github.workflow }} + +env: + DEJO_NODE_AWS_REGION: us-east-1 + AWS_ECR_REPOSITORY: dev-dejo/dejo-node + KUBE_NAMESPACE: dejo-node + KUBE_DEPLOY_NAME: api-app + DISABLE_DISCORD_NOTIFY: true + DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} + +jobs: + build_and_push: + name: Docker | Build and Push + runs-on: [self-hosted] + steps: + - name: Checkout Branch + uses: actions/checkout@v2 + + - name: Discord | Notify Início + if: ${{ always() && env.DISABLE_DISCORD_NOTIFY != 'true' }} + run: | + curl -X POST -H "Content-Type: application/json" \ + -d '{"content": ":arrow_forward: Iniciando deploy no ambiente development..."}' \ + "${DISCORD_WEBHOOK}" + + - name: Commit Short Hash + id: vars + run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Copy Env + run: cp infrastructure/.env.example infrastructure/.env + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-multi-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-multi-buildx + + - name: Docker Login to AWS ECR + uses: docker/login-action@v2 + with: + registry: ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }} + username: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }} + password: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }} + + - name: Build and Push Backend + uses: docker/build-push-action@v5 + with: + context: infrastructure + builder: ${{ steps.buildx.outputs.name }} + file: infrastructure/Dockerfile + push: true + tags: | + ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:latest + ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:${{ env.sha_short }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new + + - name: Moving Cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + kustomize_apply: + name: Kubernetes | Kustomize Apply + runs-on: [self-hosted] + needs: build_and_push + steps: + - name: Checkout Branch + uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }} + aws-region: ${{ env.DEJO_NODE_AWS_REGION }} + + - name: Debug | Mostrar estrutura após checkout + run: | + echo "PWD = $(pwd)" + ls -R . + + - name: Kubernetes | Apply Kustomize + env: + KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }} + KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }} + run: | + # Decodifica e grava o kubeconfig + echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig + export KUBECONFIG=$PWD/kubeconfig + + # Aplica todos os manifests gerados pelo Kustomize + kubectl apply -k infrastructure/kubernetes/dev -n "${KUBE_NAMESPACE}" + + deploy_backend: + name: 'Kubernetes | Deploy App' + needs: kustomize_apply + runs-on: [self-hosted] + steps: + - name: Checkout Branch + uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }} + aws-region: ${{ env.DEJO_NODE_AWS_REGION }} + + - name: Commit Short Hash + id: vars + run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Kubernetes | Deploy API + env: + KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }} + KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }} + RELEASE_IMAGE: ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:${{ env.sha_short }} + run: | + # Decodifica e grava o kubeconfig + echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig + export KUBECONFIG=$PWD/kubeconfig + + # Atualiza a imagem no Deployment + kubectl set image deployment/${{ env.KUBE_DEPLOY_NAME }} \ + ${{ env.KUBE_DEPLOY_NAME }}="${RELEASE_IMAGE}" --record -n "${KUBE_NAMESPACE}" + + - name: Run | Verify Kubernetes deployment + env: + KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }} + KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }} + run: | + # Decodifica e grava o kubeconfig + echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig + export KUBECONFIG=$PWD/kubeconfig + + # Aguardar rollout + kubectl rollout status deployment/${{ env.KUBE_DEPLOY_NAME }} -n "${KUBE_NAMESPACE}" + + - name: Discord | Notify Error + if: ${{ failure() && env.DISABLE_DISCORD_NOTIFY != 'true' }} + run: | + curl -X POST -H "Content-Type: application/json" \ + -d '{"content": ":x: Erro durante o deploy! Veja detalhes nos logs do pipeline."}' \ + "${DISCORD_WEBHOOK}" + exit 1 + + - name: Discord | Notify Success + if: ${{ success() && env.DISABLE_DISCORD_NOTIFY != 'true' }} + run: | + curl -X POST -H "Content-Type: application/json" \ + -d '{"content": ":white_check_mark: Deploy concluído com sucesso! :rocket:"}' \ + "${DISCORD_WEBHOOK}" + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6c7f490 --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +# Local .terraform directories +### Terraform ### +**/.terraform/* +*.tfstate +*.tfstate.* +crash.log +*.tfvars +override.tf +override.tf.json +*_override.tf +*_override.tf.json +.terraformrc +terraform.rc +*.lock +*.lock.* +*.DS_Store +*.txt* +*/**/builds +*/**/sealedsecrets_result +*.zip diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d6330f0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +# Dockerfile para o DEJO Node + +FROM golang:1.20 as builder +WORKDIR /app + +# Copiar arquivos e instalar dependências +COPY go.mod go.sum ./ +RUN go mod download + +COPY . . +RUN go build -o dejo-node ./cmd/main.go + +# Criar imagem final +FROM debian:bullseye-slim +WORKDIR /root/ + +COPY --from=builder /app/dejo-node ./dejo-node + +# Definir variáveis de ambiente padrão +ENV CONFIG_PATH="/config/config.yaml" + +CMD ["./dejo-node"] \ No newline at end of file diff --git a/infrastructure/.env.example b/infrastructure/.env.example new file mode 100755 index 0000000..5deb24a --- /dev/null +++ b/infrastructure/.env.example @@ -0,0 +1,13 @@ +NODE_ENV=local + +REDIS_HOST=localhost +REDIS_PORT=6379 +REDIS_TTL=5 +REDIS_TLS=false +REDIS_PASSWORD=redis + +DATABASE_HOST=localhost +DATABASE_PORT=5432 +DATABASE_USERNAME=postgres +DATABASE_NAME=dejo +DATABASE_SYNCHRONIZE=false diff --git a/infrastructure/docker/.env.dev b/infrastructure/docker/.env.dev new file mode 100755 index 0000000..670115a --- /dev/null +++ b/infrastructure/docker/.env.dev @@ -0,0 +1,14 @@ +NODE_ENV=development + +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_TTL=5 +REDIS_TLS=false +REDIS_PASSWORD=redis + +DATABASE_HOST=postgres +DATABASE_PORT=5432 +DATABASE_USERNAME=postgres +DATABASE_PASSWORD=postgres +DATABASE_NAME=dejo-node +DATABASE_SYNCHRONIZE=false diff --git a/infrastructure/kubernetes/dev/app/health-probes.yml b/infrastructure/kubernetes/dev/app/health-probes.yml new file mode 100644 index 0000000..ae0dda6 --- /dev/null +++ b/infrastructure/kubernetes/dev/app/health-probes.yml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dejo-node +spec: + template: + spec: + containers: + - name: deje-node + livenessProbe: + httpGet: + path: /health/liveness + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 5 + readinessProbe: + httpGet: + path: /health/readiness + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 10 + startupProbe: + httpGet: + path: /health/startup + port: 8080 + failureThreshold: 30 + periodSeconds: 10 + diff --git a/infrastructure/kubernetes/dev/app/image-tag.yml b/infrastructure/kubernetes/dev/app/image-tag.yml new file mode 100644 index 0000000..01e02c8 --- /dev/null +++ b/infrastructure/kubernetes/dev/app/image-tag.yml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dejo-node +spec: + template: + spec: + containers: + - name: dejo-node + image: 859024677525.dkr.ecr.us-east-1.amazonaws.com/dev-dejo/dejo-node:latest diff --git a/infrastructure/kubernetes/dev/app/ingress.yml b/infrastructure/kubernetes/dev/app/ingress.yml new file mode 100644 index 0000000..44e1e76 --- /dev/null +++ b/infrastructure/kubernetes/dev/app/ingress.yml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dejo-node-ingress + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" +spec: + rules: + - host: dev-dejo-node.dejo.digital + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: dejo-node-svc + port: + number: 8545 + diff --git a/infrastructure/kubernetes/dev/base/app/configmap.yml b/infrastructure/kubernetes/dev/base/app/configmap.yml new file mode 100644 index 0000000..7b548f0 --- /dev/null +++ b/infrastructure/kubernetes/dev/base/app/configmap.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dejo-node-config +data: + # ex.: configuração genérica, se precisar + LOG_LEVEL: "info" + diff --git a/infrastructure/kubernetes/dev/base/app/deployment.yml b/infrastructure/kubernetes/dev/base/app/deployment.yml new file mode 100644 index 0000000..b4d5d16 --- /dev/null +++ b/infrastructure/kubernetes/dev/base/app/deployment.yml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dejo-node + labels: + app: dejo-node +spec: + replicas: 3 + selector: + matchLabels: + app: dejo-node + template: + metadata: + labels: + app: dejo-node + spec: + containers: + - name: dejo-node + image: dejo/node:latest + ports: + - containerPort: 8545 + - containerPort: 30303 + envFrom: + - configMapRef: + name: dejo-node-config + volumeMounts: + - name: blockchain-storage + mountPath: /data + volumes: + - name: blockchain-storage + persistentVolumeClaim: + claimName: dejo-node-pvc + diff --git a/infrastructure/kubernetes/dev/base/app/hpa.yml b/infrastructure/kubernetes/dev/base/app/hpa.yml new file mode 100644 index 0000000..b5c79cd --- /dev/null +++ b/infrastructure/kubernetes/dev/base/app/hpa.yml @@ -0,0 +1,19 @@ +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: dejo-node-hpa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: dejo-node + minReplicas: 2 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 + diff --git a/infrastructure/kubernetes/dev/base/app/ingress.yml b/infrastructure/kubernetes/dev/base/app/ingress.yml new file mode 100644 index 0000000..4c4148f --- /dev/null +++ b/infrastructure/kubernetes/dev/base/app/ingress.yml @@ -0,0 +1,8 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dejo-node-ingress + labels: + app: dejo-node +spec: {} + diff --git a/infrastructure/kubernetes/dev/base/app/pvc.yml b/infrastructure/kubernetes/dev/base/app/pvc.yml new file mode 100644 index 0000000..d63dfa7 --- /dev/null +++ b/infrastructure/kubernetes/dev/base/app/pvc.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dejo-node-pvc + labels: + app: dejo-node +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 10Gi + storageClassName: gp3 + diff --git a/infrastructure/kubernetes/dev/base/app/service.yml b/infrastructure/kubernetes/dev/base/app/service.yml new file mode 100644 index 0000000..e5f4477 --- /dev/null +++ b/infrastructure/kubernetes/dev/base/app/service.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: dejo-node-svc + labels: + app: dejo-node +spec: + type: LoadBalancer + selector: + app: dejo-node + ports: + - name: rpc + port: 8545 + targetPort: 8545 + - name: p2p + port: 30303 + targetPort: 30303 + diff --git a/infrastructure/kubernetes/dev/base/kustomization.yml b/infrastructure/kubernetes/dev/base/kustomization.yml new file mode 100644 index 0000000..e2f5b15 --- /dev/null +++ b/infrastructure/kubernetes/dev/base/kustomization.yml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./app/deployment.yml + - ./app/service.yml + - ./app/pvc.yml + - ./app/configmap.yml + # - ./app/hpa.yml + - ./app/ingress.yml + +commonLabels: + app: dejo-node diff --git a/infrastructure/kubernetes/dev/kustomization.yml b/infrastructure/kubernetes/dev/kustomization.yml new file mode 100644 index 0000000..f6adb3d --- /dev/null +++ b/infrastructure/kubernetes/dev/kustomization.yml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: dejo-node +resources: + - base + +patchesStrategicMerge: + # se você precisar alterar só a imagem, replicas, ingress, etc: + - app/image-tag.yml + - app/ingress.yml + - app/health-probes.yml +commonLabels: + env: dev + diff --git a/infrastructure/terraform/dev/.terraform.lock.hcl b/infrastructure/terraform/dev/.terraform.lock.hcl new file mode 100644 index 0000000..a72bf0d --- /dev/null +++ b/infrastructure/terraform/dev/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.99.1" + constraints = ">= 5.43.0, >= 5.83.0" + hashes = [ + "h1:967WCGUW/vgrjUMBvC+HCie1DVgOXHwUkhm2ng3twJw=", + "zh:00b0a61c6d295300f0aa7a79a7d40e9f836164f1fff816d38324c148cd846887", + "zh:1ee9d5ccb67378704642db62113ac6c0d56d69408a9c1afb9a8e14b095fc0733", + "zh:2035977ed418dcb18290785c1eeb79b7133b39f718c470346e043ac48887ffc7", + "zh:67e3ca1bf7061900f81cf958d5c771a2fd6048c2b185bec7b27978349b173a90", + "zh:87fadbe5de7347ede72ad879ff8d8d9334103cd9aa4a321bb086bfac91654944", + "zh:901d170c457c2bff244a2282d9de595bdb3ebecc33a2034c5ce8aafbcff66db9", + "zh:92c07d6cf530679565b87934f9f98604652d787968cce6a3d24c148479b7e34b", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a7d4803b4c5ff17f029f8b270c91480442ece27cec7922c38548bcfea2ac2d26", + "zh:afda848da7993a07d29018ec25ab6feda652e01d4b22721da570ce4fcc005292", + "zh:baaf16c98b81bad070e0908f057a97108ecd6e8c9f754d7a79b18df4c8453279", + "zh:c3dd496c5014427599d6b6b1c14c7ebb09a15df78918ae0be935e7bfa83b894c", + "zh:e2b84c1d40b3f2c4b1d74bf170b9e932983b61bac0e6dab2e36f5057ddcc997f", + "zh:e49c92cb29c53b4573ed4d9c946486e6bcfc1b63f1aee0c79cc7626f3d9add03", + "zh:efae8e339c4b13f546e0f96c42eb95bf8347de22e941594849b12688574bf380", + ] +} diff --git a/infrastructure/terraform/dev/dns.tf b/infrastructure/terraform/dev/dns.tf new file mode 100755 index 0000000..8af60d4 --- /dev/null +++ b/infrastructure/terraform/dev/dns.tf @@ -0,0 +1,15 @@ +#data "aws_route53_zone" "dev-dejo" { +# name = "dev.dejo.digital" +# private_zone = false +#} + +#resource "aws_route53_record" "this" { +# zone_id = data.aws_route53_zone.dev-dejo-be.zone_id +# name = local.azion.domain.cname +# type = "CNAME" +# ttl = 60 + +# records = [ +# module.azion-backend.azion_domain.domain_name +# ] +#} diff --git a/infrastructure/terraform/dev/ecr.tf b/infrastructure/terraform/dev/ecr.tf new file mode 100755 index 0000000..e9436e8 --- /dev/null +++ b/infrastructure/terraform/dev/ecr.tf @@ -0,0 +1,3 @@ +resource "aws_ecr_repository" "this" { + name = "dev-dejo/dejo-node" +} diff --git a/infrastructure/terraform/dev/locals.tf b/infrastructure/terraform/dev/locals.tf new file mode 100755 index 0000000..bdfe276 --- /dev/null +++ b/infrastructure/terraform/dev/locals.tf @@ -0,0 +1,48 @@ +locals { + region = "us-east-1" + + owner = "dejo" + env = "dev" + maintainer = "dejo" + app = "dejo-node" + tier = "backend" + base_name = "${local.env}-${local.maintainer}-${local.app}" + kms_key_name = "alias/${local.base_name}-terraform-bucket-key" + + eks = { + # After change cluster_name, change the the secret: DEV_DEJO_KUBE_CONFIG_DATA + # The value is a base64 from kubeconfig, example: cat ~/.kubeconfig | base64 -w 0 + cluster_name = "dev-dejo" + lb_name = "a7d3a64e7cd704e17a87740e579df9bc" + + namespace = "dejo-node" + service_account_name = "api-app-sa" + } + + s3 = { + bucket = "${local.owner}-${local.env}-${local.app}-permanent-storage" + acl = "private" + + versioning = { + enabled = true + } + } + + # event_bus = { + # name = "dev-dejo-event-bus" + # } + + custom_tags = { + App = upper(local.app) + Tier = title(local.tier) + } + + default_tags = { + Owner = title(local.owner) + Env = title(local.env) + Maintainer = title(local.maintainer) + ManagedBy = "Terraform" + BaseName = local.base_name + App = "${local.maintainer}-${local.app}" + } +} diff --git a/infrastructure/terraform/dev/output.tf b/infrastructure/terraform/dev/output.tf new file mode 100755 index 0000000..af22832 --- /dev/null +++ b/infrastructure/terraform/dev/output.tf @@ -0,0 +1,4 @@ +#output "azion_domain_id" { +# description = "Azion domain ID" +# value = module.azion-backend.azion_domain.id +#} diff --git a/infrastructure/terraform/dev/provider.tf b/infrastructure/terraform/dev/provider.tf new file mode 100755 index 0000000..6510b7d --- /dev/null +++ b/infrastructure/terraform/dev/provider.tf @@ -0,0 +1,25 @@ +provider "aws" { + profile = "dejo-dev" + region = "us-east-1" + + default_tags { + tags = local.default_tags + } +} + +provider "aws" { + alias = "virginia" + profile = "dejo-dev" + region = "us-east-1" + + default_tags { + tags = local.default_tags + } +} + +#provider "aws" { +# alias = "sao_paulo" +# profile = "dejo-prd" +# region = "sa-east-1" +#} + diff --git a/infrastructure/terraform/dev/role.tf b/infrastructure/terraform/dev/role.tf new file mode 100755 index 0000000..20449d3 --- /dev/null +++ b/infrastructure/terraform/dev/role.tf @@ -0,0 +1,15 @@ +module "kubernetes-backend-role" { + source = "../../../../iac/aws/dejo-terraform/modules/kubernetes-backend-role/" + + env = local.env + app = local.app + + eks_cluster_name = local.eks.cluster_name + eks_namespace = local.eks.namespace + eks_service_account_name = local.eks.service_account_name + + allowed_event_names = [ + "ProductUserPublished" + ] +} + diff --git a/infrastructure/terraform/dev/s3.tf b/infrastructure/terraform/dev/s3.tf new file mode 100755 index 0000000..6c10baf --- /dev/null +++ b/infrastructure/terraform/dev/s3.tf @@ -0,0 +1,41 @@ +# Criação da chave KMS para criptografia do bucket +resource "aws_kms_key" "dev_dejo_node" { + description = "KMS key to encrypt S3 bucket objects for ${local.base_name}" + deletion_window_in_days = 7 + enable_key_rotation = true + + tags = merge( + local.default_tags, + { + Name = "${local.base_name}-bucket-key" + } + ) +} + +# Alias para facilitar referência à chave KMS +resource "aws_kms_alias" "dev_dejo_node" { + name = local.kms_key_name + target_key_id = aws_kms_key.dev_dejo_node.key_id +} + +# Bucket S3 criptografado com KMS +module "s3_bucket" { + source = "terraform-aws-modules/s3-bucket/aws" + version = "~> 4.0" + + bucket = local.s3.bucket +# acl = local.s3.acl + versioning = local.s3.versioning + + server_side_encryption_configuration = { + rule = { + apply_server_side_encryption_by_default = { + kms_master_key_id = aws_kms_key.dev_dejo_node.arn + sse_algorithm = "aws:kms" + } + } + } + + tags = local.default_tags +} + diff --git a/infrastructure/terraform/dev/state.tf b/infrastructure/terraform/dev/state.tf new file mode 100755 index 0000000..8cbb8f3 --- /dev/null +++ b/infrastructure/terraform/dev/state.tf @@ -0,0 +1,11 @@ +terraform { + backend "s3" { + profile = "dejo-dev" + bucket = "dev-dejo-terraform" + key = "state/dejo-node/infrastructure/dev.tfstate" + region = "us-east-1" + encrypt = true + kms_key_id = "alias/dev-dejo-terraform-bucket-key" + use_lockfile = true + } +}