d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/terraform/README.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

5.3 KiB
Raw Permalink Blame History

Terraform Configuration for DeFi Oracle Meta Mainnet

Overview

This directory contains Terraform configurations for deploying the DeFi Oracle Meta Mainnet (ChainID 138) on Azure.

Deployment Options

1. Legacy Single Resource Group Deployment

The default configuration uses a single resource group for all resources. This is suitable for development and testing.

Configuration: terraform/main.tf

Usage:

cd terraform
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars

2. Well-Architected Framework Deployment (Recommended for Production)

The Well-Architected Framework deployment uses multiple resource groups organized by purpose and lifecycle. This is recommended for production deployments.

Configuration: terraform/well-architected/main.tf

Usage:

cd terraform/well-architected
terraform init
terraform plan -var-file=terraform.tfvars
terraform apply -var-file=terraform.tfvars

Benefits:

  • Separate resource groups by purpose (network, compute, storage, security, monitoring)
  • Better cost allocation and tracking
  • Improved security boundaries
  • Easier resource management
  • Compliance with Azure Well-Architected Framework

Modules

Core Modules

  • networking: Virtual networks, subnets, NSGs, Application Gateway
  • kubernetes: AKS cluster, node pools, Log Analytics
  • storage: Storage accounts, containers, file shares
  • secrets: Key Vault (legacy with access policies)

Well-Architected Modules

  • management-groups: Management Groups hierarchy
  • resource-groups: Resource groups organized by purpose
  • keyvault-enhanced: Enhanced Key Vault with RBAC and Private Endpoints
  • budget: Consumption budgets with alerts

Configuration Files

Legacy Deployment

  • terraform/main.tf: Main Terraform configuration
  • terraform/variables.tf: Variable definitions
  • terraform/outputs.tf: Output definitions
  • terraform/terraform.tfvars.example: Example variables

Well-Architected Deployment

  • terraform/well-architected/main.tf: Main Well-Architected configuration
  • terraform/well-architected/variables.tf: Variable definitions
  • terraform/well-architected/outputs.tf: Output definitions
  • terraform/well-architected/terraform.tfvars.example: Example variables

Variables

Common Variables

  • environment: Environment (prod, dev, test, staging)
  • location: Azure region
  • cluster_name: AKS cluster name
  • kubernetes_version: Kubernetes version
  • node_count: Number of nodes per node pool
  • vm_size: VM size for node pools
  • tags: Tags to apply to resources

Legacy Deployment Variables

  • resource_group_name: Single resource group name
  • key_vault_name: Key Vault name

Well-Architected Deployment Variables

  • use_well_architected: Enable Well-Architected Framework structure
  • network_resource_group_name: Network resource group name
  • compute_resource_group_name: Compute resource group name
  • storage_resource_group_name: Storage resource group name
  • security_resource_group_name: Security resource group name
  • key_vault_allowed_subnet_ids: Subnet IDs allowed to access Key Vault
  • key_vault_allowed_ip_ranges: IP ranges allowed to access Key Vault
  • budget_amount: Monthly budget amount
  • budget_contact_emails: Email addresses for budget notifications

Migration

To migrate from legacy to Well-Architected Framework deployment, see Migration Guide.

Documentation

Best Practices

  1. Use Well-Architected Framework for Production: Use the Well-Architected Framework structure for production deployments
  2. Environment Separation: Use separate deployments for dev, test, and prod environments
  3. Resource Naming: Follow Azure naming conventions
  4. Tagging: Apply comprehensive tags for cost allocation and management
  5. Security: Use RBAC for Key Vault, enable Private Endpoints, restrict network access
  6. Cost Management: Set up budget alerts, use reserved instances, monitor costs
  7. Backup: Enable backups for Key Vault and storage accounts
  8. Monitoring: Set up comprehensive monitoring and alerting

Troubleshooting

Issue: Resource Group Already Exists

Solution: Use existing resource groups or rename new ones

Issue: Key Vault Network Restrictions Too Strict

Solution: Temporarily allow management IP, then refine network rules

Issue: Resources Can't Be Moved

Solution: Some resources can't be moved between resource groups. Recreate them in the new resource group.

References

Reference in New Issue View Git Blame Copy Permalink