diff --git a/applications/argocd/staging/applications/alert-hub-backend.yaml b/applications/argocd/staging/applications/alert-hub-backend.yaml index 09d04de6..ffd6fc03 100644 --- a/applications/argocd/staging/applications/alert-hub-backend.yaml +++ b/applications/argocd/staging/applications/alert-hub-backend.yaml @@ -10,7 +10,7 @@ spec: source: repoURL: ghcr.io/ifrcgo chart: ifrcgo-alert-hub-helm - targetRevision: 0.1.1-develop.cfa7aea0 + targetRevision: 0.1.1-develop.c8fb21af helm: valueFiles: - values-go-deploy.yaml diff --git a/applications/go-api/azure-pipelines.yaml b/applications/go-api/azure-pipelines.yaml index 0e94e8b8..d4958cd2 100644 --- a/applications/go-api/azure-pipelines.yaml +++ b/applications/go-api/azure-pipelines.yaml @@ -32,7 +32,7 @@ jobs: displayName: "Deploy staging instance of go-api" env: ENVIRONMENT: staging - VERSION: "0.0.2-develop.cafeccde" + VERSION: "0.0.2-develop.cbf85d80" # For Azure CLI AZURE_TENANT_ID: $(TERRAFORM_TENANT_ID) AZURE_CLIENT_ID: $(TERRAFORM_SERVICE_PRINCIPAL_ID) @@ -120,7 +120,7 @@ jobs: displayName: "Deploy production instance of go-api" env: ENVIRONMENT: production - VERSION: "0.0.2-master.c2b61ff3" + VERSION: "0.0.2-master.c6ea97c4" # For Azure CLI AZURE_TENANT_ID: $(TERRAFORM_TENANT_ID) AZURE_CLIENT_ID: $(TERRAFORM_SERVICE_PRINCIPAL_ID) diff --git a/base-infrastructure/terraform/resources/helm-ingress-nginx.tf b/base-infrastructure/terraform/resources/helm-ingress-nginx.tf index 11545d51..18b666a9 100644 --- a/base-infrastructure/terraform/resources/helm-ingress-nginx.tf +++ b/base-infrastructure/terraform/resources/helm-ingress-nginx.tf @@ -29,5 +29,25 @@ resource "helm_release" "ifrcgo-ingress-nginx" { value = azurerm_public_ip.ifrcgo.ip_address } + # IP logging (preserve client IPs for ingress logs) + set { + name = "controller.config.use-forwarded-headers" + value = "true" + } + + set { + name = "controller.config.compute-full-forwarded-for" + value = "true" + } + + set { + name = "controller.config.real-ip-header" + value = "X-Forwarded-For" + } + + set { + name = "controller.config.set-real-ip-from" + value = local.aks_subnet_cidr + } } diff --git a/base-infrastructure/terraform/resources/variables.tf b/base-infrastructure/terraform/resources/variables.tf index 4abd7fcd..f089e252 100644 --- a/base-infrastructure/terraform/resources/variables.tf +++ b/base-infrastructure/terraform/resources/variables.tf @@ -85,8 +85,9 @@ variable "ifrcgo_prod_resources_db_server" { # Local variables locals { - location = lower(replace(var.REGION, " ", "")) - prefix = var.environment == "staging" ? "ifrctgo" : "ifrcpgo" + location = lower(replace(var.REGION, " ", "")) + prefix = var.environment == "staging" ? "ifrctgo" : "ifrcpgo" + aks_subnet_cidr = "10.1.0.0/16" # stack_id = "ifrcgo" # prefixnodashes = "${local.stack_id}${var.environment}" storage = local.prefix diff --git a/base-infrastructure/terraform/resources/vnet.tf b/base-infrastructure/terraform/resources/vnet.tf index 9515f3ac..4ded8be1 100644 --- a/base-infrastructure/terraform/resources/vnet.tf +++ b/base-infrastructure/terraform/resources/vnet.tf @@ -10,7 +10,7 @@ resource "azurerm_subnet" "aks" { name = "${local.prefix}-aks-subnet" virtual_network_name = azurerm_virtual_network.ifrcgo-cluster.name resource_group_name = data.azurerm_resource_group.ifrcgo.name - address_prefixes = ["10.1.0.0/16"] + address_prefixes = [local.aks_subnet_cidr] } # subnet for postgres that's delegated