Skip to content

Commit

Permalink
[CES-124] Add another session manager instance (#1193)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Krusty93
Krusty93 authored Oct 2, 2024
1 parent ce7cccd commit 4604e86
Show file tree
Hide file tree
Showing 5 changed files with 163 additions and 4 deletions.
68 changes: 68 additions & 0 deletions src/domains/citizen-auth-app/01_network.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,28 @@ module "session_manager_snet" {
}
}

module "session_manager_snet_04" {
source = "github.com/pagopa/terraform-azurerm-v3//subnet?ref=v8.22.0"
name = format("%s-session-manager-snet-04", local.common_project)
address_prefixes = var.cidr_subnet_session_manager_04
resource_group_name = data.azurerm_virtual_network.common_vnet.resource_group_name
virtual_network_name = data.azurerm_virtual_network.common_vnet.name

private_endpoint_network_policies_enabled = true

service_endpoints = [
"Microsoft.Web",
]

delegation = {
name = "default"
service_delegation = {
name = "Microsoft.Web/serverFarms"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}

#########################
# Private Endpoints
#########################
Expand All @@ -163,6 +185,27 @@ resource "azurerm_private_endpoint" "session_manager_sites" {
tags = var.tags
}

resource "azurerm_private_endpoint" "session_manager_sites_04" {
name = "${local.common_project}-session-manager-app-pep-04"
location = var.location
resource_group_name = azurerm_resource_group.session_manager_rg_weu.name
subnet_id = data.azurerm_subnet.private_endpoints_subnet.id

private_service_connection {
name = "${local.common_project}-session-manager-app-pep-04"
private_connection_resource_id = module.session_manager_weu_04.id
is_manual_connection = false
subresource_names = ["sites"]
}

private_dns_zone_group {
name = "private-dns-zone-group"
private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_azurewebsites_net.id]
}

tags = var.tags
}

resource "azurerm_private_endpoint" "staging_session_manager_sites" {
name = "${local.common_project}-session-manager-staging-app-pep-01"
location = var.location
Expand All @@ -184,6 +227,26 @@ resource "azurerm_private_endpoint" "staging_session_manager_sites" {
tags = var.tags
}

resource "azurerm_private_endpoint" "staging_session_manager_sites_04" {
name = "${local.common_project}-session-manager-staging-app-pep-04"
location = var.location
resource_group_name = azurerm_resource_group.session_manager_rg_weu.name
subnet_id = data.azurerm_subnet.private_endpoints_subnet.id

private_service_connection {
name = "${local.common_project}-session-manager-staging-app-pep-04"
private_connection_resource_id = module.session_manager_weu_04.id
is_manual_connection = false
subresource_names = ["sites-${module.session_manager_weu_staging_04.name}"]
}

private_dns_zone_group {
name = "private-dns-zone-group"
private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_azurewebsites_net.id]
}

tags = var.tags
}

data "azurerm_nat_gateway" "nat_gateway" {
name = "${local.product}-natgw"
Expand All @@ -195,6 +258,11 @@ resource "azurerm_subnet_nat_gateway_association" "session_manager_snet" {
subnet_id = module.session_manager_snet.id
}

resource "azurerm_subnet_nat_gateway_association" "session_manager_snet_04" {
nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id
subnet_id = module.session_manager_snet_04.id
}

data "azurerm_resource_group" "rg_external" {
name = format("%s-rg-external", local.product)
}
Expand Down
84 changes: 81 additions & 3 deletions src/domains/citizen-auth-app/08_session_manager.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ resource "azurerm_resource_group" "session_manager_rg_weu" {

locals {

app_name_weu = format("%s-session-manager-app-03", local.common_project)
app_name_weu = format("%s-session-manager-app", local.common_project)

app_settings_common = {
WEBSITES_ENABLE_APP_SERVICE_STORAGE = false
Expand Down Expand Up @@ -228,7 +228,7 @@ module "session_manager_weu" {
sku_name = var.session_manager_plan_sku_name

# App service
name = local.app_name_weu
name = "${local.app_name_weu}-03"
resource_group_name = azurerm_resource_group.session_manager_rg_weu.name
location = var.location

Expand All @@ -249,7 +249,7 @@ module "session_manager_weu" {
app_settings = merge(
local.app_settings_common,
{
APPINSIGHTS_CLOUD_ROLE_NAME = local.app_name_weu
APPINSIGHTS_CLOUD_ROLE_NAME = "${local.app_name_weu}-03"
}
)
sticky_settings = concat(["APPINSIGHTS_CLOUD_ROLE_NAME"])
Expand All @@ -269,6 +269,48 @@ module "session_manager_weu" {
tags = var.tags
}

module "session_manager_weu_04" {
source = "github.com/pagopa/terraform-azurerm-v3//app_service?ref=v8.28.1"

# App service plan
plan_type = "internal"
plan_name = format("%s-session-manager-asp-04", local.common_project)
zone_balancing_enabled = true
sku_name = var.session_manager_plan_sku_name

# App service
name = "${local.app_name_weu}-04"
resource_group_name = azurerm_resource_group.session_manager_rg_weu.name
location = var.location

always_on = true
node_version = "20-lts"
app_command_line = ""
health_check_path = "/healthcheck"
health_check_maxpingfailures = 2

auto_heal_enabled = true
auto_heal_settings = {
startup_time = "00:05:00"
slow_requests_count = 50
slow_requests_interval = "00:01:00"
slow_requests_time = "00:00:10"
}

app_settings = merge(
local.app_settings_common,
{
APPINSIGHTS_CLOUD_ROLE_NAME = "${local.app_name_weu}-04"
}
)
sticky_settings = concat(["APPINSIGHTS_CLOUD_ROLE_NAME"])

subnet_id = module.session_manager_snet_04.id
vnet_integration = true

tags = var.tags
}

## staging slot
module "session_manager_weu_staging" {
source = "github.com/pagopa/terraform-azurerm-v3//app_service_slot?ref=v8.28.1"
Expand Down Expand Up @@ -315,3 +357,39 @@ module "session_manager_weu_staging" {

tags = var.tags
}

module "session_manager_weu_staging_04" {
source = "github.com/pagopa/terraform-azurerm-v3//app_service_slot?ref=v8.28.1"

app_service_id = module.session_manager_weu_04.id
app_service_name = module.session_manager_weu_04.name

name = "staging"
resource_group_name = azurerm_resource_group.session_manager_rg_weu.name
location = var.location

always_on = true
node_version = "20-lts"
app_command_line = ""
health_check_path = "/healthcheck"

auto_heal_enabled = true
auto_heal_settings = {
startup_time = "00:05:00"
slow_requests_count = 50
slow_requests_interval = "00:01:00"
slow_requests_time = "00:00:10"
}

app_settings = merge(
local.app_settings_common,
{
APPINSIGHTS_CLOUD_ROLE_NAME = "${module.session_manager_weu.name}-staging"
}
)

subnet_id = module.session_manager_snet_04.id
vnet_integration = true

tags = var.tags
}
5 changes: 5 additions & 0 deletions src/domains/citizen-auth-app/99_variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,11 @@ variable "cidr_subnet_session_manager" {
description = "Session manager app service address space."
}

variable "cidr_subnet_session_manager_04" {
type = list(string)
description = "Session manager app service instance 4 address space."
}

variable "session_manager_plan_sku_name" {
description = "App service plan sku name"
type = string
Expand Down
7 changes: 7 additions & 0 deletions src/domains/citizen-auth-app/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,11 @@
| <a name="module_function_profile_staging_slot"></a> [function\_profile\_staging\_slot](#module\_function\_profile\_staging\_slot) | git::https://github.com/pagopa/terraform-azurerm-v3.git//function_app_slot | v8.44.0 |
| <a name="module_locked_profiles_storage"></a> [locked\_profiles\_storage](#module\_locked\_profiles\_storage) | github.com/pagopa/terraform-azurerm-v3//storage_account | v8.27.0 |
| <a name="module_session_manager_snet"></a> [session\_manager\_snet](#module\_session\_manager\_snet) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.22.0 |
| <a name="module_session_manager_snet_04"></a> [session\_manager\_snet\_04](#module\_session\_manager\_snet\_04) | github.com/pagopa/terraform-azurerm-v3//subnet | v8.22.0 |
| <a name="module_session_manager_weu"></a> [session\_manager\_weu](#module\_session\_manager\_weu) | github.com/pagopa/terraform-azurerm-v3//app_service | v8.28.1 |
| <a name="module_session_manager_weu_04"></a> [session\_manager\_weu\_04](#module\_session\_manager\_weu\_04) | github.com/pagopa/terraform-azurerm-v3//app_service | v8.28.1 |
| <a name="module_session_manager_weu_staging"></a> [session\_manager\_weu\_staging](#module\_session\_manager\_weu\_staging) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.28.1 |
| <a name="module_session_manager_weu_staging_04"></a> [session\_manager\_weu\_staging\_04](#module\_session\_manager\_weu\_staging\_04) | github.com/pagopa/terraform-azurerm-v3//app_service_slot | v8.28.1 |
| <a name="module_tests"></a> [tests](#module\_tests) | ../tests | n/a |

## Resources
Expand All @@ -54,11 +57,13 @@
| [azurerm_private_endpoint.function_profile_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.locked_profiles_storage_table](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.session_manager_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.session_manager_sites_04](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_function_fast_login_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_function_lollipop_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_function_profile_async_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_function_profile_itn_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_session_manager_sites](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint.staging_session_manager_sites_04](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_resource_group.fast_login_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.fast_login_rg_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_resource_group.function_profile_async_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
Expand All @@ -68,6 +73,7 @@
| [azurerm_storage_table.locked_profiles](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_table) | resource |
| [azurerm_subnet.lollipop_snet_itn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
| [azurerm_subnet_nat_gateway_association.session_manager_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azurerm_subnet_nat_gateway_association.session_manager_snet_04](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
| [azuread_group.adgroup_admin](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
| [azuread_group.adgroup_externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
Expand Down Expand Up @@ -173,6 +179,7 @@
| <a name="input_cidr_subnet_profile_async_itn"></a> [cidr\_subnet\_profile\_async\_itn](#input\_cidr\_subnet\_profile\_async\_itn) | Function app address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_profile_itn"></a> [cidr\_subnet\_profile\_itn](#input\_cidr\_subnet\_profile\_itn) | Function app address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_session_manager"></a> [cidr\_subnet\_session\_manager](#input\_cidr\_subnet\_session\_manager) | Session manager app service address space. | `list(string)` | n/a | yes |
| <a name="input_cidr_subnet_session_manager_04"></a> [cidr\_subnet\_session\_manager\_04](#input\_cidr\_subnet\_session\_manager\_04) | Session manager app service instance 4 address space. | `list(string)` | n/a | yes |
| <a name="input_dns_zone_io"></a> [dns\_zone\_io](#input\_dns\_zone\_io) | The dns subdomain. | `string` | `null` | no |
| <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |
| <a name="input_enable_azdoa"></a> [enable\_azdoa](#input\_enable\_azdoa) | Specifies Azure Devops Agent enabling | `bool` | `true` | no |
Expand Down
3 changes: 2 additions & 1 deletion src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,8 @@ function_profile_async_autoscale_maximum = 30
function_profile_async_autoscale_default = 10

# Session manager
cidr_subnet_session_manager = ["10.0.149.0/26"]
cidr_subnet_session_manager = ["10.0.149.0/26"]
cidr_subnet_session_manager_04 = ["10.0.149.64/26"]
session_manager_autoscale_settings = {
autoscale_minimum = 3
autoscale_default = 3
Expand Down

0 comments on commit 4604e86

Please sign in to comment.