egommerce/api-registry
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Piotr Biernat 2024-07-20 13:05:13 +02:00
parent 65f6340bb0
commit 741e1f22e4
8 changed files with 356 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
api-registry/entrypoint.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/sh
set -e
apk add zip
# exec register-service
update-ca-certificates
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
# Install consul-template
cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
unzip consul-template_0.19.5_linux_amd64.zip && \
rm consul-template_0.19.5_linux_amd64.zip && cd -
# Install glibc
# apk add gcompat
# Install Envoy
# curl -L https://func-e.io/install.sh | sh -s -- -b /usr/local/bin
# func-e use $ENVOY_VERSION_STRING
# cp ~/.func-e/versions/$ENVOY_VERSION_STRING/bin/envoy /usr/local/bin/
exec "$@"

28
api-registry/etc/consul-template/catalog.hcl Normal file
View File

@ -0,0 +1,28 @@
#vault {
# # root VAUL_TOKEN - PROD CHECK!
# token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
# address = "https://api-vault:8200"
# unwrap_token = false
# renew_token = false
#}
template {
source = "/opt/consul/tpl/catalog.crt.tpl"
destination = "/opt/consul/certs/catalog.crt"
perms = 0700
command = "sh -c 'date && consul reload'"
}
template {
source = "/opt/consul/tpl/catalog.key.tpl"
destination = "/opt/consul/certs/catalog.key"
perms = 0700
command = "sh -c 'date && consul reload'"
}
template {
source = "/opt/consul/tpl/ca.crt.tpl"
destination = "/opt/consul/certs/ca.crt"
command = "sh -c 'date && consul reload'"
}

130
api-registry/etc/consul/server.hcl Normal file
View File

@ -0,0 +1,130 @@
# Datacenter configuration
datacenter = "ego"
domain = "ego.io"
node_name = "registry"
data_dir = "/consul/data"
log_level = "DEBUG"
enable_local_script_checks = true
# Server configuration
server = true
bootstrap = true
bootstrap_expect = 1
acl_master_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
acl_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd"
ui_config {
enabled = true
}
bind_addr = "127.0.0.1"
client_addr = "0.0.0.0"
ports {
dns = 53
server = 8300
https = 8501
grpc_tls = 8503
}
dns_config {
service_ttl {
"*" = "10s"
}
node_ttl = "0s"
}
#enable_central_service_config = true
# Connect settings
#connect {
#enabled = true
#ca_provider = "vault"
#ca_config {
# address = "https://api-vault:8200"
# token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
# root_pki_path = "pki/"
# intermediate_pki_path = "pki_int/"
# ca_file = "/usr/local/share/ca-certificates/internalCA.crt"
#}
#}
# TLS Encryption configuration
tls {
defaults {
ca_file = "/usr/local/share/ca-certificates/internalCA.crt"
cert_file = "/etc/certs/registry.crt"
key_file = "/etc/certs/registry.key"
verify_incoming = false
verify_outgoing = false
#verify_incoming = true
#verify_outgoing = true
}
internal_rpc {
verify_server_hostname = false
verify_incoming = false
#verify_server_hostname = true
#verify_incoming = true
}
}
auto_encrypt {
allow_tls = true
}
# ACL configuration
# After startup, bootstrap the ACL system with `consul acl bootstrap` command
acl = {
enabled = true
default_policy = "allow"
enable_token_persistence = true
}
# Gossip Encryption
#encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
# If running Consul 1.8.x or below, enable central service configuration
#enable_central_service_config = true
recursors = ["127.0.0.11", "8.8.8.8", "8.8.4.4"]
#config_entries {
#bootstrap = [
#{
# Kind = "api-gateway"
# Name = "gw"
# Listeners = [
# {
# Name = "http"
# Port = 443
# Protocol = "http"
# }
# ]
#}
#{
# Kind = "service-defaults"
# Name = "defaults"
# Protocol = "http"
#},
#{
# Kind = "service-router"
# Name = "service-router"
# #Hostnames = ["catalog", "catalog-svc", "catalog.service.ego.io"]
# Routes = [
# {
# Match = {
# HTTP {
# PathPrefix = "/catalog"
# }
# }
# Destination {
# Service = "catalog"
# }
# }
# ]
#}
#]
#}

14
api-registry/etc/server.json
View File

@ -1,14 +0,0 @@
{
"node_name": "api-registry",
"server": true,
"bootstrap" : true,
"ui_config": {
"enabled" : true
},
"data_dir": "/consul/data",
"addresses": {
"http" : "0.0.0.0"
},
"bind_addr": "0.0.0.0",
"advertise_addr": "127.0.0.1"
}

3
api-registry/opt/tpl/ca.crt.tpl Normal file
View File

@ -0,0 +1,3 @@
{{ with secret "pki_int/issue/ego-io" "common_name=server.me.registry" "ttl=72h"}}
{{ .Data.issuing_ca }}
{{ end }}

3
api-registry/opt/tpl/catalog.crt.tpl Normal file
View File

@ -0,0 +1,3 @@
{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ .Data.certificate }}
{{ end }}

3
api-registry/opt/tpl/catalog.key.tpl Normal file
View File

@ -0,0 +1,3 @@
{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ .Data.private_key }}
{{ end }}

165
api-registry/wait-for-it.sh Executable file
View File

@ -0,0 +1,165 @@
#!/usr/bin/env sh
# Use this script to test if a given TCP host/port are available
set -e
cmdname=$(basename "$0")
echoerr() {
if [ "$QUIET" -ne 1 ]; then
printf "%s\n" "$*" 1>&2;
fi
}
usage()
{
exitcode="$1"
cat << USAGE >&2
Usage:
$cmdname host:port [-s] [-t timeout] [-- command args]
-h HOST | --host=HOST Host or IP under test
-p PORT | --port=PORT TCP port under test
Alternatively, you specify the host and port as host:port
-s | --strict Only execute subcommand if the test succeeds
-q | --quiet Don't output any status messages
-t TIMEOUT | --timeout=TIMEOUT
Timeout in seconds, zero for no timeout
-- COMMAND ARGS Execute command with args after the test finishes
USAGE
exit "$exitcode"
}
wait_for()
{
if [ "$TIMEOUT" -gt 0 ]; then
echoerr "$cmdname: waiting $TIMEOUT seconds for $HOST:$PORT"
else
echoerr "$cmdname: waiting for $HOST:$PORT without a timeout"
fi
start_ts=$(date +%s)
while true
do
nc -z "$HOST" "$PORT" >/dev/null 2>&1
result=$?
if [ $result -eq 0 ]; then
end_ts=$(date +%s)
echoerr "$cmdname: $HOST:$PORT is available after $((end_ts - start_ts)) seconds"
break
fi
sleep 1
done
return $result
}
wait_for_wrapper()
{
# In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
if [ "$QUIET" -eq 1 ]; then
timeout "$TIMEOUT" "$0" -q -child "$HOST":"$PORT" -t "$TIMEOUT" &
else
timeout "$TIMEOUT" "$0" --child "$HOST":"$PORT" -t "$TIMEOUT" &
fi
PID=$!
trap 'kill -INT -$PID' INT
wait $PID
RESULT=$?
if [ $RESULT -ne 0 ]; then
echoerr "$cmdname: timeout occurred after waiting $TIMEOUT seconds for $HOST:$PORT"
fi
return $RESULT
}
TIMEOUT=15
STRICT=0
CHILD=0
QUIET=0
# process arguments
while [ $# -gt 0 ]
do
case "$1" in
*:* )
HOST=$(printf "%s\n" "$1"| cut -d : -f 1)
PORT=$(printf "%s\n" "$1"| cut -d : -f 2)
shift 1
;;
--child)
CHILD=1
shift 1
;;
-q | --quiet)
QUIET=1
shift 1
;;
-s | --strict)
STRICT=1
shift 1
;;
-h)
HOST="$2"
if [ "$HOST" = "" ]; then break; fi
shift 2
;;
--host=*)
HOST=$(printf "%s" "$1" | cut -d = -f 2)
shift 1
;;
-p)
PORT="$2"
if [ "$PORT" = "" ]; then break; fi
shift 2
;;
--port=*)
PORT="${1#*=}"
shift 1
;;
-t)
TIMEOUT="$2"
if [ "$TIMEOUT" = "" ]; then break; fi
shift 2
;;
--timeout=*)
TIMEOUT="${1#*=}"
shift 1
;;
--)
shift
break
;;
--help)
usage 0
;;
*)
echoerr "Unknown argument: $1"
usage 1
;;
esac
done
if [ "$HOST" = "" -o "$PORT" = "" ]; then
echoerr "Error: you need to provide a host and port to test."
usage 2
fi
if [ $CHILD -gt 0 ]; then
wait_for
RESULT=$?
exit $RESULT
else
if [ "$TIMEOUT" -gt 0 ]; then
wait_for_wrapper
RESULT=$?
else
wait_for
RESULT=$?
fi
fi
if [ "$*" != "" ]; then
if [ $RESULT -ne 0 -a $STRICT -eq 1 ]; then
echoerr "$cmdname: strict mode, refusing to execute subprocess"
exit $RESULT
fi
exec "$@"
else
exit $RESULT
fi