egommerce/stack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Piotr Biernat 2024-12-24 14:19:23 +01:00
parent 35dd2d38bf
commit a856f24132
22 changed files with 445 additions and 858 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@ -1,7 +1,20 @@
DEPLOY_DIR := ./deploy
# SETTING ENV
up:
- sh ${DEPLOY_DIR}/start-docker.sh
- sh ${DEPLOY_DIR}/scripts/start-docker.sh
down:
- docker stack rm egommerce
k8s-up:
- sh ${DEPLOY_DIR}/scripts/start-k8s.sh
k8s-down:
- kubectl... TODO :D
# GENERATING CERTS
certs:
- bash ${DEPLOY_DIR}/scripts/gen-certs.sh

18
README.md
View File

@ -1,9 +1,23 @@
# Egommerce docker stack
## RUNNING
## Start
# $ make up
## MAINTENANCE
## Shutdown
# $ make down
# Egommerce K8S stack (currently experimental)
## Start
# $ make k8s-up
## Shutdown
# $ make k8s-down
## Maintenance
### If certificate doesn't work try to copy contents of the key file at the end of the cert file.

0
deploy/bin/update-resolv.sh → deploy/bin/update-resolv
View File

14
deploy/docker/stack.dev.local.yml
View File

@ -5,20 +5,20 @@ services:
env_file: ../.env.local
environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.cJE9Qr4PIafDGy0wdx2GoxOb # ROOT TOKEN
- VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes:
- ../certs/api-registry/registry.local.crt:/etc/certs/registry.local.crt:ro
- ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro
# - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro
api-gateway:
env_file: ../.env.local
environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.cJE9Qr4PIafDGy0wdx2GoxOb # ROOT TOKEN
- VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes:
- ../certs/api-gateway/gateway.local.crt:/etc/certs/gateway.local.crt:ro
- ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro
# - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro
api-vault:
@ -26,10 +26,10 @@ services:
# command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"]
environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.G7oo532tREW4MTdWTgq03GtA # ROOT TOKEN
- VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes:
- ../certs/api-vault/vault.local.crt:/etc/certs/vault.crt:ro
- ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro
# - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro
ports:
- 48250:8200
@ -37,7 +37,7 @@ services:
api-eventbus:
env_file: ../.env.local
volumes:
- ../certs/api-eventbus/eventbus.local.crt:/etc/certs/eventbus.local.crt:ro
- ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.local.crt:ro
# - ../certs/api-eventbus/eventbus.key:/etc/certs/eventbus.local.key:ro
labels:
- traefik.tcp.routers.eventbus.rule=HostSNI(`esb.service.ego.io`)

37
deploy/docker/stack.dev.yml
View File

@ -2,34 +2,31 @@ version: "3.9"
services:
api-registry:
image: git.pbiernat.io/egommerce/api-registry:dev
image: git.ego.cloudns.be/egommerce/api-registry:dev
environment:
- APP_DOMAIN=registry.service.ego.io
- VAULT_ADDR=https://api-vault:8200
- VAULT_API_ADDR=https://api-vault:8200
# - VAULT_API_ADDR=https://api-vault:8200
# - ENVOY_VERSION_STRING=1.26.3
ports:
- 48100:8501
api-gateway:
image: git.pbiernat.io/egommerce/api-registry:dev
image: git.ego.cloudns.be/egommerce/api-registry:dev
environment:
- APP_DOMAIN=gw.service.ego.io
# - VAULT_ADDR=https://api-vault:8200
# - VAULT_API_ADDR=https://api-vault:8200
# - ENVOY_VERSION_STRING=1.26.3
ports:
- 48101:8501
- 48443:8443 # consul & envoy api gateway port
api-vault:
image: git.pbiernat.io/egommerce/api-vault:dev
image: git.ego.cloudns.be/egommerce/api-vault:dev
environment:
- APP_DOMAIN=vault.service.ego.io
- CONSUL_HTTP_ADDR=https://api-registry:8501
api-eventbus:
image: git.pbiernat.io/egommerce/api-eventbus:dev
image: git.ego.cloudns.be/egommerce/api-eventbus:dev
environment:
- APP_DOMAIN=esb.service.ego.io
# - RABBITMQ_NODENAME=api-eventbus
@ -38,13 +35,13 @@ services:
# - RABBITMQ_DEFAULT_PASS = passw123
api-cache:
image: git.pbiernat.io/egommerce/api-cache:dev
image: git.ego.cloudns.be/egommerce/api-cache:dev
environment:
- APP_DOMAIN=cache.service.ego.io
- PASSWORD=12345678
api-logger:
image: git.pbiernat.io/egommerce/api-logger:dev
image: git.ego.cloudns.be/egommerce/api-logger:dev
environment:
- APP_DOMAIN=logger.service.ego.io
@ -59,7 +56,7 @@ services:
# - APP_DOMAIN=grafana.service.ego.io
db-postgres:
image: git.pbiernat.io/egommerce/db-postgres:dev
image: git.ego.cloudns.be/egommerce/db-postgres:dev
environment:
- APP_DOMAIN=postgresdb.service.ego.io
- POSTGRESQL_PASSWORD=12345678
@ -70,14 +67,14 @@ services:
# API micro-services
identity-svc:
image: git.pbiernat.io/egommerce/identity-svc:dev
image: git.ego.cloudns.be/egommerce/identity-svc:dev
environment:
# - SERVER_ADDR=basket.service.ego.io
- APP_DOMAIN=identity.service.ego.io
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
catalog-svc:
image: git.pbiernat.io/egommerce/catalog-svc:dev
image: git.ego.cloudns.be/egommerce/catalog-svc:dev
environment:
# - REGISTRY_USE_DOMAIN_OVER_IP=false
- APP_DOMAIN=catalog.service.ego.io
@ -85,14 +82,14 @@ services:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
basket-svc:
image: git.pbiernat.io/egommerce/basket-svc:dev
image: git.ego.cloudns.be/egommerce/basket-svc:dev
environment:
- APP_DOMAIN=basket.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
order-svc:
image: git.pbiernat.io/egommerce/order-svc:dev
image: git.ego.cloudns.be/egommerce/order-svc:dev
environment:
- APP_DOMAIN=order.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
@ -101,7 +98,7 @@ services:
# - ../etc/resolv.conf:/etc/resolv.conf
pricing-svc:
image: git.pbiernat.io/egommerce/pricing-svc:dev
image: git.ego.cloudns.be/egommerce/pricing-svc:dev
environment:
- APP_DOMAIN=pricing.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
@ -109,21 +106,21 @@ services:
# Workers (Eventbus)
basket-worker:
image: git.pbiernat.io/egommerce/basket-worker:dev
image: git.ego.cloudns.be/egommerce/basket-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
catalog-worker:
image: git.pbiernat.io/egommerce/catalog-worker:dev
image: git.ego.cloudns.be/egommerce/catalog-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
pricing-worker:
image: git.pbiernat.io/egommerce/pricing-worker:dev
image: git.ego.cloudns.be/egommerce/pricing-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
order-worker:
image: git.pbiernat.io/egommerce/order-worker:dev
image: git.ego.cloudns.be/egommerce/order-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017

34
deploy/docker/stack.prod.yml
View File

@ -3,40 +3,40 @@ version: "3.9"
services:
api-registry:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/api-registry:prod
image: git.ego.cloudns.be/egommerce/api-registry:prod
environment:
- APP_DOMAIN=registry.service.ego.io
api-gateway:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/api-registry:prod
image: git.ego.cloudns.be/egommerce/api-registry:prod
environment:
- APP_DOMAIN=gw.service.ego.io
api-vault:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/api-vault:prod
image: git.ego.cloudns.be/egommerce/api-vault:prod
command: ["vault", "server", "-config=/vault/config/server.hcl"]
environment:
- APP_DOMAIN=vault.service.ego.io
- VAULT_API_ADDR=https://localhost:8200
- VAULT_ADDR=https://localhost:8200
# - VAULT_API_ADDR=https://localhost:8200
api-eventbus:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/api-eventbus:prod
image: git.ego.cloudns.be/egommerce/api-eventbus:prod
environment:
- APP_DOMAIN=esb.service.ego.io
api-cache:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/api-cache:prod
image: git.ego.cloudns.be/egommerce/api-cache:prod
environment:
- APP_DOMAIN=cache.service.ego.io
api-logger:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/api-logger:prod
image: git.ego.cloudns.be/egommerce/api-logger:prod
environment:
- APP_DOMAIN=logger.service.ego.io
@ -53,7 +53,7 @@ services:
db-postgres:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/db-postgres:prod
image: git.ego.cloudns.be/egommerce/db-postgres:prod
environment:
- APP_DOMAIN=postgresdb.service.ego.io
- POSTGRESQL_USERNAME=egommerce
@ -69,7 +69,7 @@ services:
# API micro-services
identity-svc:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/identity-svc:prod
image: git.ego.cloudns.be/egommerce/identity-svc:prod
environment:
- APP_DOMAIN=identity.service.ego.io
- APP_PATH_PREFIX=/identity
@ -78,7 +78,7 @@ services:
catalog-svc:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/catalog-svc:prod
image: git.ego.cloudns.be/egommerce/catalog-svc:prod
environment:
- APP_DOMAIN=catalog.service.ego.io
- APP_PATH_PREFIX=/catalog
@ -87,7 +87,7 @@ services:
basket-svc:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/basket-svc:prod
image: git.ego.cloudns.be/egommerce/basket-svc:prod
environment:
- APP_DOMAIN=basket.service.ego.io
- APP_PATH_PREFIX=/basket
@ -96,7 +96,7 @@ services:
pricing-svc:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/pricing-svc:prod
image: git.ego.cloudns.be/egommerce/pricing-svc:prod
environment:
- APP_DOMAIN=pricing.service.ego.io
- APP_PATH_PREFIX=/pricing
@ -105,7 +105,7 @@ services:
order-svc:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/order-svc:prod
image: git.ego.cloudns.be/egommerce/order-svc:prod
environment:
- APP_DOMAIN=order.service.ego.io
- APP_PATH_PREFIX=/order
@ -115,28 +115,28 @@ services:
# Workers (Eventbus)
basket-worker:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/basket-worker:prod
image: git.ego.cloudns.be/egommerce/basket-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
catalog-worker:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/catalog-worker:prod
image: git.ego.cloudns.be/egommerce/catalog-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
pricing-worker:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/pricing-worker:prod
image: git.ego.cloudns.be/egommerce/pricing-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
order-worker:
env_file: ../.env.prod
image: git.pbiernat.io/egommerce/order-worker:prod
image: git.ego.cloudns.be/egommerce/order-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672

134
deploy/docker/stack.yml
View File

@ -2,7 +2,7 @@ version: "3.9"
services:
api-registry:
image: git.pbiernat.io/egommerce/api-registry:latest
image: git.ego.cloudns.be/egommerce/api-registry:latest
command: [
"consul",
"agent",
@ -19,13 +19,15 @@ services:
- CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt
- CONSUL_CLIENT_CERT=/etc/certs/registry.crt
- CONSUL_CLIENT_KEY=/etc/certs/registry.key
- VAULT_ADDR=https://api-vault:8200
# - VAULT_API_ADDR=https://api-vault:8200
volumes:
- registry_data:/consul/data
- ../certs/api-registry/registry.internal.crt:/etc/certs/registry.crt:ro
- ../certs/api-registry/registry.key:/etc/certs/registry.key:ro
- ../certs/ca/internalCA.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro
# - ../bin/register-service:/bin/register-service
# - ../bin/update-resolv.sh:/bin/update-resolv
- ../certs/api-registry/api-registry.crt:/etc/certs/registry.crt:ro
- ../certs/api-registry/api-registry.key:/etc/certs/registry.key:ro
- ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
# - ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
@ -35,7 +37,7 @@ services:
- egommerce-network
api-gateway: # consul client running as api-gateway
image: git.pbiernat.io/egommerce/api-registry:latest
image: git.ego.cloudns.be/egommerce/api-registry:latest
command: [
"consul",
"agent",
@ -54,15 +56,17 @@ services:
- CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt
- CONSUL_CLIENT_CERT=/etc/certs/gateway.crt
- CONSUL_CLIENT_KEY=/etc/certs/gateway.key
- VAULT_ADDR=https://api-vault:8200
# - VAULT_API_ADDR=https://api-vault:8200
volumes:
- gateway_data:/consul/data
- ../certs/api-gateway/gateway.internal.crt:/etc/certs/gateway.crt:ro
- ../certs/api-gateway/gateway.key:/etc/certs/gateway.key:ro
- ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.crt:ro
- ../certs/api-gateway/api-gateway.key:/etc/certs/gateway.key:ro
- ../certs/catalog-svc/catalog-svc.crt:/etc/certs/catalog.crt:ro
- ../certs/catalog-svc/catalog-svc.key:/etc/certs/catalog.key:ro
- ../certs/ca/internalCA.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro
# - ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -74,19 +78,21 @@ services:
- egommerce-network
api-vault:
image: git.pbiernat.io/egommerce/api-vault:latest
image: git.ego.cloudns.be/egommerce/api-vault:latest
command: ["vault", "server", "-config=/vault/config/server.hcl"]
environment:
- APP_DOMAIN
- APP_NAME=api-vault
- API_REGISTRY_ADDR=api-registry
- VAULT_ADDR=https://localhost:8200
- VAULT_API_ADDR=https://localhost:8200
volumes:
- vault_data:/vault/data
- ../certs/api-vault/vault.internal.crt:/etc/certs/vault.crt:ro
- ../certs/api-vault/vault.key:/etc/certs/vault.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro
- ../certs/api-vault/api-vault.key:/etc/certs/vault.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
cap_add:
@ -97,7 +103,7 @@ services:
# - IPC_LOCK
api-eventbus:
image: git.pbiernat.io/egommerce/api-eventbus:latest
image: git.ego.cloudns.be/egommerce/api-eventbus:latest
environment:
# - RABBITMQ_NODENAME=api-eventbus
- RABBITMQ_ERLANG_COOKIE=rabbitmq
@ -107,11 +113,11 @@ services:
volumes:
- eventbus_data:/var/lib/rabbitmq
- eventbus_logs:/var/log/rabbitmq
- ../certs/api-eventbus/eventbus.internal.crt:/etc/certs/eventbus.crt:ro
- ../certs/api-eventbus/eventbus.key:/etc/certs/eventbus.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.crt:ro
- ../certs/api-eventbus/api-eventbus.key:/etc/certs/eventbus.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -123,15 +129,15 @@ services:
- egommerce-network
api-cache:
image: git.pbiernat.io/egommerce/api-cache:latest
image: git.ego.cloudns.be/egommerce/api-cache:latest
environment:
- APP_DOMAIN
- APP_NAME=api-cache
- API_REGISTRY_ADDR=api-registry
volumes:
# - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -143,15 +149,15 @@ services:
- egommerce-network
api-logger:
image: git.pbiernat.io/egommerce/api-logger:latest
image: git.ego.cloudns.be/egommerce/api-logger:latest
environment:
- APP_DOMAIN
- APP_NAME=api-logger
- API_REGISTRY_ADDR=api-registry
volumes:
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -171,9 +177,9 @@ services:
# - API_REGISTRY_ADDR=api-registry
# volumes:
# - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
# - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/register-service:/bin/register-service
# - ../bin/update-resolv.sh:/bin/update-resolv
# - ../bin/update-resolv:/bin/update-resolv
# - /var/run/docker.sock:/var/run/docker.sock
# depends_on:
# - api-registry
@ -188,8 +194,8 @@ services:
# - API_REGISTRY_ADDR=api-registry
# volumes:
# - grafana-db:/var/lib/grafana
# - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/update-resolv.sh:/bin/update-resolv
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/update-resolv:/bin/update-resolv
# - ../bin/register-service:/bin/register-service
# depends_on:
# - api-registry
@ -197,7 +203,7 @@ services:
# - egommerce-network
db-postgres:
image: git.pbiernat.io/egommerce/db-postgres:latest
image: git.ego.cloudns.be/egommerce/db-postgres:latest
environment:
- APP_DOMAIN
- APP_NAME=db-postgres
@ -208,9 +214,9 @@ services:
volumes:
- postgres_data:/var/lib/postgresql/data
# - ./db_migrations/init/:/docker-entrypoint-initdb.d/
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -231,9 +237,9 @@ services:
# - MONGO_INITDB_ROOT_PASSWORD
# volumes:
# - mongodb_data:/data/db
# - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/register-service:/bin/register-service
# - ../bin/update-resolv.sh:/bin/update-resolv
# - ../bin/update-resolv:/bin/update-resolv
# depends_on:
# - api-registry
# deploy:
@ -246,7 +252,7 @@ services:
# API micro-services
identity-svc:
image: git.pbiernat.io/egommerce/identity-svc:latest
image: git.ego.cloudns.be/egommerce/identity-svc:latest
environment:
- APP_NAME=identity-svc
- APP_PATH_PREFIX=/identity
@ -259,10 +265,10 @@ services:
volumes:
- ../certs/identity-svc/identity-svc.crt:/certs/client.crt:ro
- ../certs/identity-svc/identity-svc.key:/certs/client.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/identity-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -274,7 +280,7 @@ services:
- egommerce-network
catalog-svc:
image: git.pbiernat.io/egommerce/catalog-svc:latest
image: git.ego.cloudns.be/egommerce/catalog-svc:latest
environment:
- APP_NAME=catalog-svc
- APP_PATH_PREFIX=/catalog
@ -288,10 +294,10 @@ services:
volumes:
- ../certs/catalog-svc/catalog-svc.crt:/certs/client.crt:ro
- ../certs/catalog-svc/catalog-svc.key:/certs/client.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/catalog-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -303,7 +309,7 @@ services:
- egommerce-network
basket-svc:
image: git.pbiernat.io/egommerce/basket-svc:latest
image: git.ego.cloudns.be/egommerce/basket-svc:latest
environment:
- APP_NAME=basket-svc
- APP_PATH_PREFIX=/basket
@ -317,10 +323,10 @@ services:
volumes:
- ../certs/basket-svc/basket-svc.crt:/certs/client.crt:ro
- ../certs/basket-svc/basket-svc.key:/certs/client.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/basket-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -332,7 +338,7 @@ services:
- egommerce-network
order-svc:
image: git.pbiernat.io/egommerce/order-svc:latest
image: git.ego.cloudns.be/egommerce/order-svc:latest
environment:
- APP_NAME=order-svc
- APP_PATH_PREFIX=/order
@ -346,10 +352,10 @@ services:
volumes:
- ../certs/order-svc/order-svc.crt:/certs/client.crt:ro
- ../certs/order-svc/order-svc.key:/certs/client.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/order-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -361,7 +367,7 @@ services:
- egommerce-network
pricing-svc:
image: git.pbiernat.io/egommerce/pricing-svc:latest
image: git.ego.cloudns.be/egommerce/pricing-svc:latest
environment:
- APP_NAME=pricing-svc
- APP_PATH_PREFIX=/pricing
@ -375,10 +381,10 @@ services:
volumes:
- ../certs/pricing-svc/pricing-svc.crt:/certs/client.crt:ro
- ../certs/pricing-svc/pricing-svc.key:/certs/client.key:ro
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/pricing-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv.sh:/bin/update-resolv
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
@ -391,7 +397,7 @@ services:
# Workers (Eventbus)
basket-worker:
image: git.pbiernat.io/egommerce/basket-worker:latest
image: git.ego.cloudns.be/egommerce/basket-worker:latest
environment:
- APP_NAME=basket-worker
- APP_KV_NAMESPACE
@ -399,8 +405,8 @@ services:
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv.sh:/bin/update-resolv
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
@ -410,15 +416,15 @@ services:
- egommerce-network
catalog-worker:
image: git.pbiernat.io/egommerce/catalog-worker:latest
image: git.ego.cloudns.be/egommerce/catalog-worker:latest
environment:
- APP_NAME=catalog-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv.sh:/bin/update-resolv
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
@ -428,15 +434,15 @@ services:
- egommerce-network
pricing-worker:
image: git.pbiernat.io/egommerce/pricing-worker:latest
image: git.ego.cloudns.be/egommerce/pricing-worker:latest
environment:
- APP_NAME=pricing-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv.sh:/bin/update-resolv
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
@ -446,15 +452,15 @@ services:
- egommerce-network
order-worker:
image: git.pbiernat.io/egommerce/order-worker:latest
image: git.ego.cloudns.be/egommerce/order-worker:latest
environment:
- APP_NAME=order-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv.sh:/bin/update-resolv
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1

151
deploy/egommerce-stack.dev.local.yml
View File

@ -1,151 +0,0 @@
version: "3.9"
services:
api-gateway:
env_file: .env.local
environment:
- APP_DOMAIN=egommerce.local
# - APP_PORT=48443
ports:
- 48443:443
- 48444:8080
# - 5672:5672
api-registry:
command: ["-ui-content-path=/registry"]
env_file: .env.local
environment:
- APP_DOMAIN=registry.egommerce.local
# - APP_PORT=48445
ports:
- 48445:8500
- 8600:8600/udp
api-eventbus:
env_file: .env.local
environment:
- APP_DOMAIN=eventbus.egommerce.local
# - APP_PORT=48446
ports:
- 48446:8084
- 15672:15672
api-cache:
env_file: .env.local
environment:
- APP_DOMAIN=redis.egommerce.local
command: ["redis-server", "/etc/redis.conf", "--requirepass", "12345678"]
ports:
- 6379:6379
api-logger:
env_file: .env.local
environment:
- APP_DOMAIN=logger.egommerce.local
ports:
- 24224:24224
# api-prometheus:
# environment:
# - APP_DOMAIN=prometheus.egommerce.local
# ports:
# - 9090:9090
# api-grafana:
# environment:
# - APP_DOMAIN=grafana.egommerce.local
# ports:
# - 3000:3000
postgres-db:
env_file: .env.local
environment:
- APP_DOMAIN=postgres.egommerce.local
ports:
- 5432:5432
mongo-db:
env_file: .env.local
environment:
- APP_DOMAIN=mongo.egommerce.local
ports:
- 27017:27017
identity-svc:
env_file: .env.local
environment:
- APP_DOMAIN=identity.api.egommerce.local
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 8080:80
basket-svc:
env_file: .env.local
environment:
- APP_DOMAIN=basket.api.egommerce.local
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 8001:80
catalog-svc:
env_file: .env.local
environment:
- APP_DOMAIN=catalog.api.egommerce.local
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 8002:80
order-svc:
env_file: .env.local
environment:
- APP_DOMAIN=order.api.egommerce.local
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 8003:80
pricing-svc:
env_file: .env.local
environment:
- APP_DOMAIN=pricing.api.egommerce.local
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 8004:80
# Workers (EventBus)
basket-worker:
env_file: .env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
catalog-worker:
env_file: .env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
pricing-worker:
env_file: .env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
order-worker:
env_file: .env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672

140
deploy/egommerce-stack.dev.yml
View File

@ -1,140 +0,0 @@
version: "3.9"
services:
api-gateway:
image: git.ego.cloudns.be/egommerce/api-gateway:dev
environment:
- APP_DOMAIN=api-gateway
volumes:
- ./certs/api-gateway:/etc/traefik/certs
api-registry:
image: git.ego.cloudns.be/egommerce/api-registry:dev
environment:
- APP_DOMAIN=api-registry
- CONSUL_HTTP_TOKEN=devop
volumes:
- ./certs/api-registry:/consul/data/certs
api-eventbus:
image: git.ego.cloudns.be/egommerce/api-eventbus:dev
environment:
- APP_DOMAIN=api-eventbus
# - RABBITMQ_NODENAME=api-eventbus
# - RABBITMQ_USE_LONGNAME=true
# - RABBITMQ_DEFAULT_USER = admin
# - RABBITMQ_DEFAULT_PASS = passw123
api-cache:
image: git.ego.cloudns.be/egommerce/api-cache:dev
environment:
- PASSWORD=12345678
api-logger:
image: git.ego.cloudns.be/egommerce/api-logger:dev
environment:
- APP_DOMAIN=api-logger
#api-prometheus:
# image: prom/prometheus:latest # FIXME: create private image(prod/dev)...
# environment:
# - APP_DOMAIN=prometheus.keshop.bieda.it
#api-grafana:
# image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)...
# environment:
# - APP_DOMAIN=grafana.keshop.bieda.it
postgres-db:
environment:
- APP_DOMAIN=postgres-db
- POSTGRES_PASSWORD=12345678
mongo-db:
environment:
- APP_DOMAIN=mongo-db
- MONGO_INITDB_ROOT_PASSWORD=12345678
# API micro-services
identity-svc:
image: git.ego.cloudns.be/egommerce/identity-svc:dev
environment:
- APP_DOMAIN=identity-svc
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
volumes:
- ./certs/api-gateway:/certs
basket-svc:
image: git.ego.cloudns.be/egommerce/basket-svc:dev
environment:
- APP_DOMAIN=basket-svc
- AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
volumes:
- ./certs/api-gateway:/certs
catalog-svc:
image: git.ego.cloudns.be/egommerce/catalog-svc:dev
environment:
- APP_DOMAIN=catalog-svc
- AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
volumes:
- ./certs/api-gateway:/certs
pricing-svc:
image: git.ego.cloudns.be/egommerce/pricing-svc:dev
environment:
- APP_DOMAIN=pricing-svc
- AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
volumes:
- ./certs/api-gateway:/certs
order-svc:
image: git.ego.cloudns.be/egommerce/order-svc:dev
environment:
- APP_DOMAIN=order-svc
- AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
volumes:
- ./certs/api-gateway:/certs
# Workers (Eventbus)
basket-worker:
image: git.ego.cloudns.be/egommerce/basket-worker:dev
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
catalog-worker:
image: git.ego.cloudns.be/egommerce/catalog-worker:dev
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
pricing-worker:
image: git.ego.cloudns.be/egommerce/pricing-worker:dev
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
order-worker:
image: git.ego.cloudns.be/egommerce/order-worker:dev
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672

392
deploy/egommerce-stack.yml
View File

@ -1,392 +0,0 @@
version: "3.9"
services:
api-gateway:
image: git.ego.cloudns.be/egommerce/api-gateway:latest
# command:
# - '--providers.consulcatalog.refreshinterval=5s'
# FIXME ^^ only on config option: static/env/cli must be selected
environment:
- APP_NAME=api-gateway
- APP_DOMAIN
- API_REGISTRY_REFRESH_INTERVAL=5s
volumes:
- ./certs/api-gateway:/etc/traefik/certs
- /var/run/docker.sock:/var/run/docker.sock
networks:
- api-gateway-network
- api-registry-network
- api-logger-network
api-registry:
image: git.ego.cloudns.be/egommerce/api-registry:latest
environment:
- APP_NAME=api-registry
- APP_DOMAIN
- CONSUL_HTTP_TOKEN=VeryS3cr3tTok3N
volumes:
- registry_data:/consul/data
- ./certs/api-registry:/consul/data/certs
networks:
- api-registry-network
- api-logger-network
api-eventbus:
image: git.ego.cloudns.be/egommerce/api-eventbus:latest
environment:
# - RABBITMQ_NODENAME=api-eventbus
- RABBITMQ_ERLANG_COOKIE=rabbitmq
- APP_NAME=api-eventbus
- APP_DOMAIN
volumes:
- eventbus_data:/var/lib/rabbitmq
- eventbus_logs:/var/log/rabbitmq
networks:
- api-gateway-network
- api-eventbus-network
- api-registry-network
- api-logger-network
api-cache:
image: git.ego.cloudns.be/egommerce/api-cache:latest
environment:
- APP_NAME=api-cache
networks:
- api-cache-network
- api-logger-network
api-logger:
image: git.ego.cloudns.be/egommerce/api-logger:latest
environment:
- APP_NAME=api-logger
- APP_DOMAIN
networks:
- api-logger-network
#api-prometheus:
# image: prom/prometheus:latest # FIXME: create private image(prod/dev)...
# user: root
# environment:
# - APP_NAME=api-prometheus
# - APP_DOMAIN
# volumes:
# - ./etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
# - /var/run/docker.sock:/var/run/docker.sock
# networks:
# - api-prometheus-network
#- api-grafana-network
# - api-gateway-network
# - api-registry-network
# - api-eventbus-network
# - api-cache-network
# - api-logger-network
# - basket-svc-network
# - basket-worker-network
# - catalog-svc-network
# - catalog-worker-network
# - identity-svc-network
# - order-svc-network
# - order-worker-network
# - pricing-svc-network
# - pricing-worker-network
#api-grafana:
# image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)...
# environment:
# - APP_NAME=api-grafana
# - APP_DOMAIN
# volumes:
# - grafana-db:/var/lib/grafana
# networks:
# - api-grafana-network
postgres-db:
image: postgres:14.1-alpine
environment:
- APP_NAME=postgres-db
- APP_DOMAIN
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD
volumes:
- postgres_data:/var/lib/postgresql/data
- ./db_migrations/init/:/docker-entrypoint-initdb.d/
networks:
- postgres-db-network
- api-logger-network
mongo-db:
image: mongo:5.0.14
environment:
- APP_NAME=mongo-db
- APP_DOMAIN
- MONGO_INITDB_ROOT_USERNAME=mongodb
- MONGO_INITDB_ROOT_PASSWORD
volumes:
- mongodb_data:/data/db
networks:
- mongodb-db-network
- api-logger-network
# API micro-services
identity-svc:
image: git.ego.cloudns.be/egommerce/identity-svc:latest
environment:
- APP_NAME=identity-svc
- APP_PATH_PREFIX=/identity
- APP_DOMAIN
- APP_KV_NAMESPACE
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ./db_migrations/identity-svc:/migrations
networks:
- identity-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
basket-svc:
image: git.ego.cloudns.be/egommerce/basket-svc:latest
environment:
- APP_NAME=basket-svc
- APP_PATH_PREFIX=/basket
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ./db_migrations/basket-svc:/migrations
networks:
- basket-svc-network
# - order-svc-network
# - pricing-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
catalog-svc:
image: git.ego.cloudns.be/egommerce/catalog-svc:latest
environment:
- APP_NAME=catalog-svc
- APP_PATH_PREFIX=/catalog
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ./db_migrations/catalog-svc:/migrations
networks:
- catalog-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
pricing-svc:
image: git.ego.cloudns.be/egommerce/pricing-svc:latest
environment:
- APP_NAME=pricing-svc
- APP_PATH_PREFIX=/pricing
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ./db_migrations/pricing-svc:/migrations
networks:
- pricing-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
order-svc:
image: git.ego.cloudns.be/egommerce/order-svc:latest
environment:
- APP_NAME=order-svc
- APP_PATH_PREFIX=/order
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ./db_migrations/order-svc:/migrations
networks:
- order-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
# Workers (Eventbus)
basket-worker:
image: git.ego.cloudns.be/egommerce/basket-worker:latest
environment:
- APP_NAME=basket-worker
- APP_KV_NAMESPACE
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
networks:
- basket-worker-network
- pricing-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
catalog-worker:
image: git.ego.cloudns.be/egommerce/catalog-worker:latest
environment:
- APP_NAME=catalog-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
networks:
- catalog-worker-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
pricing-worker:
image: git.ego.cloudns.be/egommerce/pricing-worker:latest
environment:
- APP_NAME=pricing-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
networks:
- pricing-worker-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
order-worker:
image: git.ego.cloudns.be/egommerce/order-worker:latest
environment:
- APP_NAME=order-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
networks:
- order-worker-network
- basket-svc-network
- api-gateway-network
- api-registry-network
- api-eventbus-network
- api-logger-network
- postgres-db-network
- mongodb-db-network
volumes:
postgres_data: ~
mongodb_data: ~
registry_data: ~
eventbus_data: ~
eventbus_logs: ~
#grafana-db: ~
networks:
# Infrastructure networks
api-gateway-network:
driver: overlay
#internal: true
api-registry-network:
driver: overlay
#internal: true
api-eventbus-network:
driver: overlay
#internal: true
api-cache-network:
driver: overlay
#internal: true
api-logger-network:
driver: overlay
#internal: true
api-prometheus-network:
driver: overlay
#internal: true
#api-grafana-network:
# driver: overlay
# internal: true
postgres-db-network:
driver: overlay
#internal: true
mongodb-db-network:
driver: overlay
#internal: true
# Micro-services networks
identity-svc-network:
driver: overlay
#internal: true
basket-svc-network:
driver: overlay
#internal: true
catalog-svc-network:
driver: overlay
#internal: true
pricing-svc-network:
driver: overlay
#internal: true
order-svc-network:
driver: overlay
#internal: true
# Workers networks
basket-worker-network:
driver: overlay
#internal: true
catalog-worker-network:
driver: overlay
#internal: true
pricing-worker-network:
driver: overlay
#internal: true
order-worker-network:
driver: overlay
#internal: true

0
deploy/nginx-vhost.dev.conf → deploy/etc/nginx/nginx-vhost.dev.conf
View File

0
deploy/nginx-vhost.local.conf → deploy/etc/nginx/nginx-vhost.local.conf
View File

4
deploy/k8s/stack.dev.yml
View File

@ -7,7 +7,7 @@ metadata:
spec:
containers:
- name: api-registry
image: git.pbiernat.io/egommerce/api-registry:dev
image: git.ego.cloudns.be/egommerce/api-registry:dev
resources:
limits:
cpu: "1"
@ -45,4 +45,4 @@ spec:
spec:
containers:
- name: api-registry
image: git.pbiernat.io/egommerce/api-registry:dev
image: git.ego.cloudns.be/egommerce/api-registry:dev

4
deploy/k8s/stack.prod.yml
View File

@ -7,7 +7,7 @@ metadata:
spec:
containers:
- name: api-registry
image: git.pbiernat.io/egommerce/api-registry:prod
image: git.ego.cloudns.be/egommerce/api-registry:prod
---
apiVersion: apps/v1
kind: Deployment
@ -25,4 +25,4 @@ spec:
spec:
containers:
- name: api-registry
image: git.pbiernat.io/egommerce/api-registry:prod
image: git.ego.cloudns.be/egommerce/api-registry:prod

60
deploy/make-cert.sh
View File

@ -1,60 +0,0 @@
# #!/bin/sh
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./cert/identity-svc-server.key -out ./cert/identity-svc-server.cert \
-addext "subjectAltName = DNS:identity-svc"
# ^^ GENERATE CERT FOR BACKEND SERVICE (on client side - in traefik - we dont need DNS domain... for now...)
# if [ -z "$SERVICE" ]; then echo "set SERVICE var"; exit 1; fi
# if [ -z "$CA_ROOT" ]; then echo "set CA_ROOT var"; exit 1; fi
# if [ -z "$DOMAIN" ]; then echo "set DOMAIN var"; exit 1; fi
# PASSWORD=V3ryS3cr3tP4ssw0rd
# # sample for registry server (with api-gateway-svc as a client) but using FDN...
# # keytool -genkey -alias api-registry-svc -dname cn=$DOMAIN -validity 365 -keystore tmp/api-registry-svc.p12 -keyalg RSA -keysize 2048 -storepass $PASSWORD -ext "SAN:c=DNS:registry.egommerce.local,IP:127.0.0.1"
# # keytool -genkey -alias myClientCertificate -dname cn=$DOMAIN -validity 365 -keystore tmp/myClientCertificate.p12 -keyalg RSA -keysize 2048 -storepass $PASSWORD -ext "SAN:c=DNS:registry.egommerce.local,IP:127.0.0.1"
# # keytool -export -alias myClientCertificate -file tmp/myClientCertificate.crt -keystore tmp/myClientCertificate.p12 -storepass $PASSWORD
# # keytool -export -alias api-registry-svc -file tmp/api-registry-svc.crt -keystore tmp/api-registry-svc.p12 -storepass $PASSWORD
# # keytool -import -alias myClientCertificate -file tmp/myClientCertificate.crt -keystore tmp/api-registry-svc.p12 -storepass $PASSWORD # aka myCertificate.p12
# # echo "Done."
# # exit 0
# if [ -d "$SERVICE" ]; then
# echo "$SERVICE directory exists... Quitting."
# exit 1;
# fi
# if [ ! -f "$SERVICE" ]; then
# mkdir -p $SERVICE
# fi
# echo "===================================================================="
# echo "Fake third-party chain generated. Now generating keystore.p12 ..."
# echo "===================================================================="
# # generate private keys (for server)
# keytool -genkeypair -alias $SERVICE -dname cn=$DOMAIN -validity 365 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -keypass $PASSWORD -storepass $PASSWORD
# # generate a certificate for server signed by ca (root -> ca -> server)
# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -certreq -alias $SERVICE \
# | keytool -storetype PKCS12 -keystore "$CA_ROOT/ca.p12" -storepass $PASSWORD -gencert -alias ca -ext ku:c=dig,keyEnc -ext "SAN:c=DNS:$DOMAIN,IP:127.0.0.1" -ext eku=sa,ca -rfc > "$SERVICE/$SERVICE.pem"
# # import server cert chain into ${SERVICE}.p12
# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file "$CA_ROOT/root.pem"
# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias ca -file "$CA_ROOT/ca.pem"
# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias $SERVICE -file "$SERVICE/$SERVICE.pem"
# # DEPRECATED - duplicated above section...
# # echo "================================================="
# # echo "Keystore generated. Now generating truststore ..."
# # echo "================================================="
# # import server cert chain into my-truststore.p12
# # keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file "$CA_ROOT/root.pem"
# # keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias ca -file "$CA_ROOT/ca.pem"
# # keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias $SERVICE -file "$SERVICE/$SERVICE.pem"

0
deploy/build-register-service.sh → deploy/scripts/build-register-service-binary.sh
View File

255
deploy/scripts/gen-certs.sh Normal file
View File

@ -0,0 +1,255 @@
# #!/bin/bash
export DEPLOY_DIR="./deploy"
export CERTS_DIR="${DEPLOY_DIR}/certs/"
export REGISTRY_CN="registry.egommerce.local,api-registry,localhost"
export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:localhost,IP:127.0.0.1"
export GATEWAY_CN="gateway.egommerce.local,api-gatway,localhost"
export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:localhost,IP:127.0.0.1"
export VAULT_CN="vault.egommerce.local,api-vault,localhost"
export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1"
export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost"
export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,DNS:localhost,IP:127.0.0.1"
export CACHE_CN="cache.egommerce.local,api-cache,localhost"
export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,DNS:localhost,IP:127.0.0.1"
export LOGGER_CN="logger.egommerce.local,api-logger,localhost"
export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,DNS:localhost,IP:127.0.0.1"
export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus,localhost"
export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,DNS:localhost,IP:127.0.0.1"
export GRAFANA_CN="grafana.egommerce.local,api-grafana,localhost"
export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,DNS:localhost,IP:127.0.0.1"
export POSTGRES_CN="postgresdb.egommerce.local,db-postgres,localhost"
export POSTGRES_SAN="DNS:pstgresdb.egommerce.local,DNS:db-postgres,DNS:localhost,IP:127.0.0.1"
export MONGO_CN="mongo.db.egommerce.local,db-mongo,localhost"
export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,DNS:localhost,IP:127.0.0.1"
export IDENTITY_CN="gateway.egommerce.local,identity.egommerce.local"
export IDENTITY_SAN="DNS:gateway.egommerce.local,DNS:identity.egommerce.local,DNS:localhost,IP:127.0.0.1"
export CATALOG_CN="gateway.egommerce.local, catalog.egommerce.local"
export CATALOG_SAN="DNS:gateway.egommerce.local,DNS:catalog.egommerce.local,DNS:localhost,IP:127.0.0.1"
export BASKET_CN="gateway.egommerce.local"
export BASKET_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
export ORDER_CN="gateway.egommerce.local"
export ORDER_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
export PRICING_CN="gateway.egommerce.local"
export PRICING_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
# Create required directories
mkdir -p \
${CERTS_DIR} \
${CERTS_DIR}ca-root \
${CERTS_DIR}api-registry \
${CERTS_DIR}api-gateway \
${CERTS_DIR}api-vault \
${CERTS_DIR}api-eventbus \
${CERTS_DIR}api-cache \
${CERTS_DIR}api-logger \
${CERTS_DIR}api-prometheus \
${CERTS_DIR}api-grafana \
${CERTS_DIR}db-postgres \
${CERTS_DIR}db-mongo \
${CERTS_DIR}identity-svc \
${CERTS_DIR}basket-svc \
${CERTS_DIR}catalog-svc \
${CERTS_DIR}order-svc \
${CERTS_DIR}pricing-svc
# Generate Root CA cert
# openssl req -newkey rsa:2048 -nodes -x509 -days 1024 \
# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \
# -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null
# Generate Registry cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$REGISTRY_CN" \
-keyout ${CERTS_DIR}api-registry/api-registry.key \
-out ${CERTS_DIR}api-registry/api-registry.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null
# Generate Gateway cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GATEWAY_CN" \
-keyout ${CERTS_DIR}api-gateway/api-gateway.key \
-out ${CERTS_DIR}api-gateway/api-gateway.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null
# Genearte Vault cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \
-keyout ${CERTS_DIR}api-vault/api-vault.key \
-out ${CERTS_DIR}api-vault/api-vault.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null
# Genearte Eventbus cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \
-keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \
-out ${CERTS_DIR}api-eventbus/api-eventbus.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null
# Genearte Cache cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \
-keyout ${CERTS_DIR}api-cache/api-cache.key \
-out ${CERTS_DIR}api-cache/api-cache.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null
# Genearte Logger cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \
-keyout ${CERTS_DIR}api-logger/api-logger.key \
-out ${CERTS_DIR}api-logger/api-logger.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null
# Genearte Prometheus cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \
-keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \
-out ${CERTS_DIR}api-prometheus/api-prometheus.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null
# Genearte Grafana cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \
-keyout ${CERTS_DIR}api-grafana/api-grafana.key \
-out ${CERTS_DIR}api-grafana/api-grafana.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null
# Genearte Postgres cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \
-keyout ${CERTS_DIR}db-postgres/db-postgres.key \
-out ${CERTS_DIR}db-postgres/db-postgres.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null
# Genearte Mongo cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \
-keyout ${CERTS_DIR}db-mongo/db-mongo.key \
-out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null
# Genearte Identity cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \
-keyout ${CERTS_DIR}identity-svc/identity-svc.key \
-out ${CERTS_DIR}identity-svc/identity-svc.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null
# Genearte Basket cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \
-keyout ${CERTS_DIR}basket-svc/basket-svc.key \
-out ${CERTS_DIR}basket-svc/basket-svc.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null
# Genearte Catalog cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \
-keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \
-out ${CERTS_DIR}catalog-svc/catalog-svc.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null
# Genearte Order cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \
-keyout ${CERTS_DIR}order-svc/order-svc.key \
-out ${CERTS_DIR}order-svc/order-svc.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null
# Genearte Pricing cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \
-keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \
-out ${CERTS_DIR}pricing-svc/pricing-svc.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null

0
deploy/remove_dangling_images.sh → deploy/scripts/remove-dangling-images.sh
View File

0
deploy/start-docker.sh → deploy/scripts/start-docker.sh
View File

0
deploy/start-k8s.sh → deploy/scripts/start-k8s.sh
View File

45
deploy/scripts/vault-init-template.sh Normal file
View File

@ -0,0 +1,45 @@
#!/bin/sh
vault secrets enable pki
vault secrets tune -max-lease-ttl=87600h pki
vault write -field=certificate pki/root/generate/internal \
common_name="ego.io" \
ttl=87600h > CA_cert.crt
vault write pki/config/urls \
issuing_certificates="https://127.0.0.1:8200/v1/pki/ca" \
crl_distribution_points="https://127.0.0.1:8200/v1/pki/crl"
vault secrets enable -path=pki_int pki
vault secrets tune -max-lease-ttl=43800h pki_int
vault write -format=json pki_int/intermediate/generate/internal \
common_name="ego.io Intermediate Authority" \
| jq -r '.data.csr' > pki_intermediate.csr
vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \
format=pem_bundle ttl="43800h" \
| jq -r '.data.certificate' > intermediate.cert.pem
vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem
vault write pki_int/roles/ego.io \
allowed_domains="ego.io" \
allow_subdomains=true \
generate_lease=true \
max_ttl="720h"
vault write pki_int/issue/ego.io \
common_name="catalog.service.ego.io" \
ttl="24h" | tee certs.txt
# CONFIGURE CONSUL
mkdir -p /opt/consul/agent-certs
grep -Pzo "(?s)(?<=certificate)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.crt
grep -Pzo "(?s)(?<=private_key)[^\-]*.*?END RSA PRIVATE KEY[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.key
grep -Pzo "(?s)(?<=issuing_ca)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/ca.crt
## FIXME ^^ invalid pattern flag...

0
deploy/volumes-restart.sh → deploy/scripts/volumes-restart.sh
View File