diff --git a/terraform/gitlab/ci-templates/k8s-cluster/.gitlab/scripts/config-merge.sh b/terraform/gitlab/ci-templates/k8s-cluster/.gitlab/scripts/config-merge.sh index ca7117f2b..ead45e9fd 100755 --- a/terraform/gitlab/ci-templates/k8s-cluster/.gitlab/scripts/config-merge.sh +++ b/terraform/gitlab/ci-templates/k8s-cluster/.gitlab/scripts/config-merge.sh @@ -1,5 +1,5 @@ mkdir -p $CONFIG_PATH -for configFile in {'aws-vars.yaml','cluster-config.yaml','common-vars.yaml','mojaloop-rbac-permissions.yaml','mojaloop-vars.yaml','pm4ml-vars.yaml','bare-metal-vars.yaml','pm4ml-rbac-permissions.yaml','mojaloop-stateful-resources.json','common-stateful-resources.json','mojaloop-rbac-api-resources.yaml','vnext-vars.yaml','vnext-stateful-resources.json','addons-vars.yaml'}; +for configFile in {'aws-vars.yaml','cluster-config.yaml','common-vars.yaml','mojaloop-rbac-permissions.yaml','mojaloop-vars.yaml','pm4ml-vars.yaml','bare-metal-vars.yaml','pm4ml-rbac-permissions.yaml','mojaloop-stateful-resources.json','common-stateful-resources.json','mojaloop-rbac-api-resources.yaml','vnext-vars.yaml','vnext-stateful-resources.json','addons-vars.yaml','mojaloop-values-override.yaml'}; do echo $configFile python3 .gitlab/scripts/dictmerge.py default-config/$configFile custom-config/$configFile $CONFIG_PATH; diff --git a/terraform/gitops/generate-files/templates/istio/istio-main/values-istio-istiod.yaml.tpl b/terraform/gitops/generate-files/templates/istio/istio-main/values-istio-istiod.yaml.tpl index b98c95c30..987206643 100644 --- a/terraform/gitops/generate-files/templates/istio/istio-main/values-istio-istiod.yaml.tpl +++ b/terraform/gitops/generate-files/templates/istio/istio-main/values-istio-istiod.yaml.tpl @@ -309,7 +309,7 @@ global: # Per Component log level for proxy, applies to gateways and sidecars. If a component level is # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:debug" + componentLogLevel: "misc:${istio_proxy_log_level}" # If set, newly injected sidecars will have core dumps enabled. enableCoreDump: false @@ -332,7 +332,7 @@ global: # Log level for proxy, applies to gateways and sidecars. # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: debug + logLevel: ${istio_proxy_log_level} #If set to true, istio-proxy container will have privileged securityContext privileged: false diff --git a/terraform/gitops/generate-files/templates/mojaloop/kustomization.yaml.tpl b/terraform/gitops/generate-files/templates/mojaloop/kustomization.yaml.tpl index 1f073aa27..480bf6371 100644 --- a/terraform/gitops/generate-files/templates/mojaloop/kustomization.yaml.tpl +++ b/terraform/gitops/generate-files/templates/mojaloop/kustomization.yaml.tpl @@ -16,6 +16,7 @@ helmCharts: valuesFile: values-mojaloop.yaml namespace: ${mojaloop_namespace} additionalValuesFiles: + - values-mojaloop-override.yaml - values-mojaloop-addons.yaml - name: finance-portal releaseName: ${finance_portal_release_name} diff --git a/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop-override.yaml.tpl b/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop-override.yaml.tpl new file mode 100644 index 000000000..42d51bf36 --- /dev/null +++ b/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop-override.yaml.tpl @@ -0,0 +1 @@ +#placeholder file for addons \ No newline at end of file diff --git a/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop.yaml.tpl b/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop.yaml.tpl index d6d02b4bb..5ed656c12 100644 --- a/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop.yaml.tpl +++ b/terraform/gitops/generate-files/templates/mojaloop/values-mojaloop.yaml.tpl @@ -372,15 +372,6 @@ centralledger: config: prefix: *CL_MONITORING_PREFIX centralledger-handler-transfer-prepare: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 - sidecar: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 %{ if central_ledger_handler_transfer_prepare_affinity != null ~} affinity: ${indent(8, central_ledger_handler_transfer_prepare_affinity)} @@ -411,15 +402,6 @@ centralledger: config: prefix: *CL_MONITORING_PREFIX centralledger-handler-transfer-position: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 - sidecar: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 %{ if central_ledger_handler_transfer_position_affinity != null ~} affinity: ${indent(8, central_ledger_handler_transfer_position_affinity)} @@ -450,15 +432,6 @@ centralledger: prefix: *CL_MONITORING_PREFIX centralledger-handler-transfer-position-batch: enabled: *CL_BATCH_PROCESSING_ENABLED - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 - sidecar: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 %{ if central_ledger_handler_transfer_position_batch_affinity != null ~} affinity: ${indent(8, central_ledger_handler_transfer_position_batch_affinity)} @@ -490,15 +463,6 @@ centralledger: config: prefix: *CL_MONITORING_PREFIX centralledger-handler-transfer-get: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 - sidecar: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 %{ if central_ledger_handler_transfer_get_affinity != null ~} affinity: ${indent(8, central_ledger_handler_transfer_get_affinity)} @@ -528,15 +492,6 @@ centralledger: config: prefix: *CL_MONITORING_PREFIX centralledger-handler-transfer-fulfil: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 - sidecar: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 %{ if central_ledger_handler_transfer_fulfil_affinity != null ~} affinity: ${indent(8, central_ledger_handler_transfer_fulfil_affinity)} @@ -567,15 +522,6 @@ centralledger: config: prefix: *CL_MONITORING_PREFIX centralledger-handler-timeout: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 - sidecar: - readinessProbe: - initialDelaySeconds: 5 - livenessProbe: - initialDelaySeconds: 10 tolerations: *MOJALOOP_TOLERATIONS config: kafka_host: *KAFKA_HOST diff --git a/terraform/gitops/generate-files/templates/ory/values-kratos.yaml.tpl b/terraform/gitops/generate-files/templates/ory/values-kratos.yaml.tpl index 5e4c67e85..c6a91834d 100644 --- a/terraform/gitops/generate-files/templates/ory/values-kratos.yaml.tpl +++ b/terraform/gitops/generate-files/templates/ory/values-kratos.yaml.tpl @@ -86,11 +86,8 @@ kratos: selfservice: default_browser_return_url: https://${auth_fqdn}/ui/welcome allowed_return_urls: - - https://${auth_fqdn}/ui - - https://${keycloak_fqdn} -%{ for fqdnItem in bof_managed_portal_fqdns ~} - - https://${fqdnItem} -%{ endfor ~} + - https://*.${private_subdomain} + - https://*.${public_subdomain} methods: password: diff --git a/terraform/gitops/k8s-cluster-config/app-deploy.tf b/terraform/gitops/k8s-cluster-config/app-deploy.tf index 52353b988..654aecce2 100644 --- a/terraform/gitops/k8s-cluster-config/app-deploy.tf +++ b/terraform/gitops/k8s-cluster-config/app-deploy.tf @@ -6,8 +6,6 @@ module "mojaloop" { external_load_balancer_dns = var.external_load_balancer_dns private_subdomain = var.private_subdomain public_subdomain = var.public_subdomain - external_interop_switch_fqdn = local.external_interop_switch_fqdn - internal_interop_switch_fqdn = local.internal_interop_switch_fqdn secrets_key_map = var.secrets_key_map properties_key_map = var.properties_key_map output_dir = var.output_dir @@ -33,10 +31,6 @@ module "mojaloop" { vault_secret_key = var.vault_secret_key role_assign_svc_secret = var.role_assign_svc_secret role_assign_svc_user = var.role_assign_svc_user - ttk_backend_fqdn = local.ttk_backend_fqdn - ttk_frontend_fqdn = local.ttk_frontend_fqdn - ttk_istio_gateway_namespace = local.ttk_istio_gateway_namespace - ttk_istio_wildcard_gateway_name = local.ttk_istio_wildcard_gateway_name istio_external_gateway_name = var.istio_external_gateway_name istio_internal_gateway_name = var.istio_internal_gateway_name istio_external_wildcard_gateway_name = local.istio_external_wildcard_gateway_name @@ -49,25 +43,16 @@ module "mojaloop" { mojaloop_enabled = var.common_var_map.mojaloop_enabled bulk_enabled = var.app_var_map.bulk_enabled third_party_enabled = var.app_var_map.third_party_enabled - mojaloop_ingress_internal_lb = var.app_var_map.mojaloop_ingress_internal_lb - mcm_ingress_internal_lb = var.app_var_map.mcm_ingress_internal_lb stateful_resources_config_file = var.mojaloop_stateful_resources_config_file local_vault_kv_root_path = local.local_vault_kv_root_path app_var_map = var.app_var_map auth_fqdn = local.auth_fqdn ory_namespace = var.ory_namespace - finance_portal_fqdn = local.finance_portal_fqdn - portal_istio_gateway_namespace = local.portal_istio_gateway_namespace - portal_istio_wildcard_gateway_name = local.portal_istio_wildcard_gateway_name - portal_istio_gateway_name = local.portal_istio_gateway_name bof_release_name = local.bof_release_name oathkeeper_auth_provider_name = local.oathkeeper_auth_provider_name keycloak_hubop_realm_name = var.keycloak_hubop_realm_name rbac_api_resources_file = var.rbac_api_resources_file - mcm_fqdn = local.mcm_fqdn - mcm_istio_gateway_namespace = local.mcm_istio_gateway_namespace - mcm_istio_wildcard_gateway_name = local.mcm_istio_wildcard_gateway_name - mcm_istio_gateway_name = local.mcm_istio_gateway_name + mojaloop_values_override_file = var.mojaloop_values_override_file fspiop_use_ory_for_auth = var.app_var_map.fspiop_use_ory_for_auth } @@ -79,8 +64,6 @@ module "pm4ml" { external_load_balancer_dns = var.external_load_balancer_dns private_subdomain = var.private_subdomain public_subdomain = var.public_subdomain - external_interop_switch_fqdn = local.external_interop_switch_fqdn - internal_interop_switch_fqdn = local.internal_interop_switch_fqdn secrets_key_map = var.secrets_key_map properties_key_map = var.properties_key_map output_dir = var.output_dir @@ -107,16 +90,8 @@ module "pm4ml" { istio_external_wildcard_gateway_name = local.istio_external_wildcard_gateway_name istio_internal_wildcard_gateway_name = local.istio_internal_wildcard_gateway_name local_vault_kv_root_path = local.local_vault_kv_root_path - portal_fqdns = local.portal_fqdns - admin_portal_fqdns = local.admin_portal_fqdns auth_fqdn = local.auth_fqdn oathkeeper_auth_provider_name = local.oathkeeper_auth_provider_name - experience_api_fqdns = local.experience_api_fqdns - mojaloop_connnector_fqdns = local.mojaloop_connnector_fqdns - ttk_backend_fqdns = local.pm4ml_ttk_backend_fqdns - ttk_frontend_fqdns = local.pm4ml_ttk_frontend_fqdns - pta_portal_fqdns = local.pm4ml_pta_portal_fqdns - test_fqdns = local.test_fqdns vault_root_ca_name = "pki-${var.cluster_name}" app_var_map = local.pm4ml_var_map bof_release_name = local.bof_release_name @@ -124,9 +99,6 @@ module "pm4ml" { role_assign_svc_secret_prefix = "role-assign-svc-secret-" portal_admin_user = var.portal_admin_user portal_admin_secret_prefix = "portal-admin-secret-" - pm4ml_istio_gateway_namespaces = local.pm4ml_istio_gateway_namespaces - pm4ml_istio_wildcard_gateway_names = local.pm4ml_istio_wildcard_gateway_names - pm4ml_istio_gateway_names = local.pm4ml_istio_gateway_names } module "vnext" { @@ -137,8 +109,6 @@ module "vnext" { external_load_balancer_dns = var.external_load_balancer_dns private_subdomain = var.private_subdomain public_subdomain = var.public_subdomain - external_interop_switch_fqdn = local.external_interop_switch_fqdn - internal_interop_switch_fqdn = local.internal_interop_switch_fqdn secrets_key_map = var.secrets_key_map properties_key_map = var.properties_key_map output_dir = var.output_dir @@ -164,14 +134,6 @@ module "vnext" { vault_secret_key = var.vault_secret_key role_assign_svc_secret = var.role_assign_svc_secret role_assign_svc_user = var.role_assign_svc_user - mcm_fqdn = local.mcm_fqdn - mcm_istio_gateway_namespace = local.mcm_istio_gateway_namespace - mcm_istio_wildcard_gateway_name = local.mcm_istio_wildcard_gateway_name - mcm_istio_gateway_name = local.mcm_istio_gateway_name - ttk_backend_fqdn = local.ttk_backend_fqdn - ttk_frontend_fqdn = local.ttk_frontend_fqdn - ttk_istio_wildcard_gateway_name = local.ttk_istio_wildcard_gateway_name - ttk_istio_gateway_namespace = local.ttk_istio_gateway_namespace istio_external_gateway_name = var.istio_external_gateway_name istio_internal_gateway_name = var.istio_internal_gateway_name istio_external_wildcard_gateway_name = local.istio_external_wildcard_gateway_name @@ -182,22 +144,16 @@ module "vnext" { mcm_enabled = var.common_var_map.mcm_enabled mcm_chart_version = var.app_var_map.mcm_chart_version vnext_enabled = var.common_var_map.vnext_enabled - vnext_ingress_internal_lb = var.app_var_map.vnext_ingress_internal_lb - mcm_ingress_internal_lb = var.app_var_map.mcm_ingress_internal_lb stateful_resources_config_file = var.vnext_stateful_resources_config_file local_vault_kv_root_path = local.local_vault_kv_root_path app_var_map = var.app_var_map auth_fqdn = local.auth_fqdn ory_namespace = var.ory_namespace - finance_portal_fqdn = local.finance_portal_fqdn bof_release_name = local.bof_release_name oathkeeper_auth_provider_name = local.oathkeeper_auth_provider_name keycloak_hubop_realm_name = var.keycloak_hubop_realm_name rbac_api_resources_file = var.rbac_api_resources_file - vnext_admin_ui_fqdn = local.vnext_admin_ui_fqdn - vnext_istio_gateway_namespace = local.vnext_istio_gateway_namespace - vnext_istio_wildcard_gateway_name = local.vnext_istio_wildcard_gateway_name - fspiop_use_ory_for_auth = var.app_var_map.fspiop_use_ory_for_auth + fspiop_use_ory_for_auth = var.app_var_map.fspiop_use_ory_for_auth } variable "app_var_map" { @@ -283,6 +239,10 @@ variable "rbac_api_resources_file" { type = string } +variable "mojaloop_values_override_file" { + type = string +} + variable "argocd_ingress_internal_lb" { default = true description = "whether argocd should only be available on private network" @@ -293,91 +253,11 @@ variable "argocd_namespace" { description = "namespace argocd is deployed to" } -variable "finanace_portal_ingress_internal_lb" { - default = false - description = "whether argocd should only be available on private network" -} - locals { + auth_fqdn = "auth.${var.public_subdomain}" pm4ml_var_map = { for pm4ml in var.app_var_map.pm4mls : pm4ml.pm4ml => pm4ml } - oidc_providers = var.common_var_map.pm4ml_enabled ? [for pm4ml in var.app_var_map.pm4mls : { - realm = "${var.keycloak_pm4ml_realm_name}-${pm4ml.pm4ml}" - client_id = "${var.pm4ml_oidc_client_id_prefix}-${pm4ml.pm4ml}" - secret_name = "${var.pm4ml_oidc_client_secret_secret}-${pm4ml.pm4ml}" - }] : [] - mojaloop_keycloak_realm_env_secret_map = { - "${var.mcm_oidc_client_secret_secret}" = var.mcm_oidc_client_secret_secret_key - "${var.jwt_client_secret_secret}" = var.jwt_client_secret_secret_key - } - pm4ml_keycloak_realm_env_secret_map = merge( - { for key, pm4ml in local.pm4ml_var_map : "${var.pm4ml_oidc_client_secret_secret}-${key}" => var.vault_secret_key }, - { for key, pm4ml in local.pm4ml_var_map : "portal-admin-secret-${key}" => var.vault_secret_key }, - { for key, pm4ml in local.pm4ml_var_map : "role-assign-svc-secret-${key}" => var.vault_secret_key } - ) - - pm4ml_wildcard_gateways = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => pm4ml.pm4ml_ingress_internal_lb ? "internal" : "external" } - - mcm_wildcard_gateway = var.app_var_map.mcm_ingress_internal_lb ? "internal" : "external" - mcm_fqdn = local.mcm_wildcard_gateway == "external" ? "mcm.${var.public_subdomain}" : "mcm.${var.private_subdomain}" - mcm_istio_gateway_namespace = local.mcm_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace - mcm_istio_wildcard_gateway_name = local.mcm_wildcard_gateway == "external" ? local.istio_external_wildcard_gateway_name : local.istio_internal_wildcard_gateway_name - mcm_istio_gateway_name = local.mcm_wildcard_gateway == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name - - auth_fqdn = "auth.${var.public_subdomain}" - external_interop_switch_fqdn = "extapi.${var.public_subdomain}" - internal_interop_switch_fqdn = "intapi.${var.private_subdomain}" - - mojaloop_wildcard_gateway = var.app_var_map.mojaloop_ingress_internal_lb ? "internal" : "external" - ttk_frontend_fqdn = local.mojaloop_wildcard_gateway == "external" ? "ttkfrontend.${var.public_subdomain}" : "ttkfrontend.${var.private_subdomain}" - ttk_backend_fqdn = local.mojaloop_wildcard_gateway == "external" ? "ttkbackend.${var.public_subdomain}" : "ttkbackend.${var.private_subdomain}" - ttk_istio_wildcard_gateway_name = local.mojaloop_wildcard_gateway == "external" ? local.istio_external_wildcard_gateway_name : local.istio_internal_wildcard_gateway_name - ttk_istio_gateway_namespace = local.mojaloop_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace - - finance_portal_wildcard_gateway = var.finanace_portal_ingress_internal_lb ? "internal" : "external" - finance_portal_fqdn = local.finance_portal_wildcard_gateway == "external" ? "finance-portal.${var.public_subdomain}" : "finance-portal.${var.private_subdomain}" - portal_istio_gateway_namespace = local.finance_portal_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace - portal_istio_wildcard_gateway_name = local.finance_portal_wildcard_gateway == "external" ? local.istio_external_wildcard_gateway_name : local.istio_internal_wildcard_gateway_name - portal_istio_gateway_name = local.finance_portal_wildcard_gateway == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name - - vnext_wildcard_gateway = var.app_var_map.vnext_ingress_internal_lb ? "internal" : "external" - vnext_admin_ui_fqdn = local.vnext_wildcard_gateway == "external" ? "vnext-admin.${var.public_subdomain}" : "vnext-admin.${var.private_subdomain}" - vnext_istio_gateway_namespace = local.vnext_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace - vnext_istio_wildcard_gateway_name = local.vnext_wildcard_gateway == "external" ? local.istio_external_wildcard_gateway_name : local.istio_internal_wildcard_gateway_name - - portal_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "portal-${pm4ml.pm4ml}.${var.public_subdomain}" : "portal-${pm4ml.pm4ml}.${var.private_subdomain}" } - admin_portal_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "admin-portal-${pm4ml.pm4ml}.${var.public_subdomain}" : "admin-portal-${pm4ml.pm4ml}.${var.private_subdomain}"} - experience_api_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "exp-${pm4ml.pm4ml}.${var.public_subdomain}" : "exp-${pm4ml.pm4ml}.${var.private_subdomain}"} - mojaloop_connnector_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "conn-${pm4ml.pm4ml}.${var.public_subdomain}" : "conn-${pm4ml.pm4ml}.${var.private_subdomain}" } - test_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "test-${pm4ml.pm4ml}.${var.public_subdomain}" : "test-${pm4ml.pm4ml}.${var.private_subdomain}" } - pm4ml_ttk_frontend_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "ttkfront-${pm4ml.pm4ml}.${var.public_subdomain}" : "ttkfront-${pm4ml.pm4ml}.${var.private_subdomain}" } - pm4ml_ttk_backend_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "ttkback-${pm4ml.pm4ml}.${var.public_subdomain}" : "ttkback-${pm4ml.pm4ml}.${var.private_subdomain}"} - pm4ml_pta_portal_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "pta-portal-${pm4ml.pm4ml}.${var.public_subdomain}" : "pta-portal-${pm4ml.pm4ml}.${var.private_subdomain}"} - - pm4ml_istio_gateway_namespaces = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace } - pm4ml_istio_wildcard_gateway_names = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? local.istio_external_wildcard_gateway_name : local.istio_internal_wildcard_gateway_name } - pm4ml_istio_gateway_names = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name } - - pm4ml_internal_wildcard_admin_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.admin_portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "internal"] - pm4ml_external_wildcard_admin_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.admin_portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external"] - pm4ml_internal_wildcard_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "internal"] - pm4ml_external_wildcard_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external"] - pm4ml_internal_wildcard_exp_hosts = [for pm4ml in local.pm4ml_var_map : local.experience_api_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "internal"] - pm4ml_external_wildcard_exp_hosts = [for pm4ml in local.pm4ml_var_map : local.experience_api_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external"] - - pm4ml_internal_gateway_hosts = concat(local.pm4ml_internal_wildcard_admin_portal_hosts, local.pm4ml_internal_wildcard_portal_hosts, local.pm4ml_internal_wildcard_exp_hosts, values(local.pm4ml_ttk_frontend_fqdns), values(local.pm4ml_ttk_backend_fqdns), values(local.test_fqdns), values(local.pm4ml_pta_portal_fqdns)) - pm4ml_external_gateway_hosts = concat(local.pm4ml_external_wildcard_admin_portal_hosts, local.pm4ml_external_wildcard_portal_hosts, local.pm4ml_external_wildcard_exp_hosts) - - keycloak_realm_env_secret_map = merge( - (var.common_var_map.mojaloop_enabled || var.common_var_map.vnext_enabled) ? local.mojaloop_keycloak_realm_env_secret_map : local.pm4ml_keycloak_realm_env_secret_map, - { - "${var.hubop_oidc_client_secret_secret}" = var.vault_secret_key - "${var.role_assign_svc_secret}" = var.vault_secret_key - "${var.portal_admin_secret}" = var.vault_secret_key - } - ) - bof_managed_portal_fqdns = (var.common_var_map.mojaloop_enabled || var.common_var_map.vnext_enabled) ? [local.finance_portal_fqdn, local.mcm_fqdn] : concat(local.pm4ml_external_wildcard_portal_hosts, local.pm4ml_internal_wildcard_portal_hosts, local.pm4ml_internal_wildcard_admin_portal_hosts, local.pm4ml_external_wildcard_admin_portal_hosts) } diff --git a/terraform/gitops/k8s-cluster-config/istio.tf b/terraform/gitops/k8s-cluster-config/istio.tf index e72b40613..27d62b099 100644 --- a/terraform/gitops/k8s-cluster-config/istio.tf +++ b/terraform/gitops/k8s-cluster-config/istio.tf @@ -39,6 +39,7 @@ module "generate_istio_files" { argocd_public_fqdn = local.argocd_public_fqdn argocd_private_fqdn = local.argocd_private_fqdn argocd_namespace = var.argocd_namespace + istio_proxy_log_level = try(var.common_var_map.istio_proxy_log_level, local.istio_proxy_log_level) } file_list = [for f in fileset(local.istio_template_path, "**/*.tpl") : trimsuffix(f, ".tpl") if !can(regex(local.istio_app_file, f))] @@ -49,8 +50,10 @@ module "generate_istio_files" { } locals { + istio_template_path = "${path.module}/../generate-files/templates/istio" istio_app_file = "istio-app.yaml" + istio_proxy_log_level = "warn" argocd_wildcard_gateway = var.argocd_ingress_internal_lb ? "internal" : "external" argocd_public_fqdn = "argocd.${var.public_subdomain}" argocd_private_fqdn = "argocd.${var.private_subdomain}" diff --git a/terraform/gitops/k8s-cluster-config/keycloak.tf b/terraform/gitops/k8s-cluster-config/keycloak.tf index 707c3b156..d9e6e5c03 100644 --- a/terraform/gitops/k8s-cluster-config/keycloak.tf +++ b/terraform/gitops/k8s-cluster-config/keycloak.tf @@ -100,4 +100,24 @@ locals { keycloak_admin_istio_gateway_namespace = local.keycloak_admin_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace keycloak_istio_gateway_name = local.keycloak_wildcard_gateway == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name keycloak_secrets_path = "/secret/keycloak" + + mojaloop_keycloak_realm_env_secret_map = { + "${var.mcm_oidc_client_secret_secret}" = var.mcm_oidc_client_secret_secret_key + "${var.jwt_client_secret_secret}" = var.jwt_client_secret_secret_key + } + + pm4ml_keycloak_realm_env_secret_map = merge( + { for key, pm4ml in local.pm4ml_var_map : "${var.pm4ml_oidc_client_secret_secret}-${key}" => var.vault_secret_key }, + { for key, pm4ml in local.pm4ml_var_map : "portal-admin-secret-${key}" => var.vault_secret_key }, + { for key, pm4ml in local.pm4ml_var_map : "role-assign-svc-secret-${key}" => var.vault_secret_key } + ) + + keycloak_realm_env_secret_map = merge( + (var.common_var_map.mojaloop_enabled || var.common_var_map.vnext_enabled) ? local.mojaloop_keycloak_realm_env_secret_map : local.pm4ml_keycloak_realm_env_secret_map, + { + "${var.hubop_oidc_client_secret_secret}" = var.vault_secret_key + "${var.role_assign_svc_secret}" = var.vault_secret_key + "${var.portal_admin_secret}" = var.vault_secret_key + } + ) } diff --git a/terraform/gitops/k8s-cluster-config/ory.tf b/terraform/gitops/k8s-cluster-config/ory.tf index e98058d84..144bb4f5c 100644 --- a/terraform/gitops/k8s-cluster-config/ory.tf +++ b/terraform/gitops/k8s-cluster-config/ory.tf @@ -10,7 +10,7 @@ module "generate_ory_files" { ory_namespace = var.ory_namespace auth_fqdn = local.auth_fqdn public_subdomain = var.public_subdomain - bof_managed_portal_fqdns = local.bof_managed_portal_fqdns + private_subdomain = var.private_subdomain keto_postgres_database = module.common_stateful_resources.stateful_resources[local.keto_postgres_resource_index].logical_service_config.database_name keto_postgres_user = module.common_stateful_resources.stateful_resources[local.keto_postgres_resource_index].logical_service_config.username keto_postgres_host = "${module.common_stateful_resources.stateful_resources[local.keto_postgres_resource_index].logical_service_config.logical_service_name}.${var.stateful_resources_namespace}.svc.cluster.local" @@ -120,4 +120,10 @@ locals { rolesPermissions = yamldecode(file(var.rbac_permissions_file)) mojaloopRoles = local.rolesPermissions["roles"] permissionExclusions = local.rolesPermissions["permission-exclusions"] + + oidc_providers = var.common_var_map.pm4ml_enabled ? [for pm4ml in var.app_var_map.pm4mls : { + realm = "${var.keycloak_pm4ml_realm_name}-${pm4ml.pm4ml}" + client_id = "${var.pm4ml_oidc_client_id_prefix}-${pm4ml.pm4ml}" + secret_name = "${var.pm4ml_oidc_client_secret_secret}-${pm4ml.pm4ml}" + }] : [] } diff --git a/terraform/gitops/mojaloop/mcm.tf b/terraform/gitops/mojaloop/mcm.tf index 9c080e551..bf44dc7a1 100644 --- a/terraform/gitops/mojaloop/mcm.tf +++ b/terraform/gitops/mojaloop/mcm.tf @@ -8,11 +8,11 @@ module "generate_mcm_files" { db_schema = module.mojaloop_stateful_resources.stateful_resources[local.mcm_resource_index].logical_service_config.database_name db_port = module.mojaloop_stateful_resources.stateful_resources[local.mcm_resource_index].logical_service_config.logical_service_port db_host = "${module.mojaloop_stateful_resources.stateful_resources[local.mcm_resource_index].logical_service_config.logical_service_name}.${var.stateful_resources_namespace}.svc.cluster.local" - mcm_fqdn = var.mcm_fqdn - mcm_istio_gateway_namespace = var.mcm_istio_gateway_namespace - mcm_istio_wildcard_gateway_name = var.mcm_istio_wildcard_gateway_name - mcm_istio_gateway_name = var.mcm_istio_gateway_name - fspiop_use_ory_for_auth = var.fspiop_use_ory_for_auth + mcm_fqdn = local.mcm_fqdn + mcm_istio_gateway_namespace = local.mcm_istio_gateway_namespace + mcm_istio_wildcard_gateway_name = local.mcm_istio_wildcard_gateway_name + mcm_istio_gateway_name = local.mcm_istio_gateway_name + fspiop_use_ory_for_auth = var.fspiop_use_ory_for_auth env_name = var.cluster_name env_cn = var.public_subdomain env_o = "Mojaloop" @@ -34,7 +34,7 @@ module "generate_mcm_files" { public_subdomain = var.public_subdomain enable_oidc = var.enable_mcm_oidc mcm_sync_wave = var.mcm_sync_wave - ingress_class = var.mcm_ingress_internal_lb ? var.internal_ingress_class_name : var.external_ingress_class_name + ingress_class = try(var.app_var_map.mcm_ingress_internal_lb, false) ? var.internal_ingress_class_name : var.external_ingress_class_name istio_create_ingress_gateways = var.istio_create_ingress_gateways pki_path = var.vault_root_ca_name dfsp_client_cert_bundle = local.dfsp_client_cert_bundle @@ -60,7 +60,7 @@ module "generate_mcm_files" { mcm_wildcard_gateway = local.mcm_wildcard_gateway istio_external_gateway_name = var.istio_external_gateway_name private_network_cidr = var.private_network_cidr - interop_switch_fqdn = var.external_interop_switch_fqdn + interop_switch_fqdn = local.external_interop_switch_fqdn keycloak_fqdn = var.keycloak_fqdn keycloak_dfsp_realm_name = var.keycloak_dfsp_realm_name keycloak_hubop_realm_name = var.keycloak_hubop_realm_name @@ -77,7 +77,7 @@ module "generate_mcm_files" { internal_load_balancer_dns = var.internal_load_balancer_dns external_load_balancer_dns = var.external_load_balancer_dns istio_internal_gateway_name = var.istio_internal_gateway_name - int_interop_switch_fqdn = var.internal_interop_switch_fqdn + int_interop_switch_fqdn = local.internal_interop_switch_fqdn mojaloop_namespace = var.mojaloop_namespace mojaloop_release_name = var.mojaloop_release_name onboarding_collection_tag = var.app_var_map.onboarding_collection_tag @@ -99,11 +99,7 @@ variable "mcm_enabled" { type = bool default = true } -variable "mcm_ingress_internal_lb" { - type = bool - description = "mcm_ingress_internal_lb" - default = false -} + variable "enable_mcm_oidc" { type = bool default = false @@ -210,26 +206,6 @@ variable "keycloak_namespace" { description = "namespace of keycloak in which to create realm" } -variable "mcm_fqdn" { - type = string - description = "hostname for mcm" -} - -variable "mcm_istio_wildcard_gateway_name" { - type = string - default = "" -} - -variable "mcm_istio_gateway_namespace" { - type = string - default = "" -} - -variable "mcm_istio_gateway_name" { - type = string - default = "" -} - variable "fspiop_use_ory_for_auth" { type = bool } @@ -238,8 +214,13 @@ locals { mcm_template_path = "${path.module}/../generate-files/templates/mcm" mcm_app_file = "mcm-app.yaml" mcm_resource_index = index(module.mojaloop_stateful_resources.stateful_resources.*.resource_name, "mcm-db") - mcm_wildcard_gateway = var.mcm_ingress_internal_lb ? "internal" : "external" + mcm_wildcard_gateway = try(var.app_var_map.mcm_ingress_internal_lb, false) ? "internal" : "external" dfsp_client_cert_bundle = "${local.onboarding_secret_path}_pm4mls" dfsp_internal_whitelist_secret = "${local.whitelist_secret_path}_pm4mls" dfsp_external_whitelist_secret = "${local.whitelist_secret_path}_fsps" + + mcm_fqdn = local.mcm_wildcard_gateway == "external" ? "mcm.${var.public_subdomain}" : "mcm.${var.private_subdomain}" + mcm_istio_gateway_namespace = local.mcm_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace + mcm_istio_wildcard_gateway_name = local.mcm_wildcard_gateway == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name + mcm_istio_gateway_name = local.mcm_wildcard_gateway == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name } diff --git a/terraform/gitops/mojaloop/mojaloop.tf b/terraform/gitops/mojaloop/mojaloop.tf index 363cf0c3b..d34760296 100644 --- a/terraform/gitops/mojaloop/mojaloop.tf +++ b/terraform/gitops/mojaloop/mojaloop.tf @@ -25,12 +25,12 @@ module "generate_mojaloop_files" { central_ledger_handler_transfer_position_batch_consume_timeout_ms = try(var.app_var_map.central_ledger_handler_transfer_position_batch_consume_timeout_ms, 10) central_ledger_cache_enabled = try(var.app_var_map.central_ledger_cache_enabled, true) central_ledger_cache_expires_in_ms = try(var.app_var_map.central_ledger_cache_expires_in_ms, 1000) - interop_switch_fqdn = var.external_interop_switch_fqdn - int_interop_switch_fqdn = var.internal_interop_switch_fqdn + interop_switch_fqdn = local.external_interop_switch_fqdn + int_interop_switch_fqdn = local.internal_interop_switch_fqdn external_ingress_class_name = var.external_ingress_class_name vault_certman_secretname = var.vault_certman_secretname nginx_jwt_namespace = var.nginx_jwt_namespace - ingress_class_name = var.mojaloop_ingress_internal_lb ? var.internal_ingress_class_name : var.external_ingress_class_name + ingress_class_name = try(var.app_var_map.mojaloop_ingress_internal_lb, true) ? var.internal_ingress_class_name : var.external_ingress_class_name istio_create_ingress_gateways = var.istio_create_ingress_gateways istio_external_gateway_name = var.istio_external_gateway_name external_load_balancer_dns = var.external_load_balancer_dns @@ -41,10 +41,10 @@ module "generate_mojaloop_files" { mojaloop_wildcard_gateway = local.mojaloop_wildcard_gateway keycloak_fqdn = var.keycloak_fqdn keycloak_realm_name = var.keycloak_hubop_realm_name - ttk_frontend_fqdn = var.ttk_frontend_fqdn - ttk_backend_fqdn = var.ttk_backend_fqdn - ttk_istio_gateway_namespace = var.ttk_istio_gateway_namespace - ttk_istio_wildcard_gateway_name = var.ttk_istio_wildcard_gateway_name + ttk_frontend_fqdn = local.ttk_frontend_fqdn + ttk_backend_fqdn = local.ttk_backend_fqdn + ttk_istio_gateway_namespace = local.ttk_istio_gateway_namespace + ttk_istio_wildcard_gateway_name = local.ttk_istio_wildcard_gateway_name kafka_host = "${module.mojaloop_stateful_resources.stateful_resources[local.mojaloop_kafka_resource_index].logical_service_config.logical_service_name}.${var.stateful_resources_namespace}.svc.cluster.local" kafka_port = module.mojaloop_stateful_resources.stateful_resources[local.mojaloop_kafka_resource_index].logical_service_config.logical_service_port account_lookup_db_existing_secret = module.mojaloop_stateful_resources.stateful_resources[local.ml_als_resource_index].logical_service_config.user_password_secret @@ -113,7 +113,7 @@ module "generate_mojaloop_files" { central_settlement_handler_deferredsettlement_replica_count = try(var.app_var_map.central_settlement_handler_deferredsettlement_replica_count, 1) central_settlement_handler_grosssettlement_replica_count = try(var.app_var_map.central_settlement_handler_grosssettlement_replica_count, 1) central_settlement_handler_rules_replica_count = try(var.app_var_map.central_settlement_handler_rules_replica_count, 1) - trasaction_requests_service_replica_count = try(var.app_var_map.trasaction_requests_service_replica_count, 1) + transaction_requests_service_replica_count = try(var.app_var_map.transaction_requests_service_replica_count, 1) auth_service_replica_count = try(var.app_var_map.auth_service_replica_count, 1) consent_oracle_replica_count = try(var.app_var_map.consent_oracle_replica_count, 1) tp_api_svc_replica_count = try(var.app_var_map.tp_api_svc_replica_count, 1) @@ -141,7 +141,7 @@ module "generate_mojaloop_files" { central_settlement_handler_deferredsettlement_affinity = try(yamlencode(var.app_var_map.workload_definitions.central_settlement.affinity_definition), null) central_settlement_handler_grosssettlement_affinity = try(yamlencode(var.app_var_map.workload_definitions.central_settlement.affinity_definition), null) central_settlement_handler_rules_affinity = try(yamlencode(var.app_var_map.workload_definitions.central_settlement.affinity_definition), null) - trasaction_requests_service_affinity = try(yamlencode(var.app_var_map.workload_definitions.core_api_adapters.affinity_definition), null) + transaction_requests_service_affinity = try(yamlencode(var.app_var_map.workload_definitions.core_api_adapters.affinity_definition), null) central_ledger_monitoring_prefix = try(var.app_var_map.central_ledger_monitoring_prefix, "moja_cl_") quoting_service_monitoring_prefix = try(var.app_var_map.quoting_service_monitoring_prefix, "moja_qs_") ml_api_adapter_monitoring_prefix = try(var.app_var_map.ml_api_adapter_monitoring_prefix, "moja_ml_") @@ -168,10 +168,10 @@ module "generate_mojaloop_files" { keto_read_url = "http://keto-read.${var.ory_namespace}.svc.cluster.local:80" keto_write_url = "http://keto-write.${var.ory_namespace}.svc.cluster.local:80" kratos_service_name = "kratos-public.${var.ory_namespace}.svc.cluster.local" - portal_fqdn = var.finance_portal_fqdn - portal_istio_gateway_namespace = var.portal_istio_gateway_namespace - portal_istio_wildcard_gateway_name = var.portal_istio_wildcard_gateway_name - portal_istio_gateway_name = var.portal_istio_gateway_name + portal_fqdn = local.finance_portal_fqdn + portal_istio_gateway_namespace = local.portal_istio_gateway_namespace + portal_istio_wildcard_gateway_name = local.portal_istio_wildcard_gateway_name + portal_istio_gateway_name = local.portal_istio_gateway_name finance_portal_release_name = "fin-portal" finance_portal_chart_version = try(var.app_var_map.finance_portal_chart_version, var.finance_portal_chart_version) oathkeeper_auth_provider_name = var.oathkeeper_auth_provider_name @@ -191,7 +191,9 @@ module "generate_mojaloop_files" { jws_rotation_period_hours = try(var.app_var_map.jws_rotation_period_hours, var.jws_rotation_period_hours) mcm_hub_jws_endpoint = "http://mcm-connection-manager-api.${var.mcm_namespace}.svc.cluster.local:3001/api/hub/jwscerts" ttk_gp_testcase_labels = try(var.app_var_map.ttk_gp_testcase_labels, var.ttk_gp_testcase_labels) + override_values_file_exists = local.override_values_file_exists fspiop_use_ory_for_auth = var.fspiop_use_ory_for_auth + } file_list = [for f in fileset(local.mojaloop_template_path, "**/*.tpl") : trimsuffix(f, ".tpl") if !can(regex(local.mojaloop_app_file, f))] template_path = local.mojaloop_template_path @@ -200,8 +202,29 @@ module "generate_mojaloop_files" { app_output_path = "${var.output_dir}/app-yamls" } +resource "local_file" "mojaloop_values_override" { + count = local.override_values_file_exists ? 1 : 0 + content = file(var.mojaloop_values_override_file) + filename = "${local.output_path}/values-mojaloop-override.yaml" + depends_on = [module.generate_mojaloop_files] +} locals { + mojaloop_wildcard_gateway = try(var.app_var_map.mojaloop_ingress_internal_lb, true) ? "internal" : "external" + ttk_frontend_fqdn = local.mojaloop_wildcard_gateway == "external" ? "ttkfrontend.${var.public_subdomain}" : "ttkfrontend.${var.private_subdomain}" + ttk_backend_fqdn = local.mojaloop_wildcard_gateway == "external" ? "ttkbackend.${var.public_subdomain}" : "ttkbackend.${var.private_subdomain}" + ttk_istio_wildcard_gateway_name = local.mojaloop_wildcard_gateway == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name + ttk_istio_gateway_namespace = local.mojaloop_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace + + finance_portal_wildcard_gateway = try(var.app_var_map.finance_portal_ingress_internal_lb, true) ? "internal" : "external" + finance_portal_fqdn = local.finance_portal_wildcard_gateway == "external" ? "finance-portal.${var.public_subdomain}" : "finance-portal.${var.private_subdomain}" + portal_istio_gateway_namespace = local.finance_portal_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace + portal_istio_wildcard_gateway_name = local.finance_portal_wildcard_gateway == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name + portal_istio_gateway_name = local.finance_portal_wildcard_gateway == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name + + external_interop_switch_fqdn = "extapi.${var.public_subdomain}" + internal_interop_switch_fqdn = "intapi.${var.private_subdomain}" + mojaloop_template_path = "${path.module}/../generate-files/templates/mojaloop" mojaloop_app_file = "mojaloop-app.yaml" output_path = "${var.output_dir}/mojaloop" @@ -216,9 +239,9 @@ locals { third_party_consent_oracle_db_resource_index = index(module.mojaloop_stateful_resources.stateful_resources.*.resource_name, "mysql-consent-oracle-db") ttk_redis_resource_index = index(module.mojaloop_stateful_resources.stateful_resources.*.resource_name, "ttk-redis") reporting_events_mongodb_resource_index = index(module.mojaloop_stateful_resources.stateful_resources.*.resource_name, "reporting-events-mongodb") - mojaloop_wildcard_gateway = var.mojaloop_ingress_internal_lb ? "internal" : "external" apiResources = yamldecode(file(var.rbac_api_resources_file)) jws_key_secret = "switch-jws" + override_values_file_exists = fileexists(var.mojaloop_values_override_file) } variable "app_var_map" { @@ -230,12 +253,6 @@ variable "mojaloop_enabled" { default = true } -variable "mojaloop_ingress_internal_lb" { - type = bool - description = "mojaloop_ingress_internal_lb" - default = true -} - variable "mojaloop_chart_repo" { description = "repo for mojaloop charts" type = string @@ -327,12 +344,6 @@ variable "quoting_service_simple_routing_mode_enabled" { default = false } -variable "ttk_frontend_fqdn" { - type = string -} -variable "ttk_backend_fqdn" { - type = string -} variable "auth_fqdn" { type = string @@ -341,9 +352,6 @@ variable "ory_namespace" { type = string } -variable "finance_portal_fqdn" { - type = string -} variable "bof_release_name" { type = string @@ -372,6 +380,10 @@ variable "rbac_api_resources_file" { type = string } +variable "mojaloop_values_override_file" { + type = string +} + variable "reporting_templates_chart_version" { type = string default = "1.1.7" @@ -396,28 +408,3 @@ variable "ttk_gp_testcase_labels" { type = string default = "p2p" } - -variable "ttk_istio_wildcard_gateway_name" { - type = string - default = "" -} - -variable "ttk_istio_gateway_namespace" { - type = string - default = "" -} - -variable "portal_istio_wildcard_gateway_name" { - type = string - default = "" -} - -variable "portal_istio_gateway_namespace" { - type = string - default = "" -} - -variable "portal_istio_gateway_name" { - type = string - default = "" -} diff --git a/terraform/gitops/mojaloop/variables.tf b/terraform/gitops/mojaloop/variables.tf index 8a00055c3..3b9f90bce 100644 --- a/terraform/gitops/mojaloop/variables.tf +++ b/terraform/gitops/mojaloop/variables.tf @@ -81,15 +81,6 @@ variable "kv_path" { description = "path for kv engine" default = "secret" } - -variable "external_interop_switch_fqdn" { - description = "fqdn for interop ext" -} - -variable "internal_interop_switch_fqdn" { - description = "fqdn for interop int" -} - variable "internal_ingress_class_name" { type = string description = "nginx_internal_namespace" diff --git a/terraform/gitops/mojaloop/vault-pki-setup.tf b/terraform/gitops/mojaloop/vault-pki-setup.tf index cc79f4825..f27754b11 100644 --- a/terraform/gitops/mojaloop/vault-pki-setup.tf +++ b/terraform/gitops/mojaloop/vault-pki-setup.tf @@ -9,7 +9,6 @@ module "generate_vault_pki_setup_files" { cert_manager_service_account_name = var.cert_manager_service_account_name gitlab_project_url = var.gitlab_project_url cert_manager_cluster_issuer_role_name = var.cert_manager_cluster_issuer_role_name - interop_switch_fqdn = var.external_interop_switch_fqdn vault_root_ca_name = var.vault_root_ca_name pki_server_cert_role = var.pki_server_cert_role pki_client_cert_role = var.pki_client_cert_role @@ -25,8 +24,8 @@ module "generate_vault_pki_setup_files" { } locals { - vault_pki_template_path = "${path.module}/../generate-files/templates/vault-pki-setup" - vault_pki_app_file = "vault-pki-app.yaml" + vault_pki_template_path = "${path.module}/../generate-files/templates/vault-pki-setup" + vault_pki_app_file = "vault-pki-app.yaml" } diff --git a/terraform/gitops/pm4ml/pm4ml.tf b/terraform/gitops/pm4ml/pm4ml.tf index 1b45f031b..4ce1b99df 100644 --- a/terraform/gitops/pm4ml/pm4ml.tf +++ b/terraform/gitops/pm4ml/pm4ml.tf @@ -17,10 +17,10 @@ module "generate_pm4ml_files" { pm4ml_wildcard_gateway = each.value.pm4ml_ingress_internal_lb ? "internal" : "external" keycloak_fqdn = var.keycloak_fqdn keycloak_pm4ml_realm_name = "${var.keycloak_pm4ml_realm_name}-${each.key}" - experience_api_fqdn = var.experience_api_fqdns[each.key] + experience_api_fqdn = local.experience_api_fqdns[each.key] kratos_service_name = "kratos-public.${var.ory_namespace}.svc.cluster.local" - portal_fqdn = var.portal_fqdns[each.key] - admin_portal_fqdn = var.admin_portal_fqdns[each.key] + portal_fqdn = local.portal_fqdns[each.key] + admin_portal_fqdn = local.admin_portal_fqdns[each.key] auth_fqdn = var.auth_fqdn admin_portal_release_name = "admin-portal-${each.key}" admin_portal_chart_version = try(var.app_var_map.admin_portal_chart_version, var.admin_portal_chart_version) @@ -39,9 +39,9 @@ module "generate_pm4ml_files" { keto_read_url = "http://keto-read.${var.ory_namespace}.svc.cluster.local:80" keto_write_url = "http://keto-write.${var.ory_namespace}.svc.cluster.local:80" pm4ml_secret_path = "${var.local_vault_kv_root_path}/${each.key}" - callback_url = "https://${var.mojaloop_connnector_fqdns[each.key]}" - mojaloop_connnector_fqdn = var.mojaloop_connnector_fqdns[each.key] - callback_fqdn = var.mojaloop_connnector_fqdns[each.key] + callback_url = "https://${local.mojaloop_connnector_fqdns[each.key]}" + mojaloop_connnector_fqdn = local.mojaloop_connnector_fqdns[each.key] + callback_fqdn = local.mojaloop_connnector_fqdns[each.key] redis_port = "6379" redis_host = "redis-master" redis_replica_count = "1" @@ -69,10 +69,10 @@ module "generate_pm4ml_files" { ttk_enabled = each.value.pm4ml_ttk_enabled core_connector_selected = each.value.core_connector_selected custom_core_connector_endpoint = each.value.custom_core_connector_endpoint - ttk_backend_fqdn = var.ttk_backend_fqdns[each.key] - ttk_frontend_fqdn = var.ttk_frontend_fqdns[each.key] - pta_portal_fqdn = var.pta_portal_fqdns[each.key] - test_fqdn = var.test_fqdns[each.key] + ttk_backend_fqdn = local.pm4ml_ttk_frontend_fqdns[each.key] + ttk_frontend_fqdn = local.pm4ml_ttk_frontend_fqdns[each.key] + pta_portal_fqdn = local.pm4ml_pta_portal_fqdns[each.key] + test_fqdn = local.test_fqdns[each.key] ory_namespace = var.ory_namespace oathkeeper_auth_provider_name = var.oathkeeper_auth_provider_name istio_create_ingress_gateways = var.istio_create_ingress_gateways @@ -87,9 +87,9 @@ module "generate_pm4ml_files" { pm4ml_reserve_notification = each.value.pm4ml_reserve_notification core_connector_config = each.value.core_connector_config payment_token_adapter_config = each.value.payment_token_adapter_config - pm4ml_istio_gateway_namespace = var.pm4ml_istio_gateway_namespaces[each.key] - pm4ml_istio_wildcard_gateway_name = var.pm4ml_istio_wildcard_gateway_names[each.key] - pm4ml_istio_gateway_name = var.pm4ml_istio_gateway_names[each.key] + pm4ml_istio_gateway_namespace = local.pm4ml_istio_gateway_namespaces[each.key] + pm4ml_istio_wildcard_gateway_name = local.pm4ml_istio_wildcard_gateway_names[each.key] + pm4ml_istio_gateway_name = local.pm4ml_istio_gateway_names[each.key] } @@ -104,18 +104,37 @@ module "generate_pm4ml_files" { locals { pm4ml_template_path = "${path.module}/../generate-files/templates/pm4ml" pm4ml_app_file = "pm4ml-app.yaml" + + pm4ml_var_map = var.app_var_map + + pm4ml_wildcard_gateways = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => pm4ml.pm4ml_ingress_internal_lb ? "internal" : "external" } + + portal_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "portal-${pm4ml.pm4ml}.${var.public_subdomain}" : "portal-${pm4ml.pm4ml}.${var.private_subdomain}" } + admin_portal_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "admin-portal-${pm4ml.pm4ml}.${var.public_subdomain}" : "admin-portal-${pm4ml.pm4ml}.${var.private_subdomain}"} + experience_api_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "exp-${pm4ml.pm4ml}.${var.public_subdomain}" : "exp-${pm4ml.pm4ml}.${var.private_subdomain}"} + mojaloop_connnector_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "conn-${pm4ml.pm4ml}.${var.public_subdomain}" : "conn-${pm4ml.pm4ml}.${var.private_subdomain}" } + test_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "test-${pm4ml.pm4ml}.${var.public_subdomain}" : "test-${pm4ml.pm4ml}.${var.private_subdomain}" } + pm4ml_ttk_frontend_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "ttkfront-${pm4ml.pm4ml}.${var.public_subdomain}" : "ttkfront-${pm4ml.pm4ml}.${var.private_subdomain}" } + pm4ml_ttk_backend_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "ttkback-${pm4ml.pm4ml}.${var.public_subdomain}" : "ttkback-${pm4ml.pm4ml}.${var.private_subdomain}"} + pm4ml_pta_portal_fqdns = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? "pta-portal-${pm4ml.pm4ml}.${var.public_subdomain}" : "pta-portal-${pm4ml.pm4ml}.${var.private_subdomain}"} + + pm4ml_istio_gateway_namespaces = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace } + pm4ml_istio_wildcard_gateway_names = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name } + pm4ml_istio_gateway_names = { for pm4ml in local.pm4ml_var_map : pm4ml.pm4ml => local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name } + + pm4ml_internal_wildcard_admin_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.admin_portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "internal"] + pm4ml_external_wildcard_admin_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.admin_portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external"] + pm4ml_internal_wildcard_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "internal"] + pm4ml_external_wildcard_portal_hosts = [for pm4ml in local.pm4ml_var_map : local.portal_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external"] + pm4ml_internal_wildcard_exp_hosts = [for pm4ml in local.pm4ml_var_map : local.experience_api_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "internal"] + pm4ml_external_wildcard_exp_hosts = [for pm4ml in local.pm4ml_var_map : local.experience_api_fqdns[pm4ml.pm4ml] if local.pm4ml_wildcard_gateways[pm4ml.pm4ml] == "external"] } variable "app_var_map" { type = any } -variable "portal_fqdns" { - description = "fqdns for pm4ml portal" -} -variable "admin_portal_fqdns" { - description = "fqdns for pm4ml admin portal" -} + variable "auth_fqdn" { type = string } @@ -123,25 +142,7 @@ variable "auth_fqdn" { variable "oathkeeper_auth_provider_name" { type = string } -variable "experience_api_fqdns" { - description = "fqdns for pm4ml experience api" -} -variable "mojaloop_connnector_fqdns" { - description = "fqdns for pm4ml connector" -} -variable "test_fqdns" { - description = "fqdns for pm4ml test" -} -variable "ttk_backend_fqdns" { - description = "fqdns for pm4ml ttk back" -} -variable "ttk_frontend_fqdns" { - description = "fqdns for pm4ml ttk front" -} -variable "pta_portal_fqdns" { - description = "fqdns for pm4ml payment token adapter portal" -} variable "pm4ml_vault_k8s_role_name" { description = "vault k8s role name for pm4ml" type = string @@ -241,18 +242,6 @@ variable "portal_admin_secret_prefix" { type = string } -variable "pm4ml_istio_gateway_namespaces" { - description = "fqdns for pm4ml portal" -} - -variable "pm4ml_istio_wildcard_gateway_names" { - description = "fqdns for pm4ml portal" -} - -variable "pm4ml_istio_gateway_names" { - description = "fqdns for pm4ml portal" -} - locals { nat_cidr_list = join(", ", [for ip in var.nat_public_ips : format("%s/32", ip)]) } diff --git a/terraform/gitops/pm4ml/variables.tf b/terraform/gitops/pm4ml/variables.tf index 114d760c5..eb933542d 100644 --- a/terraform/gitops/pm4ml/variables.tf +++ b/terraform/gitops/pm4ml/variables.tf @@ -20,7 +20,7 @@ variable "gitlab_project_url" { } variable "nat_public_ips" { - type = list + type = list(any) description = "nat_public_ips" } variable "internal_load_balancer_dns" { @@ -82,14 +82,6 @@ variable "kv_path" { default = "secret" } -variable "external_interop_switch_fqdn" { - description = "fqdn for interop ext" -} - -variable "internal_interop_switch_fqdn" { - description = "fqdn for interop int" -} - variable "internal_ingress_class_name" { type = string description = "nginx_internal_namespace" @@ -153,11 +145,11 @@ variable "vault_namespace" { description = "vault_namespace" } variable "cert_manager_namespace" { - type = string + type = string description = "cert_manager_namespace" } variable "vault_certman_secretname" { description = "secret name to create for tls offloading via certmanager" type = string default = "vault-tls-cert" -} \ No newline at end of file +} diff --git a/terraform/gitops/pm4ml/vault-pki-setup.tf b/terraform/gitops/pm4ml/vault-pki-setup.tf index 458965e68..9708709fd 100644 --- a/terraform/gitops/pm4ml/vault-pki-setup.tf +++ b/terraform/gitops/pm4ml/vault-pki-setup.tf @@ -8,7 +8,6 @@ module "generate_vault_pki_setup_files" { cert_manager_service_account_name = var.cert_manager_service_account_name gitlab_project_url = var.gitlab_project_url cert_manager_cluster_issuer_role_name = var.cert_manager_cluster_issuer_role_name - interop_switch_fqdn = var.external_interop_switch_fqdn vault_root_ca_name = var.vault_root_ca_name pki_server_cert_role = var.pki_server_cert_role pki_client_cert_role = var.pki_client_cert_role @@ -24,8 +23,8 @@ module "generate_vault_pki_setup_files" { } locals { - vault_pki_template_path = "${path.module}/../generate-files/templates/vault-pki-setup" - vault_pki_app_file = "vault-pki-app.yaml" + vault_pki_template_path = "${path.module}/../generate-files/templates/vault-pki-setup" + vault_pki_app_file = "vault-pki-app.yaml" } @@ -77,4 +76,4 @@ variable "vault_pki_sync_wave" { variable "local_vault_kv_root_path" { description = "vault kv secret root" type = string -} \ No newline at end of file +} diff --git a/terraform/gitops/vnext/mcm.tf b/terraform/gitops/vnext/mcm.tf index 34db4050f..d8876fc3d 100644 --- a/terraform/gitops/vnext/mcm.tf +++ b/terraform/gitops/vnext/mcm.tf @@ -8,10 +8,10 @@ module "generate_mcm_files" { db_schema = module.vnext_stateful_resources.stateful_resources[local.mcm_resource_index].logical_service_config.database_name db_port = module.vnext_stateful_resources.stateful_resources[local.mcm_resource_index].logical_service_config.logical_service_port db_host = "${module.vnext_stateful_resources.stateful_resources[local.mcm_resource_index].logical_service_config.logical_service_name}.${var.stateful_resources_namespace}.svc.cluster.local" - mcm_fqdn = var.mcm_fqdn - mcm_istio_gateway_namespace = var.mcm_istio_gateway_namespace - mcm_istio_wildcard_gateway_name = var.mcm_istio_wildcard_gateway_name - mcm_istio_gateway_name = var.mcm_istio_gateway_name + mcm_fqdn = local.mcm_fqdn + mcm_istio_gateway_namespace = local.mcm_istio_gateway_namespace + mcm_istio_wildcard_gateway_name = local.mcm_istio_wildcard_gateway_name + mcm_istio_gateway_name = local.mcm_istio_gateway_name fspiop_use_ory_for_auth = var.fspiop_use_ory_for_auth env_name = var.cluster_name env_cn = var.public_subdomain @@ -34,7 +34,7 @@ module "generate_mcm_files" { public_subdomain = var.public_subdomain enable_oidc = var.enable_mcm_oidc mcm_sync_wave = var.mcm_sync_wave - ingress_class = var.mcm_ingress_internal_lb ? var.internal_ingress_class_name : var.external_ingress_class_name + ingress_class = try(var.app_var_map.mcm_ingress_internal_lb, false) ? var.internal_ingress_class_name : var.external_ingress_class_name istio_create_ingress_gateways = var.istio_create_ingress_gateways pki_path = var.vault_root_ca_name dfsp_client_cert_bundle = local.dfsp_client_cert_bundle @@ -60,7 +60,7 @@ module "generate_mcm_files" { mcm_wildcard_gateway = local.mcm_wildcard_gateway istio_external_gateway_name = var.istio_external_gateway_name private_network_cidr = var.private_network_cidr - interop_switch_fqdn = var.external_interop_switch_fqdn + interop_switch_fqdn = local.external_interop_switch_fqdn keycloak_fqdn = var.keycloak_fqdn keycloak_dfsp_realm_name = var.keycloak_dfsp_realm_name keycloak_hubop_realm_name = var.keycloak_hubop_realm_name @@ -77,7 +77,7 @@ module "generate_mcm_files" { internal_load_balancer_dns = var.internal_load_balancer_dns external_load_balancer_dns = var.external_load_balancer_dns istio_internal_gateway_name = var.istio_internal_gateway_name - int_interop_switch_fqdn = var.internal_interop_switch_fqdn + int_interop_switch_fqdn = local.internal_interop_switch_fqdn mojaloop_namespace = var.vnext_namespace mojaloop_release_name = var.vnext_release_name onboarding_collection_tag = var.app_var_map.onboarding_collection_tag @@ -99,11 +99,6 @@ variable "mcm_enabled" { type = bool default = true } -variable "mcm_ingress_internal_lb" { - type = bool - description = "mcm_ingress_internal_lb" - default = false -} variable "enable_mcm_oidc" { type = bool default = false @@ -210,26 +205,6 @@ variable "keycloak_namespace" { description = "namespace of keycloak in which to create realm" } -variable "mcm_fqdn" { - type = string - description = "hostname for mcm" -} - -variable "mcm_istio_wildcard_gateway_name" { - type = string - default = "" -} - -variable "mcm_istio_gateway_namespace" { - type = string - default = "" -} - -variable "mcm_istio_gateway_name" { - type = string - default = "" -} - variable "fspiop_use_ory_for_auth" { type = bool } @@ -238,8 +213,13 @@ locals { mcm_template_path = "${path.module}/../generate-files/templates/mcm" mcm_app_file = "mcm-app.yaml" mcm_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "mcm-db") - mcm_wildcard_gateway = var.mcm_ingress_internal_lb ? "internal" : "external" + mcm_wildcard_gateway = try(var.app_var_map.mcm_ingress_internal_lb, false) ? "internal" : "external" dfsp_client_cert_bundle = "${local.onboarding_secret_path}_pm4mls" dfsp_internal_whitelist_secret = "${local.whitelist_secret_path}_pm4mls" dfsp_external_whitelist_secret = "${local.whitelist_secret_path}_fsps" + + mcm_fqdn = local.mcm_wildcard_gateway == "external" ? "mcm.${var.public_subdomain}" : "mcm.${var.private_subdomain}" + mcm_istio_gateway_namespace = local.mcm_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace + mcm_istio_wildcard_gateway_name = local.mcm_wildcard_gateway == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name + mcm_istio_gateway_name = local.mcm_wildcard_gateway == "external" ? var.istio_external_gateway_name : var.istio_internal_gateway_name } diff --git a/terraform/gitops/vnext/variables.tf b/terraform/gitops/vnext/variables.tf index 8a00055c3..dc4e5bbec 100644 --- a/terraform/gitops/vnext/variables.tf +++ b/terraform/gitops/vnext/variables.tf @@ -82,14 +82,6 @@ variable "kv_path" { default = "secret" } -variable "external_interop_switch_fqdn" { - description = "fqdn for interop ext" -} - -variable "internal_interop_switch_fqdn" { - description = "fqdn for interop int" -} - variable "internal_ingress_class_name" { type = string description = "nginx_internal_namespace" diff --git a/terraform/gitops/vnext/vault-pki-setup.tf b/terraform/gitops/vnext/vault-pki-setup.tf index 6bfc8c0da..f27754b11 100644 --- a/terraform/gitops/vnext/vault-pki-setup.tf +++ b/terraform/gitops/vnext/vault-pki-setup.tf @@ -9,7 +9,6 @@ module "generate_vault_pki_setup_files" { cert_manager_service_account_name = var.cert_manager_service_account_name gitlab_project_url = var.gitlab_project_url cert_manager_cluster_issuer_role_name = var.cert_manager_cluster_issuer_role_name - interop_switch_fqdn = var.external_interop_switch_fqdn vault_root_ca_name = var.vault_root_ca_name pki_server_cert_role = var.pki_server_cert_role pki_client_cert_role = var.pki_client_cert_role diff --git a/terraform/gitops/vnext/vnext.tf b/terraform/gitops/vnext/vnext.tf index 0ed75320f..ebc65134d 100644 --- a/terraform/gitops/vnext/vnext.tf +++ b/terraform/gitops/vnext/vnext.tf @@ -7,8 +7,8 @@ module "generate_vnext_files" { vnext_chart_version = try(var.app_var_map.vnext_chart_version, var.vnext_chart_version) vnext_release_name = var.vnext_release_name vnext_namespace = var.vnext_namespace - interop_switch_fqdn = var.external_interop_switch_fqdn - int_interop_switch_fqdn = var.internal_interop_switch_fqdn + interop_switch_fqdn = local.external_interop_switch_fqdn + int_interop_switch_fqdn = local.internal_interop_switch_fqdn storage_class_name = var.storage_class_name vnext_sync_wave = var.vnext_sync_wave vault_certman_secretname = var.vault_certman_secretname @@ -22,10 +22,10 @@ module "generate_vnext_files" { vnext_wildcard_gateway = local.vnext_wildcard_gateway keycloak_fqdn = var.keycloak_fqdn keycloak_realm_name = var.keycloak_hubop_realm_name - ttk_frontend_fqdn = var.ttk_frontend_fqdn - ttk_backend_fqdn = var.ttk_backend_fqdn - ttk_istio_wildcard_gateway_name = var.ttk_istio_wildcard_gateway_name - ttk_istio_gateway_namespace = var.ttk_istio_gateway_namespace + ttk_frontend_fqdn = local.ttk_frontend_fqdn + ttk_backend_fqdn = local.ttk_backend_fqdn + ttk_istio_wildcard_gateway_name = local.ttk_istio_wildcard_gateway_name + ttk_istio_gateway_namespace = local.ttk_istio_gateway_namespace kafka_host = "${module.vnext_stateful_resources.stateful_resources[local.vnext_kafka_resource_index].logical_service_config.logical_service_name}.${var.stateful_resources_namespace}.svc.cluster.local" kafka_port = module.vnext_stateful_resources.stateful_resources[local.vnext_kafka_resource_index].logical_service_config.logical_service_port redis_host = "${module.vnext_stateful_resources.stateful_resources[local.vnext_redis_resource_index].logical_service_config.logical_service_name}.${var.stateful_resources_namespace}.svc.cluster.local" @@ -46,7 +46,6 @@ module "generate_vnext_files" { keto_read_url = "http://keto-read.${var.ory_namespace}.svc.cluster.local:80" keto_write_url = "http://keto-write.${var.ory_namespace}.svc.cluster.local:80" kratos_service_name = "kratos-public.${var.ory_namespace}.svc.cluster.local" - portal_fqdn = var.finance_portal_fqdn finance_portal_release_name = "fin-portal" finance_portal_chart_version = try(var.app_var_map.finance_portal_chart_version, var.finance_portal_chart_version) oathkeeper_auth_provider_name = var.oathkeeper_auth_provider_name @@ -64,9 +63,9 @@ module "generate_vnext_files" { jws_rotation_renew_before_hours = try(var.app_var_map.jws_rotation_renew_before_hours, var.jws_rotation_renew_before_hours) jws_rotation_period_hours = try(var.app_var_map.jws_rotation_period_hours, var.jws_rotation_period_hours) mcm_hub_jws_endpoint = "http://mcm-connection-manager-api.${var.mcm_namespace}.svc.cluster.local:3001/api/hub/jwscerts" - vnext_admin_ui_fqdn = var.vnext_admin_ui_fqdn - vnext_istio_gateway_namespace = var.vnext_istio_gateway_namespace - vnext_istio_wildcard_gateway_name = var.vnext_istio_wildcard_gateway_name + vnext_admin_ui_fqdn = local.vnext_admin_ui_fqdn + vnext_istio_gateway_namespace = local.vnext_istio_gateway_namespace + vnext_istio_wildcard_gateway_name = local.vnext_istio_wildcard_gateway_name } file_list = [for f in fileset(local.vnext_template_path, "**/*.tpl") : trimsuffix(f, ".tpl") if !can(regex(local.vnext_app_file, f))] template_path = local.vnext_template_path @@ -77,14 +76,24 @@ module "generate_vnext_files" { locals { - vnext_template_path = "${path.module}/../generate-files/templates/vnext" - vnext_app_file = "vnext-app.yaml" - vnext_kafka_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "vnext-kafka") - vnext_redis_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "vnext-redis") - vnext_mongodb_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "vnext-mongodb") - vnext_wildcard_gateway = var.vnext_ingress_internal_lb ? "internal" : "external" - apiResources = yamldecode(file(var.rbac_api_resources_file)) - jws_key_secret = "switch-jws" + vnext_wildcard_gateway = try(var.app_var_map.vnext_ingress_internal_lb, true) ? "internal" : "external" + vnext_admin_ui_fqdn = local.vnext_wildcard_gateway == "external" ? "vnext-admin.${var.public_subdomain}" : "vnext-admin.${var.private_subdomain}" + vnext_istio_gateway_namespace = local.vnext_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace + vnext_istio_wildcard_gateway_name = local.vnext_wildcard_gateway == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name + + ttk_frontend_fqdn = local.vnext_wildcard_gateway == "external" ? "ttkfrontend.${var.public_subdomain}" : "ttkfrontend.${var.private_subdomain}" + ttk_backend_fqdn = local.vnext_wildcard_gateway == "external" ? "ttkbackend.${var.public_subdomain}" : "ttkbackend.${var.private_subdomain}" + ttk_istio_wildcard_gateway_name = local.vnext_wildcard_gateway == "external" ? var.istio_external_wildcard_gateway_name : var.istio_internal_wildcard_gateway_name + ttk_istio_gateway_namespace = local.vnext_wildcard_gateway == "external" ? var.istio_external_gateway_namespace : var.istio_internal_gateway_namespace + external_interop_switch_fqdn = "extapi.${var.public_subdomain}" + internal_interop_switch_fqdn = "intapi.${var.private_subdomain}" + vnext_template_path = "${path.module}/../generate-files/templates/vnext" + vnext_app_file = "vnext-app.yaml" + vnext_kafka_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "vnext-kafka") + vnext_redis_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "vnext-redis") + vnext_mongodb_resource_index = index(module.vnext_stateful_resources.stateful_resources.*.resource_name, "vnext-mongodb") + apiResources = yamldecode(file(var.rbac_api_resources_file)) + jws_key_secret = "switch-jws" } variable "app_var_map" { @@ -96,12 +105,6 @@ variable "vnext_enabled" { default = true } -variable "vnext_ingress_internal_lb" { - type = bool - description = "vnext_ingress_internal_lb" - default = true -} - variable "vnext_chart_repo" { description = "repo for vnext charts" type = string @@ -135,17 +138,6 @@ variable "vnext_sync_wave" { default = "0" } -variable "ttk_frontend_fqdn" { - type = string -} -variable "ttk_backend_fqdn" { - type = string -} - -variable "vnext_admin_ui_fqdn" { - type = string -} - variable "auth_fqdn" { type = string } @@ -153,10 +145,6 @@ variable "ory_namespace" { type = string } -variable "finance_portal_fqdn" { - type = string -} - variable "bof_release_name" { type = string } @@ -203,23 +191,3 @@ variable "ttk_gp_testcase_labels" { type = string default = "p2p" } - -variable "ttk_istio_wildcard_gateway_name" { - type = string - default = "" -} - -variable "ttk_istio_gateway_namespace" { - type = string - default = "" -} - -variable "vnext_istio_wildcard_gateway_name" { - type = string - default = "" -} - -variable "vnext_istio_gateway_namespace" { - type = string - default = "" -} \ No newline at end of file diff --git a/terraform/k8s/default-config/common-vars.yaml b/terraform/k8s/default-config/common-vars.yaml index 11ba4b20c..ec6c54b67 100644 --- a/terraform/k8s/default-config/common-vars.yaml +++ b/terraform/k8s/default-config/common-vars.yaml @@ -34,4 +34,5 @@ prometheus_retention_period: 10d istio_egress_gateway_max_replicas: 5 microk8s_version: 1.29/stable alertmanager_enabled: false +istio_proxy_log_level: warn longhorn_backup_job_enabled: true diff --git a/terraform/k8s/default-config/mojaloop-values-override.yaml b/terraform/k8s/default-config/mojaloop-values-override.yaml new file mode 100644 index 000000000..b25990de3 --- /dev/null +++ b/terraform/k8s/default-config/mojaloop-values-override.yaml @@ -0,0 +1,216 @@ +account-lookup-service: + account-lookup-service: + replicaCount: 12 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + account-lookup-service-admin: + replicaCount: 1 +quoting-service: + quoting-service: + replicaCount: 4 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + quoting-service-handler: + replicaCount: 12 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 +ml-api-adapter: + ml-api-adapter-service: + replicaCount: 4 + config: + event_log_filter: "" + ml-api-adapter-handler-notification: + replicaCount: 12 + config: + event_log_filter: "" +centralledger: + centralledger-service: + replicaCount: 8 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-transfer-prepare: + replicaCount: 12 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-transfer-position: + replicaCount: 8 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-transfer-position-batch: + replicaCount: 12 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-transfer-get: + replicaCount: 1 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-transfer-fulfil: + replicaCount: 12 + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-timeout: + config: + event_log_filter: "" + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + centralledger-handler-admin-transfer: + replicaCount: 1 + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 +centralsettlement: + centralsettlement-service: + replicaCount: 1 + config: + event_log_filter: "" + centralsettlement-handler-deferredsettlement: + replicaCount: 1 + config: + event_log_filter: "" + centralsettlement-handler-grosssettlement: + replicaCount: 1 + config: + event_log_filter: "" + centralsettlement-handler-rules: + replicaCount: 1 + config: + event_log_filter: "" +transaction-requests-service: + replicaCount: 4 + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 + sidecar: + readinessProbe: + initialDelaySeconds: 5 + livenessProbe: + initialDelaySeconds: 5 +thirdparty: + auth-svc: + replicaCount: 1 + consent-oracle: + replicaCount: 1 + tp-api-svc: + replicaCount: 1 +mojaloop-bulk: + bulk-api-adapter: + bulk-api-adapter-service: + replicaCount: 1 + config: + event_log_filter: "" + bulk-api-adapter-handler-notification: + replicaCount: 1 + config: + event_log_filter: "" + bulk-centralledger: + cl-handler-bulk-transfer-prepare: + replicaCount: 1 + config: + event_log_filter: "" + cl-handler-bulk-transfer-fulfil: + replicaCount: 1 + config: + event_log_filter: "" + cl-handler-bulk-transfer-processing: + replicaCount: 1 + config: + event_log_filter: "" + cl-handler-bulk-transfer-get: + replicaCount: 1 + config: + event_log_filter: "" diff --git a/terraform/k8s/default-config/mojaloop-vars.yaml b/terraform/k8s/default-config/mojaloop-vars.yaml index d1f38bf19..bd62df7e4 100644 --- a/terraform/k8s/default-config/mojaloop-vars.yaml +++ b/terraform/k8s/default-config/mojaloop-vars.yaml @@ -4,34 +4,6 @@ mcm_chart_version: 0.7.7 mojaloop_chart_version: 16.0.0 mcm_ingress_internal_lb: false mojaloop_ingress_internal_lb: true -#replica counts -account_lookup_service_replica_count: 1 -account_lookup_service_admin_replica_count: 1 -quoting_service_replica_count: 1 -quoting_service_handler_replica_count: 1 -ml_api_adapter_service_replica_count: 1 -ml_api_adapter_handler_notifications_replica_count: 1 -central_ledger_service_replica_count: 1 -central_ledger_handler_transfer_prepare_replica_count: 1 -central_ledger_handler_transfer_position_replica_count: 1 -central_ledger_handler_transfer_position_batch_replica_count: 1 -central_ledger_handler_transfer_get_replica_count: 1 -central_ledger_handler_transfer_fulfil_replica_count: 1 -central_ledger_handler_admin_transfer_replica_count: 1 -central_settlement_service_replica_count: 1 -central_settlement_handler_deferredsettlement_replica_count: 1 -central_settlement_handler_grosssettlement_replica_count: 1 -central_settlement_handler_rules_replica_count: 1 -trasaction_requests_service_replica_count: 1 -auth_service_replica_count: 1 -consent_oracle_replica_count: 1 -tp_api_svc_replica_count: 1 -bulk_api-adapter_service_replica_count: 1 -bulk_api_adapter_handler_notification_replica_count: 1 -cl_handler_bulk_transfer_prepare_replica_count: 1 -cl_handler_bulk_transfer_fulfil_replica_count: 1 -cl_handler_bulk_transfer_processing_replica_count: 1 -cl_handler_bulk_transfer_get_replica_count: 1 onboarding_collection_tag: 15.2.0 grafana_dashboard_tag: 15.2.0 enable_istio_injection: true diff --git a/terraform/k8s/gitops-build/terragrunt.hcl b/terraform/k8s/gitops-build/terragrunt.hcl index 0d02611e3..0d23bbdad 100644 --- a/terraform/k8s/gitops-build/terragrunt.hcl +++ b/terraform/k8s/gitops-build/terragrunt.hcl @@ -2,7 +2,6 @@ terraform { source = "git::https://github.com/mojaloop/iac-modules.git//terraform/gitops/k8s-cluster-config?ref=${get_env("iac_terraform_modules_tag")}" } - include "root" { path = find_in_parent_folders() } @@ -15,7 +14,7 @@ dependency "k8s_store_config" { dependency "k8s_deploy" { config_path = "../k8s-deploy" mock_outputs = { - nat_public_ips = [""] + nat_public_ips = [""] internal_load_balancer_dns = "" external_load_balancer_dns = "" private_subdomain = "" @@ -63,6 +62,7 @@ inputs = { stateful_resources_config_file = find_in_parent_folders("${get_env("CONFIG_PATH")}/common-stateful-resources.json") mojaloop_stateful_resources_config_file = find_in_parent_folders("${get_env("CONFIG_PATH")}/mojaloop-stateful-resources.json") vnext_stateful_resources_config_file = find_in_parent_folders("${get_env("CONFIG_PATH")}/vnext-stateful-resources.json") + mojaloop_values_override_file = find_in_parent_folders("${get_env("CONFIG_PATH")}/mojaloop-values-override.yaml", "mojaloop-values-override.yaml") current_gitlab_project_id = local.GITLAB_CURRENT_PROJECT_ID gitlab_group_name = local.GITLAB_CURRENT_GROUP_NAME gitlab_api_url = local.GITLAB_API_URL