This commit is contained in:
Piotr Biernat 2025-03-16 14:19:51 +01:00
parent 97dec341af
commit facdb76ed8
6 changed files with 51 additions and 230 deletions

View File

@ -1,7 +1,7 @@
FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy
FROM ubuntu:latest AS base
FROM hashicorp/consul:1.20.1-ubi
FROM hashicorp/consul:1.21.0-rc1-ubi
USER root

View File

@ -25,8 +25,8 @@ if [ $APP_NAME == "api-gateway" ]
then
# register-service
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address route-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 &
# COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 &
# COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 &
fi

View File

@ -1,15 +1,15 @@
Kind = "api-gateway"
Name = "gw"
Name = "gateway"
Listeners = [
{
Name = "route-listener"
Port = 8443
Protocol = "http"
#Services = [
# {
# Name = "catalog"
# }
#]
Services = [
{
Name = "catalog"
}
]
}
]

View File

@ -1,6 +1,7 @@
# Datacenter configuration
datacenter = "dc"
domain = "ego.io"
node_name = "gateway"
data_dir = "/consul/data"
log_level = "DEBUG"
@ -11,15 +12,19 @@ server = false
ui_config {
enabled = true
content_path = "/registry"
dashboard_url_templates {
service = "https://grafana.example.com/d/lDlaj-NGz/service-overview?orgId=1&var-service={{Service.Name}}&var-namespace={{Service.Namespace}}&var-partition={{Service.Partition}}&var-dc={{Datacenter}}"
}
}
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
#bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
bind_addr = "{{ GetInterfaceIP \"eth0\" }}"
client_addr = "0.0.0.0"
ports {
dns = -1
https = 8501
http = -1
https = 8501
grpc_tls = 8503
}
@ -45,6 +50,7 @@ tls {
#verify_server_hostname = true
#verify_incoming = true
#verify_outgoing = true
verify_server_hostname = false
verify_incoming = false
verify_outgoing = false
}
@ -68,3 +74,30 @@ acl = {
# Gossip Encryption
encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
# Services
services {
name = "catalog"
port = 443
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "echo"
local_bind_port = 9191
}
}
}
}
}
services {
name = "echo"
port = 9999
connect {
sidecar_proxy {
proxy {
local_service_address = "192.168.0.111"
}
}
}
}

View File

@ -1,6 +1,7 @@
# Datacenter configuration
datacenter = "dc"
domain = "ego.io"
node_name = "registry"
data_dir = "/consul/data"
log_level = "DEBUG"
@ -19,7 +20,8 @@ ui_config {
}
}
bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
#bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}"
bind_addr = "{{ GetInterfaceIP \"eth0\" }}"
client_addr = "0.0.0.0"
ports {
@ -51,7 +53,7 @@ connect {
ca_config {
address = "https://api-vault:8200"
#token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE"
token = "hvs.dZL3N8PAozQ7EbOYFFDeipui"
token = "hvs.s6d6dyijMAyJ6b0WQYdjadZG"
root_pki_path = "pki/"
intermediate_pki_path = "pki_int/"
}
@ -92,217 +94,3 @@ acl = {
# Gossip Encryption
encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA="
# ADDITIONAL CONFIGS
config_entries {
bootstrap = [
{
Kind = "proxy-defaults"
Name = "global"
Config {
Protocol = "http"
}
AccessLogs {
Enabled = true
},
MeshGateway {
Mode = "local"
}
},
{
Kind = "service-defaults"
Name = "global"
Protocol = "http"
MeshGateway {
Mode = "local"
}
},
#{
# Kind = "mesh"
# Peering {
# PeerThroughMeshGateways = true
# }
#},
{
Kind = "file-system-certificate"
Name = "gateway-certificate"
Certificate = "/etc/certs/gateway.crt"
PrivateKey = "/etc/certs/gateway.key"
},
#{
# Kind = "file-system-certificate"
# Name = "catalog-certificate"
# Certificate = "/etc/certs/catalog.crt"
# PrivateKey = "/etc/certs/catalog.key"
#},
{
Kind = "api-gateway"
Name = "gateway"
Listeners = [
{
Name = "gw-listener"
Port = 8443
Protocol = "http"
TLS = {
Certificates = [
{
Kind = "file-system-certificate"
Name = "gateway-certificate"
}
]
}
}
]
},
{
Kind = "http-route"
Name = "basket-routes"
Hostnames = ["basket.service.ego.io"]
Parents = [
{
Kind = "api-gateway"
Name = "gateway"
SectionName = "gw-listener"
}
]
Rules = [
{
Matches = [
{
Path = {
Match = "prefix"
Value = "/basket"
}
}
]
#Filters = {
# URLRewrite = {
# Path = "/basket"
# }
#}
Services = [
{
Name = "basket"
Weight = 90
#Filters = {
# URLRewrite = {
# Path = "/"
# }
#}
}
]
}
]
},
{
Kind = "http-route"
Name = "catalog-routes"
Hostnames = ["catalog.service.ego.io"]
Parents = [
{
Kind = "api-gateway"
Name = "gateway"
SectionName = "gw-listener"
}
]
Rules = [
{
Matches = [
{
Path = {
Match = "prefix"
Value = "/catalog"
}
}
]
#Filters = {
# URLRewrite = {
# Path = "/catalog"
# }
#}
Services = [
{
Name = "catalog"
Weight = 90
#Filters = {
# URLRewrite = {
# Path = "/"
# }
#}
}
]
}
]
},
{
Kind = "service-router"
Name = "gateway"
Routes = [
{
Match {
HTTP {
PathPrefix = "/identity"
}
},
Destination {
Service = "identity"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/basket"
}
},
Destination {
Service = "basket"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/catalog"
}
},
Destination {
Service = "catalog"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/order"
}
},
Destination {
Service = "order"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
},
{
Match {
HTTP {
PathPrefix = "/pricing"
}
},
Destination {
Service = "pricing"
RetryOnConnectFailure = true
RequestTimeout = "120s"
PrefixRewrite = "/"
}
}
]
}
]
}

View File

@ -7,12 +7,12 @@
# -bind-address gw-listener=0.0.0.0:8443 \
# -enable-config-gen-logging
consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/api-gateway.log 2>&1 &
consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log 2>&1 &
# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443"
# -bind-address gw-listener=0.0.0.0:80
# catalog sidecar
consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 &
#consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 &
#basket sidecar
consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 &
#consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 &