Refactor

Dockerfile

@@ -1,7 +1,7 @@
 
 FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
 FROM ubuntu:latest AS base
-FROM hashicorp/consul:1.19.2-ubi
+FROM hashicorp/consul:1.20.1-ubi
 
 USER root
 
@@ -13,7 +13,7 @@ LABEL dev.egommerce.image.version="1.0"
 ENV CGO_ENABLED=0
 
 COPY ./api-registry/etc/consul /consul/config
-# COPY ./api-registry/etc/addons/* /consul/config
+COPY ./api-registry/etc/addons/* /consul/config/
 COPY ./api-registry/etc/consul-template /consul/template
 COPY ./api-registry/opt /opt/consul
 COPY ./api-registry/entrypoint.sh /

api-registry/entrypoint.sh

@@ -9,9 +9,9 @@ update-ca-trust
 echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
 
 # Install consul-template
-# cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
+cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.39.1/consul-template_0.39.1_linux_amd64.zip && \
-# unzip consul-template_0.19.5_linux_amd64.zip && \
+unzip consul-template_0.39.1_linux_amd64.zip && \
-# rm consul-template_0.19.5_linux_amd64.zip && cd -
+rm consul-template_0.39.1_linux_amd64.zip && cd -
 
 # Install glibc
 # apk add gcompat
@@ -25,9 +25,9 @@ if [ $APP_NAME == "api-gateway" ]
 then
     # register-service
 
-    IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -client-cert /etc/certs/catalog.crt -client-key /etc/certs/catalog.key -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
+    IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address route-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
     COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
-    COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
+    # COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
 fi
 
 

api-registry/etc/addons/api-gateway.hcl

@@ -1,21 +1,15 @@
-config_entries {
+Kind = "api-gateway"
-  bootstrap = [
+Name = "gw"
-    {
-      Kind = "api-gateway"
-      Name = "gw"
 
-      Listeners = [
+Listeners = [
-        {
+  {
-          Name     = "gw"
+    Name     = "route-listener"
-          Port     = 443
+    Port     = 8443
-          Protocol = "http"
+    Protocol = "http"
-          #Services = [
+    #Services = [
-          #  {
+    #  {
-          #     Name = "catalog"
+    #      Name = "catalog"
-          #  }
+    #  }
-          #]
+    #]
-        }
+  }
-      ]
+]
-    }
-  ]
-}

api-registry/etc/addons/intentions.hcl

@@ -0,0 +1,13 @@
+Kind = "service-intentions"
+Name = "pricing"
+
+Sources = [
+  {
+    Name   = "basket"
+    Action = "deny"
+  }
+  {
+    Name   = "api"
+    Action = "allow"
+  }
+]

api-registry/etc/addons/pricing-intentions.hcl

@@ -1,13 +0,0 @@
-#Kind = "service-intentions"
-#Name = "pricing"
-
-#Sources = [
-  #{
-  #  Name   = "basket"
-  #  Action = "deny"
-  #}
-  #{
-  #  Name   = "api"
-  #  Action = "allow"
-  #}
-#]

api-registry/etc/addons/routes.hcl

@@ -1,87 +1,85 @@
-config_entries {
+Kind = "http-route"
-  bootstrap = [
+Name = "route-listener"
-    {
-      Kind = "http-route"
-      Name = "catalog-routes"
 
-      Meta = {
+Meta = {
-        "name" = "catalog-routes"
+  "name" = "catalog"
+}
+#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
+
+Parents = [
+  {
+    Kind        = "api-gateway"
+    Name        = "gw"
+    SectionName = "route-listener"
+  }
+]
+
+Rules = [
+  {
+    #Filters = {
+      #URLRewrite = {
+      #  Path = "/catalog"
+      #}
+      #JWT = {
+      #  Providers = [
+      #    Name = "<name of the provider>"
+      #    VerifyClaim = {
+      #      Path = ["<path to claim>"]
+      #      Value = "<value of claim>"
+      #    }
+      #  ]
+      #}
+    #}
+    Matches = [
+      {
+        Path = {
+          Match = "prefix"
+          Value = "/catalog"
+        }
+      #  Headers = [
+      #    {
+      #      Match = "<type of match: exact, prefix or regex>"
+      #      Name = "<name of header to match on>"
+      #      Value = "<value of header to match on>"
+      #    }
+      #  ]
+      #  Method = "<method type to match on>"
+      #  Path = {
+      #    Match = "<type of match: exact, prefix or regex>"
+      #    Value = "<value to match on>"
+      #  }
+      #  Query = [
+      #    {
+      #      Match = "<type of match: exact, present or regex>"
+      #      Name = "<name of query parameter to match on>"
+      #      Value = "<value of query parameter to match on>"
+      #    }
+      #  ]
       }
-      #Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
+    ]
-
+    Services = [
-      Parents = [
+      {
-        {
+        Name   = "catalog"
-          Kind        = "api-gateway"
+        Weight = 90
-          Name        = "gw"
+        Filters = {
-          #SectionName = "<optional name of a specific listener on the api-gateway to bind to>"
+        #  Headers = [
-        }
+        #    {
-      ]
+        #      Add = {
-
+        #        "<name of header to add>" = "<value of header to add>"
-      Rules = [
+        #      }
-        {
+        #      Remove = [
-          Filters = {
+        #        "<name of header to remove from request>"
-            URLRewrite = {
+        #      ]
-              Path = "/catalog"
+        #      Set = {
-            }
+        #        "<name of header to set>" = "<value of header to set>"
-            #JWT = {
+        #      }
-            #  Providers = [
+        #    }
-            #    Name = "<name of the provider>"
+        #  ]
-            #    VerifyClaim = {
+          URLRewrite = {
-            #      Path = ["<path to claim>"]
+            Path = "/"
-            #      Value = "<value of claim>"
-            #    }
-            #  ]
-            #}
           }
-          #Matches = [
-            #{
-            #  Headers = [
-            #    {
-            #      Match = "<type of match: exact, prefix or regex>"
-            #      Name = "<name of header to match on>"
-            #      Value = "<value of header to match on>"
-            #    }
-            #  ]
-            #  Method = "<method type to match on>"
-            #  Path = {
-            #    Match = "<type of match: exact, prefix or regex>"
-            #    Value = "<value to match on>"
-            #  }
-            #  Query = [
-            #    {
-            #      Match = "<type of match: exact, present or regex>"
-            #      Name = "<name of query parameter to match on>"
-            #      Value = "<value of query parameter to match on>"
-            #    }
-            #  ]
-            #}
-          #]
-          Services = [
-            {
-              Name   = "catalog"
-              Weight = 90
-              Filters = {
-              #  Headers = [
-              #    {
-              #      Add = {
-              #        "<name of header to add>" = "<value of header to add>"
-              #      }
-              #      Remove = [
-              #        "<name of header to remove from request>"
-              #      ]
-              #      Set = {
-              #        "<name of header to set>" = "<value of header to set>"
-              #      }
-              #    }
-              #  ]
-                URLRewrite = {
-                  Path = "/"
-                }
-              }
-            }
-          ]
         }
-      ]
+      }
-    }
+    ]
-  ]
+  }
-}
+]

api-registry/etc/addons/service-catalog.hcl

@@ -1,20 +1,20 @@
-services = [
+Kind = "service-router"
-    {
+Name = "catalog"
-        name = "catalog"
+
-        port = 443
+Routes = [
+  {
+    Match {
+        HTTP {
+            PathPrefix = "/catalog"
+        }
     }
-    checks = {
+
-        Interval = "10s"
+    Destination {
-        Name = "Connect Sidecar Listening"
+        Service = "catalog"
-        TCP = "127.0.0.1:20000"
+        RequestTimeout = "5s"
+        NumRetries = 5
+        RetryOnConnectFailure = true
+        RetryOn = ["reset"]
     }
-    kind = "connect-proxy"
+  }
-    name = "web-sidecar-proxy"
+]
-    port = 20000
-    proxy = {
-        destination_service_id = "catalog"
-        destination_service_name = "catalog"
-        local_service_address = "127.0.0.1"
-        local_service_port = 443
-    }
-]

api-registry/etc/addons/service-router.hcl

@@ -1,5 +1,5 @@
 Kind = "service-router"
-Name = "service-router"
+Name = "main-router"
 
 Routes = [
   {
@@ -10,6 +10,11 @@ Routes = [
     },
     Destination {
       Service = "identity"
+      RequestTimeout = "5s"
+      NumRetries = 5
+      RetryOnConnectFailure = true
+      RetryOn = ["reset"]
+
     }
   },
   {
@@ -20,6 +25,10 @@ Routes = [
     },
     Destination {
       Service = "basket"
+      RequestTimeout = "5s"
+      NumRetries = 5
+      RetryOnConnectFailure = true
+      RetryOn = ["reset"]
     }
   },
   {
@@ -30,6 +39,10 @@ Routes = [
     },
     Destination {
       Service = "catalog"
+      RequestTimeout = "5s"
+      NumRetries = 5
+      RetryOnConnectFailure = true
+      RetryOn = ["reset"]
     }
   },
   {
@@ -40,6 +53,10 @@ Routes = [
     },
     Destination {
       Service = "order"
+      RequestTimeout = "5s"
+      NumRetries = 5
+      RetryOnConnectFailure = true
+      RetryOn = ["reset"]
     }
   },
   {
@@ -50,6 +67,10 @@ Routes = [
     },
     Destination {
       Service = "pricing"
+      RequestTimeout = "5s"
+      NumRetries = 5
+      RetryOnConnectFailure = true
+      RetryOn = ["reset"]
     }
   },
   {

api-registry/etc/consul-template/catalog.hcl

@@ -1,11 +1,18 @@
 
-#vault {
+vault {
-#  # root VAUL_TOKEN - PROD CHECK!
+  # root VAUL_TOKEN - PROD CHECK!
-#  token        = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
+  token        = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
-#  address      = "https://api-vault:8200"
+  address      = "https://api-vault:8200"
-#  unwrap_token = false
+  unwrap_token = false
-#  renew_token  = false
+  renew_token  = false
-#}
+}
+
+consul {
+  address      = "https://127.0.0.1:8501"
+  ssl {
+    enabled    = true
+  }
+}
 
 template {
   source = "/opt/consul/tpl/catalog.crt.tpl"

api-registry/etc/consul/gateway.hcl

@@ -13,7 +13,7 @@ ui_config {
    content_path = "/registry"
 }
 
-bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
+bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
 client_addr = "0.0.0.0"
 
 ports {

api-registry/etc/consul/server.hcl

@@ -19,7 +19,7 @@ ui_config {
    }
 }
 
-bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
+bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
 client_addr = "0.0.0.0"
 
 ports {
@@ -50,7 +50,8 @@ connect {
    ca_provider = "vault"
    ca_config {
       address = "https://api-vault:8200"
-      token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
+      #token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
+      token = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
       root_pki_path = "pki/"
       intermediate_pki_path = "pki_int/"
    }

api-registry/opt/tpl/catalog.crt.tpl

@@ -1,3 +1,3 @@
-{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
+{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=localhost" "ip_sans=127.0.0.1"}}
 {{ .Data.certificate }}
 {{ end }}

api-registry/opt/tpl/catalog.key.tpl

@@ -1,3 +1,3 @@
-{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
+{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=localhost" "ip_sans=127.0.0.1"}}
 {{ .Data.private_key }}
 {{ end }}

deploy/image-build.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # RUN IN REPO ROOT DIR !!
 
-export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
+export IMAGE_NAME="git.ego.cloudns.be/egommerce/api-registry"
 
 TARGET=${1:-latest}
 

deploy/image-push.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 # RUN IN REPO ROOT DIR !!
 
-export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
+export IMAGE_NAME="git.ego.cloudns.be/egommerce/api-registry"
 
 TARGET=${1:-latest}
 
-echo $DOCKER_PASSWORD | docker login git.pbiernat.io -u $DOCKER_USERNAME --password-stdin
+echo $DOCKER_PASSWORD | docker login git.ego.cloudns.be -u $DOCKER_USERNAME --password-stdin
 docker push "$IMAGE_NAME:$TARGET"
 
 # Restart container