feat: [PAYMCLOUD-583] Route table metabase + Remove zabbix (#3626)

* remove zabbix

* add route table from metabase to nexi

Author: umbcoppolabottazzi

src/db-security/02_metabase_db.tf

@@ -17,8 +17,24 @@ module "postgres_flexible_snet" {
   product_name      = var.prefix
   env               = var.env
 
+  tags = module.tag_config.tags
 }
 
+# Route Table
+module "route_table_app_service_snet" {
+  source = "./.terraform/modules/__v4__/route_table"
+  count  = length(var.route_table_routes) > 0 ? 1 : 0
+
+  name                = "${local.project}-rt"
+  resource_group_name = azurerm_resource_group.metabase_rg.name
+  location            = azurerm_resource_group.metabase_rg.location
+
+  routes = var.route_table_routes
+
+  subnet_ids = [module.app_service_snet.id]
+
+  tags = module.tag_config.tags
+}
 
 module "metabase_postgres_db" {
   source = "./.terraform/modules/__v4__/IDH/postgres_flexible_server"
@@ -54,6 +70,9 @@ module "metabase_postgres_db" {
   private_dns_record_cname = "metabase-db"
 
   additional_azure_extensions = ["citext"]
+  embedded_subnet = {
+    enabled = false
+  }
 
   tags = module.tag_config.tags
 

src/db-security/03_metabase_app.tf

@@ -11,6 +11,8 @@ module "app_service_snet" {
 
   service_endpoints = ["Microsoft.Web"]
 
+  tags = module.tag_config.tags
+
 }
 
 module "metabase_app_service" {

src/db-security/99_main.tf

@@ -31,6 +31,6 @@ data "azurerm_subscription" "current" {}
 data "azurerm_client_config" "current" {}
 
 module "__v4__" {
-  # v7.40.3
-  source = "git::https://github.com/pagopa/terraform-azurerm-v4?ref=a4b4d4eeb688973df4c4f70cb996086497d84bd4"
+  # v8.40.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v4?ref=91f7e70706ce328dc819a908d6e953f0b7b0fed3"
 }

src/db-security/99_variables.tf

@@ -172,3 +172,13 @@ variable "db_vdi_settings" {
     error_message = "db_vdi_settings.host_pool_type must be either \"Personal\" or \"Pooled\"."
   }
 }
+
+variable "route_table_routes" {
+  type = list(object({
+    name                   = string
+    address_prefix         = string
+    next_hop_type          = string
+    next_hop_in_ip_address = string
+  }))
+  default = []
+}

src/db-security/README.md

@@ -35,11 +35,12 @@ After creating the VM, login as admin user and follow these instructions:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v4__"></a> [\_\_v4\_\_](#module\_\_\_v4\_\_) | git::https://github.com/pagopa/terraform-azurerm-v4 | a4b4d4eeb688973df4c4f70cb996086497d84bd4 |
+| <a name="module___v4__"></a> [\_\_v4\_\_](#module\_\_\_v4\_\_) | git::https://github.com/pagopa/terraform-azurerm-v4 | 91f7e70706ce328dc819a908d6e953f0b7b0fed3 |
 | <a name="module_app_service_snet"></a> [app\_service\_snet](#module\_app\_service\_snet) | ./.terraform/modules/__v4__/IDH/subnet | n/a |
 | <a name="module_metabase_app_service"></a> [metabase\_app\_service](#module\_metabase\_app\_service) | ./.terraform/modules/__v4__/IDH/app_service_webapp | n/a |
 | <a name="module_metabase_postgres_db"></a> [metabase\_postgres\_db](#module\_metabase\_postgres\_db) | ./.terraform/modules/__v4__/IDH/postgres_flexible_server | n/a |
 | <a name="module_postgres_flexible_snet"></a> [postgres\_flexible\_snet](#module\_postgres\_flexible\_snet) | ./.terraform/modules/__v4__/IDH/subnet | n/a |
+| <a name="module_route_table_app_service_snet"></a> [route\_table\_app\_service\_snet](#module\_route\_table\_app\_service\_snet) | ./.terraform/modules/__v4__/route_table | n/a |
 | <a name="module_secret_core"></a> [secret\_core](#module\_secret\_core) | ./.terraform/modules/__v4__/key_vault_secrets_query | n/a |
 | <a name="module_secret_core_itn"></a> [secret\_core\_itn](#module\_secret\_core\_itn) | ./.terraform/modules/__v4__/key_vault_secrets_query | n/a |
 | <a name="module_tag_config"></a> [tag\_config](#module\_tag\_config) | ../tag_config | n/a |
@@ -98,6 +99,7 @@ After creating the VM, login as admin user and follow these instructions:
 | <a name="input_metabase_pgflex_params"></a> [metabase\_pgflex\_params](#input\_metabase\_pgflex\_params) | n/a | <pre>object({<br/>    idh_tier                               = string<br/>    db_version                             = string<br/>    storage_mb                             = string<br/>    pgres_flex_diagnostic_settings_enabled = bool<br/>    alerts_enabled                         = bool<br/>    private_dns_registration_enabled       = bool<br/>  })</pre> | n/a | yes |
 | <a name="input_metabase_plan_idh_tier"></a> [metabase\_plan\_idh\_tier](#input\_metabase\_plan\_idh\_tier) | IDH resource tier for metabase app service | `string` | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
+| <a name="input_route_table_routes"></a> [route\_table\_routes](#input\_route\_table\_routes) | n/a | <pre>list(object({<br/>    name                   = string<br/>    address_prefix         = string<br/>    next_hop_type          = string<br/>    next_hop_in_ip_address = string<br/>  }))</pre> | `[]` | no |
 
 ## Outputs
 

src/db-security/env/dev/terraform.tfvars

@@ -21,3 +21,4 @@ metabase_plan_idh_tier = "basic_high_performance"
 enabled_features = {
   db_vdi = false
 }
+

src/db-security/env/prod/terraform.tfvars

@@ -30,3 +30,10 @@ db_vdi_settings = {
   session_limit         = 1
   host_pool_type        = "Pooled"
 }
+
+route_table_routes = [{
+  name                   = "dbsecurity-subnet-to-nexi-postgres-onprem-subnet"
+  address_prefix         = "10.102.1.93/32"
+  next_hop_type          = "VirtualAppliance"
+  next_hop_in_ip_address = "10.230.10.150"
+}]