rede5/infracloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(nexus): corrige arquitetura para um gateway por MFE (OCI restrição)

Browse source
This commit is contained in:
Tiago Ribeiro 2026-03-03 19:44:47 -03:00
parent ab9ae3f160
commit d56a251fab
1 changed files with 42 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
invista/nexus/OCI-DEV-NEXUS.md
View file

@ -49,31 +49,26 @@ Criados automaticamente pelo Kubernetes (Services do tipo `LoadBalancer`). Ficam
| `10.110.143.54` | Privado | cls-dev-nexus |
| `137.131.236.202` | **Público** | cls-dev-nexus |
### 2.3 API Gateway PUBLIC — Terraform (`api-gateway-dev`)
### 2.3 API Gateways PUBLIC por MFE — Terraform
Criado pelo módulo `modules/api_gateway_mfe`. Serve os arquivos estáticos dos MFEs via Object Storage.
Criados pelo módulo `modules/api_gateway_mfe`. **Um gateway por MFE** (OCI restrição: só um deployment com `path_prefix="/"` por gateway). Servem arquivos estáticos dos MFEs via Object Storage.
| Campo | Valor |
|---|---|
| Nome | `api-gateway-dev` |
| Tipo | **PUBLIC** |
| Compartment | `cmp-dev-nexus` |
| Subnet | `sbn-lb-1` (10.110.128.0/20) — vcn-oke |
| Módulo TF | `tf_oci_clusters/modules/api_gateway_mfe` |
| Hostname | *(gerado pelo pipeline — ver output `mfe_gateway_endpoint`)* |
| Nome | Compartment | Subnet | Hostname (DNS CNAME) |
|---|---|---|---|
| `api-gw-mfe-shell-dev` | `cmp-dev-nexus` | `sbn-lb-1` | *(output `mfe_gateway_hostnames["mfe-shell"]`)* |
| `api-gw-mfe-auth-dev` | `cmp-dev-nexus` | `sbn-lb-1` | *(output `mfe_gateway_hostnames["mfe-auth"]`)* |
| `api-gw-mfe-user-dev` | `cmp-dev-nexus` | `sbn-lb-1` | *(output `mfe_gateway_hostnames["mfe-user"]`)* |
| `api-gw-mfe-person-dev` | `cmp-dev-nexus` | `sbn-lb-1` | *(output `mfe_gateway_hostnames["mfe-person"]`)* |
| `api-gw-mfe-poc-dev` | `cmp-dev-nexus` | `sbn-lb-1` | *(output `mfe_gateway_hostnames["mfe-poc"]`)* |
| `api-gw-mfe-formalization-dev` | `cmp-dev-nexus` | `sbn-lb-1` | *(output `mfe_gateway_hostnames["mfe-formalization"]`)* |
**6 deployments (um por MFE):**
Cada gateway tem **1 deployment** com `path_prefix="/"` contendo:
- `GET /``mfe-{name}-dev/o/index.html`
- `GET /{path*}``mfe-{name}-dev/o/{path}`
| Path prefix | Display name | Backend (Object Storage) |
|---|---|---|
| `/` | `deploy-mfe-auth-dev` | `mfe-auth-dev/o/{path}` |
| `/` | `deploy-mfe-user-dev` | `mfe-user-dev/o/{path}` |
| `/` | `deploy-mfe-person-dev` | `mfe-person-dev/o/{path}` |
| `/` | `deploy-mfe-poc-dev` | `mfe-poc-dev/o/{path}` |
| `/` | `deploy-mfe-shell-dev` | `mfe-shell-dev/o/{path}` |
| `/` | `deploy-mfe-formalization-dev` | `mfe-formalization-dev/o/{path}` |
> Cada deployment responde a `GET /` (→ `index.html`) e `GET /{path*}` (→ arquivo estático).
> Módulo TF: `tf_oci_clusters/modules/api_gateway_mfe`
> Após `terraform apply`, hostnmaes disponíveis no output `mfe_gateway_hostnames` da pipeline.
> Cada MFE tem CNAME no Cloudflare apontando para seu hostname único.
### 2.4 API Gateway PRIVATE — Manual (`api-gateway-nexus-dev`)
@ -170,10 +165,10 @@ Os recursos de rede ficam em **`cmp-dev-inv`** mas os clusters e gateways de `cm
INTERNET
▼ [Cloudflare CNAME proxied]
api-gateway-dev (PUBLIC · sbn-lb-1 · vcn-oke · cmp-dev-nexus)
api-gw-mfe-{name}-dev (PUBLIC · sbn-lb-1 · vcn-oke · cmp-dev-nexus) [um por MFE]
├── GET /mfe-*/index.html → Object Storage (mfe-*-dev buckets · cmp-dev-nexus)
└── GET /mfe-*/{path*} → Object Storage (arquivo estático)
├── GET /index.html → Object Storage (mfe-{name}-dev bucket · cmp-dev-nexus)
└── GET /{path*} → Object Storage (arquivo estático do MFE)
INTERNET
@ -200,7 +195,7 @@ Pods (sbn-workers-1/2/3 · vcn-oke · cmp-dev-nexus)
|---|---|---|
| VCN `vcn-oke` + subnets + gateways + route tables | **Terraform** | `tf_oci_clusters/modules/network` |
| 3× OKE clusters + node pools (9 workers) | **Terraform** | `tf_oci_clusters/modules/oke_cluster` |
| `api-gateway-dev` (PUBLIC) + 6 deployments MFE | **Terraform** | `tf_oci_clusters/modules/api_gateway_mfe` |
| 6× `api-gw-mfe-*-dev` (PUBLIC, um por MFE) + 6 deployments | **Terraform** | `tf_oci_clusters/modules/api_gateway_mfe` |
| 6× buckets `mfe-*-dev` (Object Storage) | **Terraform** | `tf_oci_clusters/modules/api_gateway_mfe` |
| ArgoCD (Helm v7.3.0) nos 3 clusters | **Terraform** | `tf_oci_clusters/environments/dev/argocd.tf` |
| Kubeconfigs `~/.kube/config-dev-{1,2,3}` | **Terraform** (local-exec) | Gerados no `terraform apply` |
@ -328,8 +323,13 @@ Push para main (tf_oci_clusters)
### 6.6 O que o terraform apply cria no cmp-dev-nexus
```
api-gateway-dev (PUBLIC, sbn-lb-1, vcn-oke)
└── 6 deployments: deploy-mfe-{auth,user,person,poc,shell,formalization}-dev
6 API Gateways PUBLIC (um por MFE, sbn-lb-1, vcn-oke, cmp-dev-nexus):
api-gw-mfe-shell-dev → deploy-mfe-shell-dev
api-gw-mfe-auth-dev → deploy-mfe-auth-dev
api-gw-mfe-user-dev → deploy-mfe-user-dev
api-gw-mfe-person-dev → deploy-mfe-person-dev
api-gw-mfe-poc-dev → deploy-mfe-poc-dev
api-gw-mfe-formalization-dev → deploy-mfe-formalization-dev
6 buckets Object Storage:
mfe-auth-dev / mfe-user-dev / mfe-person-dev
@ -349,24 +349,24 @@ Kubeconfigs: ~/.kube/config-dev-{1,2,3}
## 7. URLs de acesso
### 7.1 API Gateway PUBLIC (`api-gateway-dev`) — MFEs
### 7.1 API Gateways PUBLIC — MFEs (um por MFE)
O hostname é gerado pelo OCI após o `terraform apply`. Ver output `mfe_gateway_endpoint` na pipeline.
Hostnames gerados pelo OCI após o `terraform apply`. Ver output `mfe_gateway_hostnames` na pipeline.
> Cada MFE tem um **deployment separado** mas todos compartilham o mesmo gateway.
> O path prefix é `/` para todos — o roteamento por MFE é feito via **DNS** (subdomínio diferente por MFE).
> Cada MFE tem seu **próprio gateway** (OCI restringe a 1 deployment com `path_prefix="/"` por gateway).
> Cada DNS (Cloudflare CNAME) aponta para o hostname exclusivo do gateway do seu MFE.
| MFE | DNS (Cloudflare → CNAME → gateway) | Bucket |
|---|---|---|
| Shell | `mfe-shell-dev-oci.invista.com.br` | `mfe-shell-dev` |
| Auth | `mfe-auth-dev-oci.invista.com.br` | `mfe-auth-dev` |
| User | `mfe-user-dev-oci.invista.com.br` | `mfe-user-dev` |
| Person | `mfe-person-dev-oci.invista.com.br` | `mfe-person-dev` |
| PoC | `mfe-poc-dev-oci.invista.com.br` | `mfe-poc-dev` |
| Formalization | `mfe-formalization-dev-oci.invista.com.br` | `mfe-formalization-dev` |
| MFE | DNS (Cloudflare → CNAME) | Gateway | Bucket |
|---|---|---|---|
| Shell | `mfe-shell-dev-oci.invista.com.br` | `api-gw-mfe-shell-dev` | `mfe-shell-dev` |
| Auth | `mfe-auth-dev-oci.invista.com.br` | `api-gw-mfe-auth-dev` | `mfe-auth-dev` |
| User | `mfe-user-dev-oci.invista.com.br` | `api-gw-mfe-user-dev` | `mfe-user-dev` |
| Person | `mfe-person-dev-oci.invista.com.br` | `api-gw-mfe-person-dev` | `mfe-person-dev` |
| PoC | `mfe-poc-dev-oci.invista.com.br` | `api-gw-mfe-poc-dev` | `mfe-poc-dev` |
| Formalization | `mfe-formalization-dev-oci.invista.com.br` | `api-gw-mfe-formalization-dev` | `mfe-formalization-dev` |
> **DNS**: CNAME proxied no Cloudflare → hostname do `api-gateway-dev` (gerado pelo pipeline).
> Após cada `terraform apply` que recria o gateway, o CNAME precisa ser atualizado.
> **DNS**: CNAME proxied no Cloudflare → hostname único por MFE (output `mfe_gateway_hostnames` da pipeline).
> Após `terraform apply`, atualizar cada CNAME no Cloudflare com o hostname do seu gateway.
### 7.2 API Gateway PRIVATE (`api-gateway-nexus-dev`) — Backend MS
@ -424,7 +424,7 @@ Acessado via Cloudflare → LB Test_Crivo_Dev → DRG → VCN-DEV → gateway.
| VCN `vcn-oke` | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliapqrmikfzagpgqohuzjqik3hx63w7r2uajiqv5krvxkda` |
| VCN `VCN-DEV` | `ocid1.vcn.oc1.sa-saopaulo-1.amaaaaaasks3yliatoq6uvqqak3kax775ksd2jastvgsbiki7mgj6jzue6dq` |
| API Gateway `api-gateway-nexus-dev` | `ocid1.apigateway.oc1.sa-saopaulo-1.amaaaaaasks3yliabohvp4fqav5pansi57thnunkyons52idvpfjppyzugeq` |
| API Gateway `api-gateway-dev` | *(gerado pelo pipeline — ver output `mfe_gateway_endpoint`)* |
| API Gateways MFE | *(hostnames no output `mfe_gateway_hostnames` da pipeline)* |
| Object Storage Namespace | `grbb7qzeuoag` |
| Região | `sa-saopaulo-1` |
| Pipeline Terraform | ID 51 — `terraform-tf_oci_clusters` |