pagopa · re-sh-cloud-arch · Oct 29, 2024 · Oct 29, 2024 · Oct 30, 2024 · Oct 30, 2024
@@ -110,6 +110,20 @@ route_aks = [
     next_hop_type          = "VirtualAppliance"
     next_hop_in_ip_address = "10.230.9.150"
   },
+  {
+    # uat aks nodo nexi postgres onprem prf
+    name                   = "aks-outbound-to-nexi-postgres-prf-onprem-balancer-1-subnet"
+    address_prefix         = "10.222.214.127/32"
+    next_hop_type          = "VirtualAppliance"
+    next_hop_in_ip_address = "10.230.9.150"
+  },
+  {
+    #  prf aks nodo nexi postgres onprem prf
+    name                   = "aks-outbound-to-nexi-postgres-prf-onprem-balancer-2-subnet"
+    address_prefix         = "10.222.214.128/32"
+    next_hop_type          = "VirtualAppliance"
+    next_hop_in_ip_address = "10.230.9.150"
+  }
 ]
 
 vmss_zones           = ["1"]

@@ -58,6 +58,23 @@ resource "azurerm_private_dns_a_record" "private_dns_a_record_db_nodo_nexi_postg
   records             = var.dns_a_reconds_dbnodonexipostgres_prf_ips
 }
 
+resource "azurerm_private_dns_a_record" "private_dns_a_record_db_nodo_nexi_postgres_prf_1" {
+  count               = var.env_short == "u" ? 1 : 0
+  name                = "db-postgres-ndp-prf-1"
+  zone_name           = azurerm_private_dns_zone.db_nodo_dns_zone.name
+  resource_group_name = azurerm_resource_group.data.name
+  ttl                 = 60
+  records             = var.dns_a_reconds_dbnodonexipostgres_prf_balancer_1_ips
+}
+
+resource "azurerm_private_dns_a_record" "private_dns_a_record_db_nodo_nexi_postgres_prf_2" {
+  count               = var.env_short == "u" ? 1 : 0
+  name                = "db-postgres-ndp-prf-2"
+  zone_name           = azurerm_private_dns_zone.db_nodo_dns_zone.name
+  resource_group_name = azurerm_resource_group.data.name
+  ttl                 = 60
+  records             = var.dns_a_reconds_dbnodonexipostgres_prf_balancer_2_ips
+}
 ### 🔮 Private dns zone: Redis
 
 resource "azurerm_private_dns_zone" "privatelink_redis_cache_windows_net" {

@@ -44,6 +44,7 @@ locals {
       port               = 443
       ssl_profile_name   = "${local.product_region}-ssl-profile"
       firewall_policy_id = null
+      type               = "Private"
       certificate = {
         name = var.integration_app_gateway_prf_certificate_name
         id = var.integration_app_gateway_prf_certificate_name == "" ? null : replace(
@@ -55,6 +56,52 @@ locals {
     }
   }
 
+  backends = {
+    apim = {
+      protocol                    = "Https"
+      host                        = "api.${var.dns_zone_prefix}.${var.external_domain}"
+      port                        = 443
+      ip_addresses                = module.apim[0].private_ip_addresses
+      fqdns                       = ["api.${var.dns_zone_prefix}.${var.external_domain}."]
+      probe                       = "/status-0123456789abcdef"
+      probe_name                  = "probe-apim"
+      request_timeout             = 120
+      pick_host_name_from_backend = false
+    }
+  }
+
+  backends_prf = {
+    apimprf = {
+      protocol                    = "Https"
+      host                        = "api.${var.dns_zone_prefix_prf}.${var.external_domain}"
+      port                        = 443
+      ip_addresses                = module.apim[0].private_ip_addresses
+      fqdns                       = ["api.${var.dns_zone_prefix_prf}.${var.external_domain}."]
+      probe                       = "/status-0123456789abcdef"
+      probe_name                  = "probe-apimprf"
+      request_timeout             = 120
+      pick_host_name_from_backend = false
+    }
+  }
+
+  routes = {
+    api = {
+      listener              = "api"
+      backend               = "apim"
+      rewrite_rule_set_name = null
+      priority              = 10
+    }
+  }
+
+  routes_prf = {
+    apiprf = {
+      listener              = "apiprf"
+      backend               = "apimprf"
+      rewrite_rule_set_name = null
+      priority              = 20
+    }
+  }
+
   listeners = {
     api = {
       protocol           = "Https"
@@ -136,19 +183,10 @@ module "app_gw_integration" {
   zones              = var.integration_appgateway_zones
 
   # Configure backends
-  backends = {
-    apim = {
-      protocol                    = "Https"
-      host                        = "api.${var.dns_zone_prefix}.${var.external_domain}"
-      port                        = 443
-      ip_addresses                = module.apim[0].private_ip_addresses
-      fqdns                       = ["api.${var.dns_zone_prefix}.${var.external_domain}."]
-      probe                       = "/status-0123456789abcdef"
-      probe_name                  = "probe-apim"
-      request_timeout             = 120
-      pick_host_name_from_backend = false
-    }
-  }
+  backends = merge(
+    local.backends,
+    var.dns_zone_prefix_prf != "" ? local.backends_prf : {}
+  )
 
   ssl_profiles = [
     {
@@ -180,14 +218,10 @@ module "app_gw_integration" {
   )
 
   # maps listener to backend
-  routes = {
-    api = {
-      listener              = "api"
-      backend               = "apim"
-      rewrite_rule_set_name = null
-      priority              = 10
-    }
-  }
+  routes = merge(
+    local.routes,
+    var.dns_zone_prefix_prf != "" ? local.routes_prf : {}
+  )
 
   rewrite_rule_sets = []
 

@@ -204,6 +204,17 @@ variable "dns_a_reconds_dbnodonexipostgres_prf_ips" {
   default     = []
 }
 
+variable "dns_a_reconds_dbnodonexipostgres_prf_balancer_1_ips" {
+  type        = list(string)
+  description = "IPs address of DB Nodo PostgreSQL Nexi"
+  default     = []
+}
+
+variable "dns_a_reconds_dbnodonexipostgres_prf_balancer_2_ips" {
+  type        = list(string)
+  description = "IPs address of DB Nodo PostgreSQL Nexi"
+  default     = []
+}
 
 #
 # dns forwarder

@@ -59,11 +59,13 @@ dns_zone_internal_prefix = "internal.uat.platform"
 dns_zone_prefix_prf      = "prf.platform"
 dns_zone_wfesp           = "wfesp.test"
 
-private_dns_zone_db_nodo_pagamenti       = "u.db-nodo-pagamenti.com"
-dns_a_reconds_dbnodo_ips                 = ["10.70.73.10"]    # db onCloud
-dns_a_reconds_dbnodo_prf_ips             = ["10.70.73.20"]    # db onCloud prf
-dns_a_reconds_dbnodonexipostgres_ips     = ["10.222.214.174"] # db onPrem PostgreSQL
-dns_a_reconds_dbnodonexipostgres_prf_ips = ["10.222.214.184"] # db onPrem PostgreSQL
+private_dns_zone_db_nodo_pagamenti                  = "u.db-nodo-pagamenti.com"
+dns_a_reconds_dbnodo_ips                            = ["10.70.73.10"]    # db onCloud
+dns_a_reconds_dbnodo_prf_ips                        = ["10.70.73.20"]    # db onCloud prf
+dns_a_reconds_dbnodonexipostgres_ips                = ["10.222.214.174"] # db onPrem PostgreSQL
+dns_a_reconds_dbnodonexipostgres_prf_ips            = ["10.222.214.184"] # db onPrem PostgreSQL
+dns_a_reconds_dbnodonexipostgres_prf_balancer_1_ips = ["10.222.214.127"] # db onPrem PRF PostgreSQL
+dns_a_reconds_dbnodonexipostgres_prf_balancer_2_ips = ["10.222.214.128"] # db onPrem PRF PostgreSQL
 ### External resources
 
 monitor_resource_group_name                 = "pagopa-u-monitor-rg"