diff --git a/inventcloud/invista/nexus/OCI-DEV-NEXUS.md b/inventcloud/invista/nexus/OCI-DEV-NEXUS.md new file mode 100644 index 0000000..a1b9168 --- /dev/null +++ b/inventcloud/invista/nexus/OCI-DEV-NEXUS.md @@ -0,0 +1,357 @@ +# OCI — Ambiente DEV Nexus (cmp-dev-nexus) + +> **Data:** 2026-02-25 | **Responsável:** Tiago Ribeiro +> **Contexto:** Documentação completa do ambiente DEV Nexus — recursos OCI e Terraform (`tf_oci_clusters`) + +--- + +## 1. Compartments + +### Hierarquia + +``` +invistacloud (root) +└── cmp-top-invista + └── cmp-dev-inv ← compartment pai (local.compartment_id no Terraform) + └── cmp-dev-nexus ← clusters OKE, node pools, LBs +``` + +| Compartment | OCID | Uso | +|---|---|---| +| `cmp-dev-inv` | `ocid1.compartment.oc1..aaaaaaaa76x3nykkjwvctpr6px34dysu3pbg7p62h2r65fegt7fvbrioll3a` | VCN, API Gateway, Object Storage, Observabilidade | +| `cmp-dev-nexus` | `ocid1.compartment.oc1..aaaaaaaahycc62za6ikthlhauvarvbdixc7xpjjmcrame3cirhu2kz74ddma` | Clusters OKE, Node Pools, Load Balancers | + +> **Nota:** O Terraform usa `cmp-dev-inv` como compartment raiz do ambiente (`existing_compartment_id`) e `cmp-dev-nexus` como compartment dos clusters (`cluster_compartment_id_map`). + +--- + +## 2. OKE Clusters + +### Clusters Ativos + +| # | Cluster | OCID (sufixo) | Versão K8s | Node Pool | Nodes | +|---|---|---|---|---|---| +| 1 | `cls-dev-nexus` | `…cobrewkvc3a` | v1.34.1 | `np-dev-1` | 3x VM.Standard.E4.Flex | +| 2 | `cls-dev-barramento` | `…cifn2eknv6q` | v1.34.1 | `np-dev-2` | 3x VM.Standard.E4.Flex | +| 3 | `cls-dev-observabilidade` | `…crszb62robq` | v1.34.1 | `np-dev-3` | 3x VM.Standard.E4.Flex | + +### Configuração dos Node Pools + +| Parâmetro | Valor | +|---|---| +| Shape | `VM.Standard.E4.Flex` | +| OCPUs | 2 | +| Memória | 16 GB | +| Nodes por pool | 3 (`node_pool_size_up = 3`) | +| Modo de escala | `up` (escala zero: `node_pool_size_down = 0`) | +| Autoscaler | Desabilitado | +| Pods CIDR | `10.244.0.0/16` | +| Services CIDR | `10.96.0.0/16` | + +### Worker Nodes (Compute Instances) + +| Instância | Cluster | Shape | Estado | +|---|---|---|---| +| `oke-cifn2eknv6q-*` (x3) | cls-dev-barramento | VM.Standard.E4.Flex | RUNNING | +| `oke-cobrewkvc3a-*` (x3) | cls-dev-nexus | VM.Standard.E4.Flex | RUNNING | +| `oke-crszb62robq-*` (x3) | cls-dev-observabilidade | VM.Standard.E4.Flex | RUNNING | + +### Kubeconfig + +Os kubeconfigs são gerados automaticamente pelo Terraform via `null_resource.kubeconfig`: + +``` +~/.kube/config-dev-1 → cls-dev-nexus +~/.kube/config-dev-2 → cls-dev-barramento +~/.kube/config-dev-3 → cls-dev-observabilidade +``` + +Gerar manualmente: +```bash +oci ce cluster create-kubeconfig \ + --cluster-id \ + --file ~/.kube/config-dev- \ + --token-version 2.0.0 +``` + +--- + +## 3. Rede + +### VCN + +| VCN | CIDR | Compartment | Gerenciada por | +|---|---|---|---| +| `vcn-oke` | `10.110.0.0/16` | `cmp-dev-inv` / OKE > DEV | Terraform (`tf_oci_clusters`) | +| `VCN-DEV` | `10.6.0.0/16` | `cmp-dev-inv` | Manual | + +### Subnets `vcn-oke` (10.110.0.0/16) + +| Subnet | CIDR | Tipo | Uso | +|---|---|---|---| +| `sbn-workers-1` | `10.110.0.0/20` | Pública | OKE worker nodes | +| `sbn-workers-2` | `10.110.16.0/20` | Pública | OKE worker nodes | +| `sbn-workers-3` | `10.110.32.0/20` | Pública | OKE worker nodes | +| `sbn-lb-1` | `10.110.128.0/20` | Pública | Load Balancers OKE + API Gateway MFE | +| `sbn-lb-2` | `10.110.144.0/20` | Pública | Load Balancers OKE | +| `sbn-api-gateway` | `10.110.192.0/20` | **Privada** | Criada pelo Terraform (disponível — não usada atualmente) | + +### Gateways de Rede + +| Gateway | Tipo | Uso | +|---|---|---| +| `igw-oke` | Internet Gateway | Egress público para workers e LBs | +| `nat-oke` | NAT Gateway | Egress privado para `sbn-api-gateway` | +| `sgw-oke` | Service Gateway | Acesso a serviços OCI (Object Storage, etc.) | +| DRG | Dynamic Routing Gateway | Cross-VCN: `vcn-oke` ↔ `VCN-DEV` | + +--- + +## 4. Load Balancers + +Todos os LBs são criados e gerenciados pelo OKE (via Services do tipo LoadBalancer no Kubernetes): + +| Display Name (ID OKE) | IP | Shape | Cluster | Criado em | +|---|---|---|---|---| +| `35adee2d-…` | `10.110.133.131` | 100Mbps | cls-dev-barramento | 2026-01-26 | +| `b8344bb7-…` | `10.110.135.3` | 100Mbps | cls-dev-nexus | 2026-01-26 | +| `bc0548de-…` | `10.110.129.64` | 100Mbps | cls-dev-observabilidade | 2026-01-26 | +| `177c06f0-…` | `10.110.143.54` | 100Mbps | cls-dev-nexus | 2026-01-29 | +| `029cfee6-…` | `137.131.236.202` *(público)* | 100Mbps | cls-dev-nexus | 2026-02-09 | + +> Os IPs privados (`10.110.x`) estão na subnet `sbn-lb-1` ou `sbn-lb-2`. +> O único IP público (`137.131.236.202`) pertence a um Service exposto externamente no `cls-dev-nexus`. + +--- + +## 5. API Gateways + +### `api-gateway-mfe-dev` — Terraform-managed + +| Campo | Valor | +|---|---| +| Nome | `api-gateway-mfe-dev` | +| Compartment | `cmp-dev-inv` | +| Tipo | PUBLIC | +| Subnet | `sbn-lb-1` (10.110.128.0/20) — vcn-oke | +| Gerenciado por | Terraform (`modules/api_gateway_mfe`) | +| Hostname | `guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com` | + +**Deployments configurados:** + +| MFE | Bucket | Path | Backend | +|---|---|---|---| +| `mfe-user` | `mfe-user-dev` | `/{path*}` | Object Storage `grbb7qzeuoag` | +| `mfe-user` | `mfe-user-dev` | `/` (fallback SPA) | `index.html` no bucket | + +### `api-gateway-nexus-dev` — Manual + +| Campo | Valor | +|---|---| +| Nome | `api-gateway-nexus-dev` | +| Compartment | `cmp-dev-inv` | +| Subnet | `SBNT-DEV` (10.6.0.0/24) — VCN-DEV | +| Gerenciado por | Manual | +| Conectividade OKE | Via DRG (cross-VCN: VCN-DEV ↔ vcn-oke) | + +> **Pendência:** Migrar `api-gateway-nexus-dev` para `sbn-api-gateway` na `vcn-oke` (ver `OCI-NETWORK-ANALYSIS.md` — Opção A). + +--- + +## 6. Object Storage + +### Buckets em `cmp-dev-nexus` + +| Bucket | Uso | Criado em | +|---|---|---| +| `invista-inventcloud-bucket3` | Uso geral | 2026-02-06 | +| `tfstate-gqysee` | Terraform remote state | 2025-12-30 | +| `tfstate-inidhr` | Terraform remote state | 2025-12-30 | +| `tfstate-terraform` | Terraform remote state | 2025-12-30 | + +### Buckets em `cmp-dev-inv` + +| Bucket | Uso | Criado em | +|---|---|---| +| `mfe-shell-dev` | MFE Shell (frontend) | 2026-02-24 | + +> **Namespace do Object Storage:** `grbb7qzeuoag` + +--- + +## 7. ArgoCD + +ArgoCD instalado em todos os 3 clusters via Helm pelo Terraform: + +| Parâmetro | Valor | +|---|---| +| Chart Version | `7.3.0` (argo/argo-cd) | +| Namespace | `argocd` | +| LB tipo | Interno (annotation `oci-load-balancer-internal=true`) | +| OIDC | OCI IDCS (integrado via outputs do módulo `identity`) | + +**URLs internas (somente acesso via VCN):** + +| Cluster | URL | +|---|---| +| `cls-dev-nexus` (1) | `https://argocd.dev-01.interno.invista.com.br` | +| `cls-dev-barramento` (2) | `https://argocd.dev-02.interno.invista.com.br` | +| `cls-dev-observabilidade` (3) | `https://argocd.dev-03.interno.invista.com.br` | + +**RBAC OCI IDCS:** + +| Grupo OCI | Role ArgoCD | +|---|---| +| `invista-oke-admin` | `admin` | +| `invista-oke-dev` | `readonly` | +| `invista-oke-readonly` | `readonly` | + +--- + +## 8. Observabilidade + +Gerenciada pelo módulo `modules/observability` em `cmp-dev-inv`: + +| Recurso | Tipo | Configuração | +|---|---|---| +| Alarmes OCI Monitoring | `oci_computeagent` | CPU > 90% (PT10M) → CRITICAL; CPU > 75% (PT15M) → WARNING | +| Log Group | OCI Logging | — | +| Dashboard | OCI Management Dashboard | Import de `dashboards/oke-observability-import.json` | + +--- + +## 9. Terraform — `tf_oci_clusters` + +### Repositório + +| Campo | Valor | +|---|---| +| Organização | Azure DevOps — CN-Squad | +| Projeto | Invista FIDC - Nexus | +| Repositório | `tf_oci_clusters` | +| Pipeline | `terraform-tf_oci_clusters` (ID 51) | +| Variable Group | `oci-terraform` (ID 34) | +| Backend | Object Storage OCI (S3-compatible) — bucket `tfstate-*` em `cmp-dev-nexus` | + +### Estrutura de Arquivos + +``` +tf_oci_clusters/ +├── environments/ +│ ├── dev/ +│ │ ├── main.tf # Clusters, rede, bastion, observabilidade +│ │ ├── api_gateway_mfe.tf # API Gateway MFE + deployments +│ │ ├── argocd.tf # ArgoCD Helm install + kubeconfig +│ │ ├── backend.tf # Remote state config +│ │ ├── providers.tf # OCI provider +│ │ ├── variables.tf # Todas as variáveis +│ │ └── terraform.ci.tfvars # Valores do ambiente DEV (pipeline CI) +│ ├── hml/ # Ambiente HML (estrutura similar) +│ └── prod/ # Ambiente PROD (estrutura similar) +│ +├── modules/ +│ ├── oke_cluster/ # OKE cluster + node pool +│ │ ├── main.tf # oci_containerengine_cluster + node_pool +│ │ └── variables.tf +│ ├── network/ # VCN, subnets, gateways, route tables, security lists +│ │ ├── main.tf +│ │ └── variables.tf +│ ├── api_gateway_mfe/ # API Gateway PUBLIC para MFEs estáticos +│ │ ├── main.tf # oci_apigateway_gateway + deployments por MFE +│ │ └── variables.tf +│ ├── compartment/ # Criação de compartment +│ ├── observability/ # ONS + OCI Logging + Alarms + Dashboards +│ └── iam_service_accounts/ # IAM para service accounts +│ +├── compartments/ # Gerenciamento top-level de compartments +├── dns/ # DNS OCI +├── iam/ # IAM policies +├── identity/ # OIDC / IDCS (usado pelo ArgoCD) +├── argocd/ +│ ├── values.yaml # Helm values do ArgoCD +│ └── application-dev.yaml # ArgoCD Application manifest (GitOps) +└── dashboards/ + └── oke-observability-import.json +``` + +### terraform.ci.tfvars DEV — Valores Principais + +```hcl +env_name = "dev" +create_compartment = false +create_cluster_compartment = false # removido manualmente 2026-02-25 +existing_compartment_id = "ocid1.compartment.oc1..aaaaaaaa76x3nykkjwvctpr6px34dysu3pbg7p62h2r65fegt7fvbrioll3a" # cmp-dev-inv + +cluster_compartment_id_map = { + "1" = "ocid1.compartment.oc1..aaaaaaaahycc62za6ikthlhauvarvbdixc7xpjjmcrame3cirhu2kz74ddma" # cmp-dev-nexus + "2" = "ocid1.compartment.oc1..aaaaaaaahycc62za6ikthlhauvarvbdixc7xpjjmcrame3cirhu2kz74ddma" + "3" = "ocid1.compartment.oc1..aaaaaaaahycc62za6ikthlhauvarvbdixc7xpjjmcrame3cirhu2kz74ddma" +} + +kubernetes_version = "v1.34.1" +node_shape = "VM.Standard.E4.Flex" +ocpus = 2 +memory_in_gbs = 16 +vcn_cidr = "10.110.0.0/16" + +scale_mode = "up" +node_pool_size_up = 3 +node_pool_size_down = 0 + +enable_bastion = true +admin_cidr = "187.65.249.125/32" +enable_api_gateway_mfe = true +``` + +### Pipeline CI/CD + +``` +Push to main (tf_oci_clusters) + → Bootstrap (init + validate) + → Detect Changes (diff por environment) + → Plan (terraform plan -var-file=terraform.ci.tfvars) + → Aprovação Manual + → Apply (terraform apply) +``` + +--- + +## 10. Fluxo de Dependências + +``` +tf_oci_clusters (pipeline ID 51) + │ + ├── module.network → VCN vcn-oke (10.110.0.0/16) + │ └── subnets, IGW, NAT, SGW, route tables, security lists + │ + ├── module.cluster[1,2,3] → cls-dev-nexus / cls-dev-barramento / cls-dev-observabilidade + │ └── node_pool → np-dev-1/2/3 (VM.Standard.E4.Flex 2cpu/16gb x3) + │ + ├── module.api_gateway_mfe → api-gateway-mfe-dev (PUBLIC, sbn-lb-1) + │ └── deployment mfe-user → bucket mfe-user-dev + │ + ├── null_resource.kubeconfig → ~/.kube/config-dev-{1,2,3} + │ + ├── null_resource.argocd_setup → ArgoCD v7.3.0 em cada cluster + │ + └── module.observability → Alarms + Log Group + Dashboards +``` + +--- + +## Referências + +| Recurso | OCID / URL | +|---|---| +| Compartment `cmp-dev-nexus` | `ocid1.compartment.oc1..aaaaaaaahycc62za6ikthlhauvarvbdixc7xpjjmcrame3cirhu2kz74ddma` | +| Compartment `cmp-dev-inv` | `ocid1.compartment.oc1..aaaaaaaa76x3nykkjwvctpr6px34dysu3pbg7p62h2r65fegt7fvbrioll3a` | +| VCN `vcn-oke` | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` | +| VCN `VCN-DEV` | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatoq6uvqqak3kax775ksd2jastvgsbiki7mgj6jzue6dq` | +| API Gateway MFE hostname | `guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com` | +| Repo Terraform | Azure DevOps — CN-Squad / Invista FIDC - Nexus / tf_oci_clusters | +| Região | `sa-saopaulo-1` | +| Object Storage Namespace | `grbb7qzeuoag` | + +--- + +*Atualizado em: 2026-02-25*