Details

2025-12-172025-12-17

TIM PreLoad ENV¶

Table of Contents 🥇¶

IP
MongoDB
Azure AKS Login
Networking 💻
balabit jump box 🖥
Docker Repo Login 🐳

IP Map:¶

External_DNS: [MNO] https://p.tim.com.br [SIM_SERVICE_TCP] 191.232.70.192:9506 NEW SIM 74.163.178.41
Internal_DNS: [Dashboard] https://preload.timbrasil.com.br [SIA] https://sia.timbrasil.com.br [Grafana] http://grafana.tim.com.br/

hosts file: 10.151.236.244 grafana.tim.com.br 10.151.236.244 sia.timbrasil.com.br 10.151.236.244 preload.timbrasil.com.br

DNS Forward ? 10.151.192.40

MongoDB:¶

Instances are outside of AKS
MongoDB can be accessed with Compass via vpn
SSH To instance is done via balabit jumpbox

azrlnx0621.internal.timbrasil.com.br (10.151.212.48)
azrlnx0622.internal.timbrasil.com.br (10.151.212.49)
azrlnx0623.internal.timbrasil.com.br (10.151.212.50)

¶

Microsoft Online Password Reset: https://stscorp.timbrasil.com.br/ADFS/portal/updatepassword

balabit:¶

ssh gu=T3697533@mongodb@10.151.212.48@10.168.16.84
ssh gu=T3697533@mongodb@10.151.212.49@10.168.16.84
ssh gu=T3697533@mongodb@10.151.212.50@10.168.16.84

MongoDB:

azrlnx0621 (10.151.212.48) mongodb zCv8D4-v
azrlnx0622 (10.151.212.49) mongodb SD!s4sw5
azrlnx0623 (10.151.212.50) mongodb q1p7O!Mh

T3697533 is the user identifier

Mongo collection:

use admin
db.createUser({user: "unibeam" , pwd: "unibeam", roles: [ "userAdminAnyDatabase","readWriteAnyDatabase" ]})
db.createUser({user: "unibeam" , pwd: "timub", roles: [ "dbadmin" ]})

Networking:¶

Subnets and Instances¶

Gateway da TIM (Peer): 189.40.220.23 Rede VPN TIM (Encryption Domain):

 10.115.224.0/21, 10.115.228.0/22, 10.168.16.0/24, 10.112.16.0/24, 10.151.208.0/21, 10.151.235.240/28, 10.151.200.0/21

Lado UNIBEAM: Gateway da UNIBEAM (Peer): 44.215.187.3 Rede VPN da UNIBEAM (Encryption Domain): 10.115.22.64/26 (Rede NAT para acesso através do túnel) (deverá chegar com um IP dentro deste range conforme item 3.4 do formulário)

OBS: Regras criadas com ip real favor liberar as redes na

Phase 2 => 10.115.224.0/21, 10.115.228.0/22, 10.168.16.0/24, 10.112.16.0/24, 10.151.208.0/21, 10.151.200.0/21, 10.151.235.240/28

AKS HTTPS¶

10.151.235.244/255.255.255.255 - 10.151.235.240/28
10.151.200.144/255.255.255.255 - 10.151.200.0/21
10.151.200.145/255.255.255.255

MONGO TCP¶

10.151.212.48/255.255.255.255 - 10.151.208.0/21
10.151.212.49/255.255.255.255 -
10.151.212.50/255.255.255.255 -

Balabit SSH JumpBox¶

10.168.16.84/255.255.255.255 - 10.168.16.0/24
10.168.16.87/255.255.255.255
10.112.16.84/255.255.255.255 - 10.112.0.0/16

VPN Site2Site Client2Site¶


graph LR

A[WireGuard] <-->|Mikrotik| B[IPSEC-Azure]

B <-->|S2S_VPN| C[TIM Azure Site]

az login
az aks install-cli
az account set --subscription 47b2e68e-0158-4699-bc25-a539ff6bb53f
az aks get-credentials --resource-group rg-br-itprd-prd-preloadsimcards --name aks-prd-preload
kubelogin convert-kubeconfig -l azurecli

To refresh token use:

az login

kubelogin can be fetched from

docker login -u preload-token -p nZHL/zk/qluRZYqQ7PXdS0nMdxQsvifnZfhAjQ1lzK+ACRAoQi48 acrcorpsharedtim1.azurecr.io

Images get be build and pushed via github actions

Existing Repos True to 10.Jun¶

REDIS:
####################################################################
acrcorpsharedtim1.azurecr.io/preload/redis-cluster
acrcorpsharedtim1.azurecr.io/preload/bitnami-shell:11-debian-11-r134
acrcorpsharedtim1.azurecr.io/preload/redis-exporter
####################################################################
RabbitMQ:
####################################################################
acrcorpsharedtim1.azurecr.io/preload/rabbitmq
acrcorpsharedtim1.azurecr.io/preload/bitnami-shell:11-debian-11-r130
####################################################################
Grafana-loki:
####################################################################
acrcorpsharedtim1.azurecr.io/preload/grafana-loki
acrcorpsharedtim1.azurecr.io/preload/nginx
acrcorpsharedtim1.azurecr.io/preload/promtail
acrcorpsharedtim1.azurecr.io/preload/os-shell
acrcorpsharedtim1.azurecr.io/preload/memcached
####################################################################
Kube-prometheus-stack:
####################################################################
acrcorpsharedtim1.azurecr.io/preload/alertmanager
acrcorpsharedtim1.azurecr.io/preload/kube-webhook-certgen
acrcorpsharedtim1.azurecr.io/preload/prometheus-operator
acrcorpsharedtim1.azurecr.io/preload/prometheus-config-reloader
acrcorpsharedtim1.azurecr.io/preload/thanos
acrcorpsharedtim1.azurecr.io/preload/Prometheus
####################################################################
Additions for SIA
####################################################################
acrcorpsharedtim1.azurecr.io/preload/os-shell:12-debian-12-r16
acrcorpsharedtim1.azurecr.io/preload/kafka:3.6.1-debian-12-r12
acrcorpsharedtim1.azurecr.io/preload/kafka:ui
acrcorpsharedtim1.azurecr.io/preload/promtail

Naming convention:¶

acrcorpsharedtim1/preload/

Azure NLB Annotations for TIM Preload¶

    service.beta.kubernetes.io/azure-load-balancer-internal: 'true'
    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: snet-brsouth-prd-k8s-0016
    service.beta.kubernetes.io/azure-load-balancer-ipv4: 10.151.236.244

https://sia.timbrasil.com.br - SIA API https://preload.timbrasil.com.br - Dashboard/SIA 10.151.236.244 p.tim.com.br - 45.60.63.22 - old g/w service 191.232.70.192:9506 - SIM Service

10.151.236.244 - Local IP for TIM Preload

curl -k https://preload.timbrasil.com.br -vvv -H "Host: preload.timbrasil.com.br" curl -k https://preload.timbrasil.com.br/version -H "Host: sia.timbrasil.com.br"

SIM Service: nc -zv 74.163.178.41 9506

TIM Preload API Example via HUB¶

https://pmid.timbrasil.com.br/oauth/access/v1/approve

{
    "msisdn": "5521965002920",
    "cbUrl": "https://webhook.site/cf383c85-b896-4d48-9618-b791745371da",
    "customerId": "unibeam",
    "message": "hello Steve",
    "textInputType": 1,
    "requestId": "aa1",
    "requireInput": true
}