rede5/infracloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infracloud/inventcloud/invista/nexus/API-GATEWAY.md
Tiago Ribeiro 389ec232de docs(nexus): atualiza documentacao para estado atual 2026-02-28 
- README.md: reescrito com 6 MFEs, 3 clusters OKE, 9 microservicos, links para novos docs tf_oci_clusters
- OCI.md: corrige VCN CIDR (10.120 orphan deletado -> 10.110 ativo), atualiza 6 buckets mfe-*-dev, API Gateway PRIVATE em sbn-api-gateway, pipelines padronizadas
- OCI-DEV-NEXUS.md: API Gateway com 6 deployments MFE, Object Storage com 6 buckets, corrige tipo PUBLIC->PRIVATE e subnet
- API-GATEWAY.md: 6 deployments api-gateway-mfe-dev, 8 buckets na secao Frontends Estaticos, pendencias atualizadas
- OCI-MFE-TASKS.md: VCN orphan marcada como deletada, 6 buckets mfe-*-dev, checklist atualizado

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-01 07:51:22 -03:00

172 lines
6.4 KiB
Markdown
Raw Blame History

# OCI API Gateways - Completo
## Gateway 1: api-gateway-nexus-dev
| Propriedade | Valor |
|-------------|-------|
| Nome | api-gateway-nexus-dev |
| Tipo | PRIVATE |
| Hostname | `dnqe6ufrommkqxtfp7k2ehrbmu.apigateway.sa-saopaulo-1.oci.customer-oci.com` |
| IP | 10.6.0.123 |
| Compartment | cmp-dev-nexus |
| Estado | ACTIVE |
### Deployments
| Nome | Endpoint |
|------|----------|
| auth | /api/auth |
| user | /api/user |
| user-external | /api/user-external |
| user-internal | /api/user-internal |
| person | /api/person |
| role | /api/role |
| sso | /api/sso |
| cache | /api/cache |
| poc | /api/poc |
| commercial-manager | /api/commercial-manager |
---
## Gateway 2: api-gateway-insign-dev
| Propriedade | Valor |
|-------------|-------|
| Nome | api-gateway-insign-dev |
| Tipo | PRIVATE |
| Hostname | `oyk5unl6ec7a53aychqlvz5bwa.apigateway.sa-saopaulo-1.oci.customer-oci.com` |
| IP | 10.6.0.33 |
| Compartment | cmp-dev-insign |
| Estado | ACTIVE |
### Deployments
| Nome | Endpoint |
|------|----------|
| insign-deploy-dev | /insign |
| insing-dev | / |
| root | / |
---
## Gateway 3: api-gateway-mfe-dev (Terraform-managed)
| Propriedade | Valor |
|-------------|-------|
| Nome | api-gateway-mfe-dev |
| Tipo | PRIVATE |
| OCID | `ocid1.apigateway.oc1.sa-saopaulo-1.amaaaaaasks3yliabdiquogy2pqyohas4wjopizv2xzgzrclmsvsh4x7ewea` |
| Hostname | `guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com` |
| IP | 10.110.198.250 |
| VCN | vcn-oke (10.110.0.0/16) |
| Subnet | sbn-api-gateway (10.110.192.0/20) |
| Compartment | DEV (`ocid1.compartment.oc1..aaaaaaaa76x3nykkjwvctpr6px34dysu3pbg7p62h2r65fegt7fvbrioll3a`) |
| Estado | ACTIVE |
| Gerenciado por | Terraform (`tf_oci_clusters/modules/api_gateway_mfe`) |
| Criado em | 2026-02-22 (pipeline build #5964) |
### Deployments
6 deployments — um por MFE. Cada deployment tem 2 rotas: `/` (index.html) e `/{path*}` (arquivos estáticos).
| Deployment | Bucket OCI | Hostname planejado |
|------------|-----------|-------------------|
| deploy-mfe-shell-dev | `mfe-shell-dev` | `mfe-shell-dev.invista.com.br` |
| deploy-mfe-auth-dev | `mfe-auth-dev` | `mfe-auth-dev.invista.com.br` |
| deploy-mfe-user-dev | `mfe-user-dev` | `mfe-user-dev.invista.com.br` |
| deploy-mfe-person-dev | `mfe-person-dev` | `mfe-person-dev.invista.com.br` |
| deploy-mfe-formalization-dev | `mfe-formalization-dev` | `mfe-formalization-dev.invista.com.br` |
| deploy-mfe-poc-dev | `mfe-poc-dev` | `mfe-poc-dev.invista.com.br` |
Namespace Object Storage: `grbb7qzeuoag` | Region: `sa-saopaulo-1`
### Acesso
| Tipo | URL |
|------|-----|
| Direto (privado) | `https://guhal72tzyekzchzamhhi3lvgi.apigateway.sa-saopaulo-1.oci.customer-oci.com/{mfe-name}/` |
| Planejado (DNS) | `https://mfe-{name}-dev.invista.com.br` (pendente VCN peering + LB + Cloudflare) |
### Terraform
```hcl
# environments/dev/api_gateway_mfe.tf
module "api_gateway_mfe" {
count = var.enable_api_gateway_mfe ? 1 : 0
source = "../../modules/api_gateway_mfe"
compartment_id = local.compartment_id
subnet_id = module.network.lb_subnet_ids[0]
env_name = var.env_name
endpoint_type = "PUBLIC"
mfe_deployments = [
{ name = "mfe-shell", hostname = "mfe-shell-dev.invista.com.br", bucket_name = "mfe-shell-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-auth", hostname = "mfe-auth-dev.invista.com.br", bucket_name = "mfe-auth-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-user", hostname = "mfe-user-dev.invista.com.br", bucket_name = "mfe-user-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-person", hostname = "mfe-person-dev.invista.com.br", bucket_name = "mfe-person-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-formalization", hostname = "mfe-formalization-dev.invista.com.br", bucket_name = "mfe-formalization-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
{ name = "mfe-poc", hostname = "mfe-poc-dev.invista.com.br", bucket_name = "mfe-poc-dev", object_namespace = var.mfe_object_namespace, region = var.oci_region },
]
}
```
### Pendencias
- [ ] VCN Peering: Attach vcn-oke ao DRG-Invista-Shared
- [ ] Rota no LB Test_Crivo_Dev: backend set apontando para 10.110.198.250:443
- [ ] Routing policy por hostname: `mfe-{name}-dev.invista.com.br` para cada MFE
- [ ] DNS Cloudflare: 6 CNAMEs `mfe-{name}-dev` -> LB IP (via Cloudflare proxy)
- [ ] Atualizar `federation.manifest.json` do mfe-shell com URLs reais dos remotes
- [ ] Migrar `EnvironmentService` do mfe-shell de AWS para OCI api-gateway-nexus-dev
---
## Frontends Estaticos (Buckets)
| Bucket | Namespace | Acesso | Descricao |
|--------|-----------|--------|-----------|
| `mfe-shell-dev` | grbb7qzeuoag | API Gateway MFE | Shell Angular (HOST) — orquestra todos os remotes |
| `mfe-auth-dev` | grbb7qzeuoag | API Gateway MFE | MFE Auth |
| `mfe-user-dev` | grbb7qzeuoag | API Gateway MFE | MFE User |
| `mfe-person-dev` | grbb7qzeuoag | API Gateway MFE | MFE Person |
| `mfe-formalization-dev` | grbb7qzeuoag | API Gateway MFE | MFE Formalization |
| `mfe-poc-dev` | grbb7qzeuoag | API Gateway MFE | MFE PoC |
| `app-front-insign-teste` | grbb7qzeuoag | Cloudflare + OCI | Site estatico de teste (insign) |
| `front` | grbb7qzeuoag | — | Icones SVG |
Todos os buckets MFE: `public-access-type = ObjectReadWithoutList`, criados via pipeline CI/CD (Azure DevOps).
---
## Conectividade de Rede
### VCNs envolvidas
| VCN | CIDR | Componentes |
|-----|------|-------------|
| VCN-Shared | 10.8.0.0/16 | LB Test_Crivo_Dev (10.8.4.127) |
| vcn-oke (dev) | 10.110.0.0/16 | API Gateway MFE (10.110.198.250), OKE clusters |
### DRG (Dynamic Routing Gateway)
| Propriedade | Valor |
|-------------|-------|
| Nome | DRG-Invista-Shared |
| OCID | `ocid1.drg.oc1.sa-saopaulo-1.aaaaaaaazuiluiavm3zcrzelqs2f3k3sdy3fka5yytwjua37a2ksn446deza` |
| VCN-Shared | Attached |
| vcn-oke (dev) | **Pendente** - necessario para LB acessar API Gateway |
### Fluxo de rede planejado
```
Browser -> Cloudflare (mfe-{name}-dev.invista.com.br)
-> LB Test_Crivo_Dev (10.8.4.127, VCN-Shared)
-> DRG-Invista-Shared (VCN peering — PENDENTE)
-> API Gateway MFE (10.110.198.250, vcn-oke)
-> Object Storage (mfe-{name}-dev, namespace grbb7qzeuoag)
```
---
*Atualizado em: 2026-02-28*
Reference in a new issue View git blame Copy permalink