rede5/infracloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(nexus): atualiza documentacao para estado atual 2026-02-28

Browse source 
- README.md: reescrito com 6 MFEs, 3 clusters OKE, 9 microservicos, links para novos docs tf_oci_clusters
- OCI.md: corrige VCN CIDR (10.120 orphan deletado -> 10.110 ativo), atualiza 6 buckets mfe-*-dev, API Gateway PRIVATE em sbn-api-gateway, pipelines padronizadas
- OCI-DEV-NEXUS.md: API Gateway com 6 deployments MFE, Object Storage com 6 buckets, corrige tipo PUBLIC->PRIVATE e subnet
- API-GATEWAY.md: 6 deployments api-gateway-mfe-dev, 8 buckets na secao Frontends Estaticos, pendencias atualizadas
- OCI-MFE-TASKS.md: VCN orphan marcada como deletada, 6 buckets mfe-*-dev, checklist atualizado

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Tiago Ribeiro 2026-03-01 07:51:22 -03:00
parent 9e6de58881
commit 389ec232de
5 changed files with 279 additions and 200 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
inventcloud/invista/nexus/API-GATEWAY.md
View file

@ -67,56 +67,75 @@
### Deployments
| Nome | Path | Backend | Descrição |
|------|------|---------|-----------|
| deploy-mfe-user-dev | / | Object Storage `nexus-mfe-user-development` | SPA Angular - index.html |
| deploy-mfe-user-dev | /{path*} | Object Storage `nexus-mfe-user-development` | Arquivos estáticos (JS/CSS/assets) |
6 deployments — um por MFE. Cada deployment tem 2 rotas: `/` (index.html) e `/{path*}` (arquivos estáticos).
| Deployment | Bucket OCI | Hostname planejado |
|------------|-----------|-------------------|
| deploy-mfe-shell-dev | `mfe-shell-dev` | `mfe-shell-dev.invista.com.br` |
| deploy-mfe-auth-dev | `mfe-auth-dev` | `mfe-auth-dev.invista.com.br` |
| deploy-mfe-user-dev | `mfe-user-dev` | `mfe-user-dev.invista.com.br` |
| deploy-mfe-person-dev | `mfe-person-dev` | `mfe-person-dev.invista.com.br` |
| deploy-mfe-formalization-dev | `mfe-formalization-dev` | `mfe-formalization-dev.invista.com.br` |
| deploy-mfe-poc-dev | `mfe-poc-dev` | `mfe-poc-dev.invista.com.br` |
Namespace Object Storage: `grbb7qzeuoag` | Region: `sa-saopaulo-1`
### Acesso
| Tipo | URL |
|------|-----|
| Direto (privado) | `https://guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com/` |
| Planejado (DNS) | `https://mfe-user-dev.invista.com.br` (pendente VCN peering + LB + Cloudflare) |
| Direto (privado) | `https://guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com/{mfe-name}/` |
| Planejado (DNS) | `https://mfe-{name}-dev.invista.com.br` (pendente VCN peering + LB + Cloudflare) |
### Terraform
```hcl
# environments/dev/api_gateway_mfe.tf
module "api_gateway_mfe" {
count = var.enable_api_gateway_mfe ? 1 : 0
source = "../../modules/api_gateway_mfe"
compartment_id = local.compartment_id
subnet_id = module.network.api_gateway_subnet_id
subnet_id = module.network.lb_subnet_ids[0]
env_name = var.env_name
display_name = "api-gateway-mfe"
mfe_deployments = [{
name = "mfe-user"
bucket_name = "nexus-mfe-user-development"
region = "sa-saopaulo-1"
object_namespace = var.mfe_object_namespace # grbb7qzeuoag
}]
endpoint_type = "PUBLIC"
mfe_deployments = [
{ name = "mfe-shell", hostname = "mfe-shell-dev.invista.com.br", bucket_name = "mfe-shell-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-auth", hostname = "mfe-auth-dev.invista.com.br", bucket_name = "mfe-auth-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-user", hostname = "mfe-user-dev.invista.com.br", bucket_name = "mfe-user-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-person", hostname = "mfe-person-dev.invista.com.br", bucket_name = "mfe-person-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-formalization", hostname = "mfe-formalization-dev.invista.com.br", bucket_name = "mfe-formalization-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-poc", hostname = "mfe-poc-dev.invista.com.br", bucket_name = "mfe-poc-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
]
}
```
### Pendencias
- [ ] VCN Peering: Attach dev VCN ao DRG-Invista-Shared
- [ ] VCN Peering: Attach vcn-oke ao DRG-Invista-Shared
- [ ] Rota no LB Test_Crivo_Dev: backend set apontando para 10.110.198.250:443
- [ ] Routing policy: hostname `mfe-user-dev.invista.com.br`
- [ ] DNS Cloudflare: CNAME `mfe-user-dev` -> LB IP (via Cloudflare proxy)
- [ ] Routing policy por hostname: `mfe-{name}-dev.invista.com.br` para cada MFE
- [ ] DNS Cloudflare: 6 CNAMEs `mfe-{name}-dev` -> LB IP (via Cloudflare proxy)
- [ ] Atualizar `federation.manifest.json` do mfe-shell com URLs reais dos remotes
- [ ] Migrar `EnvironmentService` do mfe-shell de AWS para OCI api-gateway-nexus-dev
---
## Frontends Estaticos (Buckets)
| Bucket | URL | Descricao |
|--------|-----|-----------|
| app-front-insign-teste | Cloudflare + OCI | Site estatico de teste |
| front | - | Icones SVG |
| nexus-mfe-shell-development | - | Shell MFE Angular |
| nexus-mfe-auth-development | - | MFE Auth |
| nexus-mfe-user-development | API Gateway MFE dev | MFE User (servido via api-gateway-mfe-dev) |
| nexus-mfe-person-development | - | MFE Person |
| Bucket | Namespace | Acesso | Descricao |
|--------|-----------|--------|-----------|
| `mfe-shell-dev` | grbb7qzeuoag | API Gateway MFE | Shell Angular (HOST) — orquestra todos os remotes |
| `mfe-auth-dev` | grbb7qzeuoag | API Gateway MFE | MFE Auth |
| `mfe-user-dev` | grbb7qzeuoag | API Gateway MFE | MFE User |
| `mfe-person-dev` | grbb7qzeuoag | API Gateway MFE | MFE Person |
| `mfe-formalization-dev` | grbb7qzeuoag | API Gateway MFE | MFE Formalization |
| `mfe-poc-dev` | grbb7qzeuoag | API Gateway MFE | MFE PoC |
| `app-front-insign-teste` | grbb7qzeuoag | Cloudflare + OCI | Site estatico de teste (insign) |
| `front` | grbb7qzeuoag | — | Icones SVG |
Todos os buckets MFE: `public-access-type = ObjectReadWithoutList`, criados via pipeline CI/CD (Azure DevOps).
---
@ -141,13 +160,13 @@ module "api_gateway_mfe" {
### Fluxo de rede planejado
```
Browser -> Cloudflare (mfe-user-dev.invista.com.br)
Browser -> Cloudflare (mfe-{name}-dev.invista.com.br)
-> LB Test_Crivo_Dev (10.8.4.127, VCN-Shared)
-> DRG-Invista-Shared (VCN peering)
-> DRG-Invista-Shared (VCN peering — PENDENTE)
-> API Gateway MFE (10.110.198.250, vcn-oke)
-> Object Storage (nexus-mfe-user-development)
-> Object Storage (mfe-{name}-dev, namespace grbb7qzeuoag)
```
---
*Atualizado em: 2026-02-23*
*Atualizado em: 2026-02-28*

44
inventcloud/invista/nexus/OCI-DEV-NEXUS.md
View file

@ -336,17 +336,25 @@ Todos os LBs são criados e gerenciados pelo OKE (via Services do tipo LoadBalan
|---|---|
| Nome | `api-gateway-mfe-dev` |
| Compartment | `cmp-dev-inv` |
| Tipo | PUBLIC |
| Subnet | `sbn-lb-1` (10.110.128.0/20) — vcn-oke |
| Tipo | PRIVATE |
| IP | 10.110.198.250 |
| Subnet | `sbn-api-gateway` (10.110.192.0/20) — vcn-oke |
| Gerenciado por | Terraform (`modules/api_gateway_mfe`) |
| OCID | `ocid1.apigateway.oc1.sa-saopaulo-1.amaaaaaasks3yliabdiquogy2pqyohas4wjopizv2xzgzrclmsvsh4x7ewea` |
| Hostname | `guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com` |
**Deployments configurados:**
**6 deployments configurados (um por MFE) — atualizado em 2026-02-25:**
| MFE | Bucket | Path | Backend |
| MFE | Bucket | Rotas | DNS futuro |
|---|---|---|---|
| `mfe-user` | `mfe-user-dev` | `/{path*}` | Object Storage `grbb7qzeuoag` |
| `mfe-user` | `mfe-user-dev` | `/` (fallback SPA) | `index.html` no bucket |
| `mfe-shell` | `mfe-shell-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-shell-dev.invista.com.br |
| `mfe-auth` | `mfe-auth-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-auth-dev.invista.com.br |
| `mfe-user` | `mfe-user-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-user-dev.invista.com.br |
| `mfe-person` | `mfe-person-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-person-dev.invista.com.br |
| `mfe-formalization` | `mfe-formalization-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-formalization-dev.invista.com.br |
| `mfe-poc` | `mfe-poc-dev` | `GET /` → index.html · `GET /{path*}` → static | mfe-poc-dev.invista.com.br |
> Todos os buckets usam namespace `grbb7qzeuoag` e `public-access-type=ObjectReadWithoutList`.
### `api-gateway-nexus-dev` — Manual
@ -373,13 +381,19 @@ Todos os LBs são criados e gerenciados pelo OKE (via Services do tipo LoadBalan
| `tfstate-inidhr` | Terraform remote state | 2025-12-30 |
| `tfstate-terraform` | Terraform remote state | 2025-12-30 |
### Buckets em `cmp-dev-inv`
### Buckets em `cmp-dev-inv` — MFEs (Pipeline CI)
| Bucket | Uso | Criado em |
|---|---|---|
| `mfe-shell-dev` | MFE Shell (frontend) | 2026-02-24 |
| Bucket | MFE | Acesso | Criado por |
|---|---|---|---|
| `mfe-shell-dev` | mfe-shell | ObjectReadWithoutList | Pipeline CI (branch devops) |
| `mfe-auth-dev` | mfe-auth | ObjectReadWithoutList | Pipeline CI (branch devops) |
| `mfe-user-dev` | mfe-user | ObjectReadWithoutList | Pipeline CI (branch devops) |
| `mfe-person-dev` | mfe-person | ObjectReadWithoutList | Pipeline CI (branch devops) |
| `mfe-formalization-dev` | mfe-formalization | ObjectReadWithoutList | Pipeline CI (branch devops) |
| `mfe-poc-dev` | mfe-poc | ObjectReadWithoutList | Pipeline CI (branch devops) |
> **Namespace do Object Storage:** `grbb7qzeuoag`
> Template CI/CD: `azure-pipelines-templates/mfe/deploy-mfe-oci.yaml`
---
@ -531,8 +545,8 @@ tf_oci_clusters (pipeline ID 51)
├── module.cluster[1,2,3] → cls-dev-nexus / cls-dev-barramento / cls-dev-observabilidade
│ └── node_pool → np-dev-1/2/3 (VM.Standard.E4.Flex 2cpu/16gb x3)
├── module.api_gateway_mfe → api-gateway-mfe-dev (PUBLIC, sbn-lb-1)
│ └── deployment mfe-user → bucket mfe-user-dev
├── module.api_gateway_mfe → api-gateway-mfe-dev (PRIVATE, sbn-api-gateway, 10.110.198.250)
│ └── 6 deployments: mfe-shell/auth/user/person/formalization/poc → buckets mfe-*-dev
├── null_resource.kubeconfig → ~/.kube/config-dev-{1,2,3}
@ -596,7 +610,7 @@ Cria/garante automaticamente:
✅ 3 node pools (np-dev-1/2/3 · VM.Standard.E4.Flex · 2cpu/16gb · 3 nodes)
✅ ArgoCD v7.3.0 instalado via Helm nos 3 clusters
✅ Kubeconfigs gerados em ~/.kube/config-dev-{1,2,3}
✅ API Gateway MFE (api-gateway-mfe-dev) + deployment mfe-user
✅ API Gateway MFE (api-gateway-mfe-dev, PRIVATE) + 6 deployments (mfe-shell/auth/user/person/formalization/poc)
✅ Alarms de CPU (WARNING 75% / CRITICAL 90%)
✅ Log Group + Dashboard de observabilidade OKE
@ -653,7 +667,7 @@ Qualquer pessoa com acesso ao repositório sabe exatamente o que está rodando
---
*Atualizado em: 2026-02-25*
*Atualizado em: 2026-02-28*
---
@ -672,4 +686,4 @@ Qualquer pessoa com acesso ao repositório sabe exatamente o que está rodando
---
*Atualizado em: 2026-02-25*
*Atualizado em: 2026-02-28*

39
inventcloud/invista/nexus/OCI-MFE-TASKS.md
View file

@ -18,15 +18,15 @@
---
## Estado Atual da Infraestrutura OCI (atualizado em 2026-02-23)
## Estado Atual da Infraestrutura OCI (atualizado em 2026-02-28)
### VCNs Existentes (Dev)
| Nome | CIDR | OCID |
|------|------|------|
| VCN-Shared | 10.8.0.0/16 | (compartment cmp-shared-inv) |
| vcn-oke (dev) | 10.110.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` |
| vcn-oke | 10.120.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` |
| Nome | CIDR | OCID | Status |
|------|------|------|--------|
| VCN-Shared | 10.8.0.0/16 | (compartment cmp-shared-inv) | ACTIVE |
| vcn-oke (dev) | 10.110.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` | ACTIVE (Terraform) |
| vcn-oke (orphan) | 10.120.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` | **DELETADO** em 2026-02-25 |
### Subnets - vcn-oke dev (10.110.0.0/16) - Terraform managed
@ -47,12 +47,16 @@
### Buckets (Object Storage)
| Nome | Status | Uso |
|------|--------|-----|
| nexus-mfe-user-development | ACTIVE | MFE User (Angular SPA) |
| nexus-mfe-shell-development | ACTIVE | Shell MFE Angular |
| nexus-mfe-auth-development | ACTIVE | MFE Auth |
| nexus-mfe-person-development | ACTIVE | MFE Person |
6 buckets ativos no namespace `grbb7qzeuoag`, compartment `cmp-dev-nexus`. Criados pelas pipelines CI/CD (Azure DevOps).
| Nome | Status | Criado em |
|------|--------|-----------|
| `mfe-shell-dev` | ACTIVE | 2026-02-25 (pipeline) |
| `mfe-auth-dev` | ACTIVE | 2026-02-25 (pipeline) |
| `mfe-user-dev` | ACTIVE | 2026-02-25 (pipeline) |
| `mfe-person-dev` | ACTIVE | 2026-02-25 (pipeline) |
| `mfe-formalization-dev` | ACTIVE | 2026-02-25 (pipeline) |
| `mfe-poc-dev` | ACTIVE | 2026-02-25 (pipeline) |
---
@ -180,9 +184,10 @@ O Variable Group **`oci-terraform`** no Azure DevOps contem as credenciais OCI u
- [x] Subnet dedicada `sbn-api-gateway` (10.110.192.0/20) criada via Terraform
- [x] Modulo `api_gateway_mfe` criado (`tf_oci_clusters/modules/api_gateway_mfe/`)
- [x] API Gateway `api-gateway-mfe-dev` provisionado (IP 10.110.198.250)
- [x] Deployment MFE User com rotas SPA (index.html + static files)
- [x] 6 deployments MFE (shell/auth/user/person/formalization/poc) com rotas SPA (index.html + static files)
- [x] Pipeline CI/CD `terraform-tf_oci_clusters` funcionando (build #5964)
- [x] Variable Group `oci-terraform` atualizado (S3 credentials corrigidas)
- [x] 6 buckets `mfe-*-dev` criados e populados pelas pipelines Azure DevOps
### Conectividade (Pendente)
- [ ] Attach vcn-oke dev ao DRG-Invista-Shared
@ -191,11 +196,15 @@ O Variable Group **`oci-terraform`** no Azure DevOps contem as credenciais OCI u
### Load Balancer (Pendente)
- [ ] Backend set no LB Test_Crivo_Dev -> 10.110.198.250:443
- [ ] Routing rule para hostname mfe-user-dev.invista.com.br
- [ ] Routing rules por hostname para cada MFE (6 rules: mfe-{name}-dev.invista.com.br)
- [ ] Health check configurado
### DNS (Pendente)
- [ ] Cloudflare: registro mfe-user-dev.invista.com.br
- [ ] Cloudflare: 6 registros CNAME `mfe-{name}-dev.invista.com.br`
### MFE Shell (Pendente)
- [ ] Atualizar `federation.manifest.json` com URLs OCI dos remotes (atualmente aponta para localhost)
- [ ] Migrar `EnvironmentService` de AWS API Gateway para OCI api-gateway-nexus-dev
### MFEs adicionais (Concluído 2026-02-25)
- [x] mfe-shell - adicionado ao mfe_deployments no Terraform

161
inventcloud/invista/nexus/OCI.md
View file

@ -30,69 +30,62 @@ Este documento documenta a configuração e deployments relacionados à Oracle C
## Infraestrutura Existente (Dev)
### VCN - Virtual Cloud Network
### VCN - Virtual Cloud Network (vcn-oke — Terraform ✅)
| Nome | CIDR | OCID |
|------|------|------|
| vcn-oke | 10.120.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba` |
> ⚠️ A VCN ativa e gerenciada pelo Terraform e `10.110.0.0/16`.
> A VCN `10.120.0.0/16` era legado/orphan e foi deletada.
### Subnets
| Nome | CIDR | OCID | Gerenciada por |
|------|------|------|---------------|
| `vcn-oke` (DEV, ativa) | **10.110.0.0/16** | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` | Terraform |
| `VCN-DEV` | 10.6.0.0/16 | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatoq6uvqqak3kax775ksd2jastvgsbiki7mgj6jzue6dq` | Manual |
| Nome | CIDR | Tipo | OCID |
|------|------|------|------|
| sbn-lb-1 | 10.120.128.0/20 | Load Balancer | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq` |
| sbn-lb-2 | 10.120.144.0/20 | Load Balancer | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaav7qtnmgil2qdt3lz6fnqkdcbymjd2dtjjeyo6y7z3s2omq4uvcqa` |
| sbn-workers-1 | 10.120.0.0/20 | OKE Workers | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaazfomdghi4x4jpluyjooy7ajvsf5y57jq2xcqwf35guodkcn2wrwq` |
| sbn-workers-2 | 10.120.16.0/20 | OKE Workers | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaahaqguwt67kzs2dad2vyz3zpjl5ac7ximeqg55gmsnd33c2qikija` |
| sbn-workers-3 | 10.120.32.0/20 | OKE Workers | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaafzhmhvz2scr6sfsygixz2gjfnecggiirh3rvyhjcmfn3ohmohj6a` |
### Subnets da vcn-oke (10.110.0.0/16)
### Subnet para API Gateway
| Nome | CIDR | Tipo | Uso |
|------|------|------|-----|
| `sbn-workers-1` | 10.110.0.0/20 | Publica | Worker nodes cls-dev-nexus |
| `sbn-workers-2` | 10.110.16.0/20 | Publica | Worker nodes cls-dev-barramento |
| `sbn-workers-3` | 10.110.32.0/20 | Publica | Worker nodes cls-dev-observabilidade |
| `sbn-lb-1` | 10.110.128.0/20 | Publica | Load Balancers OKE |
| `sbn-lb-2` | 10.110.144.0/20 | Publica | Load Balancers OKE |
| `sbn-api-gateway` | 10.110.192.0/20 | **Privada** | API Gateway MFE (`api-gateway-mfe-dev`) |
### Subnet do API Gateway MFE
Usar **sbn-lb-1** para deploy do API Gateway:
```
OCI_SUBNET_OCID=ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq
OCID: ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaaooiy6bmikuaohtxyz2o3sjrjp2iqob3rim4j66vw4rzit7jcqjfa
```
---
## Buckets OCI
## Buckets OCI (MFE — DEV)
**Status**: ✅ Bucket `mfe-user-dev` criado via pipeline
Criados automaticamente pela pipeline CI/CD (branch `devops`) em `cmp-dev-inv`:
| Bucket | Ambiente | Uso |
|--------|----------|-----|
| mfe-user-dev | Dev | MFE User static hosting |
| Bucket | MFE | Acesso | Criado por |
|--------|-----|--------|-----------|
| `mfe-shell-dev` | mfe-shell | ObjectReadWithoutList | Pipeline CI |
| `mfe-auth-dev` | mfe-auth | ObjectReadWithoutList | Pipeline CI |
| `mfe-user-dev` | mfe-user | ObjectReadWithoutList | Pipeline CI |
| `mfe-person-dev` | mfe-person | ObjectReadWithoutList | Pipeline CI |
| `mfe-formalization-dev` | mfe-formalization | ObjectReadWithoutList | Pipeline CI |
| `mfe-poc-dev` | mfe-poc | ObjectReadWithoutList | Pipeline CI |
## API Gateways
**Namespace:** `grbb7qzeuoag`
**Status**: ✅ API Gateway criado via pipeline
## API Gateways MFE
| Gateway | Ambiente | Uso |
|---------|----------|-----|
| mfe-user-gateway | Dev | MFE User API Gateway |
> ✅ **api-gateway-mfe-dev** gerenciado por Terraform (`tf_oci_clusters/modules/api_gateway_mfe`).
> Os gateways antigos criados por pipeline (`api-gateway-mfe-shell-dev`, `api-gateway-mfe-dev` em `cpm-dev-automacao`) sao legado.
## VCNs e Subnets (Dev)
| Gateway | Tipo | IP | Subnet | Gerenciado por |
|---------|------|----|--------|---------------|
| `api-gateway-mfe-dev` (ativo) | PRIVATE | 10.110.198.250 | `sbn-api-gateway` (10.110.192.0/20) | **Terraform** |
| `api-gateway-nexus-dev` | PRIVATE | 10.6.0.123 | `SBNT-DEV` (VCN-DEV) | Manual |
### VCN Principal
- **Nome**: vcn-oke
- **CIDR**: 10.120.0.0/16
- **OCID**: `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatayztbyd6doyk5oglrmrc57jekltu3xnnena6fvruwba`
### Subnets Disponíveis
| Nome | CIDR | Uso | OCID |
|------|------|-----|------|
| sbn-lb-1 | 10.120.128.0/20 | Load Balancer (pode ser usada para API Gateway) | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq` |
| sbn-lb-2 | 10.120.144.0/20 | Load Balancer | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaav7qtnmgil2qdt3lz6fnqkdcbymjd2dtjjeyo6y7z3s2omq4uvcqa` |
| sbn-workers-1 | 10.120.0.0/20 | Workers OKE | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaazfomdghi4x4jpluyjooy7ajvsf5y57jq2xcqwf35guodkcn2wrwq` |
| sbn-workers-2 | 10.120.16.0/20 | Workers OKE | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaahaqguwt67kzs2dad2vyz3zpjl5ac7ximeqg55gmsnd33c2qikija` |
| sbn-workers-3 | 10.120.32.0/20 | Workers OKE | `ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaafzhmhvz2scr6sfsygixz2gjfnecggiirh3rvyhjcmfn3ohmohj6a` |
### Recomendação para API Gateway
Usar **sbn-lb-1** como subnet para o API Gateway:
```
OCI_SUBNET_OCID=ocid1.subnet.oc1.sa-saopaulo-1.aaaaaaaa2ezw57uocis6s2eioypdsnt2p4pwm4fwnjz5jdaqigrm6jaqexeq
```
**6 deployments no api-gateway-mfe-dev (um por MFE):**
`mfe-shell-dev` · `mfe-auth-dev` · `mfe-user-dev` · `mfe-person-dev` · `mfe-formalization-dev` · `mfe-poc-dev`
### Comandos para verificar buckets
@ -112,62 +105,46 @@ oci os bucket list --compartment-id "ocid1.compartment.oc1..aaaaaaaazjxk5dkwleol
## MFEs - Micro Frontends
### Status dos MFEs (18/02/2026)
### Status dos MFEs (2026-02-28 — ATUALIZADO)
| Repositório | Branch Pipeline | Pipeline OCI | Bucket | Status |
|-------------|-----------------|--------------|--------|--------|
| mfe-user | devops | ✅ `azure-pipelines.yml` | mfe-user-dev | ✅ Funcionando |
| mfe-auth | devops | ✅ `azure-pipelines-oci.yml` | mfe-auth-dev | 🔄 Pipeline criada |
| mfe-person | devops | ✅ `azure-pipelines-oci.yml` | mfe-person-dev | 🔄 Pipeline criada |
| mfe-shell | devops | ✅ `azure-pipelines-oci.yml` | mfe-shell-dev | 🔄 Pipeline criada |
| mfe-poc | devops | ✅ `azure-pipelines-oci.yml` | mfe-poc-dev | 🔄 Pipeline criada |
| mfe-formalization | devops | ✅ `azure-pipelines-oci.yml` | mfe-formalization-dev | 🔄 Pipeline criada |
Todos os 6 MFEs padronizados com o mesmo `azure-pipelines.yml` na branch `devops`,
estendendo o template compartilhado `azure-pipelines-templates/mfe/deploy-mfe-oci.yaml`.
### Pipeline OCI - Estrutura
| Repositório | Branch | Pipeline | Bucket OCI | Status |
|-------------|--------|---------|-----------|--------|
| mfe-shell | devops | `azure-pipelines.yml` → template OCI | `mfe-shell-dev` | ✅ Padronizado |
| mfe-auth | devops | `azure-pipelines.yml` → template OCI | `mfe-auth-dev` | ✅ Padronizado |
| mfe-user | devops | `azure-pipelines.yml` → template OCI | `mfe-user-dev` | ✅ Padronizado |
| mfe-person | devops | `azure-pipelines.yml` → template OCI | `mfe-person-dev` | ✅ Padronizado |
| mfe-formalization | devops | `azure-pipelines.yml` → template OCI | `mfe-formalization-dev` | ✅ Padronizado |
| mfe-poc | devops | `azure-pipelines.yml` → template OCI | `mfe-poc-dev` | ✅ Padronizado |
Todos os MFEs seguem o mesmo padrão de pipeline:
### Pipeline OCI - Estrutura (template compartilhado)
```
┌─────────────┐
│ BUILD │ → npm ci + npm run build:dev
└─────────────┘
push para branch 'devops' em qualquer mfe-*
┌─────────────┐
│ UPLOADTO │ → Upload para OCI Object Storage
│ OCI │ Bucket: mfe-<nome>-dev
└─────────────┘
▼ azure-pipelines.yml (cada repo)
extends: mfe/deploy-mfe-oci.yaml@azure-pipelines-templates
parameters: mfeName: 'mfe-<nome>'
┌─────────────┐
│ CREATEPAR │ → Cria Pre-Authenticated Request
└─────────────┘
├─► STAGE Build
│ npm ci + npm run build:dev
│ Publica artefato 'dist'
└─► STAGE UploadToOCI
Instala OCI CLI
Configura ~/.oci/config (via Variable Group oci-terraform)
Cria bucket 'mfe-<nome>-dev' se nao existir
Seta public-access-type=ObjectReadWithoutList
Upload de todos os ficheiros com content-type correto
```
### Arquivos de Pipeline
### Variable Group
| MFE | Arquivo | Branch |
|-----|---------|--------|
| mfe-user | `azure-pipelines.yml` (unificado AWS+OCI) | devops |
| mfe-auth | `azure-pipelines-oci.yml` | devops |
| mfe-person | `azure-pipelines-oci.yml` | devops |
| mfe-shell | `azure-pipelines-oci.yml` | devops |
| mfe-poc | `azure-pipelines-oci.yml` | devops |
| mfe-formalization | `azure-pipelines-oci.yml` | devops |
### Variable Groups Necessários
| Variable Group | Variáveis |
|----------------|-----------|
| `oci-terraform` | `OCI_TENANCY_OCID`, `OCI_USER_OCID`, `OCI_FINGERPRINT`, `OCI_PRIVATE_KEY_B64`, `OCI_REGION`, `TF_VAR_compartment_parent_ocid` |
| `mfe-credentials` | `CLOUDFLARE_ZONE_ID`, `CLOUDFLARE_API_TOKEN` |
| `aws-credentials-dev` | Credenciais AWS (para pipeline unificada) |
### Commits Recentes (mfe-user)
- `19dced5` (18/02/2026) - chore: remove DeployToAPIGateway stage from pipeline
- `9948430` (18/02/2026) - fix: use correct variable name TF_VAR_compartment_parent_ocid
- `6836035` (18/02/2026) - fix: improve bucket creation error handling
- `fd780bd` (18/02/2026) - fix: correct OCI CLI commands for namespace
| Variable Group | ID | Variaveis Chave |
|----------------|-----|----------------|
| `oci-terraform` | 34 | `OCI_PRIVATE_KEY_B64`, `OCI_USER_OCID`, `OCI_FINGERPRINT`, `OCI_TENANCY_OCID`, `OCI_REGION`, `TF_VAR_compartment_parent_ocid` |
## MS-POC - Microservice POC

148
inventcloud/invista/nexus/README.md
View file

@ -2,58 +2,118 @@
Microservicos e infraestrutura do projeto Nexus para Invista FIDC.
> **Atualizado em:** 2026-02-28
## Estrutura
```
nexus/
├── README.md # Este arquivo
├── OPERATIONS.md # Historico de operacoes e incidentes
├── CONNECTIONS.md # Conexoes e credenciais
├── CONNECTIONS.md # Conexoes e credenciais K8s, Registry, Namespaces
├── OCI-DEV-NEXUS.md # Documentacao completa do ambiente DEV OCI
├── OCI-MFE-PADRONIZACAO.md # Como os MFEs foram padronizados para OCI
├── API-GATEWAY.md # Todos os API Gateways OCI (nexus, insign, MFE)
└── azure-devops/
├── CONNECTION.md # Azure DevOps CN-Squad
└── OCI-CONNECTION.md # Oracle Cloud Infrastructure
├── CONNECTION.md # Azure DevOps CN-Squad (repos, PAT, SSH)
└── OCI-CONNECTION.md # Oracle Cloud Infrastructure credentials
```
## Cluster OCI OKE
| Propriedade | Valor |
|-------------|-------|
| API Server | https://136.248.124.22:6443 |
| Versao K8s | v1.34.1 |
| Nodes | 3 |
| Region | sa-saopaulo-1 |
| Registry | gru.ocir.io/grbb7qzeuoag |
## Microservicos
| Servico | Namespace | Status |
|---------|-----------|--------|
| ms-auth-external | nexus-services | Running |
| ms-auth-sso | nexus-services | Running |
| ms-parameters | nexus-services | Running |
| ms-belt | nexus-services | Running |
| ms-notify | nexus-services | Running |
| ms-person | nexus-services | Running |
| ms-user | nexus-services | Running |
| ms-poc | nexus-services | Running |
## Documentacao
- [Historico de Operacoes](./OPERATIONS.md)
- [Conexoes e Credenciais](./CONNECTIONS.md)
- [Azure DevOps](./azure-devops/CONNECTION.md)
- [OCI Connection](./azure-devops/OCI-CONNECTION.md)
- [MS-USER - Microservico de Usuarios](./MS-USER.md)
### Infraestrutura OCI
- [API Gateways](./API-GATEWAY.md) - Todos os gateways OCI (nexus, insign, MFE)
- [Load Balancers](./LOAD-BALANCERS.md) - LBs OCI e routing
- [MFE Tasks](./OCI-MFE-TASKS.md) - Status e checklist do setup MFE
- [API Gateway Config](./OCI-API-GATEWAY.md) - Configuracao detalhada API GW
- [Terraform Import](./OCI-TERRAFORM.md) - Importacao de recursos
- [Cloudflare](./CLOUDFLARE.md) - DNS e proxy
---
*Projeto InventCloud - Invista FIDC*
## Clusters OCI OKE (DEV)
3 clusters gerenciados por Terraform (`tf_oci_clusters`) em `cmp-dev-nexus`:
| Cluster | Proposito | K8s | Nodes | IP LB |
|---------|-----------|-----|-------|-------|
| `cls-dev-nexus` | Aplicacoes de negocio + MFEs | v1.34.1 | 3x VM.E4.Flex (2cpu/16GB) | 10.110.135.3 / 137.131.236.202 (pub) |
| `cls-dev-barramento` | Integracoes, APIs terceiros, mensageria | v1.34.1 | 3x VM.E4.Flex (2cpu/16GB) | 10.110.133.131 |
| `cls-dev-observabilidade` | Prometheus, Grafana, Jaeger, OTEL | v1.34.1 | 3x VM.E4.Flex (2cpu/16GB) | 10.110.129.64 |
- **Registry:** `gru.ocir.io/grbb7qzeuoag`
- **Regiao:** `sa-saopaulo-1`
- **Kubeconfigs:** `~/.kube/config-dev-1` (nexus) / `config-dev-2` (barramento) / `config-dev-3` (observabilidade)
---
## Micro Frontends (MFEs)
6 MFEs Angular 19 com Native Federation. O `mfe-shell` e o HOST que orquestra os demais.
Pipeline: push na branch `devops` → Build → Upload para OCI Object Storage.
| MFE | Repo Azure DevOps | Bucket OCI | Rota no shell | Pipeline |
|-----|------------------|-----------|--------------|---------|
| `mfe-shell` | `mfe-shell` | `mfe-shell-dev` | `/` (host) | branch `devops` |
| `mfe-auth` | `mfe-auth` | `mfe-auth-dev` | `/auth` | branch `devops` |
| `mfe-user` | `mfe-user` | `mfe-user-dev` | `/user` | branch `devops` |
| `mfe-person` | `mfe-person` | `mfe-person-dev` | `/person` | branch `devops` |
| `mfe-formalization` | `mfe-formalization` | `mfe-formalization-dev` | `/formalization` | branch `devops` |
| `mfe-poc` | `mfe-poc` | `mfe-poc-dev` | `/poc` | branch `devops` |
**Infraestrutura de hosting:**
- API Gateway MFE: `api-gateway-mfe-dev` (Terraform, PRIVATE, IP `10.110.198.250`)
- Object Storage namespace: `grbb7qzeuoag`
- Template CI/CD: `azure-pipelines-templates/mfe/deploy-mfe-oci.yaml`
- Variable Group: `oci-terraform` (ID 34)
---
## Microservicos (ms-*)
Todos no cluster `cls-dev-nexus`, namespace `nexus-services`:
| Servico | API path | Status |
|---------|----------|--------|
| `ms-auth-external` | `/api/auth` | Running |
| `ms-auth-sso` | `/api/sso` | Running |
| `ms-user` | `/api/user`, `/api/user-external`, `/api/role` | Running |
| `ms-person` | `/api/person` | Running |
| `ms-belt` | `/api/cache` | Running |
| `ms-notify` | — | Running |
| `ms-parameters` | — | Running |
| `ms-poc` | `/api/poc` | Running |
| `ms-barramento` | `/api/commercial-manager` | Running |
**Rota de acesso API:**
```
Cloudflare (*.invista.com.br)
→ LB Test_Crivo_Dev (10.8.4.127, VCN-Shared)
→ api-gateway-nexus-dev (10.6.0.123, PRIVATE, VCN-DEV)
→ Ingress NGINX interno (cls-dev-nexus)
→ Pod ms-* (namespace: nexus-services)
```
---
## Documentacao
### Infraestrutura OCI
- [OCI DEV Nexus](./OCI-DEV-NEXUS.md) — Documentacao completa: compartments, clusters, rede, LBs, gateways, buckets
- [API Gateways](./API-GATEWAY.md) — api-gateway-nexus-dev + api-gateway-mfe-dev + api-gateway-insign-dev
- [Load Balancers](./LOAD-BALANCERS.md) — 34 LBs ativos por compartment
- [OCI Network Analysis](./OCI-NETWORK-ANALYSIS.md) — Analise de VCNs, subnets, DRG
- [Cloudflare](./CLOUDFLARE.md) — DNS e proxy
### MFEs
- [MFE Padronizacao OCI](./OCI-MFE-PADRONIZACAO.md) — Como todos os 6 MFEs foram migrados para OCI
- [MFE Tasks / Checklist](./OCI-MFE-TASKS.md) — Status e pendencias
- [MFE User Pipeline](./MFE-USER-PIPELINE.md) — Detalhe da pipeline mfe-user (multi-cloud legado)
- [OCI MFE Step-by-step](./OCI-MFE-STEPBYSTEP.md) — Guia de deploy manual
### Terraform (tf_oci_clusters — docs/)
- [compartment-nexus.md](https://dev.azure.com/CN-Squad/Invista%20FIDC%20-%20Nexus/_git/tf_oci_clusters?path=/docs/compartment-nexus.md) — Todos recursos OCI por compartment (Terraform vs Manual)
- [mfe-architecture.md](https://dev.azure.com/CN-Squad/Invista%20FIDC%20-%20Nexus/_git/tf_oci_clusters?path=/docs/mfe-architecture.md) — Arquitetura MFE de ponta a ponta
- [melhorias.md](https://dev.azure.com/CN-Squad/Invista%20FIDC%20-%20Nexus/_git/tf_oci_clusters?path=/docs/melhorias.md) — Backlog de melhorias priorizadas
### Operacoes
- [Historico de Operacoes](./OPERATIONS.md)
- [Conexoes e Credenciais](./CONNECTIONS.md)
- [Azure DevOps](./azure-devops/CONNECTION.md) — 49 repos, PAT, SSH
- [OCI Connection](./azure-devops/OCI-CONNECTION.md)
- [MS-USER - Microservico de Usuarios](./MS-USER.md)
- [Terraform Import](./OCI-TERRAFORM.md) — Importacao de recursos para Terraform
---
*Projeto InventCloud - Invista FIDC | Atualizado: 2026-02-28*