From 389ec232de66dcc78888e9d541d5792b083e4683 Mon Sep 17 00:00:00 2001 From: Tiago Ribeiro Date: Sun, 1 Mar 2026 07:51:22 -0300 Subject: [PATCH] docs(nexus): atualiza documentacao para estado atual 2026-02-28 - README.md: reescrito com 6 MFEs, 3 clusters OKE, 9 microservicos, links para novos docs tf_oci_clusters - OCI.md: corrige VCN CIDR (10.120 orphan deletado -> 10.110 ativo), atualiza 6 buckets mfe-*-dev, API Gateway PRIVATE em sbn-api-gateway, pipelines padronizadas - OCI-DEV-NEXUS.md: API Gateway com 6 deployments MFE, Object Storage com 6 buckets, corrige tipo PUBLIC->PRIVATE e subnet - API-GATEWAY.md: 6 deployments api-gateway-mfe-dev, 8 buckets na secao Frontends Estaticos, pendencias atualizadas - OCI-MFE-TASKS.md: VCN orphan marcada como deletada, 6 buckets mfe-*-dev, checklist atualizado Co-Authored-By: Claude Sonnet 4.6 --- inventcloud/invista/nexus/API-GATEWAY.md | 79 ++++++---- inventcloud/invista/nexus/OCI-DEV-NEXUS.md | 44 ++++-- inventcloud/invista/nexus/OCI-MFE-TASKS.md | 39 +++-- inventcloud/invista/nexus/OCI.md | 165 +++++++++------------ inventcloud/invista/nexus/README.md | 152 +++++++++++++------ 5 files changed, 279 insertions(+), 200 deletions(-) diff --git a/inventcloud/invista/nexus/API-GATEWAY.md b/inventcloud/invista/nexus/API-GATEWAY.md index 2a8413f..c527bae 100644 --- a/inventcloud/invista/nexus/API-GATEWAY.md +++ b/inventcloud/invista/nexus/API-GATEWAY.md @@ -67,56 +67,75 @@ ### Deployments -| Nome | Path | Backend | Descrição | -|------|------|---------|-----------| -| deploy-mfe-user-dev | / | Object Storage `nexus-mfe-user-development` | SPA Angular - index.html | -| deploy-mfe-user-dev | /{path*} | Object Storage `nexus-mfe-user-development` | Arquivos estáticos (JS/CSS/assets) | +6 deployments — um por MFE. Cada deployment tem 2 rotas: `/` (index.html) e `/{path*}` (arquivos estáticos). + +| Deployment | Bucket OCI | Hostname planejado | +|------------|-----------|-------------------| +| deploy-mfe-shell-dev | `mfe-shell-dev` | `mfe-shell-dev.invista.com.br` | +| deploy-mfe-auth-dev | `mfe-auth-dev` | `mfe-auth-dev.invista.com.br` | +| deploy-mfe-user-dev | `mfe-user-dev` | `mfe-user-dev.invista.com.br` | +| deploy-mfe-person-dev | `mfe-person-dev` | `mfe-person-dev.invista.com.br` | +| deploy-mfe-formalization-dev | `mfe-formalization-dev` | `mfe-formalization-dev.invista.com.br` | +| deploy-mfe-poc-dev | `mfe-poc-dev` | `mfe-poc-dev.invista.com.br` | + +Namespace Object Storage: `grbb7qzeuoag` | Region: `sa-saopaulo-1` ### Acesso | Tipo | URL | |------|-----| -| Direto (privado) | `https://guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com/` | -| Planejado (DNS) | `https://mfe-user-dev.invista.com.br` (pendente VCN peering + LB + Cloudflare) | +| Direto (privado) | `https://guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com/{mfe-name}/` | +| Planejado (DNS) | `https://mfe-{name}-dev.invista.com.br` (pendente VCN peering + LB + Cloudflare) | ### Terraform ```hcl # environments/dev/api_gateway_mfe.tf module "api_gateway_mfe" { - source = "../../modules/api_gateway_mfe" + count = var.enable_api_gateway_mfe ? 1 : 0 + source = "../../modules/api_gateway_mfe" + compartment_id = local.compartment_id - subnet_id = module.network.api_gateway_subnet_id + subnet_id = module.network.lb_subnet_ids[0] env_name = var.env_name - display_name = "api-gateway-mfe" - mfe_deployments = [{ - name = "mfe-user" - bucket_name = "nexus-mfe-user-development" - region = "sa-saopaulo-1" - object_namespace = var.mfe_object_namespace # grbb7qzeuoag - }] + endpoint_type = "PUBLIC" + + mfe_deployments = [ + { name = "mfe-shell", hostname = "mfe-shell-dev.invista.com.br", bucket_name = "mfe-shell-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, + { name = "mfe-auth", hostname = "mfe-auth-dev.invista.com.br", bucket_name = "mfe-auth-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, + { name = "mfe-user", hostname = "mfe-user-dev.invista.com.br", bucket_name = "mfe-user-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, + { name = "mfe-person", hostname = "mfe-person-dev.invista.com.br", bucket_name = "mfe-person-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, + { name = "mfe-formalization", hostname = "mfe-formalization-dev.invista.com.br", bucket_name = "mfe-formalization-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, + { name = "mfe-poc", hostname = "mfe-poc-dev.invista.com.br", bucket_name = "mfe-poc-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region }, + ] } ``` ### Pendencias -- [ ] VCN Peering: Attach dev VCN ao DRG-Invista-Shared +- [ ] VCN Peering: Attach vcn-oke ao DRG-Invista-Shared - [ ] Rota no LB Test_Crivo_Dev: backend set apontando para 10.110.198.250:443 -- [ ] Routing policy: hostname `mfe-user-dev.invista.com.br` -- [ ] DNS Cloudflare: CNAME `mfe-user-dev` -> LB IP (via Cloudflare proxy) +- [ ] Routing policy por hostname: `mfe-{name}-dev.invista.com.br` para cada MFE +- [ ] DNS Cloudflare: 6 CNAMEs `mfe-{name}-dev` -> LB IP (via Cloudflare proxy) +- [ ] Atualizar `federation.manifest.json` do mfe-shell com URLs reais dos remotes +- [ ] Migrar `EnvironmentService` do mfe-shell de AWS para OCI api-gateway-nexus-dev --- ## Frontends Estaticos (Buckets) -| Bucket | URL | Descricao | -|--------|-----|-----------| -| app-front-insign-teste | Cloudflare + OCI | Site estatico de teste | -| front | - | Icones SVG | -| nexus-mfe-shell-development | - | Shell MFE Angular | -| nexus-mfe-auth-development | - | MFE Auth | -| nexus-mfe-user-development | API Gateway MFE dev | MFE User (servido via api-gateway-mfe-dev) | -| nexus-mfe-person-development | - | MFE Person | +| Bucket | Namespace | Acesso | Descricao | +|--------|-----------|--------|-----------| +| `mfe-shell-dev` | grbb7qzeuoag | API Gateway MFE | Shell Angular (HOST) — orquestra todos os remotes | +| `mfe-auth-dev` | grbb7qzeuoag | API Gateway MFE | MFE Auth | +| `mfe-user-dev` | grbb7qzeuoag | API Gateway MFE | MFE User | +| `mfe-person-dev` | grbb7qzeuoag | API Gateway MFE | MFE Person | +| `mfe-formalization-dev` | grbb7qzeuoag | API Gateway MFE | MFE Formalization | +| `mfe-poc-dev` | grbb7qzeuoag | API Gateway MFE | MFE PoC | +| `app-front-insign-teste` | grbb7qzeuoag | Cloudflare + OCI | Site estatico de teste (insign) | +| `front` | grbb7qzeuoag | — | Icones SVG | + +Todos os buckets MFE: `public-access-type = ObjectReadWithoutList`, criados via pipeline CI/CD (Azure DevOps). --- @@ -141,13 +160,13 @@ module "api_gateway_mfe" { ### Fluxo de rede planejado ``` -Browser -> Cloudflare (mfe-user-dev.invista.com.br) +Browser -> Cloudflare (mfe-{name}-dev.invista.com.br) -> LB Test_Crivo_Dev (10.8.4.127, VCN-Shared) - -> DRG-Invista-Shared (VCN peering) + -> DRG-Invista-Shared (VCN peering — PENDENTE) -> API Gateway MFE (10.110.198.250, vcn-oke) - -> Object Storage (nexus-mfe-user-development) + -> Object Storage (mfe-{name}-dev, namespace grbb7qzeuoag) ``` --- -*Atualizado em: 2026-02-23* +*Atualizado em: 2026-02-28* diff --git a/inventcloud/invista/nexus/OCI-DEV-NEXUS.md b/inventcloud/invista/nexus/OCI-DEV-NEXUS.md index 18e671f..7c645d5 100644 --- a/inventcloud/invista/nexus/OCI-DEV-NEXUS.md +++ b/inventcloud/invista/nexus/OCI-DEV-NEXUS.md @@ -336,17 +336,25 @@ Todos os LBs são criados e gerenciados pelo OKE (via Services do tipo LoadBalan |---|---| | Nome | `api-gateway-mfe-dev` | | Compartment | `cmp-dev-inv` | -| Tipo | PUBLIC | -| Subnet | `sbn-lb-1` (10.110.128.0/20) — vcn-oke | +| Tipo | PRIVATE | +| IP | 10.110.198.250 | +| Subnet | `sbn-api-gateway` (10.110.192.0/20) — vcn-oke | | Gerenciado por | Terraform (`modules/api_gateway_mfe`) | +| OCID | `ocid1.apigateway.oc1.sa-saopaulo-1.amaaaaaasks3yliabdiquogy2pqyohas4wjopizv2xzgzrclmsvsh4x7ewea` | | Hostname | `guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com` | -**Deployments configurados:** +**6 deployments configurados (um por MFE) — atualizado em 2026-02-25:** -| MFE | Bucket | Path | Backend | +| MFE | Bucket | Rotas | DNS futuro | |---|---|---|---| -| `mfe-user` | `mfe-user-dev` | `/{path*}` | Object Storage `grbb7qzeuoag` | -| `mfe-user` | `mfe-user-dev` | `/` (fallback SPA) | `index.html` no bucket | +| `mfe-shell` | `mfe-shell-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-shell-dev.invista.com.br | +| `mfe-auth` | `mfe-auth-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-auth-dev.invista.com.br | +| `mfe-user` | `mfe-user-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-user-dev.invista.com.br | +| `mfe-person` | `mfe-person-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-person-dev.invista.com.br | +| `mfe-formalization` | `mfe-formalization-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-formalization-dev.invista.com.br | +| `mfe-poc` | `mfe-poc-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-poc-dev.invista.com.br | + +> Todos os buckets usam namespace `grbb7qzeuoag` e `public-access-type=ObjectReadWithoutList`. ### `api-gateway-nexus-dev` — Manual @@ -373,13 +381,19 @@ Todos os LBs são criados e gerenciados pelo OKE (via Services do tipo LoadBalan | `tfstate-inidhr` | Terraform remote state | 2025-12-30 | | `tfstate-terraform` | Terraform remote state | 2025-12-30 | -### Buckets em `cmp-dev-inv` +### Buckets em `cmp-dev-inv` — MFEs (Pipeline CI) -| Bucket | Uso | Criado em | -|---|---|---| -| `mfe-shell-dev` | MFE Shell (frontend) | 2026-02-24 | +| Bucket | MFE | Acesso | Criado por | +|---|---|---|---| +| `mfe-shell-dev` | mfe-shell | ObjectReadWithoutList | Pipeline CI (branch devops) | +| `mfe-auth-dev` | mfe-auth | ObjectReadWithoutList | Pipeline CI (branch devops) | +| `mfe-user-dev` | mfe-user | ObjectReadWithoutList | Pipeline CI (branch devops) | +| `mfe-person-dev` | mfe-person | ObjectReadWithoutList | Pipeline CI (branch devops) | +| `mfe-formalization-dev` | mfe-formalization | ObjectReadWithoutList | Pipeline CI (branch devops) | +| `mfe-poc-dev` | mfe-poc | ObjectReadWithoutList | Pipeline CI (branch devops) | > **Namespace do Object Storage:** `grbb7qzeuoag` +> Template CI/CD: `azure-pipelines-templates/mfe/deploy-mfe-oci.yaml` --- @@ -531,8 +545,8 @@ tf_oci_clusters (pipeline ID 51) ├── module.cluster[1,2,3] → cls-dev-nexus / cls-dev-barramento / cls-dev-observabilidade │ └── node_pool → np-dev-1/2/3 (VM.Standard.E4.Flex 2cpu/16gb x3) │ - ├── module.api_gateway_mfe → api-gateway-mfe-dev (PUBLIC, sbn-lb-1) - │ └── deployment mfe-user → bucket mfe-user-dev + ├── module.api_gateway_mfe → api-gateway-mfe-dev (PRIVATE, sbn-api-gateway, 10.110.198.250) + │ └── 6 deployments: mfe-shell/auth/user/person/formalization/poc → buckets mfe-*-dev │ ├── null_resource.kubeconfig → ~/.kube/config-dev-{1,2,3} │ @@ -596,7 +610,7 @@ Cria/garante automaticamente: ✅ 3 node pools (np-dev-1/2/3 · VM.Standard.E4.Flex · 2cpu/16gb · 3 nodes) ✅ ArgoCD v7.3.0 instalado via Helm nos 3 clusters ✅ Kubeconfigs gerados em ~/.kube/config-dev-{1,2,3} - ✅ API Gateway MFE (api-gateway-mfe-dev) + deployment mfe-user + ✅ API Gateway MFE (api-gateway-mfe-dev, PRIVATE) + 6 deployments (mfe-shell/auth/user/person/formalization/poc) ✅ Alarms de CPU (WARNING 75% / CRITICAL 90%) ✅ Log Group + Dashboard de observabilidade OKE @@ -653,7 +667,7 @@ Qualquer pessoa com acesso ao repositório sabe exatamente o que está rodando --- -*Atualizado em: 2026-02-25* +*Atualizado em: 2026-02-28* --- @@ -672,4 +686,4 @@ Qualquer pessoa com acesso ao repositório sabe exatamente o que está rodando --- -*Atualizado em: 2026-02-25* +*Atualizado em: 2026-02-28* diff --git a/inventcloud/invista/nexus/OCI-MFE-TASKS.md b/inventcloud/invista/nexus/OCI-MFE-TASKS.md index 67ea330..54dd16b 100644 --- a/inventcloud/invista/nexus/OCI-MFE-TASKS.md +++ b/inventcloud/invista/nexus/OCI-MFE-TASKS.md @@ -18,15 +18,15 @@ --- -## Estado Atual da Infraestrutura OCI (atualizado em 2026-02-23) +## Estado Atual da Infraestrutura OCI (atualizado em 2026-02-28) ### VCNs Existentes (Dev) -| Nome | CIDR | OCID | -|------|------|------| -| VCN-Shared | 10.8.0.0/16 | (compartment cmp-shared-inv) | -| vcn-oke (dev) | 10.110.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` | -| vcn-oke | 10.120.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` | +| Nome | CIDR | OCID | Status | +|------|------|------|--------| +| VCN-Shared | 10.8.0.0/16 | (compartment cmp-shared-inv) | ACTIVE | +| vcn-oke (dev) | 10.110.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` | ACTIVE (Terraform) | +| vcn-oke (orphan) | 10.120.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` | **DELETADO** em 2026-02-25 | ### Subnets - vcn-oke dev (10.110.0.0/16) - Terraform managed @@ -47,12 +47,16 @@ ### Buckets (Object Storage) -| Nome | Status | Uso | -|------|--------|-----| -| nexus-mfe-user-development | ACTIVE | MFE User (Angular SPA) | -| nexus-mfe-shell-development | ACTIVE | Shell MFE Angular | -| nexus-mfe-auth-development | ACTIVE | MFE Auth | -| nexus-mfe-person-development | ACTIVE | MFE Person | +6 buckets ativos no namespace `grbb7qzeuoag`, compartment `cmp-dev-nexus`. Criados pelas pipelines CI/CD (Azure DevOps). + +| Nome | Status | Criado em | +|------|--------|-----------| +| `mfe-shell-dev` | ACTIVE | 2026-02-25 (pipeline) | +| `mfe-auth-dev` | ACTIVE | 2026-02-25 (pipeline) | +| `mfe-user-dev` | ACTIVE | 2026-02-25 (pipeline) | +| `mfe-person-dev` | ACTIVE | 2026-02-25 (pipeline) | +| `mfe-formalization-dev` | ACTIVE | 2026-02-25 (pipeline) | +| `mfe-poc-dev` | ACTIVE | 2026-02-25 (pipeline) | --- @@ -180,9 +184,10 @@ O Variable Group **`oci-terraform`** no Azure DevOps contem as credenciais OCI u - [x] Subnet dedicada `sbn-api-gateway` (10.110.192.0/20) criada via Terraform - [x] Modulo `api_gateway_mfe` criado (`tf_oci_clusters/modules/api_gateway_mfe/`) - [x] API Gateway `api-gateway-mfe-dev` provisionado (IP 10.110.198.250) -- [x] Deployment MFE User com rotas SPA (index.html + static files) +- [x] 6 deployments MFE (shell/auth/user/person/formalization/poc) com rotas SPA (index.html + static files) - [x] Pipeline CI/CD `terraform-tf_oci_clusters` funcionando (build #5964) - [x] Variable Group `oci-terraform` atualizado (S3 credentials corrigidas) +- [x] 6 buckets `mfe-*-dev` criados e populados pelas pipelines Azure DevOps ### Conectividade (Pendente) - [ ] Attach vcn-oke dev ao DRG-Invista-Shared @@ -191,11 +196,15 @@ O Variable Group **`oci-terraform`** no Azure DevOps contem as credenciais OCI u ### Load Balancer (Pendente) - [ ] Backend set no LB Test_Crivo_Dev -> 10.110.198.250:443 -- [ ] Routing rule para hostname mfe-user-dev.invista.com.br +- [ ] Routing rules por hostname para cada MFE (6 rules: mfe-{name}-dev.invista.com.br) - [ ] Health check configurado ### DNS (Pendente) -- [ ] Cloudflare: registro mfe-user-dev.invista.com.br +- [ ] Cloudflare: 6 registros CNAME `mfe-{name}-dev.invista.com.br` + +### MFE Shell (Pendente) +- [ ] Atualizar `federation.manifest.json` com URLs OCI dos remotes (atualmente aponta para localhost) +- [ ] Migrar `EnvironmentService` de AWS API Gateway para OCI api-gateway-nexus-dev ### MFEs adicionais (Concluído 2026-02-25) - [x] mfe-shell - adicionado ao mfe_deployments no Terraform diff --git a/inventcloud/invista/nexus/OCI.md b/inventcloud/invista/nexus/OCI.md index 1a1b6eb..268b244 100644 --- a/inventcloud/invista/nexus/OCI.md +++ b/inventcloud/invista/nexus/OCI.md @@ -30,69 +30,62 @@ Este documento documenta a configuração e deployments relacionados à Oracle C ## Infraestrutura Existente (Dev) -### VCN - Virtual Cloud Network +### VCN - Virtual Cloud Network (vcn-oke — Terraform ✅) -| Nome | CIDR | OCID | -|------|------|------| -| vcn-oke | 10.120.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` | +> ⚠️ A VCN ativa e gerenciada pelo Terraform e `10.110.0.0/16`. +> A VCN `10.120.0.0/16` era legado/orphan e foi deletada. -### Subnets +| Nome | CIDR | OCID | Gerenciada por | +|------|------|------|---------------| +| `vcn-oke` (DEV, ativa) | **10.110.0.0/16** | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` | Terraform | +| `VCN-DEV` | 10.6.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatoq6uvqqak3kax775ksd2jastvgsbiki7mgj6jzue6dq` | Manual | -| Nome | CIDR | Tipo | OCID | -|------|------|------|------| -| sbn-lb-1 | 10.120.128.0/20 | Load Balancer | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq` | -| sbn-lb-2 | 10.120.144.0/20 | Load Balancer | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaav7qtnmgil2qdt3lz6fnqkdcbymjd2dtjjeyo6y7z3s2omq4uvcqa` | -| sbn-workers-1 | 10.120.0.0/20 | OKE Workers | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaazfomdghi4x4jpluyjooy7ajvsf5y57jq2xcqwf35guodkcn2wrwq` | -| sbn-workers-2 | 10.120.16.0/20 | OKE Workers | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaahaqguwt67kzs2dad2vyz3zpjl5ac7ximeqg55gmsnd33c2qikija` | -| sbn-workers-3 | 10.120.32.0/20 | OKE Workers | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaafzhmhvz2scr6sfsygixz2gjfnecggiirh3rvyhjcmfn3ohmohj6a` | +### Subnets da vcn-oke (10.110.0.0/16) -### Subnet para API Gateway +| Nome | CIDR | Tipo | Uso | +|------|------|------|-----| +| `sbn-workers-1` | 10.110.0.0/20 | Publica | Worker nodes cls-dev-nexus | +| `sbn-workers-2` | 10.110.16.0/20 | Publica | Worker nodes cls-dev-barramento | +| `sbn-workers-3` | 10.110.32.0/20 | Publica | Worker nodes cls-dev-observabilidade | +| `sbn-lb-1` | 10.110.128.0/20 | Publica | Load Balancers OKE | +| `sbn-lb-2` | 10.110.144.0/20 | Publica | Load Balancers OKE | +| `sbn-api-gateway` | 10.110.192.0/20 | **Privada** | API Gateway MFE (`api-gateway-mfe-dev`) | + +### Subnet do API Gateway MFE -Usar **sbn-lb-1** para deploy do API Gateway: ``` -OCI_SUBNET_OCID=ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq +OCID: ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaaooiy6bmikuaohtxyz2o3sjrjp2iqob3rim4j66vw4rzit7jcqjfa ``` --- -## Buckets OCI +## Buckets OCI (MFE — DEV) -**Status**: ✅ Bucket `mfe-user-dev` criado via pipeline +Criados automaticamente pela pipeline CI/CD (branch `devops`) em `cmp-dev-inv`: -| Bucket | Ambiente | Uso | -|--------|----------|-----| -| mfe-user-dev | Dev | MFE User static hosting | +| Bucket | MFE | Acesso | Criado por | +|--------|-----|--------|-----------| +| `mfe-shell-dev` | mfe-shell | ObjectReadWithoutList | Pipeline CI | +| `mfe-auth-dev` | mfe-auth | ObjectReadWithoutList | Pipeline CI | +| `mfe-user-dev` | mfe-user | ObjectReadWithoutList | Pipeline CI | +| `mfe-person-dev` | mfe-person | ObjectReadWithoutList | Pipeline CI | +| `mfe-formalization-dev` | mfe-formalization | ObjectReadWithoutList | Pipeline CI | +| `mfe-poc-dev` | mfe-poc | ObjectReadWithoutList | Pipeline CI | -## API Gateways +**Namespace:** `grbb7qzeuoag` -**Status**: ✅ API Gateway criado via pipeline +## API Gateways MFE -| Gateway | Ambiente | Uso | -|---------|----------|-----| -| mfe-user-gateway | Dev | MFE User API Gateway | +> ✅ **api-gateway-mfe-dev** gerenciado por Terraform (`tf_oci_clusters/modules/api_gateway_mfe`). +> Os gateways antigos criados por pipeline (`api-gateway-mfe-shell-dev`, `api-gateway-mfe-dev` em `cpm-dev-automacao`) sao legado. -## VCNs e Subnets (Dev) +| Gateway | Tipo | IP | Subnet | Gerenciado por | +|---------|------|----|--------|---------------| +| `api-gateway-mfe-dev` (ativo) | PRIVATE | 10.110.198.250 | `sbn-api-gateway` (10.110.192.0/20) | **Terraform** | +| `api-gateway-nexus-dev` | PRIVATE | 10.6.0.123 | `SBNT-DEV` (VCN-DEV) | Manual | -### VCN Principal -- **Nome**: vcn-oke -- **CIDR**: 10.120.0.0/16 -- **OCID**: `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` - -### Subnets Disponíveis - -| Nome | CIDR | Uso | OCID | -|------|------|-----|------| -| sbn-lb-1 | 10.120.128.0/20 | Load Balancer (pode ser usada para API Gateway) | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq` | -| sbn-lb-2 | 10.120.144.0/20 | Load Balancer | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaav7qtnmgil2qdt3lz6fnqkdcbymjd2dtjjeyo6y7z3s2omq4uvcqa` | -| sbn-workers-1 | 10.120.0.0/20 | Workers OKE | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaazfomdghi4x4jpluyjooy7ajvsf5y57jq2xcqwf35guodkcn2wrwq` | -| sbn-workers-2 | 10.120.16.0/20 | Workers OKE | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaahaqguwt67kzs2dad2vyz3zpjl5ac7ximeqg55gmsnd33c2qikija` | -| sbn-workers-3 | 10.120.32.0/20 | Workers OKE | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaafzhmhvz2scr6sfsygixz2gjfnecggiirh3rvyhjcmfn3ohmohj6a` | - -### Recomendação para API Gateway -Usar **sbn-lb-1** como subnet para o API Gateway: -``` -OCI_SUBNET_OCID=ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq -``` +**6 deployments no api-gateway-mfe-dev (um por MFE):** +`mfe-shell-dev` · `mfe-auth-dev` · `mfe-user-dev` · `mfe-person-dev` · `mfe-formalization-dev` · `mfe-poc-dev` ### Comandos para verificar buckets @@ -112,62 +105,46 @@ oci os bucket list --compartment-id "ocid1.compartment.oc1..aaaaaaaazjxk5dkwleol ## MFEs - Micro Frontends -### Status dos MFEs (18/02/2026) +### Status dos MFEs (2026-02-28 — ATUALIZADO) -| Repositório | Branch Pipeline | Pipeline OCI | Bucket | Status | -|-------------|-----------------|--------------|--------|--------| -| mfe-user | devops | ✅ `azure-pipelines.yml` | mfe-user-dev | ✅ Funcionando | -| mfe-auth | devops | ✅ `azure-pipelines-oci.yml` | mfe-auth-dev | 🔄 Pipeline criada | -| mfe-person | devops | ✅ `azure-pipelines-oci.yml` | mfe-person-dev | 🔄 Pipeline criada | -| mfe-shell | devops | ✅ `azure-pipelines-oci.yml` | mfe-shell-dev | 🔄 Pipeline criada | -| mfe-poc | devops | ✅ `azure-pipelines-oci.yml` | mfe-poc-dev | 🔄 Pipeline criada | -| mfe-formalization | devops | ✅ `azure-pipelines-oci.yml` | mfe-formalization-dev | 🔄 Pipeline criada | +Todos os 6 MFEs padronizados com o mesmo `azure-pipelines.yml` na branch `devops`, +estendendo o template compartilhado `azure-pipelines-templates/mfe/deploy-mfe-oci.yaml`. -### Pipeline OCI - Estrutura +| Repositório | Branch | Pipeline | Bucket OCI | Status | +|-------------|--------|---------|-----------|--------| +| mfe-shell | devops | `azure-pipelines.yml` → template OCI | `mfe-shell-dev` | ✅ Padronizado | +| mfe-auth | devops | `azure-pipelines.yml` → template OCI | `mfe-auth-dev` | ✅ Padronizado | +| mfe-user | devops | `azure-pipelines.yml` → template OCI | `mfe-user-dev` | ✅ Padronizado | +| mfe-person | devops | `azure-pipelines.yml` → template OCI | `mfe-person-dev` | ✅ Padronizado | +| mfe-formalization | devops | `azure-pipelines.yml` → template OCI | `mfe-formalization-dev` | ✅ Padronizado | +| mfe-poc | devops | `azure-pipelines.yml` → template OCI | `mfe-poc-dev` | ✅ Padronizado | -Todos os MFEs seguem o mesmo padrão de pipeline: +### Pipeline OCI - Estrutura (template compartilhado) ``` -┌─────────────┐ -│ BUILD │ → npm ci + npm run build:dev -└─────────────┘ - │ - ▼ -┌─────────────┐ -│ UPLOADTO │ → Upload para OCI Object Storage -│ OCI │ Bucket: mfe--dev -└─────────────┘ - │ - ▼ -┌─────────────┐ -│ CREATEPAR │ → Cria Pre-Authenticated Request -└─────────────┘ +push para branch 'devops' em qualquer mfe-* + │ + ▼ azure-pipelines.yml (cada repo) + extends: mfe/deploy-mfe-oci.yaml@azure-pipelines-templates + parameters: mfeName: 'mfe-' + │ + ├─► STAGE Build + │ npm ci + npm run build:dev + │ Publica artefato 'dist' + │ + └─► STAGE UploadToOCI + Instala OCI CLI + Configura ~/.oci/config (via Variable Group oci-terraform) + Cria bucket 'mfe--dev' se nao existir + Seta public-access-type=ObjectReadWithoutList + Upload de todos os ficheiros com content-type correto ``` -### Arquivos de Pipeline +### Variable Group -| MFE | Arquivo | Branch | -|-----|---------|--------| -| mfe-user | `azure-pipelines.yml` (unificado AWS+OCI) | devops | -| mfe-auth | `azure-pipelines-oci.yml` | devops | -| mfe-person | `azure-pipelines-oci.yml` | devops | -| mfe-shell | `azure-pipelines-oci.yml` | devops | -| mfe-poc | `azure-pipelines-oci.yml` | devops | -| mfe-formalization | `azure-pipelines-oci.yml` | devops | - -### Variable Groups Necessários - -| Variable Group | Variáveis | -|----------------|-----------| -| `oci-terraform` | `OCI_TENANCY_OCID`, `OCI_USER_OCID`, `OCI_FINGERPRINT`, `OCI_PRIVATE_KEY_B64`, `OCI_REGION`, `TF_VAR_compartment_parent_ocid` | -| `mfe-credentials` | `CLOUDFLARE_ZONE_ID`, `CLOUDFLARE_API_TOKEN` | -| `aws-credentials-dev` | Credenciais AWS (para pipeline unificada) | - -### Commits Recentes (mfe-user) -- `19dced5` (18/02/2026) - chore: remove DeployToAPIGateway stage from pipeline -- `9948430` (18/02/2026) - fix: use correct variable name TF_VAR_compartment_parent_ocid -- `6836035` (18/02/2026) - fix: improve bucket creation error handling -- `fd780bd` (18/02/2026) - fix: correct OCI CLI commands for namespace +| Variable Group | ID | Variaveis Chave | +|----------------|-----|----------------| +| `oci-terraform` | 34 | `OCI_PRIVATE_KEY_B64`, `OCI_USER_OCID`, `OCI_FINGERPRINT`, `OCI_TENANCY_OCID`, `OCI_REGION`, `TF_VAR_compartment_parent_ocid` | ## MS-POC - Microservice POC diff --git a/inventcloud/invista/nexus/README.md b/inventcloud/invista/nexus/README.md index 6226229..e67f81c 100644 --- a/inventcloud/invista/nexus/README.md +++ b/inventcloud/invista/nexus/README.md @@ -2,58 +2,118 @@ Microservicos e infraestrutura do projeto Nexus para Invista FIDC. +> **Atualizado em:** 2026-02-28 + ## Estrutura ``` nexus/ -├── README.md # Este arquivo -├── OPERATIONS.md # Historico de operacoes e incidentes -├── CONNECTIONS.md # Conexoes e credenciais +├── README.md # Este arquivo +├── OPERATIONS.md # Historico de operacoes e incidentes +├── CONNECTIONS.md # Conexoes e credenciais K8s, Registry, Namespaces +├── OCI-DEV-NEXUS.md # Documentacao completa do ambiente DEV OCI +├── OCI-MFE-PADRONIZACAO.md # Como os MFEs foram padronizados para OCI +├── API-GATEWAY.md # Todos os API Gateways OCI (nexus, insign, MFE) └── azure-devops/ - ├── CONNECTION.md # Azure DevOps CN-Squad - └── OCI-CONNECTION.md # Oracle Cloud Infrastructure + ├── CONNECTION.md # Azure DevOps CN-Squad (repos, PAT, SSH) + └── OCI-CONNECTION.md # Oracle Cloud Infrastructure credentials ``` -## Cluster OCI OKE - -| Propriedade | Valor | -|-------------|-------| -| API Server | https://136.248.124.22:6443 | -| Versao K8s | v1.34.1 | -| Nodes | 3 | -| Region | sa-saopaulo-1 | -| Registry | gru.ocir.io/grbb7qzeuoag | - -## Microservicos - -| Servico | Namespace | Status | -|---------|-----------|--------| -| ms-auth-external | nexus-services | Running | -| ms-auth-sso | nexus-services | Running | -| ms-parameters | nexus-services | Running | -| ms-belt | nexus-services | Running | -| ms-notify | nexus-services | Running | -| ms-person | nexus-services | Running | -| ms-user | nexus-services | Running | -| ms-poc | nexus-services | Running | - -## Documentacao - -- [Historico de Operacoes](./OPERATIONS.md) -- [Conexoes e Credenciais](./CONNECTIONS.md) -- [Azure DevOps](./azure-devops/CONNECTION.md) -- [OCI Connection](./azure-devops/OCI-CONNECTION.md) -- [MS-USER - Microservico de Usuarios](./MS-USER.md) - -### Infraestrutura OCI - -- [API Gateways](./API-GATEWAY.md) - Todos os gateways OCI (nexus, insign, MFE) -- [Load Balancers](./LOAD-BALANCERS.md) - LBs OCI e routing -- [MFE Tasks](./OCI-MFE-TASKS.md) - Status e checklist do setup MFE -- [API Gateway Config](./OCI-API-GATEWAY.md) - Configuracao detalhada API GW -- [Terraform Import](./OCI-TERRAFORM.md) - Importacao de recursos -- [Cloudflare](./CLOUDFLARE.md) - DNS e proxy - --- -*Projeto InventCloud - Invista FIDC* +## Clusters OCI OKE (DEV) + +3 clusters gerenciados por Terraform (`tf_oci_clusters`) em `cmp-dev-nexus`: + +| Cluster | Proposito | K8s | Nodes | IP LB | +|---------|-----------|-----|-------|-------| +| `cls-dev-nexus` | Aplicacoes de negocio + MFEs | v1.34.1 | 3x VM.E4.Flex (2cpu/16GB) | 10.110.135.3 / 137.131.236.202 (pub) | +| `cls-dev-barramento` | Integracoes, APIs terceiros, mensageria | v1.34.1 | 3x VM.E4.Flex (2cpu/16GB) | 10.110.133.131 | +| `cls-dev-observabilidade` | Prometheus, Grafana, Jaeger, OTEL | v1.34.1 | 3x VM.E4.Flex (2cpu/16GB) | 10.110.129.64 | + +- **Registry:** `gru.ocir.io/grbb7qzeuoag` +- **Regiao:** `sa-saopaulo-1` +- **Kubeconfigs:** `~/.kube/config-dev-1` (nexus) / `config-dev-2` (barramento) / `config-dev-3` (observabilidade) + +--- + +## Micro Frontends (MFEs) + +6 MFEs Angular 19 com Native Federation. O `mfe-shell` e o HOST que orquestra os demais. +Pipeline: push na branch `devops` → Build → Upload para OCI Object Storage. + +| MFE | Repo Azure DevOps | Bucket OCI | Rota no shell | Pipeline | +|-----|------------------|-----------|--------------|---------| +| `mfe-shell` | `mfe-shell` | `mfe-shell-dev` | `/` (host) | branch `devops` | +| `mfe-auth` | `mfe-auth` | `mfe-auth-dev` | `/auth` | branch `devops` | +| `mfe-user` | `mfe-user` | `mfe-user-dev` | `/user` | branch `devops` | +| `mfe-person` | `mfe-person` | `mfe-person-dev` | `/person` | branch `devops` | +| `mfe-formalization` | `mfe-formalization` | `mfe-formalization-dev` | `/formalization` | branch `devops` | +| `mfe-poc` | `mfe-poc` | `mfe-poc-dev` | `/poc` | branch `devops` | + +**Infraestrutura de hosting:** +- API Gateway MFE: `api-gateway-mfe-dev` (Terraform, PRIVATE, IP `10.110.198.250`) +- Object Storage namespace: `grbb7qzeuoag` +- Template CI/CD: `azure-pipelines-templates/mfe/deploy-mfe-oci.yaml` +- Variable Group: `oci-terraform` (ID 34) + +--- + +## Microservicos (ms-*) + +Todos no cluster `cls-dev-nexus`, namespace `nexus-services`: + +| Servico | API path | Status | +|---------|----------|--------| +| `ms-auth-external` | `/api/auth` | Running | +| `ms-auth-sso` | `/api/sso` | Running | +| `ms-user` | `/api/user`, `/api/user-external`, `/api/role` | Running | +| `ms-person` | `/api/person` | Running | +| `ms-belt` | `/api/cache` | Running | +| `ms-notify` | — | Running | +| `ms-parameters` | — | Running | +| `ms-poc` | `/api/poc` | Running | +| `ms-barramento` | `/api/commercial-manager` | Running | + +**Rota de acesso API:** +``` +Cloudflare (*.invista.com.br) + → LB Test_Crivo_Dev (10.8.4.127, VCN-Shared) + → api-gateway-nexus-dev (10.6.0.123, PRIVATE, VCN-DEV) + → Ingress NGINX interno (cls-dev-nexus) + → Pod ms-* (namespace: nexus-services) +``` + +--- + +## Documentacao + +### Infraestrutura OCI +- [OCI DEV Nexus](./OCI-DEV-NEXUS.md) — Documentacao completa: compartments, clusters, rede, LBs, gateways, buckets +- [API Gateways](./API-GATEWAY.md) — api-gateway-nexus-dev + api-gateway-mfe-dev + api-gateway-insign-dev +- [Load Balancers](./LOAD-BALANCERS.md) — 34 LBs ativos por compartment +- [OCI Network Analysis](./OCI-NETWORK-ANALYSIS.md) — Analise de VCNs, subnets, DRG +- [Cloudflare](./CLOUDFLARE.md) — DNS e proxy + +### MFEs +- [MFE Padronizacao OCI](./OCI-MFE-PADRONIZACAO.md) — Como todos os 6 MFEs foram migrados para OCI +- [MFE Tasks / Checklist](./OCI-MFE-TASKS.md) — Status e pendencias +- [MFE User Pipeline](./MFE-USER-PIPELINE.md) — Detalhe da pipeline mfe-user (multi-cloud legado) +- [OCI MFE Step-by-step](./OCI-MFE-STEPBYSTEP.md) — Guia de deploy manual + +### Terraform (tf_oci_clusters — docs/) +- [compartment-nexus.md](https://dev.azure.com/CN-Squad/Invista%20FIDC%20-%20Nexus/_git/tf_oci_clusters?path=/docs/compartment-nexus.md) — Todos recursos OCI por compartment (Terraform vs Manual) +- [mfe-architecture.md](https://dev.azure.com/CN-Squad/Invista%20FIDC%20-%20Nexus/_git/tf_oci_clusters?path=/docs/mfe-architecture.md) — Arquitetura MFE de ponta a ponta +- [melhorias.md](https://dev.azure.com/CN-Squad/Invista%20FIDC%20-%20Nexus/_git/tf_oci_clusters?path=/docs/melhorias.md) — Backlog de melhorias priorizadas + +### Operacoes +- [Historico de Operacoes](./OPERATIONS.md) +- [Conexoes e Credenciais](./CONNECTIONS.md) +- [Azure DevOps](./azure-devops/CONNECTION.md) — 49 repos, PAT, SSH +- [OCI Connection](./azure-devops/OCI-CONNECTION.md) +- [MS-USER - Microservico de Usuarios](./MS-USER.md) +- [Terraform Import](./OCI-TERRAFORM.md) — Importacao de recursos para Terraform + +--- + +*Projeto InventCloud - Invista FIDC | Atualizado: 2026-02-28*