diff --git a/Dockerfile b/Dockerfile index b21b853..6ab0370 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy FROM ubuntu:latest AS base -FROM hashicorp/consul:1.20.1-ubi +FROM hashicorp/consul:1.21.0-rc1-ubi USER root diff --git a/api-registry/entrypoint.sh b/api-registry/entrypoint.sh index 6a6aba9..0c3246d 100755 --- a/api-registry/entrypoint.sh +++ b/api-registry/entrypoint.sh @@ -25,8 +25,8 @@ if [ $APP_NAME == "api-gateway" ] then # register-service - IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address route-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 & - COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 & + IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 & + # COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 & # COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 & fi diff --git a/api-registry/etc/addons/api-gateway.hcl b/api-registry/etc/addons/api-gateway.hcl index af47690..2c8f259 100644 --- a/api-registry/etc/addons/api-gateway.hcl +++ b/api-registry/etc/addons/api-gateway.hcl @@ -1,15 +1,15 @@ Kind = "api-gateway" -Name = "gw" +Name = "gateway" Listeners = [ { Name = "route-listener" Port = 8443 Protocol = "http" - #Services = [ - # { - # Name = "catalog" - # } - #] + Services = [ + { + Name = "catalog" + } + ] } ] \ No newline at end of file diff --git a/api-registry/etc/consul/gateway.hcl b/api-registry/etc/consul/gateway.hcl index ace960d..4d88489 100644 --- a/api-registry/etc/consul/gateway.hcl +++ b/api-registry/etc/consul/gateway.hcl @@ -1,6 +1,7 @@ # Datacenter configuration datacenter = "dc" domain = "ego.io" +node_name = "gateway" data_dir = "/consul/data" log_level = "DEBUG" @@ -11,15 +12,19 @@ server = false ui_config { enabled = true content_path = "/registry" + dashboard_url_templates { + service = "https://grafana.example.com/d/lDlaj-NGz/service-overview?orgId=1&var-service={{Service.Name}}&var-namespace={{Service.Namespace}}&var-partition={{Service.Partition}}&var-dc={{Datacenter}}" + } } -bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}" +#bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}" +bind_addr = "{{ GetInterfaceIP \"eth0\" }}" client_addr = "0.0.0.0" ports { dns = -1 - https = 8501 http = -1 + https = 8501 grpc_tls = 8503 } @@ -45,6 +50,7 @@ tls { #verify_server_hostname = true #verify_incoming = true #verify_outgoing = true + verify_server_hostname = false verify_incoming = false verify_outgoing = false } @@ -68,3 +74,30 @@ acl = { # Gossip Encryption encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA=" + +# Services +services { + name = "catalog" + port = 443 + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "echo" + local_bind_port = 9191 + } + } + } + } +} +services { + name = "echo" + port = 9999 + connect { + sidecar_proxy { + proxy { + local_service_address = "192.168.0.111" + } + } + } +} diff --git a/api-registry/etc/consul/server.hcl b/api-registry/etc/consul/server.hcl index cd3773f..252fb0a 100644 --- a/api-registry/etc/consul/server.hcl +++ b/api-registry/etc/consul/server.hcl @@ -1,6 +1,7 @@ # Datacenter configuration datacenter = "dc" domain = "ego.io" +node_name = "registry" data_dir = "/consul/data" log_level = "DEBUG" @@ -19,7 +20,8 @@ ui_config { } } -bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}" +#bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.1.0/24\" | attr \"address\" }}" +bind_addr = "{{ GetInterfaceIP \"eth0\" }}" client_addr = "0.0.0.0" ports { @@ -51,7 +53,7 @@ connect { ca_config { address = "https://api-vault:8200" #token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE" - token = "hvs.dZL3N8PAozQ7EbOYFFDeipui" + token = "hvs.s6d6dyijMAyJ6b0WQYdjadZG" root_pki_path = "pki/" intermediate_pki_path = "pki_int/" } @@ -92,217 +94,3 @@ acl = { # Gossip Encryption encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA=" -# ADDITIONAL CONFIGS -config_entries { - bootstrap = [ - { - Kind = "proxy-defaults" - Name = "global" - Config { - Protocol = "http" - } - AccessLogs { - Enabled = true - }, - MeshGateway { - Mode = "local" - } - }, - { - Kind = "service-defaults" - Name = "global" - Protocol = "http" - MeshGateway { - Mode = "local" - } - }, - #{ - # Kind = "mesh" - # Peering { - # PeerThroughMeshGateways = true - # } - #}, - { - Kind = "file-system-certificate" - Name = "gateway-certificate" - Certificate = "/etc/certs/gateway.crt" - PrivateKey = "/etc/certs/gateway.key" - }, - #{ - # Kind = "file-system-certificate" - # Name = "catalog-certificate" - # Certificate = "/etc/certs/catalog.crt" - # PrivateKey = "/etc/certs/catalog.key" - #}, - { - Kind = "api-gateway" - Name = "gateway" - Listeners = [ - { - Name = "gw-listener" - Port = 8443 - Protocol = "http" - TLS = { - Certificates = [ - { - Kind = "file-system-certificate" - Name = "gateway-certificate" - } - ] - } - } - ] - }, - { - Kind = "http-route" - Name = "basket-routes" - Hostnames = ["basket.service.ego.io"] - Parents = [ - { - Kind = "api-gateway" - Name = "gateway" - SectionName = "gw-listener" - } - ] - Rules = [ - { - Matches = [ - { - Path = { - Match = "prefix" - Value = "/basket" - } - } - ] - #Filters = { - # URLRewrite = { - # Path = "/basket" - # } - #} - Services = [ - { - Name = "basket" - Weight = 90 - #Filters = { - # URLRewrite = { - # Path = "/" - # } - #} - } - ] - } - ] - }, - { - Kind = "http-route" - Name = "catalog-routes" - Hostnames = ["catalog.service.ego.io"] - Parents = [ - { - Kind = "api-gateway" - Name = "gateway" - SectionName = "gw-listener" - } - ] - Rules = [ - { - Matches = [ - { - Path = { - Match = "prefix" - Value = "/catalog" - } - } - ] - #Filters = { - # URLRewrite = { - # Path = "/catalog" - # } - #} - Services = [ - { - Name = "catalog" - Weight = 90 - #Filters = { - # URLRewrite = { - # Path = "/" - # } - #} - } - ] - } - ] - }, - { - Kind = "service-router" - Name = "gateway" - Routes = [ - { - Match { - HTTP { - PathPrefix = "/identity" - } - }, - Destination { - Service = "identity" - RetryOnConnectFailure = true - RequestTimeout = "120s" - PrefixRewrite = "/" - } - }, - { - Match { - HTTP { - PathPrefix = "/basket" - } - }, - Destination { - Service = "basket" - RetryOnConnectFailure = true - RequestTimeout = "120s" - PrefixRewrite = "/" - } - }, - { - Match { - HTTP { - PathPrefix = "/catalog" - } - }, - Destination { - Service = "catalog" - RetryOnConnectFailure = true - RequestTimeout = "120s" - PrefixRewrite = "/" - } - }, - { - Match { - HTTP { - PathPrefix = "/order" - } - }, - Destination { - Service = "order" - RetryOnConnectFailure = true - RequestTimeout = "120s" - PrefixRewrite = "/" - } - }, - { - Match { - HTTP { - PathPrefix = "/pricing" - } - }, - Destination { - Service = "pricing" - RetryOnConnectFailure = true - RequestTimeout = "120s" - PrefixRewrite = "/" - } - } - ] - } - ] -} \ No newline at end of file diff --git a/api-registry/start-envoy.sh b/api-registry/start-envoy.sh index d6acd97..e8a4702 100644 --- a/api-registry/start-envoy.sh +++ b/api-registry/start-envoy.sh @@ -7,12 +7,12 @@ # -bind-address gw-listener=0.0.0.0:8443 \ # -enable-config-gen-logging -consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/api-gateway.log 2>&1 & +consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log 2>&1 & # -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" # -bind-address gw-listener=0.0.0.0:80 # catalog sidecar -consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 & +#consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 & #basket sidecar -consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 & +#consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 &