egommerce/api-registry
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Piotr Biernat 2024-12-05 16:55:03 +01:00
parent 741e1f22e4
commit 0accb265d7
29 changed files with 890 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.app.config Normal file
View File

@ -0,0 +1,16 @@
{
"ID": "gateway-__IP__",
"Name": "gateway",
"Address": "__IP__",
"Tags": ["api-gateway", "gateway", "https", "infra"],
"Port": 8443,
"Connect": {
"Native": true
},
"Check": {
"TCP": "__IP__:8443",
"Interval": "5s",
"Timeout": "1s",
"DeregisterCriticalServiceAfter": "10s"
}
}

34
Dockerfile
View File

@ -1,13 +1,37 @@
FROM hashicorp/consul:1.15
FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
FROM ubuntu:latest AS base
FROM hashicorp/consul:1.19.2-ubi
USER root
LABEL dev.egommerce.image.author="Piotr Biernat"
LABEL dev.egommerce.image.vendor="Egommerce"
LABEL dev.egommerce.image.service="api-registry"
LABEL dev.egommerce.image.version="1.0"
COPY ./api-registry/etc /consul/config
ENV CGO_ENABLED=0
EXPOSE 8500 8600 8600/udp
# USER consul
COPY ./api-registry/etc/consul /consul/config
# COPY ./api-registry/etc/addons/* /consul/config
COPY ./api-registry/etc/consul-template /consul/template
COPY ./api-registry/opt /opt/consul
COPY ./api-registry/entrypoint.sh /
ENTRYPOINT ["consul", "agent", "-config-dir=/consul/config"]
# Fix for running Go apps in container @https://stackoverflow.com/a/35613430
#RUN rm /lib64/ld-linux-x86-64.so.2 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
# RUN apt update && \
# apt install -y curl
# RUN microdnf --enablerepo=rhel-7-server-rpms \
# install curl --nodocs
COPY --from=base /usr/bin/hostname /usr/bin/hostname
# COPY --from=base /usr/bin/ps /usr/bin/ps
COPY --from=envoy /usr/local/bin/envoy /bin/envoy
# COPY ./.app.config /
COPY ./api-registry/spawn-process.sh /
EXPOSE 53 53/udp 8443 8501
ENTRYPOINT ["/entrypoint.sh"]
CMD ["consul", "agent", "-config-dir=/consul/config"]

24
api-registry/entrypoint.sh
View File

@ -2,16 +2,16 @@
set -e
apk add zip
# apk add zip
update-ca-trust
# exec register-service
update-ca-certificates
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
# Install consul-template
cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
unzip consul-template_0.19.5_linux_amd64.zip && \
rm consul-template_0.19.5_linux_amd64.zip && cd -
# cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
# unzip consul-template_0.19.5_linux_amd64.zip && \
# rm consul-template_0.19.5_linux_amd64.zip && cd -
# Install glibc
# apk add gcompat
@ -21,4 +21,14 @@ rm consul-template_0.19.5_linux_amd64.zip && cd -
# func-e use $ENVOY_VERSION_STRING
# cp ~/.func-e/versions/$ENVOY_VERSION_STRING/bin/envoy /usr/local/bin/
exec "$@"
if [ $APP_NAME == "api-gateway" ]
then
# register-service
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -client-cert /etc/certs/catalog.crt -client-key /etc/certs/catalog.key -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
fi
exec "$@"

21
api-registry/etc/addons/api-gateway.hcl Normal file
View File

@ -0,0 +1,21 @@
config_entries {
bootstrap = [
{
Kind = "api-gateway"
Name = "gw"
Listeners = [
{
Name = "gw"
Port = 443
Protocol = "http"
#Services = [
# {
# Name = "catalog"
# }
#]
}
]
}
]
}

13
api-registry/etc/addons/pricing-intentions.hcl Normal file
View File

@ -0,0 +1,13 @@
#Kind = "service-intentions"
#Name = "pricing"
#Sources = [
#{
# Name = "basket"
# Action = "deny"
#}
#{
# Name = "api"
# Action = "allow"
#}
#]

6
api-registry/etc/addons/proxy-defaults.hcl Normal file
View File

@ -0,0 +1,6 @@
Kind = "proxy-defaults"
Name = "global"
Config {
Protocol = "http"
}

87
api-registry/etc/addons/routes.hcl Normal file
View File

@ -0,0 +1,87 @@
config_entries {
bootstrap = [
{
Kind = "http-route"
Name = "catalog-routes"
Meta = {
"name" = "catalog-routes"
}
#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
Parents = [
{
Kind = "api-gateway"
Name = "gw"
#SectionName = "<optional name of a specific listener on the api-gateway to bind to>"
}
]
Rules = [
{
Filters = {
URLRewrite = {
Path = "/catalog"
}
#JWT = {
# Providers = [
# Name = "<name of the provider>"
# VerifyClaim = {
# Path = ["<path to claim>"]
# Value = "<value of claim>"
# }
# ]
#}
}
#Matches = [
#{
# Headers = [
# {
# Match = "<type of match: exact, prefix or regex>"
# Name = "<name of header to match on>"
# Value = "<value of header to match on>"
# }
# ]
# Method = "<method type to match on>"
# Path = {
# Match = "<type of match: exact, prefix or regex>"
# Value = "<value to match on>"
# }
# Query = [
# {
# Match = "<type of match: exact, present or regex>"
# Name = "<name of query parameter to match on>"
# Value = "<value of query parameter to match on>"
# }
# ]
#}
#]
Services = [
{
Name = "catalog"
Weight = 90
Filters = {
# Headers = [
# {
# Add = {
# "<name of header to add>" = "<value of header to add>"
# }
# Remove = [
# "<name of header to remove from request>"
# ]
# Set = {
# "<name of header to set>" = "<value of header to set>"
# }
# }
# ]
URLRewrite = {
Path = "/"
}
}
}
]
}
]
}
]
}

20
api-registry/etc/addons/service-catalog.hcl Normal file
View File

@ -0,0 +1,20 @@
services = [
{
name = "catalog"
port = 443
}
checks = {
Interval = "10s"
Name = "Connect Sidecar Listening"
TCP = "127.0.0.1:20000"
}
kind = "connect-proxy"
name = "web-sidecar-proxy"
port = 20000
proxy = {
destination_service_id = "catalog"
destination_service_name = "catalog"
local_service_address = "127.0.0.1"
local_service_port = 443
}
]

4
api-registry/etc/addons/service-defaults.hcl Normal file
View File

@ -0,0 +1,4 @@
Kind = "service-defaults"
Name = "service-globals"
Protocol = "http"

88
api-registry/etc/addons/service-router.hcl Normal file
View File

@ -0,0 +1,88 @@
Kind = "service-router"
Name = "service-router"
Routes = [
{
Match {
HTTP {
PathPrefix = "/identity"
}
},
Destination {
Service = "identity"
}
},
{
Match {
HTTP {
PathPrefix = "/basket"
}
},
Destination {
Service = "basket"
}
},
{
Match {
HTTP {
PathPrefix = "/catalog"
}
},
Destination {
Service = "catalog"
}
},
{
Match {
HTTP {
PathPrefix = "/order"
}
},
Destination {
Service = "order"
}
},
{
Match {
HTTP {
PathPrefix = "/pricing"
}
},
Destination {
Service = "pricing"
}
},
{
Match {
HTTP {
PathPrefix = "/service"
}
#HTTP {
# Methods = ["GET", "POST", "PUT"]
#},
},
Destination {
Service = "service"
#ServiceSubset = "<service-subset-at-destination>"
#Namespace = "<namespace-at-destination>"
#Partition = "<partition-at-destination>"
#PrefixRewrite = "<new-prefix-after-routing>" ## required specifying either Routes.Match.HTTP.PathPrefix or Routes.Match.HTTP.PathExact
#RequestTimeout = 0
#IdleTimeout = 0
#NumRetries = 1
#RetryOnConnectFailure = false
#RetryOn = ["reset", "unavailable"]
#RetryOnStatusCodes = [500, 502, 503]
#RequestHeaders = {
#Set = {
# "X-Web-Version" : "<text-string>"
#}
#}
}
#ResponseHeaders = {
#Set = {
# "X-Web-Version" : "<text-string>"
#}
#}
}
]

18
api-registry/etc/consul/defaults.hcl Normal file
View File

@ -0,0 +1,18 @@
config_entries {
bootstrap = [
{
Kind = "proxy-defaults"
Name = "defaults"
Config {
Protocol = "http"
}
},
{
Kind = "service-defaults"
Name = "defaults"
Protocol = "http"
}
]
}

70
api-registry/etc/consul/gateway.hcl Normal file
View File

@ -0,0 +1,70 @@
# Datacenter configuration
datacenter = "dc"
domain = "ego.io"
data_dir = "/consul/data"
log_level = "DEBUG"
enable_local_script_checks = true
server = false
ui_config {
enabled = true
content_path = "/registry"
}
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
client_addr = "0.0.0.0"
ports {
dns = -1
https = 8501
http = -1
grpc_tls = 8503
}
dns_config {
service_ttl {
"*" = "20s"
}
node_ttl = "0s"
}
# Connect settings
connect {
enabled = true
}
# TLS Encryption configuration
tls {
defaults {
ca_file = "/usr/share/pki/ca-trust-source/anchors/internalCA.crt"
cert_file = "/etc/certs/gateway.crt"
key_file = "/etc/certs/gateway.key"
#verify_server_hostname = true
#verify_incoming = true
#verify_outgoing = true
verify_incoming = false
verify_outgoing = false
}
}
#auto_encrypt {
# allow_tls = true
#}
# ACL configuration
# After startup, bootstrap the ACL system with `consul acl bootstrap` command
acl = {
enabled = true
default_policy = "deny"
enable_token_persistence = true
tokens {
default = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
initial_management = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
}
}
# Gossip Encryption
encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="

19
api-registry/etc/consul/server-ca.json Normal file
View File

@ -0,0 +1,19 @@
{
"Provider": "consul",
"Config": {
"LeafCertTTL": "72h",
"PrivateKey": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHQTuRb+EPGlTX\naRNf8cFrjz5hZiXkHX4OxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjC\nUAU7erx4XM/q6bLAOQ3w85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJq\nQWYNH2UP6dJa5c5YUxXWh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtp\nvBO0PAZrG9QFbB3nL/V3gZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv\n+6A7CpjMYav0/7+Kje6ys1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWt\nTTdGrTcXhqS0gJRihRlp7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQa\nnutqUWucgl/8QTZA4krAfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zE\nIt6KCwDlDGJfqKTKqSDX1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNptt\nkvFPXuM6mvhv+r1umylgbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuB\nt6Kjn4pb0xQ1e9EowQhZ4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiylju\nd+VIZ86B3U3Ch0JUPvITK7Q2buE9qwIDAQABAoICAFwSFX9nrhw3c5qx8AT2hgS4\nhP+mnr2grx4ONiVFcir069cjjezCVnf4XXhJ0skNXH7xrXH8QycijKelKDXKygno\nAR8wa6uM8Zc0SUf4JQl7oMFrDA8ZJdxkP9ZFYANhjS9PWjYtEAtT/2F/5LMNnbpT\ntiLQa5++jKm701OdtjaVs5TO1lRmDgsE5Z675e1c3iR8tPEkb72qAi5ifMxcrC6U\nBk2XHt4z9/4HvVkPYUXhg+/wErWApoPvzTm7pZnqQNOVqv/ULNkn8bY1lF2T0PUn\n8Lhd8NkKKpEidV9VmqKk01rtJKOnqCzPKsL2s5FJQfEOT5oTViwPUq7IrlEXOwvw\nJzsvd7fDP+OFAlbPUuecJ/F5kmIaroTUSqx/WWCy3hDoD+jgAGKtenlGyk8mJLY3\nS75dhH11ArMwnmkQA7vkp4K688yYaXu5LZU4AydRjM3p3bOTJSjSgNbenAYgJlRG\nCsVwL/u9mFA3DcEgrHup7T6F78eb5uUdr4UdlLFRQnxO5N6wizlplrC0b6kfF5xt\nLtOQDI5/P4oSW29UxJCnb3xnsu/ult/7x/DkmRrtyB6D3t31g12ZAJlsn58A0JLG\n+tBA2m7sOSFL5PYeJQq04d/jFs8e64k3mcyopbJtbAP8SkLFcBe3mbl455B9i9US\nwa5BFKTSuyxJUcm6d6BJAoIBAQDlujfzADHmrUCW6BgLyYK1dXFesATdDJ4GuUfQ\nSc5bMMLNRBTTKetgepbTiYLX0la9thwB90QsOqTiRrEudo1hNX3bpluglpUkA7IO\nUlEveufJqf9FWvsz6WxT6Qjx+J1q9Y+TaVD33J05WJPHC3FQVhgxkOk0KVX2cvmV\naSM+2a529UXrnO15/nNiqLGegjmm0yj9HmmfmLmbpuM7Cdomss8BEU7r/xg3k+xw\nyiFAOQRY5i21E7m3gWlYIayeaQd5Zw4i2ikxA0EjWtyfeaIHfPEFiIdESDDvYgqM\nnZXN2ZedmnWR+UWZ4Nk/YOBO8ljs+J3c4LRcNnN0HMpBrYaVAoIBAQDeCtxk14Mo\n8ilHsU7stRxgYjDvQDyJEPF13X9yp/3v31EXu4+CtUC7XzzkWXFS5j1KCUK6qUQQ\nTbuZLzzOzsStz9ku0IvD7M/2rDibbfj9jpkMFsH7pSk8EL42Hnj9RFSctSM9wVjU\nFh3AGeRsh05osfaP2eIGpPaHN0V7DBZj+yx+orjSGlevDYJMe1MXa1i2TjQJ7+HC\nGw8+4faqEg+pJp1vBdY2aUTzFotorn5MkA4ddDG3c2Aau3+j5JXI0w1/AJ9ZWQ/S\nXPv23a4anbY44amwgjaaJPTaW5K1UsH/2U5PYdFf8M4FFN74AfBm3fJkKm1Z/RQR\nkNk9Whu4u+M/AoIBAQCglOoVJ7a6C7NRiU19t89xbnXf/WR47B/ujUdAtsbTgaM5\n/vQbo3rQBwE1PzNCD9roY8ryKNjznc6yCT5DP0WWhODEUGZOO9Rmx1qInkv3x48M\nrZMt9OoRoIJDqWrCUcogASTqozyg9grFEkDCayI7SONCiowpFRfs3PPP2B12Co3k\nw5CroRdzJkWb2lXGejs4fPRy8vZcRFLCFgdStpFSab0/fszPNJLGDtXBBdn2XaTH\nS6b5o583QfPUUj2qwboix8He5ObURvUadKIxq8FyQIjuGECNn3TtcHf1URZtPUO5\nPEYg0sEvTjguEFbbeJZml2cqBbytlLZhnNpYzKZ9AoIBAAzfBk2WLJU4DGqKfa+9\nA+sWZg3IZHnxkH2rnFKyKEc6Y8IDbls+VIVIDQiTor0SeaUMCmE1pKtpRiGoGldG\npyIINWfAUQnHdXqwGwvvgQp5tKd9vjrvJQfFVLFgbNUJm/oFighvZ83Lhmf3WEVu\nRn5NKqTGFZMbButpqc5rMfUTv02L8zjCrCiKmO4EDBoEb/0JZXzZ+fU9ilGz2Y+c\nQmokweWIqhU3XvbUbLphuxKHGzpb3PHsbzq9ebWvb3tXuKWPDK2qOv+Pwk9aJFiI\noeKEOkjwE2g2EjeCLWvzYymImECDxBZSqC6lOhOYUS41WXKy/unDgOFPyzgCPC8m\nPRMCggEAYpVEGldItHA/UNq0/z5a4uqu70LB24lIdbwCOykqtwH2op0ZFZ80ZVv4\noBLlDlXzcuKPCXw4UfyGfx7P8ePw85+b7VC9Usp6vBRWTkat3r3XiLZ5b5+W/XPs\nj3oD7FhYxnmb0luQz//5XR/5yb3Tw7h6IZ7mGdVmi/JgkhWHyG/fxlYlAMPOInPe\nSf0POl+s6IRm4kp/FHw0c4ha5Il7iDA3sISDqXkmh3V2BWX2u3tgmaVU+h1CH6Ra\nGqjSz2Fw9FCzWQdItx8Avov0mFaGezslsF0cLZy38mxePimgA1QW2IRMU6TLVVij\nW8GDkpznvE6iIwlcMxTJvwk7JkkSAQ==\n-----END PRIVATE KEY-----\n",
"RootCert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIUWcgQmuod9ZoO/PdOvL485tiTV10wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCUEwxDjAMBgNVBAgMBVNsYXNrMRAwDgYDVQQHDAdHbGl3\naWNlMRgwFgYDVQQKDA9FZ29tbWVyY2UuaW8gQ0ExFTATBgNVBAMMDGVnb21tZXJj\nZS5pbzAeFw0yNDA3MjAxMjUzNDVaFw0zNDA3MTgxMjUzNDVaMGAxCzAJBgNVBAYT\nAlBMMQ4wDAYDVQQIDAVTbGFzazEQMA4GA1UEBwwHR2xpd2ljZTEYMBYGA1UECgwP\nRWdvbW1lcmNlLmlvIENBMRUwEwYDVQQDDAxlZ29tbWVyY2UuaW8wggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHQTuRb+EPGlTXaRNf8cFrjz5hZiXkHX4O\nxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjCUAU7erx4XM/q6bLAOQ3w\n85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJqQWYNH2UP6dJa5c5YUxXW\nh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtpvBO0PAZrG9QFbB3nL/V3\ngZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv+6A7CpjMYav0/7+Kje6y\ns1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWtTTdGrTcXhqS0gJRihRlp\n7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQanutqUWucgl/8QTZA4krA\nfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zEIt6KCwDlDGJfqKTKqSDX\n1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNpttkvFPXuM6mvhv+r1umylg\nbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuBt6Kjn4pb0xQ1e9EowQhZ\n4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiyljud+VIZ86B3U3Ch0JUPvIT\nK7Q2buE9qwIDAQABo1MwUTAdBgNVHQ4EFgQUCfODB1LPdNYVDc61nNZ9HrpFOAsw\nHwYDVR0jBBgwFoAUCfODB1LPdNYVDc61nNZ9HrpFOAswDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAtbv6F7EKV4SShPV54A62vY+t5W7USK1mRSuE\n+R/eO6LsNTkw7Xz4EyNb1KtZRlXjI0+B1vPc2t8qJIe6Kkx5+YPDM47HfipHZvsZ\nD3IWEHNiVo/xvEQnfFKu4kHMoi6glw/2/FeOYcklhzf2HGBqP8ZJZX9852vvD6ai\n7Q79DvvQAF95c6HVAbK+9hZ2KZbrUA/G8hFH8oC9/Au1bUEL9DMFj7IieKO10PNW\n8ZEaVWpg+cx3B913hfnmjRrchioGpsS9au3cZjKLbKa+zedOd2pK1TiVUAVgHUcr\nc893OpUg7nEONHrjzlroMmNHDaqA//Kg2lKMc2xHU06pEIIcCGGD4fAV2nXwn/9g\nl4XK5iBaQt5HIDNl7o+5AbxFQBptv91yLEzxtF3l51CUyh7/yOeJAoL9aKxlWAFh\nTO315Ouy2syTSBAs1Mj3U7KsvrWkRk5QJ3RaSEWf/l1LOgnthd4j6FEOVlB+Qe0U\nlvEIkHMftRKyp54hKABchJGjjsQmxY2Qyegw75mYdqaN0V1mz0dzAW8Bg/6U+i/L\n9bdsTC6WHiFV2InAogpXQRaDBvZXhGDujKR49+oBkLId/jmOpIU/crvdD767W7Fx\nqXz/PGpXoKtPK4tNVhjoBfYhKXTFI47AoplrqhkqbC/gfEEi0ny0DsTOx6r+aTRf\nFFw/JXM=\n-----END CERTIFICATE-----\n",
"IntermediateCertTTL": "8760h"
}
}
{
"Provider": "vault",
"Config": {
"Address": "https://api-vault:8200",
"Token": "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE",
"RootPKIPath": "pki/",
"IntermediatePKIPath": "pki_int/"
}
}

327
api-registry/etc/consul/server.hcl
View File

@ -1,7 +1,6 @@
# Datacenter configuration
datacenter = "ego"
datacenter = "dc"
domain = "ego.io"
node_name = "registry"
data_dir = "/consul/data"
log_level = "DEBUG"
@ -11,62 +10,65 @@ enable_local_script_checks = true
server = true
bootstrap = true
bootstrap_expect = 1
acl_master_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
acl_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
ui_config {
enabled = true
content_path = "/registry"
dashboard_url_templates {
service = "https://grafana.example.com/d/lDlaj-NGz/service-overview?orgId=1&var-service={{Service.Name}}&var-namespace={{Service.Namespace}}&var-partition={{Service.Partition}}&var-dc={{Datacenter}}"
}
}
bind_addr = "127.0.0.1"
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
client_addr = "0.0.0.0"
ports {
dns = 53
server = 8300
https = 8501
grpc_tls = 8503
dns = 53
#server = 8300
http = -1
https = 8501
grpc_tls = 8503
}
dns_config {
service_ttl {
"*" = "10s"
"*" = "20s"
}
node_ttl = "0s"
}
#enable_central_service_config = true
# Connect settings
#connect {
#enabled = true
#ca_provider = "vault"
connect {
enabled = true
#ca_provider = "consul"
#ca_config {
# address = "https://api-vault:8200"
# token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
# root_pki_path = "pki/"
# intermediate_pki_path = "pki_int/"
# ca_file = "/usr/local/share/ca-certificates/internalCA.crt"
# leaf_cert_ttl = "72h"
# private_key = "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHQTuRb+EPGlTX\naRNf8cFrjz5hZiXkHX4OxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjC\nUAU7erx4XM/q6bLAOQ3w85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJq\nQWYNH2UP6dJa5c5YUxXWh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtp\nvBO0PAZrG9QFbB3nL/V3gZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv\n+6A7CpjMYav0/7+Kje6ys1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWt\nTTdGrTcXhqS0gJRihRlp7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQa\nnutqUWucgl/8QTZA4krAfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zE\nIt6KCwDlDGJfqKTKqSDX1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNptt\nkvFPXuM6mvhv+r1umylgbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuB\nt6Kjn4pb0xQ1e9EowQhZ4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiylju\nd+VIZ86B3U3Ch0JUPvITK7Q2buE9qwIDAQABAoICAFwSFX9nrhw3c5qx8AT2hgS4\nhP+mnr2grx4ONiVFcir069cjjezCVnf4XXhJ0skNXH7xrXH8QycijKelKDXKygno\nAR8wa6uM8Zc0SUf4JQl7oMFrDA8ZJdxkP9ZFYANhjS9PWjYtEAtT/2F/5LMNnbpT\ntiLQa5++jKm701OdtjaVs5TO1lRmDgsE5Z675e1c3iR8tPEkb72qAi5ifMxcrC6U\nBk2XHt4z9/4HvVkPYUXhg+/wErWApoPvzTm7pZnqQNOVqv/ULNkn8bY1lF2T0PUn\n8Lhd8NkKKpEidV9VmqKk01rtJKOnqCzPKsL2s5FJQfEOT5oTViwPUq7IrlEXOwvw\nJzsvd7fDP+OFAlbPUuecJ/F5kmIaroTUSqx/WWCy3hDoD+jgAGKtenlGyk8mJLY3\nS75dhH11ArMwnmkQA7vkp4K688yYaXu5LZU4AydRjM3p3bOTJSjSgNbenAYgJlRG\nCsVwL/u9mFA3DcEgrHup7T6F78eb5uUdr4UdlLFRQnxO5N6wizlplrC0b6kfF5xt\nLtOQDI5/P4oSW29UxJCnb3xnsu/ult/7x/DkmRrtyB6D3t31g12ZAJlsn58A0JLG\n+tBA2m7sOSFL5PYeJQq04d/jFs8e64k3mcyopbJtbAP8SkLFcBe3mbl455B9i9US\nwa5BFKTSuyxJUcm6d6BJAoIBAQDlujfzADHmrUCW6BgLyYK1dXFesATdDJ4GuUfQ\nSc5bMMLNRBTTKetgepbTiYLX0la9thwB90QsOqTiRrEudo1hNX3bpluglpUkA7IO\nUlEveufJqf9FWvsz6WxT6Qjx+J1q9Y+TaVD33J05WJPHC3FQVhgxkOk0KVX2cvmV\naSM+2a529UXrnO15/nNiqLGegjmm0yj9HmmfmLmbpuM7Cdomss8BEU7r/xg3k+xw\nyiFAOQRY5i21E7m3gWlYIayeaQd5Zw4i2ikxA0EjWtyfeaIHfPEFiIdESDDvYgqM\nnZXN2ZedmnWR+UWZ4Nk/YOBO8ljs+J3c4LRcNnN0HMpBrYaVAoIBAQDeCtxk14Mo\n8ilHsU7stRxgYjDvQDyJEPF13X9yp/3v31EXu4+CtUC7XzzkWXFS5j1KCUK6qUQQ\nTbuZLzzOzsStz9ku0IvD7M/2rDibbfj9jpkMFsH7pSk8EL42Hnj9RFSctSM9wVjU\nFh3AGeRsh05osfaP2eIGpPaHN0V7DBZj+yx+orjSGlevDYJMe1MXa1i2TjQJ7+HC\nGw8+4faqEg+pJp1vBdY2aUTzFotorn5MkA4ddDG3c2Aau3+j5JXI0w1/AJ9ZWQ/S\nXPv23a4anbY44amwgjaaJPTaW5K1UsH/2U5PYdFf8M4FFN74AfBm3fJkKm1Z/RQR\nkNk9Whu4u+M/AoIBAQCglOoVJ7a6C7NRiU19t89xbnXf/WR47B/ujUdAtsbTgaM5\n/vQbo3rQBwE1PzNCD9roY8ryKNjznc6yCT5DP0WWhODEUGZOO9Rmx1qInkv3x48M\nrZMt9OoRoIJDqWrCUcogASTqozyg9grFEkDCayI7SONCiowpFRfs3PPP2B12Co3k\nw5CroRdzJkWb2lXGejs4fPRy8vZcRFLCFgdStpFSab0/fszPNJLGDtXBBdn2XaTH\nS6b5o583QfPUUj2qwboix8He5ObURvUadKIxq8FyQIjuGECNn3TtcHf1URZtPUO5\nPEYg0sEvTjguEFbbeJZml2cqBbytlLZhnNpYzKZ9AoIBAAzfBk2WLJU4DGqKfa+9\nA+sWZg3IZHnxkH2rnFKyKEc6Y8IDbls+VIVIDQiTor0SeaUMCmE1pKtpRiGoGldG\npyIINWfAUQnHdXqwGwvvgQp5tKd9vjrvJQfFVLFgbNUJm/oFighvZ83Lhmf3WEVu\nRn5NKqTGFZMbButpqc5rMfUTv02L8zjCrCiKmO4EDBoEb/0JZXzZ+fU9ilGz2Y+c\nQmokweWIqhU3XvbUbLphuxKHGzpb3PHsbzq9ebWvb3tXuKWPDK2qOv+Pwk9aJFiI\noeKEOkjwE2g2EjeCLWvzYymImECDxBZSqC6lOhOYUS41WXKy/unDgOFPyzgCPC8m\nPRMCggEAYpVEGldItHA/UNq0/z5a4uqu70LB24lIdbwCOykqtwH2op0ZFZ80ZVv4\noBLlDlXzcuKPCXw4UfyGfx7P8ePw85+b7VC9Usp6vBRWTkat3r3XiLZ5b5+W/XPs\nj3oD7FhYxnmb0luQz//5XR/5yb3Tw7h6IZ7mGdVmi/JgkhWHyG/fxlYlAMPOInPe\nSf0POl+s6IRm4kp/FHw0c4ha5Il7iDA3sISDqXkmh3V2BWX2u3tgmaVU+h1CH6Ra\nGqjSz2Fw9FCzWQdItx8Avov0mFaGezslsF0cLZy38mxePimgA1QW2IRMU6TLVVij\nW8GDkpznvE6iIwlcMxTJvwk7JkkSAQ==\n-----END PRIVATE KEY-----\n"
# root_cert = "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIUWcgQmuod9ZoO/PdOvL485tiTV10wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCUEwxDjAMBgNVBAgMBVNsYXNrMRAwDgYDVQQHDAdHbGl3\naWNlMRgwFgYDVQQKDA9FZ29tbWVyY2UuaW8gQ0ExFTATBgNVBAMMDGVnb21tZXJj\nZS5pbzAeFw0yNDA3MjAxMjUzNDVaFw0zNDA3MTgxMjUzNDVaMGAxCzAJBgNVBAYT\nAlBMMQ4wDAYDVQQIDAVTbGFzazEQMA4GA1UEBwwHR2xpd2ljZTEYMBYGA1UECgwP\nRWdvbW1lcmNlLmlvIENBMRUwEwYDVQQDDAxlZ29tbWVyY2UuaW8wggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHQTuRb+EPGlTXaRNf8cFrjz5hZiXkHX4O\nxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjCUAU7erx4XM/q6bLAOQ3w\n85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJqQWYNH2UP6dJa5c5YUxXW\nh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtpvBO0PAZrG9QFbB3nL/V3\ngZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv+6A7CpjMYav0/7+Kje6y\ns1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWtTTdGrTcXhqS0gJRihRlp\n7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQanutqUWucgl/8QTZA4krA\nfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zEIt6KCwDlDGJfqKTKqSDX\n1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNpttkvFPXuM6mvhv+r1umylg\nbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuBt6Kjn4pb0xQ1e9EowQhZ\n4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiyljud+VIZ86B3U3Ch0JUPvIT\nK7Q2buE9qwIDAQABo1MwUTAdBgNVHQ4EFgQUCfODB1LPdNYVDc61nNZ9HrpFOAsw\nHwYDVR0jBBgwFoAUCfODB1LPdNYVDc61nNZ9HrpFOAswDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAtbv6F7EKV4SShPV54A62vY+t5W7USK1mRSuE\n+R/eO6LsNTkw7Xz4EyNb1KtZRlXjI0+B1vPc2t8qJIe6Kkx5+YPDM47HfipHZvsZ\nD3IWEHNiVo/xvEQnfFKu4kHMoi6glw/2/FeOYcklhzf2HGBqP8ZJZX9852vvD6ai\n7Q79DvvQAF95c6HVAbK+9hZ2KZbrUA/G8hFH8oC9/Au1bUEL9DMFj7IieKO10PNW\n8ZEaVWpg+cx3B913hfnmjRrchioGpsS9au3cZjKLbKa+zedOd2pK1TiVUAVgHUcr\nc893OpUg7nEONHrjzlroMmNHDaqA//Kg2lKMc2xHU06pEIIcCGGD4fAV2nXwn/9g\nl4XK5iBaQt5HIDNl7o+5AbxFQBptv91yLEzxtF3l51CUyh7/yOeJAoL9aKxlWAFh\nTO315Ouy2syTSBAs1Mj3U7KsvrWkRk5QJ3RaSEWf/l1LOgnthd4j6FEOVlB+Qe0U\nlvEIkHMftRKyp54hKABchJGjjsQmxY2Qyegw75mYdqaN0V1mz0dzAW8Bg/6U+i/L\n9bdsTC6WHiFV2InAogpXQRaDBvZXhGDujKR49+oBkLId/jmOpIU/crvdD767W7Fx\nqXz/PGpXoKtPK4tNVhjoBfYhKXTFI47AoplrqhkqbC/gfEEi0ny0DsTOx6r+aTRf\nFFw/JXM=\n-----END CERTIFICATE-----\n"
#}
#}
ca_provider = "vault"
ca_config {
address = "https://api-vault:8200"
token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
root_pki_path = "pki/"
intermediate_pki_path = "pki_int/"
}
}
# TLS Encryption configuration
tls {
defaults {
ca_file = "/usr/local/share/ca-certificates/internalCA.crt"
ca_file = "/usr/share/pki/ca-trust-source/anchors/internalCA.crt"
cert_file = "/etc/certs/registry.crt"
key_file = "/etc/certs/registry.key"
verify_incoming = false
verify_outgoing = false
#verify_incoming = true
#verify_outgoing = true
}
internal_rpc {
verify_server_hostname = false
verify_incoming = false
#verify_server_hostname = true
#verify_incoming = true
#verify_outgoing = true
verify_server_hostname = false
verify_incoming = false
verify_outgoing = false
}
}
@ -78,53 +80,228 @@ auto_encrypt {
# After startup, bootstrap the ACL system with `consul acl bootstrap` command
acl = {
enabled = true
default_policy = "allow"
default_policy = "deny"
enable_token_persistence = true
tokens {
default = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
initial_management = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
}
}
# Gossip Encryption
#encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
# If running Consul 1.8.x or below, enable central service configuration
#enable_central_service_config = true
recursors = ["127.0.0.11", "8.8.8.8", "8.8.4.4"]
#config_entries {
#bootstrap = [
#{
# Kind = "api-gateway"
# Name = "gw"
# Listeners = [
# {
# Name = "http"
# Port = 443
# Protocol = "http"
# }
# ]
#}
#{
# Kind = "service-defaults"
# Name = "defaults"
# Protocol = "http"
#},
#{
# Kind = "service-router"
# Name = "service-router"
# #Hostnames = ["catalog", "catalog-svc", "catalog.service.ego.io"]
# Routes = [
# {
# Match = {
# HTTP {
# PathPrefix = "/catalog"
# }
# }
# Destination {
# Service = "catalog"
# }
# }
# ]
#}
#]
#}
# ADDITIONAL CONFIGS
config_entries {
bootstrap = [
{
Kind = "proxy-defaults"
Name = "global"
Config {
Protocol = "http"
}
AccessLogs {
Enabled = true
},
MeshGateway {
Mode = "local"
}
},
{
Kind = "service-defaults"
Name = "global"
Protocol = "http"
MeshGateway {
Mode = "local"
}
},
#{
# Kind = "mesh"
# Peering {
# PeerThroughMeshGateways = true
# }
#},
{
Kind = "file-system-certificate"
Name = "gateway-certificate"
Certificate = "/etc/certs/gateway.crt"
PrivateKey = "/etc/certs/gateway.key"
},
#{
# Kind = "file-system-certificate"
# Name = "catalog-certificate"
# Certificate = "/etc/certs/catalog.crt"
# PrivateKey = "/etc/certs/catalog.key"
#},
{
Kind = "api-gateway"
Name = "gateway"
Listeners = [
{
Name = "gw-listener"
Port = 8443
Protocol = "http"
TLS = {
Certificates = [
{
Kind = "file-system-certificate"
Name = "gateway-certificate"
}
]
}
}
]
},
{
Kind = "http-route"
Name = "basket-routes"
Hostnames = ["basket.service.ego.io"]
Parents = [
{
Kind = "api-gateway"
Name = "gateway"
SectionName = "gw-listener"
}
]
Rules = [
{
Matches = [
{
Path = {
Match = "prefix"
Value = "/basket"
}
}
]
#Filters = {
# URLRewrite = {
# Path = "/basket"
# }
#}
Services = [
{
Name = "basket"
Weight = 90
#Filters = {
# URLRewrite = {
# Path = "/"
# }
#}
}
]
}
]
},
{
Kind = "http-route"
Name = "catalog-routes"
Hostnames = ["catalog.service.ego.io"]
Parents = [
{
Kind = "api-gateway"
Name = "gateway"
SectionName = "gw-listener"
}
]
Rules = [
{
Matches = [
{
Path = {
Match = "prefix"
Value = "/catalog"
}
}
]
#Filters = {
# URLRewrite = {
# Path = "/catalog"
# }
#}
Services = [
{
Name = "catalog"
Weight = 90
#Filters = {
# URLRewrite = {
# Path = "/"
# }
#}
}
]
}
]
},
{
Kind = "service-router"
Name = "gateway"
Routes = [
{
Match {
HTTP {
PathPrefix = "/identity"
}
},
Destination {
Service = "identity"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/basket"
}
},
Destination {
Service = "basket"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/catalog"
}
},
Destination {
Service = "catalog"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/order"
}
},
Destination {
Service = "order"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/pricing"
}
},
Destination {
Service = "pricing"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
}
]
}
]
}

2
api-registry/opt/tpl/ca.crt.tpl
View File

@ -1,3 +1,3 @@
{{ with secret "pki_int/issue/ego-io" "common_name=server.me.registry" "ttl=72h"}}
{{ with secret "pki_int/issue/ego.io" "common_name=ego.io" "ttl=72h"}}
{{ .Data.issuing_ca }}
{{ end }}

2
api-registry/opt/tpl/catalog.crt.tpl
View File

@ -1,3 +1,3 @@
{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ .Data.certificate }}
{{ end }}

2
api-registry/opt/tpl/catalog.key.tpl
View File

@ -1,3 +1,3 @@
{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ .Data.private_key }}
{{ end }}

8
api-registry/spawn-process.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
sleep 10
until ${COMMAND}; do
echo "Envoy crashed with exit code $?. Respawning.." >&2
sleep 1
done

18
api-registry/start-envoy.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/sh
# consul connect envoy -gateway api -register \
# -service gw-mesh -token=${CONSUL_HTTP_TOKEN} \
# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" \
# -wan-address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" \
# -bind-address gw-listener=0.0.0.0:8443 \
# -enable-config-gen-logging
consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/api-gateway.log 2>&1 &
# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443"
# -bind-address gw-listener=0.0.0.0:80
# catalog sidecar
consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 &
#basket sidecar
consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 &

2
deploy/image-build.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
# RUN IN REPO ROOT DIR !!
export IMAGE_NAME="git.pbiernat.dev/egommerce/api-registry"
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
TARGET=${1:-latest}

7
deploy/image-push.sh
View File

@ -1,9 +1,12 @@
#!/bin/sh
# RUN IN REPO ROOT DIR !!
export IMAGE_NAME="git.pbiernat.dev/egommerce/api-registry"
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
TARGET=${1:-latest}
echo $DOCKER_PASSWORD | docker login git.pbiernat.dev -u $DOCKER_USERNAME --password-stdin
echo $DOCKER_PASSWORD | docker login git.pbiernat.io -u $DOCKER_USERNAME --password-stdin
docker push "$IMAGE_NAME:$TARGET"
# Restart container
curl -X POST http://127.0.0.1:9001/api/webhooks/603d2077-4018-4983-bbff-875154ec9e83

15
example.hcl Normal file
View File

@ -0,0 +1,15 @@
service {
id = "registry"
name = "registry"
tags = ["api-registry", "registry", "https", "grpc", "tcp", "consul", "catalog"]
address = ""
port = 8500
check {
id = "registry"
name = "Registry Service"
tcp ="localhost:53"
interval = "10s"
timeout = "1s"
}
}

7
secrets Normal file
View File

@ -0,0 +1,7 @@
AccessorID: d0dfcac2-5459-f7d8-c42f-2ee906a34279
SecretID: 784746ec-0d5d-fb12-1a79-95f912dcaabd
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2023-07-29 22:37:20.267488642 +0000 UTC
Policies:
00000000-0000-0000-0000-000000000001 - global-management

19
var/certs/VaultCA.pem Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDJjCCAg6gAwIBAgIUIG28xUQKS1B35XXFoBsEWgRO2QYwDQYJKoZIhvcNAQEL
BQAwETEPMA0GA1UEAxMGZWdvLmlvMB4XDTIzMDcwNjE5MjkxM1oXDTMzMDcwMzE5
Mjk0M1owETEPMA0GA1UEAxMGZWdvLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAl5hxyVJz9cF1kU0foFVyJZ/C0ZbiQm0hVn3sHqyqKIdujkIywoCQ
pzCISMhvrDkuJUoD8zmum2UQyHnIrIFEuEKkqpvr3ICEuiXVV0aCl8cuPcqT2nH3
T96fHFUf5cWncoaWIsBuSpATWHurAQvrl24m6vbqvJo5160AELXuNqGstvBuElqw
rMlVmQDvY0LFUpG8M9UdUIZBhEVMxTm3tKLk3N3DwMWFKYhyscwgSKKJ7znkFI4E
jE5nkgSDX1kpHvNna0zx4vAvMAkUpLZkZyyFAyZnCoLH5rfmWS2ZFMHHzeUnPXfH
MpnjXCWLrRkahMIEwMFH+U9miy+u/MckdwIDAQABo3YwdDAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULjtN11JiV+C3FsbBpG5AQATh
LQ0wHwYDVR0jBBgwFoAULjtN11JiV+C3FsbBpG5AQAThLQ0wEQYDVR0RBAowCIIG
ZWdvLmlvMA0GCSqGSIb3DQEBCwUAA4IBAQB2UXObm3XaDVv8EuLH49qpsIn24lm3
es3xKO/+Rrx9x8Y7BBpwmiFhkZjQEOM66vhoIzQbe0gPWO5wvTrWYbqyGubuPb2A
bAlf4JUiozcKaN/zZDWK2d7lj2tVh390Jp0Lf67D1g+kX4M6ByfZ2GVT7ghZMBsp
P0IeNiao8fZKpaZjmF/UTe2wDxyVB0+pY9XrhqVa8I79thd2dk8eiqqSDKR4fY3Y
Oo+/2c2++haMuQ/N5XvRqOmSgkP1gioopPhqTBvXd8lh1ZBX1ij6ccS503Neft9f
3UyycHDYH8SUYtcsDe8I+Yh7NfQj6ur5MEPUAPzoBgbVDa4hN97Ql8FV
-----END CERTIFICATE-----

21
var/certs/catalog-svc.cert.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIUO/w0+2BFYwPxELanA9ebAcPeUtEwDQYJKoZIhvcNAQEL
BQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkwHhcN
MjMwNzA2MTk0MDI4WhcNMjMwNzA5MTk0MDU4WjAhMR8wHQYDVQQDExZjYXRhbG9n
LnNlcnZpY2UuZWdvLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
qSk3xlIFDZeF+dTWFJ096GXtsEhAPgCbbjnbLIg5nQRJ+IsQUeuA0G+L/vFRReYl
OMlmnRGh6J7KmjGK58O/HEH3eWpdKjJzmTRuQtNcH3URpZ2YS3wMeqxrvWYhJT+a
eoTXkFvz8btt4SM+2UxadSeuHxUQDF6jY1Gffc7CoazjvgdNbvmxuztt32VM4S2z
qI8hJUhmXM+NQRc/SDHXyB82WzNX5eJh6bQZWKrOPgjCRaJzbE0N3GX6mvPve13I
4Rt9YKuUe5avfztrK5+5EdWVZuv7sBCQOfKJPdRgcwauOp4vTKCBHb9lSTJkO7RK
/oWg3g+cDIUaO753u0oipwIDAQABo4GVMIGSMA4GA1UdDwEB/wQEAwIDqDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNCJrK2q2UBe8y1E
fjJWL+ayOg2pMB8GA1UdIwQYMBaAFHpA4xTT9dhKKrmO7epCSCiJ5BR7MCEGA1Ud
EQQaMBiCFmNhdGFsb2cuc2VydmljZS5lZ28uaW8wDQYJKoZIhvcNAQELBQADggEB
AEUWY1ci0RDExQRQ4SFiJOPhvysapjS/mz1mLRaYxo9tjAP5nWzKrfVvKCXD46R7
lSbSdFnTGHaiJulMMHseRxFwbhNV4FUBETe+jZev5irSKJwevJH9Rg6RPwsz1DhO
h41ImgQ4G6regnykrgTbIQNgOQlfNoR1oIO8k8eVYEuatLBZv+Gn40E8hfDeS556
H2UkOcIC9DUpRJkobP0e0ji8S6nhBMoot38/WufceptyNhVR2u03H4lmTUdvFMXN
nwEmCqTPaAqDT8RyRuS7CZqCU/zbOiYtV831VJuENLOVwvG/2GPs228xCRPqnAI3
YF1lou3ZmxbJY0xsrpaaYh8=
-----END CERTIFICATE-----

51
var/certs/pki_int.cert.pem Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgIUKhWLESfOHLk4Q/kLhXUcmyd2OeMwDQYJKoZIhvcNAQEL
BQAwgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazERMA8GA1UEBwwIS2F0
b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJlZ2lzdHJhdG9yMQsw
CQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZhdGUgUmVnaXN0cmF0
b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMB4XDTIzMDcwODEyNTYxMVoX
DTIzMDgwOTEyNTY0MVowKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBB
dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1W53eQDU
CxemQ6l0GagJUPxgG2Aw+koXb57KGFtcF1WX6knObdHq6Hf2R3hOB8Qb6eMEJ2Pw
zVpB/0lSmsarqKNuDvuS/BY+fGOVONkFUtGXZu417ztgvBlctD1QXNrX86Jpgv20
BNtm0ua7+YRlYe/hOEPMGh1HfM6Bye06hEqJtfC55G6taXddVJwAg9pYfOQjsh1I
URl9NSjw3Rm/akUZAclqHT1fJcucJkR0Z0eKOw5b7H7IIuQ68FHeLjVXeWLJruB9
wQVN66P+5jU+b9ZkLhlPpdYB0Ve85Z8J5kCheIMYixq0QCa9zUI9JBRg529GB9Ul
r4NDPUylg9bzAgMBAAGjgf8wgfwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFCqH8BvWkDloDkW4KoWRuW8Gi8CcMB8GA1UdIwQYMBaA
FF6s4PHElvxu9QF+fqF7bDNroznXMGYGCCsGAQUFBwEBBFowWDApBggrBgEFBQcw
AYYdaHR0cDovL2xvY2FsaG9zdDo4MjAwL3YxL29jc3AwKwYIKwYBBQUHMAKGH2h0
dHA6Ly9sb2NhbGhvc3Q6ODIwMC92MS9wa2kvY2EwMQYDVR0fBCowKDAmoCSgIoYg
aHR0cDovL2xvY2FsaG9zdDo4MjAwL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQAD
ggEBAMQZrU+ulLBAIPNhexdYGbjIE//LfNkuV8PHb+dDXgjdLh0rqotC6mtDPHPV
LhcKK5qkt3Kc+SD+TK5tdr+vTdGkPmZhUBim1ZqhMLDVfHCZYBgaaO/sIG4tfSQ4
PA/FRSR2zZH/eAs/WtLLcLmr8mNtMXleduUbABfzp2KUw3HCyZxsOlCAfg296xvJ
g0e8WPkn3rPo9D28QRISfSH82w/L8Rgr4XkEXhTzmuupK7bJtuEz+AVKUxviLXxu
zfV0SBIA8eZNRiuEuzV4KxaJL+669kMlcpX12SxyhR/zYU6YdhugtHVuPu84resy
2QfBmZbCsGZY2urZ2UIWefA/T70=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIENTCCAx2gAwIBAgIUbXooBpS7/8FWBYC1F7fbJQj53hswDQYJKoZIhvcNAQEL
BQAwgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazERMA8GA1UEBwwIS2F0
b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJlZ2lzdHJhdG9yMQsw
CQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZhdGUgUmVnaXN0cmF0
b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMB4XDTIzMDYyODE1MjcxMVoX
DTI4MDYyNjE1MjcxMVowgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazER
MA8GA1UEBwwIS2F0b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJl
Z2lzdHJhdG9yMQswCQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZh
dGUgUmVnaXN0cmF0b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGwbsRS7UoiUTAsdnGG2Yfh+XraS
oSimr/jkJImKgQ+GMZJ/uTzunzkw31ujYSKBCoFVjPOJ135/EzZKJIHqzFCP9Tvd
Y6K8K8BwYPZ1HJPlbjPJ9nmJdW6mC1Qri3WCH2Ppt9+jb5fDUF0sPMxO4C3ZYCj/
zg9TzzKXahbIQsUxlSseEuBvTfsbv2miMPHCPTsQNE7q1m2iUGM4h2YrS7GuXVHE
/J/Q1fHKOir1tud46FmWF16fzKafSFxnyX3yDIFTDTHQx+7ei9weksMZJHyFsWGk
KjhaaaqfNRlCygf/cpAl99os1ILm4cM3yeqOhnYeqNzLQGszHiFJ8klP8wIDAQAB
o1MwUTAdBgNVHQ4EFgQUXqzg8cSW/G71AX5+oXtsM2ujOdcwHwYDVR0jBBgwFoAU
Xqzg8cSW/G71AX5+oXtsM2ujOdcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAASzDfVqN9VZwfEYgvoFhhuPiX6DO8y9209kvxmgR25cHLypXcWSm
k5XSO7ifYOEgz5zFVUe2CiJD7D/9dxVnNgAsFwqYK4Sm46sh/s73nxQYebAtjsee
8vIojINEdBjvMXAJZnzahF+C4Ldoj+Q+Mys4NGOHC0rC7axL7ncL7ydKO8SKNN7C
1vsNN6xlPTaTwfaQ1fGTqeCFXJ0KuDQlXpZUZuo/bX/wcFTWlvdP1/xyL3XRVpao
MrZyj2bNd43q8LppRkR5Bv8vOPnsS/XaPO31eY/3aOba52a8YJdkRbCQ5IyV3ejH
VshgEBQHvhPynHhpaejlTamPlJ5ntV9OYw==
-----END CERTIFICATE-----

16
var/certs/pki_int.csr Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICbTCCAVUCAQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRo
b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1W53eQDUCxem
Q6l0GagJUPxgG2Aw+koXb57KGFtcF1WX6knObdHq6Hf2R3hOB8Qb6eMEJ2PwzVpB
/0lSmsarqKNuDvuS/BY+fGOVONkFUtGXZu417ztgvBlctD1QXNrX86Jpgv20BNtm
0ua7+YRlYe/hOEPMGh1HfM6Bye06hEqJtfC55G6taXddVJwAg9pYfOQjsh1IURl9
NSjw3Rm/akUZAclqHT1fJcucJkR0Z0eKOw5b7H7IIuQ68FHeLjVXeWLJruB9wQVN
66P+5jU+b9ZkLhlPpdYB0Ve85Z8J5kCheIMYixq0QCa9zUI9JBRg529GB9Ulr4ND
PUylg9bzAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAomZzHZVQ+MlgQbc/VxE+
heC40azU0jfLG6lUHw4zP7Orx6mOtHh6JRWfGCHUc0AwH0AnXVk9D8JNa5EY/7bR
N5PFXKRbVSpxJD8/rDn64ZMEYj4ahUTgfRIbU4cnOCYgmZaTnS7f3dGoEMUuzuYm
04SN5aptY/H+YoP/LEkhQj0ePIA1W2OXtOTU9NrQqSSaA39/+8Yto+j5cFztgF4m
S3jLFwkz0Wt6gR+s5xD4k9sdoSSIVAuoXk/B2wyuiU2DcvHGV9+YUo+MkcZ2HvwW
Rl//dNgy1Tjlkf7ebeYtrf/rwyjyHFbb9vqCLI3Z28GgyXF1LTyuFMRCcZ5mdkdc
kw==
-----END CERTIFICATE REQUEST-----

27
var/certs/test.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA9mjBUJ6u5Onmo5W8Hl/ES7EE7lCDIcFMN39sl0MapbYeHMom
hIvL5909ifflpwcPLxvWT9aZ6bEqG86Kp/bFXnkCtfDvQKC5l5R90NDVJwhGJwon
WWlOZvkzPTt6o2Xk/NX3KuNilrfZZNxoLaEXldbbAhhSLOJ7gK0oYxXsKFf+Aovx
fb1bs9+1gR2Tg0kEPqZdJMyil5xvGDkWxXjcblTTxL+MpYEi5Es7lSWT6wBQ5u4l
zZddcYzWve6f1P9OSWzkxxcvhUCMjvWodJqnfHvk7K44EswR/8cEmtS11XKBp10Z
yF7WGH2X9o/hKUGhUOOHJisN3NJBzQBoxjTccwIDAQABAoIBAQDUCGxgvUtt+7/V
gCFyWaIGJ/tAPtO4FidJkkKVHs8tTTs4NtNSNyFtEbnEoSZixfZQ6TlPVjD3INZF
O0OhKP3JP4QPn5WhHSzWvJZPO4RPpBUJvvkBPVaT0VhAFpB/TkzvLAcWRrgtTWKq
IecbbIVpEItAkEEWEoWHwnkAWnrucqkEc42tseMI3YJ6Q91G63ErGLz9XvRQu41q
x9FXbswic13ulc4PJm15IQRVCh+ht63g/vYNduIldh1H6YFqJ4ZS8NVSWz9ToIJ5
fd/21/ajlsv3kenJHCW1yNHJQd/zNYo7gCfytHX3Ny5K20yjKnPWwL884J1YIHFJ
qL061CNRAoGBAPkxTPOq12qtROW1uP6DqkfChkN3pG18n5NpQoHxQoR4rzbOXwTH
B+Z2IoVkR2bW5P2CUOWlGM6usQRWUnnzgQQ7BcINT1taHGBRcvmQE2cHCQkn0T04
gCMoB3Kg3aGioYvyvYb9YGgdwcJ7eENBYh28iA/zAJO7Sj4bH+JYuCvPAoGBAP0j
/UJUANbWrvOs97olaZ+zubmvEFu/OiGpp81wloc8uoCLoKu6B0F2SqRsTk652L4K
bc7lXoULizcgdqejn/haN1e7gxfgJlCjTWtVLj5rBPyWfQJIpJE9IYHTFyrowJMj
sZ2oFVU0UQWeDqh9Xyjt9IA+hj8T8zsTfn7NpTodAoGBAJ/v25L9ELvAL9s7cluw
iAb8vA3raVZ4STdktLIP9gBuMQ79D5FSaSiqo+d3gDhqLpjjHib2euCU0LqW6OKq
viDH/R8aSde5E0Nio2e36CwVIOCGdM5VSDDITVduFjHa3tKi3rAYSdspViYL9xk7
iszJJ48NCU7IQ5Nu91zgUnyTAoGAWj+reitCxVVyuFNxWn8eIh7MV0PvvBX4HqpC
tf6u2/Yts8iT9sVy8sa+o9ItNOoTOOW08m9Z/Gr6LiQ3yVqPnNZlJrUmbquuXU9r
OZn7y6sR8w+f7+GAMnut54AfoV+r0ImIOGIFgQQO4sbQCQfxlkEHy3T/HZv6OpSf
o4ujnY0CgYASqd3uhGLv2Ts12MwgsqzCk4tqayALM5bO8n2ojS35SlbCf/JmLiBW
3hjuGyVwhGGc7vFKKbZ3YSexDzeSwLFtcT6YE+DyPtFPMayfYeakQSfqDnNxduZ4
kYNSmYnScRFGbHlPIealr+VT4X1SAMtkCCzSEJOKjQ3U6hGhi7c++Q==
-----END RSA PRIVATE KEY-----

39
var/certs/test.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN CERTIFICATE-----
MIICwDCCAaigAwIBAgIUX4qxPtBep6ezik4G+8t/xD8aNg0wDQYJKoZIhvcNAQEL
BQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkwHhcN
MjMwNzI2MjAzNjQ0WhcNMjMwNzI5MjAzNzE0WjAAMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEjTk0C0SGG/OXOgwmNmueWaF83abHr97hDgpy5Nco5ADZR5uYS3bM
svRLJCkeOCQHD5+9txfhAA6g4Q3YD8jdB6OB1DCB0TAOBgNVHQ8BAf8EBAMCA6gw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR4tshTRYWT
VIPl+gJPP7tdadyXHTAfBgNVHSMEGDAWgBTDqnUl3TUVDhMKIE0EMTfeQvkMrDBg
BgNVHREBAf8EVjBUhlJzcGlmZmU6Ly84MjU0MWFhYi0zNmRiLWEyNDgtOTE5YS01
ZDE0OTM4YTFhMjIuY29uc3VsL25zL2RlZmF1bHQvZGMvZWdvL3N2Yy9jYXRhbG9n
MA0GCSqGSIb3DQEBCwUAA4IBAQA/ZykZEZhkx8xHejRAqpfWMg8TcWQVY95UjA23
rPj8fIMBNJwwNvBrqjcPquKAsH7gC0U16ssd4QabYbPBwr2/NmQ7zp4Udnt8cGmF
E3Q7GLaDQmERxZop6gZpEC0cKejtnWwNhhM5viR0UkRX5cIuAv2W7H1v7qi/dMa7
KIsD7N2iNED8Madi45bHtSwawX3HF5Mmo5bxw2FOUutGNXZ+06QiUqxuu6pa2ljk
iLEFHrG27DfBhdgw1TdosvYY61LMPL97dAZ9ORQU9Ik5sOy5d5KiyIskfm4gatJq
/wkfCv1RzAd7YPEp03q8QlDlNr6Mc/KTNwt2WGei8CYUlFHA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDnTCCAoWgAwIBAgIUKQa1Qce2n8KjLnFNfxBiNg/qp+UwDQYJKoZIhvcNAQEL
BQAwETEPMA0GA1UEAxMGZWdvLmlvMB4XDTIzMDcyMjIyMzU1NFoXDTI4MDcyMDIy
MzYyNFowKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6OXVd52eZK9L+mweVxsoy
gPEu5yHQbP9dKOB6iWA5e8jLMQKwRvb+il+6IfP5CA0QK/iXdl+H5hb2IL6TcUWp
2BdlxMOKhioS2F2UqacujnKbAi1dfqkCOp2JuZzlivm4Ku8EzDyKyHEXv7++41+o
SJ8aERC9kK9Ak9zVCsdpY8NXv5gaysXPW8UdDNldi1LoZ+vrsqLWYezhmqZIZ8lR
HfvpmwaOGoCGCacQnXXuH9axTKeyhXL7EwEWeTOvpKYE44qbt8O67XjOe7GCyf0n
+SmweXCTjOQQVkdCO7tTJG0KLf8/1i39KaIVBju7RJxizR2fomqI8cc+ja5WokQ7
AgMBAAGjgdUwgdIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
VR0OBBYEFMOqdSXdNRUOEwogTQQxN95C+QysMB8GA1UdIwQYMBaAFFQuletuUtZb
XabnbhYcoe15G7EzMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDov
LzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jYTAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vMTI3LjAuMC4xOjgyMDAvL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQADggEB
AFDDSktJ6qUDkRo7A9hssYiiGzjdaFgzNMAXnoUl4TX7npAyfmczJdaHFE4tKb4S
tOih6sC7XfyDuuTZ0+zvGpCN6kSFqrH1tFe37pauhxTUjopdbFwteOHBcY49o1Mx
gZCL9UvrGDmzY9htDExjm3bqB07SKOA1kR2iSHVzYN3oFWpDyn/Di4nFRudbJvN6
nPaIyTDPyYUF8JMyd5CONut+v1tdEYOfOEAeNDUG87IVvAYrzotkCRncjZLfewD2
/q4wWKjbAT9sh5mLAgctU/hrRuuZ7AF7uYgl5GvbJyHG5grv5WhU6oKzVsonxHo5
si/KhGzpLBv2MnvAhEwdpfA=
-----END CERTIFICATE-----