Infraestrutura e Cloud
Propósito
Esta secção documenta a topologia Kubernetes, a gestão de segredos e os recursos de infraestrutura que suportam o Returns Manager.
Namespaces Kubernetes
| Namespace | Workloads |
|---|---|
ingress | Ingress Controller, API Gateway (YARP/Kong) |
rm-frontend | Portal Cliente, App Instore, BackOffice Web (React SPAs) |
rm-bff | BFF Web, BFF Instore, BFF External (.NET 8, HPA) |
rm-services | Returns Service, Policy Engine, BackOffice Service, Integration Service |
rm-workers | Refund, Pickup, Notify, Case Workers (KEDA) |
rm-infra | PostgreSQL HA, Redis Sentinel, RabbitMQ cluster |
Segurança
- mTLS: Istio STRICT mode em todos os namespaces
- Segredos: External Secrets Operator + Vault (multi-version key rotation)
- Autenticação: OAuth2/OIDC via Identity Manager; API Gateway valida JWT
Vaults
| Ambiente | URL |
|---|---|
| PRD | https://vault-gcp.corp.mc.pt:8200/ |
| PP | https://vault-gcp-pp.corp.mc.pt:8200/ |
| DEV | https://vault-gcp-dev.corp.mc.pt:8200/ |
ArgoCD
| Ambiente | URL |
|---|---|
| DEV | https://gitops-gke-app-d1-dev.corp.mc.pt/ |
| DEV-DB | https://gitops-gke-data-d1-dev.corp.mc.pt/ |
| PP-DB | https://gitops-gke-data-s1-pp.corp.mc.pt/applications |
Diagrama de Infraestrutura
