This commit is contained in:
Piotr Biernat 2024-12-24 14:20:35 +01:00
parent 0accb265d7
commit 97dec341af
17 changed files with 178 additions and 157 deletions

View File

@ -1,7 +1,7 @@
FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
FROM ubuntu:latest AS base
FROM hashicorp/consul:1.19.2-ubi
FROM hashicorp/consul:1.20.1-ubi
USER root
@ -13,7 +13,7 @@ LABEL dev.egommerce.image.version="1.0"
ENV CGO_ENABLED=0
COPY ./api-registry/etc/consul /consul/config
# COPY ./api-registry/etc/addons/* /consul/config
COPY ./api-registry/etc/addons/* /consul/config/
COPY ./api-registry/etc/consul-template /consul/template
COPY ./api-registry/opt /opt/consul
COPY ./api-registry/entrypoint.sh /

View File

@ -9,9 +9,9 @@ update-ca-trust
echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf
# Install consul-template
# cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \
# unzip consul-template_0.19.5_linux_amd64.zip && \
# rm consul-template_0.19.5_linux_amd64.zip && cd -
cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.39.1/consul-template_0.39.1_linux_amd64.zip && \
unzip consul-template_0.39.1_linux_amd64.zip && \
rm consul-template_0.39.1_linux_amd64.zip && cd -
# Install glibc
# apk add gcompat
@ -25,9 +25,9 @@ if [ $APP_NAME == "api-gateway" ]
then
# register-service
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -client-cert /etc/certs/catalog.crt -client-key /etc/certs/catalog.key -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address route-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
# COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
fi

View File

@ -1,13 +1,10 @@
config_entries {
bootstrap = [
{
Kind = "api-gateway"
Name = "gw"
Kind = "api-gateway"
Name = "gw"
Listeners = [
Listeners = [
{
Name = "gw"
Port = 443
Name = "route-listener"
Port = 8443
Protocol = "http"
#Services = [
# {
@ -15,7 +12,4 @@ config_entries {
# }
#]
}
]
}
]
}
]

View File

@ -0,0 +1,13 @@
Kind = "service-intentions"
Name = "pricing"
Sources = [
{
Name = "basket"
Action = "deny"
}
{
Name = "api"
Action = "allow"
}
]

View File

@ -1,13 +0,0 @@
#Kind = "service-intentions"
#Name = "pricing"
#Sources = [
#{
# Name = "basket"
# Action = "deny"
#}
#{
# Name = "api"
# Action = "allow"
#}
#]

View File

@ -1,28 +1,25 @@
config_entries {
bootstrap = [
{
Kind = "http-route"
Name = "catalog-routes"
Kind = "http-route"
Name = "route-listener"
Meta = {
"name" = "catalog-routes"
}
#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
Meta = {
"name" = "catalog"
}
#Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
Parents = [
Parents = [
{
Kind = "api-gateway"
Name = "gw"
#SectionName = "<optional name of a specific listener on the api-gateway to bind to>"
SectionName = "route-listener"
}
]
]
Rules = [
Rules = [
{
Filters = {
URLRewrite = {
Path = "/catalog"
}
#Filters = {
#URLRewrite = {
# Path = "/catalog"
#}
#JWT = {
# Providers = [
# Name = "<name of the provider>"
@ -32,9 +29,13 @@ config_entries {
# }
# ]
#}
#}
Matches = [
{
Path = {
Match = "prefix"
Value = "/catalog"
}
#Matches = [
#{
# Headers = [
# {
# Match = "<type of match: exact, prefix or regex>"
@ -54,8 +55,8 @@ config_entries {
# Value = "<value of query parameter to match on>"
# }
# ]
#}
#]
}
]
Services = [
{
Name = "catalog"
@ -81,7 +82,4 @@ config_entries {
}
]
}
]
}
]
}
]

View File

@ -1,20 +1,20 @@
services = [
Kind = "service-router"
Name = "catalog"
Routes = [
{
name = "catalog"
port = 443
Match {
HTTP {
PathPrefix = "/catalog"
}
checks = {
Interval = "10s"
Name = "Connect Sidecar Listening"
TCP = "127.0.0.1:20000"
}
kind = "connect-proxy"
name = "web-sidecar-proxy"
port = 20000
proxy = {
destination_service_id = "catalog"
destination_service_name = "catalog"
local_service_address = "127.0.0.1"
local_service_port = 443
Destination {
Service = "catalog"
RequestTimeout = "5s"
NumRetries = 5
RetryOnConnectFailure = true
RetryOn = ["reset"]
}
}
]

View File

@ -1,5 +1,5 @@
Kind = "service-router"
Name = "service-router"
Name = "main-router"
Routes = [
{
@ -10,6 +10,11 @@ Routes = [
},
Destination {
Service = "identity"
RequestTimeout = "5s"
NumRetries = 5
RetryOnConnectFailure = true
RetryOn = ["reset"]
}
},
{
@ -20,6 +25,10 @@ Routes = [
},
Destination {
Service = "basket"
RequestTimeout = "5s"
NumRetries = 5
RetryOnConnectFailure = true
RetryOn = ["reset"]
}
},
{
@ -30,6 +39,10 @@ Routes = [
},
Destination {
Service = "catalog"
RequestTimeout = "5s"
NumRetries = 5
RetryOnConnectFailure = true
RetryOn = ["reset"]
}
},
{
@ -40,6 +53,10 @@ Routes = [
},
Destination {
Service = "order"
RequestTimeout = "5s"
NumRetries = 5
RetryOnConnectFailure = true
RetryOn = ["reset"]
}
},
{
@ -50,6 +67,10 @@ Routes = [
},
Destination {
Service = "pricing"
RequestTimeout = "5s"
NumRetries = 5
RetryOnConnectFailure = true
RetryOn = ["reset"]
}
},
{

View File

@ -1,11 +1,18 @@
#vault {
# # root VAUL_TOKEN - PROD CHECK!
# token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0"
# address = "https://api-vault:8200"
# unwrap_token = false
# renew_token = false
#}
vault {
# root VAUL_TOKEN - PROD CHECK!
token = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
address = "https://api-vault:8200"
unwrap_token = false
renew_token = false
}
consul {
address = "https://127.0.0.1:8501"
ssl {
enabled = true
}
}
template {
source = "/opt/consul/tpl/catalog.crt.tpl"

View File

@ -13,7 +13,7 @@ ui_config {
content_path = "/registry"
}
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
client_addr = "0.0.0.0"
ports {

View File

@ -19,7 +19,7 @@ ui_config {
}
}
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}"
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
client_addr = "0.0.0.0"
ports {
@ -50,7 +50,8 @@ connect {
ca_provider = "vault"
ca_config {
address = "https://api-vault:8200"
token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
#token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
token = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
root_pki_path = "pki/"
intermediate_pki_path = "pki_int/"
}

View File

@ -1,3 +1,3 @@
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=localhost" "ip_sans=127.0.0.1"}}
{{ .Data.certificate }}
{{ end }}

View File

@ -1,3 +1,3 @@
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}}
{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=localhost" "ip_sans=127.0.0.1"}}
{{ .Data.private_key }}
{{ end }}

View File

@ -1,7 +1,7 @@
#!/bin/sh
# RUN IN REPO ROOT DIR !!
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
export IMAGE_NAME="git.ego.cloudns.be/egommerce/api-registry"
TARGET=${1:-latest}

View File

@ -1,11 +1,11 @@
#!/bin/sh
# RUN IN REPO ROOT DIR !!
export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry"
export IMAGE_NAME="git.ego.cloudns.be/egommerce/api-registry"
TARGET=${1:-latest}
echo $DOCKER_PASSWORD | docker login git.pbiernat.io -u $DOCKER_USERNAME --password-stdin
echo $DOCKER_PASSWORD | docker login git.ego.cloudns.be -u $DOCKER_USERNAME --password-stdin
docker push "$IMAGE_NAME:$TARGET"
# Restart container