a780eff7c5
- Changed CCIPWETH10Bridge address from `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` to `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` in various deployment documents and scripts. - Ensured consistency in bridge configuration and verification steps for ChainID 138 and Mainnet. Made-with: Cursor
Terraform Configuration for DeFi Oracle Meta Mainnet
Overview
This directory contains Terraform configurations for deploying the DeFi Oracle Meta Mainnet (ChainID 138) on Azure.
Deployment Options
1. Legacy Single Resource Group Deployment
The default configuration uses a single resource group for all resources. This is suitable for development and testing.
Configuration: terraform/main.tf
Usage:
cd terraform
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
2. Well-Architected Framework Deployment (Recommended for Production)
The Well-Architected Framework deployment uses multiple resource groups organized by purpose and lifecycle. This is recommended for production deployments.
Configuration: terraform/well-architected/main.tf
Usage:
cd terraform/well-architected
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars
Benefits:
- Separate resource groups by purpose (network, compute, storage, security, monitoring)
- Better cost allocation and tracking
- Improved security boundaries
- Easier resource management
- Compliance with Azure Well-Architected Framework
Modules
Core Modules
- networking: Virtual networks, subnets, NSGs, Application Gateway
- kubernetes: AKS cluster, node pools, Log Analytics
- storage: Storage accounts, containers, file shares
- secrets: Key Vault (legacy with access policies)
Well-Architected Modules
- management-groups: Management Groups hierarchy
- resource-groups: Resource groups organized by purpose
- keyvault-enhanced: Enhanced Key Vault with RBAC and Private Endpoints
- budget: Consumption budgets with alerts
Configuration Files
Legacy Deployment
terraform/main.tf: Main Terraform configurationterraform/variables.tf: Variable definitionsterraform/outputs.tf: Output definitionsterraform/terraform.tfvars.example: Example variables
Well-Architected Deployment
terraform/well-architected/main.tf: Main Well-Architected configurationterraform/well-architected/variables.tf: Variable definitionsterraform/well-architected/outputs.tf: Output definitionsterraform/well-architected/terraform.tfvars.example: Example variables
Variables
Common Variables
environment: Environment (prod, dev, test, staging)location: Azure regioncluster_name: AKS cluster namekubernetes_version: Kubernetes versionnode_count: Number of nodes per node poolvm_size: VM size for node poolstags: Tags to apply to resources
Legacy Deployment Variables
resource_group_name: Single resource group namekey_vault_name: Key Vault name
Well-Architected Deployment Variables
use_well_architected: Enable Well-Architected Framework structurenetwork_resource_group_name: Network resource group namecompute_resource_group_name: Compute resource group namestorage_resource_group_name: Storage resource group namesecurity_resource_group_name: Security resource group namekey_vault_allowed_subnet_ids: Subnet IDs allowed to access Key Vaultkey_vault_allowed_ip_ranges: IP ranges allowed to access Key Vaultbudget_amount: Monthly budget amountbudget_contact_emails: Email addresses for budget notifications
Migration
To migrate from legacy to Well-Architected Framework deployment, see Migration Guide.
Documentation
- Well-Architected Framework Review
- Well-Architected Implementation
- Well-Architected Quick Start
- Migration Guide
- Deployment Guide
- Quick Start Guide
Best Practices
- Use Well-Architected Framework for Production: Use the Well-Architected Framework structure for production deployments
- Environment Separation: Use separate deployments for dev, test, and prod environments
- Resource Naming: Follow Azure naming conventions
- Tagging: Apply comprehensive tags for cost allocation and management
- Security: Use RBAC for Key Vault, enable Private Endpoints, restrict network access
- Cost Management: Set up budget alerts, use reserved instances, monitor costs
- Backup: Enable backups for Key Vault and storage accounts
- Monitoring: Set up comprehensive monitoring and alerting
Troubleshooting
Issue: Resource Group Already Exists
Solution: Use existing resource groups or rename new ones
Issue: Key Vault Network Restrictions Too Strict
Solution: Temporarily allow management IP, then refine network rules
Issue: Resources Can't Be Moved
Solution: Some resources can't be moved between resource groups. Recreate them in the new resource group.