Refactor
This commit is contained in:
parent
0accb265d7
commit
97dec341af
Dockerfile
api-registry
entrypoint.sh
etc
addons
api-gateway.hcldefault-proxy.hcldefault-service.hclintentions.hclpricing-intentions.hclroutes.hclservice-catalog.hclservice-router.hcl
consul-template
consul
opt/tpl
deploy
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
|
FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
|
||||||
FROM ubuntu:latest AS base
|
FROM ubuntu:latest AS base
|
||||||
FROM hashicorp/consul:1.19.2-ubi
|
FROM hashicorp/consul:1.20.1-ubi
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
|
|
||||||
@ -13,7 +13,7 @@ LABEL dev.egommerce.image.version="1.0"
|
|||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
|
|
||||||
COPY ./api-registry/etc/consul /consul/config
|
COPY ./api-registry/etc/consul /consul/config
|
||||||
# COPY ./api-registry/etc/addons/* /consul/config
|
COPY ./api-registry/etc/addons/* /consul/config/
|
||||||
COPY ./api-registry/etc/consul-template /consul/template
|
COPY ./api-registry/etc/consul-template /consul/template
|
||||||
COPY ./api-registry/opt /opt/consul
|
COPY ./api-registry/opt /opt/consul
|
||||||
COPY ./api-registry/entrypoint.sh /
|
COPY ./api-registry/entrypoint.sh /
|
||||||
|
@ -9,9 +9,9 @@ update-ca-trust
|
|||||||
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
|
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
|
||||||
|
|
||||||
# Install consul-template
|
# Install consul-template
|
||||||
# cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
|
cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.39.1/consul-template_0.39.1_linux_amd64.zip && \
|
||||||
# unzip consul-template_0.19.5_linux_amd64.zip && \
|
unzip consul-template_0.39.1_linux_amd64.zip && \
|
||||||
# rm consul-template_0.19.5_linux_amd64.zip && cd -
|
rm consul-template_0.39.1_linux_amd64.zip && cd -
|
||||||
|
|
||||||
# Install glibc
|
# Install glibc
|
||||||
# apk add gcompat
|
# apk add gcompat
|
||||||
@ -25,9 +25,9 @@ if [ $APP_NAME == "api-gateway" ]
|
|||||||
then
|
then
|
||||||
# register-service
|
# register-service
|
||||||
|
|
||||||
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -client-cert /etc/certs/catalog.crt -client-key /etc/certs/catalog.key -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
|
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address route-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
|
||||||
COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
|
COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
|
||||||
COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
|
# COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,21 +1,15 @@
|
|||||||
config_entries {
|
Kind = "api-gateway"
|
||||||
bootstrap = [
|
Name = "gw"
|
||||||
{
|
|
||||||
Kind = "api-gateway"
|
|
||||||
Name = "gw"
|
|
||||||
|
|
||||||
Listeners = [
|
Listeners = [
|
||||||
{
|
{
|
||||||
Name = "gw"
|
Name = "route-listener"
|
||||||
Port = 443
|
Port = 8443
|
||||||
Protocol = "http"
|
Protocol = "http"
|
||||||
#Services = [
|
#Services = [
|
||||||
# {
|
# {
|
||||||
# Name = "catalog"
|
# Name = "catalog"
|
||||||
# }
|
# }
|
||||||
#]
|
#]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
13
api-registry/etc/addons/intentions.hcl
Normal file
13
api-registry/etc/addons/intentions.hcl
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
Kind = "service-intentions"
|
||||||
|
Name = "pricing"
|
||||||
|
|
||||||
|
Sources = [
|
||||||
|
{
|
||||||
|
Name = "basket"
|
||||||
|
Action = "deny"
|
||||||
|
}
|
||||||
|
{
|
||||||
|
Name = "api"
|
||||||
|
Action = "allow"
|
||||||
|
}
|
||||||
|
]
|
@ -1,13 +0,0 @@
|
|||||||
#Kind = "service-intentions"
|
|
||||||
#Name = "pricing"
|
|
||||||
|
|
||||||
#Sources = [
|
|
||||||
#{
|
|
||||||
# Name = "basket"
|
|
||||||
# Action = "deny"
|
|
||||||
#}
|
|
||||||
#{
|
|
||||||
# Name = "api"
|
|
||||||
# Action = "allow"
|
|
||||||
#}
|
|
||||||
#]
|
|
@ -1,87 +1,85 @@
|
|||||||
config_entries {
|
Kind = "http-route"
|
||||||
bootstrap = [
|
Name = "route-listener"
|
||||||
{
|
|
||||||
Kind = "http-route"
|
|
||||||
Name = "catalog-routes"
|
|
||||||
|
|
||||||
Meta = {
|
Meta = {
|
||||||
"name" = "catalog-routes"
|
"name" = "catalog"
|
||||||
}
|
|
||||||
#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
|
|
||||||
|
|
||||||
Parents = [
|
|
||||||
{
|
|
||||||
Kind = "api-gateway"
|
|
||||||
Name = "gw"
|
|
||||||
#SectionName = "<optional name of a specific listener on the api-gateway to bind to>"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
|
|
||||||
Rules = [
|
|
||||||
{
|
|
||||||
Filters = {
|
|
||||||
URLRewrite = {
|
|
||||||
Path = "/catalog"
|
|
||||||
}
|
|
||||||
#JWT = {
|
|
||||||
# Providers = [
|
|
||||||
# Name = "<name of the provider>"
|
|
||||||
# VerifyClaim = {
|
|
||||||
# Path = ["<path to claim>"]
|
|
||||||
# Value = "<value of claim>"
|
|
||||||
# }
|
|
||||||
# ]
|
|
||||||
#}
|
|
||||||
}
|
|
||||||
#Matches = [
|
|
||||||
#{
|
|
||||||
# Headers = [
|
|
||||||
# {
|
|
||||||
# Match = "<type of match: exact, prefix or regex>"
|
|
||||||
# Name = "<name of header to match on>"
|
|
||||||
# Value = "<value of header to match on>"
|
|
||||||
# }
|
|
||||||
# ]
|
|
||||||
# Method = "<method type to match on>"
|
|
||||||
# Path = {
|
|
||||||
# Match = "<type of match: exact, prefix or regex>"
|
|
||||||
# Value = "<value to match on>"
|
|
||||||
# }
|
|
||||||
# Query = [
|
|
||||||
# {
|
|
||||||
# Match = "<type of match: exact, present or regex>"
|
|
||||||
# Name = "<name of query parameter to match on>"
|
|
||||||
# Value = "<value of query parameter to match on>"
|
|
||||||
# }
|
|
||||||
# ]
|
|
||||||
#}
|
|
||||||
#]
|
|
||||||
Services = [
|
|
||||||
{
|
|
||||||
Name = "catalog"
|
|
||||||
Weight = 90
|
|
||||||
Filters = {
|
|
||||||
# Headers = [
|
|
||||||
# {
|
|
||||||
# Add = {
|
|
||||||
# "<name of header to add>" = "<value of header to add>"
|
|
||||||
# }
|
|
||||||
# Remove = [
|
|
||||||
# "<name of header to remove from request>"
|
|
||||||
# ]
|
|
||||||
# Set = {
|
|
||||||
# "<name of header to set>" = "<value of header to set>"
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
# ]
|
|
||||||
URLRewrite = {
|
|
||||||
Path = "/"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
|
||||||
|
|
||||||
|
Parents = [
|
||||||
|
{
|
||||||
|
Kind = "api-gateway"
|
||||||
|
Name = "gw"
|
||||||
|
SectionName = "route-listener"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
Rules = [
|
||||||
|
{
|
||||||
|
#Filters = {
|
||||||
|
#URLRewrite = {
|
||||||
|
# Path = "/catalog"
|
||||||
|
#}
|
||||||
|
#JWT = {
|
||||||
|
# Providers = [
|
||||||
|
# Name = "<name of the provider>"
|
||||||
|
# VerifyClaim = {
|
||||||
|
# Path = ["<path to claim>"]
|
||||||
|
# Value = "<value of claim>"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
#}
|
||||||
|
#}
|
||||||
|
Matches = [
|
||||||
|
{
|
||||||
|
Path = {
|
||||||
|
Match = "prefix"
|
||||||
|
Value = "/catalog"
|
||||||
|
}
|
||||||
|
# Headers = [
|
||||||
|
# {
|
||||||
|
# Match = "<type of match: exact, prefix or regex>"
|
||||||
|
# Name = "<name of header to match on>"
|
||||||
|
# Value = "<value of header to match on>"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
# Method = "<method type to match on>"
|
||||||
|
# Path = {
|
||||||
|
# Match = "<type of match: exact, prefix or regex>"
|
||||||
|
# Value = "<value to match on>"
|
||||||
|
# }
|
||||||
|
# Query = [
|
||||||
|
# {
|
||||||
|
# Match = "<type of match: exact, present or regex>"
|
||||||
|
# Name = "<name of query parameter to match on>"
|
||||||
|
# Value = "<value of query parameter to match on>"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
Services = [
|
||||||
|
{
|
||||||
|
Name = "catalog"
|
||||||
|
Weight = 90
|
||||||
|
Filters = {
|
||||||
|
# Headers = [
|
||||||
|
# {
|
||||||
|
# Add = {
|
||||||
|
# "<name of header to add>" = "<value of header to add>"
|
||||||
|
# }
|
||||||
|
# Remove = [
|
||||||
|
# "<name of header to remove from request>"
|
||||||
|
# ]
|
||||||
|
# Set = {
|
||||||
|
# "<name of header to set>" = "<value of header to set>"
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
URLRewrite = {
|
||||||
|
Path = "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
@ -1,20 +1,20 @@
|
|||||||
services = [
|
Kind = "service-router"
|
||||||
{
|
Name = "catalog"
|
||||||
name = "catalog"
|
|
||||||
port = 443
|
Routes = [
|
||||||
|
{
|
||||||
|
Match {
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/catalog"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
checks = {
|
|
||||||
Interval = "10s"
|
Destination {
|
||||||
Name = "Connect Sidecar Listening"
|
Service = "catalog"
|
||||||
TCP = "127.0.0.1:20000"
|
RequestTimeout = "5s"
|
||||||
}
|
NumRetries = 5
|
||||||
kind = "connect-proxy"
|
RetryOnConnectFailure = true
|
||||||
name = "web-sidecar-proxy"
|
RetryOn = ["reset"]
|
||||||
port = 20000
|
|
||||||
proxy = {
|
|
||||||
destination_service_id = "catalog"
|
|
||||||
destination_service_name = "catalog"
|
|
||||||
local_service_address = "127.0.0.1"
|
|
||||||
local_service_port = 443
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
]
|
]
|
@ -1,5 +1,5 @@
|
|||||||
Kind = "service-router"
|
Kind = "service-router"
|
||||||
Name = "service-router"
|
Name = "main-router"
|
||||||
|
|
||||||
Routes = [
|
Routes = [
|
||||||
{
|
{
|
||||||
@ -10,6 +10,11 @@ Routes = [
|
|||||||
},
|
},
|
||||||
Destination {
|
Destination {
|
||||||
Service = "identity"
|
Service = "identity"
|
||||||
|
RequestTimeout = "5s"
|
||||||
|
NumRetries = 5
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RetryOn = ["reset"]
|
||||||
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -20,6 +25,10 @@ Routes = [
|
|||||||
},
|
},
|
||||||
Destination {
|
Destination {
|
||||||
Service = "basket"
|
Service = "basket"
|
||||||
|
RequestTimeout = "5s"
|
||||||
|
NumRetries = 5
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RetryOn = ["reset"]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -30,6 +39,10 @@ Routes = [
|
|||||||
},
|
},
|
||||||
Destination {
|
Destination {
|
||||||
Service = "catalog"
|
Service = "catalog"
|
||||||
|
RequestTimeout = "5s"
|
||||||
|
NumRetries = 5
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RetryOn = ["reset"]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -40,6 +53,10 @@ Routes = [
|
|||||||
},
|
},
|
||||||
Destination {
|
Destination {
|
||||||
Service = "order"
|
Service = "order"
|
||||||
|
RequestTimeout = "5s"
|
||||||
|
NumRetries = 5
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RetryOn = ["reset"]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -50,6 +67,10 @@ Routes = [
|
|||||||
},
|
},
|
||||||
Destination {
|
Destination {
|
||||||
Service = "pricing"
|
Service = "pricing"
|
||||||
|
RequestTimeout = "5s"
|
||||||
|
NumRetries = 5
|
||||||
|
RetryOnConnectFailure = true
|
||||||
|
RetryOn = ["reset"]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -1,11 +1,18 @@
|
|||||||
|
|
||||||
#vault {
|
vault {
|
||||||
# # root VAUL_TOKEN - PROD CHECK!
|
# root VAUL_TOKEN - PROD CHECK!
|
||||||
# token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
|
token = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
|
||||||
# address = "https://api-vault:8200"
|
address = "https://api-vault:8200"
|
||||||
# unwrap_token = false
|
unwrap_token = false
|
||||||
# renew_token = false
|
renew_token = false
|
||||||
#}
|
}
|
||||||
|
|
||||||
|
consul {
|
||||||
|
address = "https://127.0.0.1:8501"
|
||||||
|
ssl {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
source = "/opt/consul/tpl/catalog.crt.tpl"
|
source = "/opt/consul/tpl/catalog.crt.tpl"
|
||||||
|
@ -13,7 +13,7 @@ ui_config {
|
|||||||
content_path = "/registry"
|
content_path = "/registry"
|
||||||
}
|
}
|
||||||
|
|
||||||
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
|
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
|
||||||
client_addr = "0.0.0.0"
|
client_addr = "0.0.0.0"
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
|
@ -19,7 +19,7 @@ ui_config {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
|
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
|
||||||
client_addr = "0.0.0.0"
|
client_addr = "0.0.0.0"
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
@ -50,7 +50,8 @@ connect {
|
|||||||
ca_provider = "vault"
|
ca_provider = "vault"
|
||||||
ca_config {
|
ca_config {
|
||||||
address = "https://api-vault:8200"
|
address = "https://api-vault:8200"
|
||||||
token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
|
#token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
|
||||||
|
token = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
|
||||||
root_pki_path = "pki/"
|
root_pki_path = "pki/"
|
||||||
intermediate_pki_path = "pki_int/"
|
intermediate_pki_path = "pki_int/"
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
|
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=localhost" "ip_sans=127.0.0.1"}}
|
||||||
{{ .Data.certificate }}
|
{{ .Data.certificate }}
|
||||||
{{ end }}
|
{{ end }}
|
@ -1,3 +1,3 @@
|
|||||||
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
|
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=localhost" "ip_sans=127.0.0.1"}}
|
||||||
{{ .Data.private_key }}
|
{{ .Data.private_key }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# RUN IN REPO ROOT DIR !!
|
# RUN IN REPO ROOT DIR !!
|
||||||
|
|
||||||
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
|
export IMAGE_NAME="git.ego.cloudns.be/egommerce/api-registry"
|
||||||
|
|
||||||
TARGET=${1:-latest}
|
TARGET=${1:-latest}
|
||||||
|
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# RUN IN REPO ROOT DIR !!
|
# RUN IN REPO ROOT DIR !!
|
||||||
|
|
||||||
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
|
export IMAGE_NAME="git.ego.cloudns.be/egommerce/api-registry"
|
||||||
|
|
||||||
TARGET=${1:-latest}
|
TARGET=${1:-latest}
|
||||||
|
|
||||||
echo $DOCKER_PASSWORD | docker login git.pbiernat.io -u $DOCKER_USERNAME --password-stdin
|
echo $DOCKER_PASSWORD | docker login git.ego.cloudns.be -u $DOCKER_USERNAME --password-stdin
|
||||||
docker push "$IMAGE_NAME:$TARGET"
|
docker push "$IMAGE_NAME:$TARGET"
|
||||||
|
|
||||||
# Restart container
|
# Restart container
|
||||||
|
Loading…
Reference in New Issue
Block a user