From a856f2413224e2f41aeaf5a635075a44419220fd Mon Sep 17 00:00:00 2001 From: Piotr Biernat Date: Tue, 24 Dec 2024 14:19:23 +0100 Subject: [PATCH] refactor --- Makefile | 15 +- README.md | 18 +- .../bin/{update-resolv.sh => update-resolv} | 0 deploy/docker/stack.dev.local.yml | 14 +- deploy/docker/stack.dev.yml | 37 +- deploy/docker/stack.prod.yml | 34 +- deploy/docker/stack.yml | 134 +++--- deploy/egommerce-stack.dev.local.yml | 151 ------- deploy/egommerce-stack.dev.yml | 140 ------- deploy/egommerce-stack.yml | 392 ------------------ deploy/{ => etc/nginx}/nginx-vhost.dev.conf | 0 deploy/{ => etc/nginx}/nginx-vhost.local.conf | 0 deploy/k8s/stack.dev.yml | 4 +- deploy/k8s/stack.prod.yml | 4 +- deploy/make-cert.sh | 60 --- .../build-register-service-binary.sh} | 0 deploy/scripts/gen-certs.sh | 255 ++++++++++++ .../remove-dangling-images.sh} | 0 deploy/{ => scripts}/start-docker.sh | 0 deploy/{ => scripts}/start-k8s.sh | 0 deploy/scripts/vault-init-template.sh | 45 ++ deploy/{ => scripts}/volumes-restart.sh | 0 22 files changed, 445 insertions(+), 858 deletions(-) rename deploy/bin/{update-resolv.sh => update-resolv} (100%) delete mode 100644 deploy/egommerce-stack.dev.local.yml delete mode 100644 deploy/egommerce-stack.dev.yml delete mode 100644 deploy/egommerce-stack.yml rename deploy/{ => etc/nginx}/nginx-vhost.dev.conf (100%) rename deploy/{ => etc/nginx}/nginx-vhost.local.conf (100%) delete mode 100644 deploy/make-cert.sh rename deploy/{build-register-service.sh => scripts/build-register-service-binary.sh} (100%) create mode 100644 deploy/scripts/gen-certs.sh rename deploy/{remove_dangling_images.sh => scripts/remove-dangling-images.sh} (100%) rename deploy/{ => scripts}/start-docker.sh (100%) rename deploy/{ => scripts}/start-k8s.sh (100%) create mode 100644 deploy/scripts/vault-init-template.sh rename deploy/{ => scripts}/volumes-restart.sh (100%) diff --git a/Makefile b/Makefile index 09e36ff..832ee28 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,20 @@ DEPLOY_DIR := ./deploy +# SETTING ENV up: - - sh ${DEPLOY_DIR}/start-docker.sh + - sh ${DEPLOY_DIR}/scripts/start-docker.sh down: - docker stack rm egommerce + +k8s-up: + - sh ${DEPLOY_DIR}/scripts/start-k8s.sh + +k8s-down: + - kubectl... TODO :D + +# GENERATING CERTS + +certs: + - bash ${DEPLOY_DIR}/scripts/gen-certs.sh + diff --git a/README.md b/README.md index dfede59..f740d33 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,23 @@ # Egommerce docker stack -## RUNNING +## Start # $ make up -## MAINTENANCE +## Shutdown + +# $ make down + +# Egommerce K8S stack (currently experimental) + +## Start + +# $ make k8s-up + +## Shutdown + +# $ make k8s-down + +## Maintenance ### If certificate doesn't work try to copy contents of the key file at the end of the cert file. diff --git a/deploy/bin/update-resolv.sh b/deploy/bin/update-resolv similarity index 100% rename from deploy/bin/update-resolv.sh rename to deploy/bin/update-resolv diff --git a/deploy/docker/stack.dev.local.yml b/deploy/docker/stack.dev.local.yml index 161516d..6bfeacb 100644 --- a/deploy/docker/stack.dev.local.yml +++ b/deploy/docker/stack.dev.local.yml @@ -5,20 +5,20 @@ services: env_file: ../.env.local environment: - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.cJE9Qr4PIafDGy0wdx2GoxOb # ROOT TOKEN + - VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE volumes: - - ../certs/api-registry/registry.local.crt:/etc/certs/registry.local.crt:ro + - ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro # - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro api-gateway: env_file: ../.env.local environment: - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.cJE9Qr4PIafDGy0wdx2GoxOb # ROOT TOKEN + - VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE volumes: - - ../certs/api-gateway/gateway.local.crt:/etc/certs/gateway.local.crt:ro + - ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro # - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro api-vault: @@ -26,10 +26,10 @@ services: # command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"] environment: - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.G7oo532tREW4MTdWTgq03GtA # ROOT TOKEN + - VAULT_TOKEN=hvs.dZL3N8PAozQ7EbOYFFDeipui # ROOT TOKEN # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE volumes: - - ../certs/api-vault/vault.local.crt:/etc/certs/vault.crt:ro + - ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro # - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro ports: - 48250:8200 @@ -37,7 +37,7 @@ services: api-eventbus: env_file: ../.env.local volumes: - - ../certs/api-eventbus/eventbus.local.crt:/etc/certs/eventbus.local.crt:ro + - ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.local.crt:ro # - ../certs/api-eventbus/eventbus.key:/etc/certs/eventbus.local.key:ro labels: - traefik.tcp.routers.eventbus.rule=HostSNI(`esb.service.ego.io`) diff --git a/deploy/docker/stack.dev.yml b/deploy/docker/stack.dev.yml index 807bf43..33199ee 100644 --- a/deploy/docker/stack.dev.yml +++ b/deploy/docker/stack.dev.yml @@ -2,34 +2,31 @@ version: "3.9" services: api-registry: - image: git.pbiernat.io/egommerce/api-registry:dev + image: git.ego.cloudns.be/egommerce/api-registry:dev environment: - APP_DOMAIN=registry.service.ego.io - - VAULT_ADDR=https://api-vault:8200 - - VAULT_API_ADDR=https://api-vault:8200 + # - VAULT_API_ADDR=https://api-vault:8200 # - ENVOY_VERSION_STRING=1.26.3 ports: - 48100:8501 api-gateway: - image: git.pbiernat.io/egommerce/api-registry:dev + image: git.ego.cloudns.be/egommerce/api-registry:dev environment: - APP_DOMAIN=gw.service.ego.io - # - VAULT_ADDR=https://api-vault:8200 - # - VAULT_API_ADDR=https://api-vault:8200 # - ENVOY_VERSION_STRING=1.26.3 ports: - 48101:8501 - 48443:8443 # consul & envoy api gateway port api-vault: - image: git.pbiernat.io/egommerce/api-vault:dev + image: git.ego.cloudns.be/egommerce/api-vault:dev environment: - APP_DOMAIN=vault.service.ego.io - CONSUL_HTTP_ADDR=https://api-registry:8501 api-eventbus: - image: git.pbiernat.io/egommerce/api-eventbus:dev + image: git.ego.cloudns.be/egommerce/api-eventbus:dev environment: - APP_DOMAIN=esb.service.ego.io # - RABBITMQ_NODENAME=api-eventbus @@ -38,13 +35,13 @@ services: # - RABBITMQ_DEFAULT_PASS = passw123 api-cache: - image: git.pbiernat.io/egommerce/api-cache:dev + image: git.ego.cloudns.be/egommerce/api-cache:dev environment: - APP_DOMAIN=cache.service.ego.io - PASSWORD=12345678 api-logger: - image: git.pbiernat.io/egommerce/api-logger:dev + image: git.ego.cloudns.be/egommerce/api-logger:dev environment: - APP_DOMAIN=logger.service.ego.io @@ -59,7 +56,7 @@ services: # - APP_DOMAIN=grafana.service.ego.io db-postgres: - image: git.pbiernat.io/egommerce/db-postgres:dev + image: git.ego.cloudns.be/egommerce/db-postgres:dev environment: - APP_DOMAIN=postgresdb.service.ego.io - POSTGRESQL_PASSWORD=12345678 @@ -70,14 +67,14 @@ services: # API micro-services identity-svc: - image: git.pbiernat.io/egommerce/identity-svc:dev + image: git.ego.cloudns.be/egommerce/identity-svc:dev environment: # - SERVER_ADDR=basket.service.ego.io - APP_DOMAIN=identity.service.ego.io - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 catalog-svc: - image: git.pbiernat.io/egommerce/catalog-svc:dev + image: git.ego.cloudns.be/egommerce/catalog-svc:dev environment: # - REGISTRY_USE_DOMAIN_OVER_IP=false - APP_DOMAIN=catalog.service.ego.io @@ -85,14 +82,14 @@ services: - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 basket-svc: - image: git.pbiernat.io/egommerce/basket-svc:dev + image: git.ego.cloudns.be/egommerce/basket-svc:dev environment: - APP_DOMAIN=basket.service.ego.io - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 order-svc: - image: git.pbiernat.io/egommerce/order-svc:dev + image: git.ego.cloudns.be/egommerce/order-svc:dev environment: - APP_DOMAIN=order.service.ego.io - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik @@ -101,7 +98,7 @@ services: # - ../etc/resolv.conf:/etc/resolv.conf pricing-svc: - image: git.pbiernat.io/egommerce/pricing-svc:dev + image: git.ego.cloudns.be/egommerce/pricing-svc:dev environment: - APP_DOMAIN=pricing.service.ego.io - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik @@ -109,21 +106,21 @@ services: # Workers (Eventbus) basket-worker: - image: git.pbiernat.io/egommerce/basket-worker:dev + image: git.ego.cloudns.be/egommerce/basket-worker:dev environment: - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 catalog-worker: - image: git.pbiernat.io/egommerce/catalog-worker:dev + image: git.ego.cloudns.be/egommerce/catalog-worker:dev environment: - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 pricing-worker: - image: git.pbiernat.io/egommerce/pricing-worker:dev + image: git.ego.cloudns.be/egommerce/pricing-worker:dev environment: - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 order-worker: - image: git.pbiernat.io/egommerce/order-worker:dev + image: git.ego.cloudns.be/egommerce/order-worker:dev environment: - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 diff --git a/deploy/docker/stack.prod.yml b/deploy/docker/stack.prod.yml index b0e0106..34acf28 100644 --- a/deploy/docker/stack.prod.yml +++ b/deploy/docker/stack.prod.yml @@ -3,40 +3,40 @@ version: "3.9" services: api-registry: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/api-registry:prod + image: git.ego.cloudns.be/egommerce/api-registry:prod environment: - APP_DOMAIN=registry.service.ego.io api-gateway: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/api-registry:prod + image: git.ego.cloudns.be/egommerce/api-registry:prod environment: - APP_DOMAIN=gw.service.ego.io api-vault: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/api-vault:prod + image: git.ego.cloudns.be/egommerce/api-vault:prod command: ["vault", "server", "-config=/vault/config/server.hcl"] environment: - APP_DOMAIN=vault.service.ego.io - - VAULT_API_ADDR=https://localhost:8200 - VAULT_ADDR=https://localhost:8200 + # - VAULT_API_ADDR=https://localhost:8200 api-eventbus: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/api-eventbus:prod + image: git.ego.cloudns.be/egommerce/api-eventbus:prod environment: - APP_DOMAIN=esb.service.ego.io api-cache: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/api-cache:prod + image: git.ego.cloudns.be/egommerce/api-cache:prod environment: - APP_DOMAIN=cache.service.ego.io api-logger: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/api-logger:prod + image: git.ego.cloudns.be/egommerce/api-logger:prod environment: - APP_DOMAIN=logger.service.ego.io @@ -53,7 +53,7 @@ services: db-postgres: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/db-postgres:prod + image: git.ego.cloudns.be/egommerce/db-postgres:prod environment: - APP_DOMAIN=postgresdb.service.ego.io - POSTGRESQL_USERNAME=egommerce @@ -69,7 +69,7 @@ services: # API micro-services identity-svc: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/identity-svc:prod + image: git.ego.cloudns.be/egommerce/identity-svc:prod environment: - APP_DOMAIN=identity.service.ego.io - APP_PATH_PREFIX=/identity @@ -78,7 +78,7 @@ services: catalog-svc: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/catalog-svc:prod + image: git.ego.cloudns.be/egommerce/catalog-svc:prod environment: - APP_DOMAIN=catalog.service.ego.io - APP_PATH_PREFIX=/catalog @@ -87,7 +87,7 @@ services: basket-svc: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/basket-svc:prod + image: git.ego.cloudns.be/egommerce/basket-svc:prod environment: - APP_DOMAIN=basket.service.ego.io - APP_PATH_PREFIX=/basket @@ -96,7 +96,7 @@ services: pricing-svc: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/pricing-svc:prod + image: git.ego.cloudns.be/egommerce/pricing-svc:prod environment: - APP_DOMAIN=pricing.service.ego.io - APP_PATH_PREFIX=/pricing @@ -105,7 +105,7 @@ services: order-svc: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/order-svc:prod + image: git.ego.cloudns.be/egommerce/order-svc:prod environment: - APP_DOMAIN=order.service.ego.io - APP_PATH_PREFIX=/order @@ -115,28 +115,28 @@ services: # Workers (Eventbus) basket-worker: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/basket-worker:prod + image: git.ego.cloudns.be/egommerce/basket-worker:prod environment: - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 catalog-worker: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/catalog-worker:prod + image: git.ego.cloudns.be/egommerce/catalog-worker:prod environment: - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 pricing-worker: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/pricing-worker:prod + image: git.ego.cloudns.be/egommerce/pricing-worker:prod environment: - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 order-worker: env_file: ../.env.prod - image: git.pbiernat.io/egommerce/order-worker:prod + image: git.ego.cloudns.be/egommerce/order-worker:prod environment: - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 diff --git a/deploy/docker/stack.yml b/deploy/docker/stack.yml index d2d11d5..7311ba5 100644 --- a/deploy/docker/stack.yml +++ b/deploy/docker/stack.yml @@ -2,7 +2,7 @@ version: "3.9" services: api-registry: - image: git.pbiernat.io/egommerce/api-registry:latest + image: git.ego.cloudns.be/egommerce/api-registry:latest command: [ "consul", "agent", @@ -19,13 +19,15 @@ services: - CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt - CONSUL_CLIENT_CERT=/etc/certs/registry.crt - CONSUL_CLIENT_KEY=/etc/certs/registry.key + - VAULT_ADDR=https://api-vault:8200 + # - VAULT_API_ADDR=https://api-vault:8200 volumes: - registry_data:/consul/data - - ../certs/api-registry/registry.internal.crt:/etc/certs/registry.crt:ro - - ../certs/api-registry/registry.key:/etc/certs/registry.key:ro - - ../certs/ca/internalCA.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro - # - ../bin/register-service:/bin/register-service - # - ../bin/update-resolv.sh:/bin/update-resolv + - ../certs/api-registry/api-registry.crt:/etc/certs/registry.crt:ro + - ../certs/api-registry/api-registry.key:/etc/certs/registry.key:ro + - ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro + - ../bin/register-service:/bin/register-service + # - ../bin/update-resolv:/bin/update-resolv deploy: mode: replicated replicas: 1 @@ -35,7 +37,7 @@ services: - egommerce-network api-gateway: # consul client running as api-gateway - image: git.pbiernat.io/egommerce/api-registry:latest + image: git.ego.cloudns.be/egommerce/api-registry:latest command: [ "consul", "agent", @@ -54,15 +56,17 @@ services: - CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt - CONSUL_CLIENT_CERT=/etc/certs/gateway.crt - CONSUL_CLIENT_KEY=/etc/certs/gateway.key + - VAULT_ADDR=https://api-vault:8200 + # - VAULT_API_ADDR=https://api-vault:8200 volumes: - gateway_data:/consul/data - - ../certs/api-gateway/gateway.internal.crt:/etc/certs/gateway.crt:ro - - ../certs/api-gateway/gateway.key:/etc/certs/gateway.key:ro + - ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.crt:ro + - ../certs/api-gateway/api-gateway.key:/etc/certs/gateway.key:ro - ../certs/catalog-svc/catalog-svc.crt:/etc/certs/catalog.crt:ro - ../certs/catalog-svc/catalog-svc.key:/etc/certs/catalog.key:ro - - ../certs/ca/internalCA.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro - # - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro + - ../bin/register-service:/bin/register-service + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -74,19 +78,21 @@ services: - egommerce-network api-vault: - image: git.pbiernat.io/egommerce/api-vault:latest + image: git.ego.cloudns.be/egommerce/api-vault:latest command: ["vault", "server", "-config=/vault/config/server.hcl"] environment: - APP_DOMAIN - APP_NAME=api-vault - API_REGISTRY_ADDR=api-registry + - VAULT_ADDR=https://localhost:8200 + - VAULT_API_ADDR=https://localhost:8200 volumes: - vault_data:/vault/data - - ../certs/api-vault/vault.internal.crt:/etc/certs/vault.crt:ro - - ../certs/api-vault/vault.key:/etc/certs/vault.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro + - ../certs/api-vault/api-vault.key:/etc/certs/vault.key:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry cap_add: @@ -97,7 +103,7 @@ services: # - IPC_LOCK api-eventbus: - image: git.pbiernat.io/egommerce/api-eventbus:latest + image: git.ego.cloudns.be/egommerce/api-eventbus:latest environment: # - RABBITMQ_NODENAME=api-eventbus - RABBITMQ_ERLANG_COOKIE=rabbitmq @@ -107,11 +113,11 @@ services: volumes: - eventbus_data:/var/lib/rabbitmq - eventbus_logs:/var/log/rabbitmq - - ../certs/api-eventbus/eventbus.internal.crt:/etc/certs/eventbus.crt:ro - - ../certs/api-eventbus/eventbus.key:/etc/certs/eventbus.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.crt:ro + - ../certs/api-eventbus/api-eventbus.key:/etc/certs/eventbus.key:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -123,15 +129,15 @@ services: - egommerce-network api-cache: - image: git.pbiernat.io/egommerce/api-cache:latest + image: git.ego.cloudns.be/egommerce/api-cache:latest environment: - APP_DOMAIN - APP_NAME=api-cache - API_REGISTRY_ADDR=api-registry volumes: - # - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -143,15 +149,15 @@ services: - egommerce-network api-logger: - image: git.pbiernat.io/egommerce/api-logger:latest + image: git.ego.cloudns.be/egommerce/api-logger:latest environment: - APP_DOMAIN - APP_NAME=api-logger - API_REGISTRY_ADDR=api-registry volumes: - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -171,9 +177,9 @@ services: # - API_REGISTRY_ADDR=api-registry # volumes: # - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml - # - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro # - ../bin/register-service:/bin/register-service - # - ../bin/update-resolv.sh:/bin/update-resolv + # - ../bin/update-resolv:/bin/update-resolv # - /var/run/docker.sock:/var/run/docker.sock # depends_on: # - api-registry @@ -188,8 +194,8 @@ services: # - API_REGISTRY_ADDR=api-registry # volumes: # - grafana-db:/var/lib/grafana - # - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - # - ../bin/update-resolv.sh:/bin/update-resolv + # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + # - ../bin/update-resolv:/bin/update-resolv # - ../bin/register-service:/bin/register-service # depends_on: # - api-registry @@ -197,7 +203,7 @@ services: # - egommerce-network db-postgres: - image: git.pbiernat.io/egommerce/db-postgres:latest + image: git.ego.cloudns.be/egommerce/db-postgres:latest environment: - APP_DOMAIN - APP_NAME=db-postgres @@ -208,9 +214,9 @@ services: volumes: - postgres_data:/var/lib/postgresql/data # - ./db_migrations/init/:/docker-entrypoint-initdb.d/ - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -231,9 +237,9 @@ services: # - MONGO_INITDB_ROOT_PASSWORD # volumes: # - mongodb_data:/data/db - # - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro # - ../bin/register-service:/bin/register-service - # - ../bin/update-resolv.sh:/bin/update-resolv + # - ../bin/update-resolv:/bin/update-resolv # depends_on: # - api-registry # deploy: @@ -246,7 +252,7 @@ services: # API micro-services identity-svc: - image: git.pbiernat.io/egommerce/identity-svc:latest + image: git.ego.cloudns.be/egommerce/identity-svc:latest environment: - APP_NAME=identity-svc - APP_PATH_PREFIX=/identity @@ -259,10 +265,10 @@ services: volumes: - ../certs/identity-svc/identity-svc.crt:/certs/client.crt:ro - ../certs/identity-svc/identity-svc.key:/certs/client.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../db_migrations/identity-svc:/migrations - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -274,7 +280,7 @@ services: - egommerce-network catalog-svc: - image: git.pbiernat.io/egommerce/catalog-svc:latest + image: git.ego.cloudns.be/egommerce/catalog-svc:latest environment: - APP_NAME=catalog-svc - APP_PATH_PREFIX=/catalog @@ -288,10 +294,10 @@ services: volumes: - ../certs/catalog-svc/catalog-svc.crt:/certs/client.crt:ro - ../certs/catalog-svc/catalog-svc.key:/certs/client.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../db_migrations/catalog-svc:/migrations - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -303,7 +309,7 @@ services: - egommerce-network basket-svc: - image: git.pbiernat.io/egommerce/basket-svc:latest + image: git.ego.cloudns.be/egommerce/basket-svc:latest environment: - APP_NAME=basket-svc - APP_PATH_PREFIX=/basket @@ -317,10 +323,10 @@ services: volumes: - ../certs/basket-svc/basket-svc.crt:/certs/client.crt:ro - ../certs/basket-svc/basket-svc.key:/certs/client.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../db_migrations/basket-svc:/migrations - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -332,7 +338,7 @@ services: - egommerce-network order-svc: - image: git.pbiernat.io/egommerce/order-svc:latest + image: git.ego.cloudns.be/egommerce/order-svc:latest environment: - APP_NAME=order-svc - APP_PATH_PREFIX=/order @@ -346,10 +352,10 @@ services: volumes: - ../certs/order-svc/order-svc.crt:/certs/client.crt:ro - ../certs/order-svc/order-svc.key:/certs/client.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../db_migrations/order-svc:/migrations - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -361,7 +367,7 @@ services: - egommerce-network pricing-svc: - image: git.pbiernat.io/egommerce/pricing-svc:latest + image: git.ego.cloudns.be/egommerce/pricing-svc:latest environment: - APP_NAME=pricing-svc - APP_PATH_PREFIX=/pricing @@ -375,10 +381,10 @@ services: volumes: - ../certs/pricing-svc/pricing-svc.crt:/certs/client.crt:ro - ../certs/pricing-svc/pricing-svc.key:/certs/client.key:ro - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - ../db_migrations/pricing-svc:/migrations - ../bin/register-service:/bin/register-service - - ../bin/update-resolv.sh:/bin/update-resolv + - ../bin/update-resolv:/bin/update-resolv depends_on: - api-registry deploy: @@ -391,7 +397,7 @@ services: # Workers (Eventbus) basket-worker: - image: git.pbiernat.io/egommerce/basket-worker:latest + image: git.ego.cloudns.be/egommerce/basket-worker:latest environment: - APP_NAME=basket-worker - APP_KV_NAMESPACE @@ -399,8 +405,8 @@ services: - MONGODB_URL - EVENTBUS_URL volumes: - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv.sh:/bin/update-resolv + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../bin/update-resolv:/bin/update-resolv deploy: mode: replicated replicas: 1 @@ -410,15 +416,15 @@ services: - egommerce-network catalog-worker: - image: git.pbiernat.io/egommerce/catalog-worker:latest + image: git.ego.cloudns.be/egommerce/catalog-worker:latest environment: - APP_NAME=catalog-worker - DATABASE_URL - MONGODB_URL - EVENTBUS_URL volumes: - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv.sh:/bin/update-resolv + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../bin/update-resolv:/bin/update-resolv deploy: mode: replicated replicas: 1 @@ -428,15 +434,15 @@ services: - egommerce-network pricing-worker: - image: git.pbiernat.io/egommerce/pricing-worker:latest + image: git.ego.cloudns.be/egommerce/pricing-worker:latest environment: - APP_NAME=pricing-worker - DATABASE_URL - MONGODB_URL - EVENTBUS_URL volumes: - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv.sh:/bin/update-resolv + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../bin/update-resolv:/bin/update-resolv deploy: mode: replicated replicas: 1 @@ -446,15 +452,15 @@ services: - egommerce-network order-worker: - image: git.pbiernat.io/egommerce/order-worker:latest + image: git.ego.cloudns.be/egommerce/order-worker:latest environment: - APP_NAME=order-worker - DATABASE_URL - MONGODB_URL - EVENTBUS_URL volumes: - - ../certs/ca/internalCA.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv.sh:/bin/update-resolv + - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro + - ../bin/update-resolv:/bin/update-resolv deploy: mode: replicated replicas: 1 diff --git a/deploy/egommerce-stack.dev.local.yml b/deploy/egommerce-stack.dev.local.yml deleted file mode 100644 index 388d987..0000000 --- a/deploy/egommerce-stack.dev.local.yml +++ /dev/null @@ -1,151 +0,0 @@ -version: "3.9" - -services: - api-gateway: - env_file: .env.local - environment: - - APP_DOMAIN=egommerce.local - # - APP_PORT=48443 - ports: - - 48443:443 - - 48444:8080 - # - 5672:5672 - - api-registry: - command: ["-ui-content-path=/registry"] - env_file: .env.local - environment: - - APP_DOMAIN=registry.egommerce.local - # - APP_PORT=48445 - ports: - - 48445:8500 - - 8600:8600/udp - - api-eventbus: - env_file: .env.local - environment: - - APP_DOMAIN=eventbus.egommerce.local - # - APP_PORT=48446 - ports: - - 48446:8084 - - 15672:15672 - - api-cache: - env_file: .env.local - environment: - - APP_DOMAIN=redis.egommerce.local - command: ["redis-server", "/etc/redis.conf", "--requirepass", "12345678"] - ports: - - 6379:6379 - - api-logger: - env_file: .env.local - environment: - - APP_DOMAIN=logger.egommerce.local - ports: - - 24224:24224 - - # api-prometheus: - # environment: - # - APP_DOMAIN=prometheus.egommerce.local - # ports: - # - 9090:9090 - - # api-grafana: - # environment: - # - APP_DOMAIN=grafana.egommerce.local - # ports: - # - 3000:3000 - - postgres-db: - env_file: .env.local - environment: - - APP_DOMAIN=postgres.egommerce.local - ports: - - 5432:5432 - - mongo-db: - env_file: .env.local - environment: - - APP_DOMAIN=mongo.egommerce.local - ports: - - 27017:27017 - - identity-svc: - env_file: .env.local - environment: - - APP_DOMAIN=identity.api.egommerce.local - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 8080:80 - - basket-svc: - env_file: .env.local - environment: - - APP_DOMAIN=basket.api.egommerce.local - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 8001:80 - - catalog-svc: - env_file: .env.local - environment: - - APP_DOMAIN=catalog.api.egommerce.local - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 8002:80 - - order-svc: - env_file: .env.local - environment: - - APP_DOMAIN=order.api.egommerce.local - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 8003:80 - - pricing-svc: - env_file: .env.local - environment: - - APP_DOMAIN=pricing.api.egommerce.local - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 8004:80 - - # Workers (EventBus) - basket-worker: - env_file: .env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - catalog-worker: - env_file: .env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - pricing-worker: - env_file: .env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - order-worker: - env_file: .env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 diff --git a/deploy/egommerce-stack.dev.yml b/deploy/egommerce-stack.dev.yml deleted file mode 100644 index f36c127..0000000 --- a/deploy/egommerce-stack.dev.yml +++ /dev/null @@ -1,140 +0,0 @@ -version: "3.9" - -services: - api-gateway: - image: git.ego.cloudns.be/egommerce/api-gateway:dev - environment: - - APP_DOMAIN=api-gateway - volumes: - - ./certs/api-gateway:/etc/traefik/certs - - api-registry: - image: git.ego.cloudns.be/egommerce/api-registry:dev - environment: - - APP_DOMAIN=api-registry - - CONSUL_HTTP_TOKEN=devop - volumes: - - ./certs/api-registry:/consul/data/certs - - api-eventbus: - image: git.ego.cloudns.be/egommerce/api-eventbus:dev - environment: - - APP_DOMAIN=api-eventbus - # - RABBITMQ_NODENAME=api-eventbus - # - RABBITMQ_USE_LONGNAME=true - # - RABBITMQ_DEFAULT_USER = admin - # - RABBITMQ_DEFAULT_PASS = passw123 - - api-cache: - image: git.ego.cloudns.be/egommerce/api-cache:dev - environment: - - PASSWORD=12345678 - - api-logger: - image: git.ego.cloudns.be/egommerce/api-logger:dev - environment: - - APP_DOMAIN=api-logger - - #api-prometheus: - # image: prom/prometheus:latest # FIXME: create private image(prod/dev)... - # environment: - # - APP_DOMAIN=prometheus.keshop.bieda.it - - #api-grafana: - # image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)... - # environment: - # - APP_DOMAIN=grafana.keshop.bieda.it - - postgres-db: - environment: - - APP_DOMAIN=postgres-db - - POSTGRES_PASSWORD=12345678 - - mongo-db: - environment: - - APP_DOMAIN=mongo-db - - MONGO_INITDB_ROOT_PASSWORD=12345678 - - # API micro-services - identity-svc: - image: git.ego.cloudns.be/egommerce/identity-svc:dev - environment: - - APP_DOMAIN=identity-svc - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - volumes: - - ./certs/api-gateway:/certs - - basket-svc: - image: git.ego.cloudns.be/egommerce/basket-svc:dev - environment: - - APP_DOMAIN=basket-svc - - AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - volumes: - - ./certs/api-gateway:/certs - - catalog-svc: - image: git.ego.cloudns.be/egommerce/catalog-svc:dev - environment: - - APP_DOMAIN=catalog-svc - - AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - volumes: - - ./certs/api-gateway:/certs - - pricing-svc: - image: git.ego.cloudns.be/egommerce/pricing-svc:dev - environment: - - APP_DOMAIN=pricing-svc - - AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - volumes: - - ./certs/api-gateway:/certs - - order-svc: - image: git.ego.cloudns.be/egommerce/order-svc:dev - environment: - - APP_DOMAIN=order-svc - - AUTH_HANDLER_URL=http://identity-svc/api/v1/traefik - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - volumes: - - ./certs/api-gateway:/certs - - # Workers (Eventbus) - basket-worker: - image: git.ego.cloudns.be/egommerce/basket-worker:dev - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - catalog-worker: - image: git.ego.cloudns.be/egommerce/catalog-worker:dev - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - pricing-worker: - image: git.ego.cloudns.be/egommerce/pricing-worker:dev - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - order-worker: - image: git.ego.cloudns.be/egommerce/order-worker:dev - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 diff --git a/deploy/egommerce-stack.yml b/deploy/egommerce-stack.yml deleted file mode 100644 index 789f82b..0000000 --- a/deploy/egommerce-stack.yml +++ /dev/null @@ -1,392 +0,0 @@ -version: "3.9" - -services: - api-gateway: - image: git.ego.cloudns.be/egommerce/api-gateway:latest - # command: - # - '--providers.consulcatalog.refreshinterval=5s' - # FIXME ^^ only on config option: static/env/cli must be selected - environment: - - APP_NAME=api-gateway - - APP_DOMAIN - - API_REGISTRY_REFRESH_INTERVAL=5s - volumes: - - ./certs/api-gateway:/etc/traefik/certs - - /var/run/docker.sock:/var/run/docker.sock - networks: - - api-gateway-network - - api-registry-network - - api-logger-network - - api-registry: - image: git.ego.cloudns.be/egommerce/api-registry:latest - environment: - - APP_NAME=api-registry - - APP_DOMAIN - - CONSUL_HTTP_TOKEN=VeryS3cr3tTok3N - volumes: - - registry_data:/consul/data - - ./certs/api-registry:/consul/data/certs - networks: - - api-registry-network - - api-logger-network - - api-eventbus: - image: git.ego.cloudns.be/egommerce/api-eventbus:latest - environment: - # - RABBITMQ_NODENAME=api-eventbus - - RABBITMQ_ERLANG_COOKIE=rabbitmq - - APP_NAME=api-eventbus - - APP_DOMAIN - volumes: - - eventbus_data:/var/lib/rabbitmq - - eventbus_logs:/var/log/rabbitmq - networks: - - api-gateway-network - - api-eventbus-network - - api-registry-network - - api-logger-network - - api-cache: - image: git.ego.cloudns.be/egommerce/api-cache:latest - environment: - - APP_NAME=api-cache - networks: - - api-cache-network - - api-logger-network - - api-logger: - image: git.ego.cloudns.be/egommerce/api-logger:latest - environment: - - APP_NAME=api-logger - - APP_DOMAIN - networks: - - api-logger-network - - #api-prometheus: - # image: prom/prometheus:latest # FIXME: create private image(prod/dev)... - # user: root - # environment: - # - APP_NAME=api-prometheus - # - APP_DOMAIN - # volumes: - # - ./etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml - # - /var/run/docker.sock:/var/run/docker.sock - # networks: - # - api-prometheus-network - #- api-grafana-network - # - api-gateway-network - # - api-registry-network - # - api-eventbus-network - # - api-cache-network - # - api-logger-network - # - basket-svc-network - # - basket-worker-network - # - catalog-svc-network - # - catalog-worker-network - # - identity-svc-network - # - order-svc-network - # - order-worker-network - # - pricing-svc-network - # - pricing-worker-network - - #api-grafana: - # image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)... - # environment: - # - APP_NAME=api-grafana - # - APP_DOMAIN - # volumes: - # - grafana-db:/var/lib/grafana - # networks: - # - api-grafana-network - - postgres-db: - image: postgres:14.1-alpine - environment: - - APP_NAME=postgres-db - - APP_DOMAIN - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD - volumes: - - postgres_data:/var/lib/postgresql/data - - ./db_migrations/init/:/docker-entrypoint-initdb.d/ - networks: - - postgres-db-network - - api-logger-network - - mongo-db: - image: mongo:5.0.14 - environment: - - APP_NAME=mongo-db - - APP_DOMAIN - - MONGO_INITDB_ROOT_USERNAME=mongodb - - MONGO_INITDB_ROOT_PASSWORD - volumes: - - mongodb_data:/data/db - networks: - - mongodb-db-network - - api-logger-network - - # API micro-services - identity-svc: - image: git.ego.cloudns.be/egommerce/identity-svc:latest - environment: - - APP_NAME=identity-svc - - APP_PATH_PREFIX=/identity - - APP_DOMAIN - - APP_KV_NAMESPACE - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ./db_migrations/identity-svc:/migrations - networks: - - identity-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - basket-svc: - image: git.ego.cloudns.be/egommerce/basket-svc:latest - environment: - - APP_NAME=basket-svc - - APP_PATH_PREFIX=/basket - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ./db_migrations/basket-svc:/migrations - networks: - - basket-svc-network - # - order-svc-network - # - pricing-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - catalog-svc: - image: git.ego.cloudns.be/egommerce/catalog-svc:latest - environment: - - APP_NAME=catalog-svc - - APP_PATH_PREFIX=/catalog - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ./db_migrations/catalog-svc:/migrations - networks: - - catalog-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - pricing-svc: - image: git.ego.cloudns.be/egommerce/pricing-svc:latest - environment: - - APP_NAME=pricing-svc - - APP_PATH_PREFIX=/pricing - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ./db_migrations/pricing-svc:/migrations - networks: - - pricing-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - order-svc: - image: git.ego.cloudns.be/egommerce/order-svc:latest - environment: - - APP_NAME=order-svc - - APP_PATH_PREFIX=/order - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ./db_migrations/order-svc:/migrations - networks: - - order-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - # Workers (Eventbus) - basket-worker: - image: git.ego.cloudns.be/egommerce/basket-worker:latest - environment: - - APP_NAME=basket-worker - - APP_KV_NAMESPACE - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - networks: - - basket-worker-network - - pricing-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - catalog-worker: - image: git.ego.cloudns.be/egommerce/catalog-worker:latest - environment: - - APP_NAME=catalog-worker - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - networks: - - catalog-worker-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - pricing-worker: - image: git.ego.cloudns.be/egommerce/pricing-worker:latest - environment: - - APP_NAME=pricing-worker - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - networks: - - pricing-worker-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - - order-worker: - image: git.ego.cloudns.be/egommerce/order-worker:latest - environment: - - APP_NAME=order-worker - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - networks: - - order-worker-network - - basket-svc-network - - api-gateway-network - - api-registry-network - - api-eventbus-network - - api-logger-network - - postgres-db-network - - mongodb-db-network - -volumes: - postgres_data: ~ - mongodb_data: ~ - registry_data: ~ - eventbus_data: ~ - eventbus_logs: ~ - #grafana-db: ~ - -networks: - # Infrastructure networks - api-gateway-network: - driver: overlay - #internal: true - - api-registry-network: - driver: overlay - #internal: true - - api-eventbus-network: - driver: overlay - #internal: true - - api-cache-network: - driver: overlay - #internal: true - - api-logger-network: - driver: overlay - #internal: true - - api-prometheus-network: - driver: overlay - #internal: true - - #api-grafana-network: - # driver: overlay - # internal: true - - postgres-db-network: - driver: overlay - #internal: true - - mongodb-db-network: - driver: overlay - #internal: true - - # Micro-services networks - identity-svc-network: - driver: overlay - #internal: true - - basket-svc-network: - driver: overlay - #internal: true - - catalog-svc-network: - driver: overlay - #internal: true - - pricing-svc-network: - driver: overlay - #internal: true - - order-svc-network: - driver: overlay - #internal: true - - # Workers networks - basket-worker-network: - driver: overlay - #internal: true - - catalog-worker-network: - driver: overlay - #internal: true - - pricing-worker-network: - driver: overlay - #internal: true - - order-worker-network: - driver: overlay - #internal: true diff --git a/deploy/nginx-vhost.dev.conf b/deploy/etc/nginx/nginx-vhost.dev.conf similarity index 100% rename from deploy/nginx-vhost.dev.conf rename to deploy/etc/nginx/nginx-vhost.dev.conf diff --git a/deploy/nginx-vhost.local.conf b/deploy/etc/nginx/nginx-vhost.local.conf similarity index 100% rename from deploy/nginx-vhost.local.conf rename to deploy/etc/nginx/nginx-vhost.local.conf diff --git a/deploy/k8s/stack.dev.yml b/deploy/k8s/stack.dev.yml index 5ee0d60..2accdd7 100644 --- a/deploy/k8s/stack.dev.yml +++ b/deploy/k8s/stack.dev.yml @@ -7,7 +7,7 @@ metadata: spec: containers: - name: api-registry - image: git.pbiernat.io/egommerce/api-registry:dev + image: git.ego.cloudns.be/egommerce/api-registry:dev resources: limits: cpu: "1" @@ -45,4 +45,4 @@ spec: spec: containers: - name: api-registry - image: git.pbiernat.io/egommerce/api-registry:dev + image: git.ego.cloudns.be/egommerce/api-registry:dev diff --git a/deploy/k8s/stack.prod.yml b/deploy/k8s/stack.prod.yml index 56eeb46..5ec2d63 100644 --- a/deploy/k8s/stack.prod.yml +++ b/deploy/k8s/stack.prod.yml @@ -7,7 +7,7 @@ metadata: spec: containers: - name: api-registry - image: git.pbiernat.io/egommerce/api-registry:prod + image: git.ego.cloudns.be/egommerce/api-registry:prod --- apiVersion: apps/v1 kind: Deployment @@ -25,4 +25,4 @@ spec: spec: containers: - name: api-registry - image: git.pbiernat.io/egommerce/api-registry:prod + image: git.ego.cloudns.be/egommerce/api-registry:prod diff --git a/deploy/make-cert.sh b/deploy/make-cert.sh deleted file mode 100644 index 48825e5..0000000 --- a/deploy/make-cert.sh +++ /dev/null @@ -1,60 +0,0 @@ -# #!/bin/sh - -openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./cert/identity-svc-server.key -out ./cert/identity-svc-server.cert \ - -addext "subjectAltName = DNS:identity-svc" -# ^^ GENERATE CERT FOR BACKEND SERVICE (on client side - in traefik - we dont need DNS domain... for now...) - - -# if [ -z "$SERVICE" ]; then echo "set SERVICE var"; exit 1; fi -# if [ -z "$CA_ROOT" ]; then echo "set CA_ROOT var"; exit 1; fi -# if [ -z "$DOMAIN" ]; then echo "set DOMAIN var"; exit 1; fi - -# PASSWORD=V3ryS3cr3tP4ssw0rd - -# # sample for registry server (with api-gateway-svc as a client) but using FDN... -# # keytool -genkey -alias api-registry-svc -dname cn=$DOMAIN -validity 365 -keystore tmp/api-registry-svc.p12 -keyalg RSA -keysize 2048 -storepass $PASSWORD -ext "SAN:c=DNS:registry.egommerce.local,IP:127.0.0.1" -# # keytool -genkey -alias myClientCertificate -dname cn=$DOMAIN -validity 365 -keystore tmp/myClientCertificate.p12 -keyalg RSA -keysize 2048 -storepass $PASSWORD -ext "SAN:c=DNS:registry.egommerce.local,IP:127.0.0.1" - -# # keytool -export -alias myClientCertificate -file tmp/myClientCertificate.crt -keystore tmp/myClientCertificate.p12 -storepass $PASSWORD -# # keytool -export -alias api-registry-svc -file tmp/api-registry-svc.crt -keystore tmp/api-registry-svc.p12 -storepass $PASSWORD - -# # keytool -import -alias myClientCertificate -file tmp/myClientCertificate.crt -keystore tmp/api-registry-svc.p12 -storepass $PASSWORD # aka myCertificate.p12 - -# # echo "Done." -# # exit 0 - -# if [ -d "$SERVICE" ]; then -# echo "$SERVICE directory exists... Quitting." -# exit 1; -# fi - -# if [ ! -f "$SERVICE" ]; then -# mkdir -p $SERVICE -# fi - -# echo "====================================================================" -# echo "Fake third-party chain generated. Now generating keystore.p12 ..." -# echo "====================================================================" - -# # generate private keys (for server) -# keytool -genkeypair -alias $SERVICE -dname cn=$DOMAIN -validity 365 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -keypass $PASSWORD -storepass $PASSWORD - -# # generate a certificate for server signed by ca (root -> ca -> server) -# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -certreq -alias $SERVICE \ -# | keytool -storetype PKCS12 -keystore "$CA_ROOT/ca.p12" -storepass $PASSWORD -gencert -alias ca -ext ku:c=dig,keyEnc -ext "SAN:c=DNS:$DOMAIN,IP:127.0.0.1" -ext eku=sa,ca -rfc > "$SERVICE/$SERVICE.pem" - -# # import server cert chain into ${SERVICE}.p12 -# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file "$CA_ROOT/root.pem" -# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias ca -file "$CA_ROOT/ca.pem" -# keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias $SERVICE -file "$SERVICE/$SERVICE.pem" - - -# # DEPRECATED - duplicated above section... -# # echo "=================================================" -# # echo "Keystore generated. Now generating truststore ..." -# # echo "=================================================" - -# # import server cert chain into my-truststore.p12 -# # keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -trustcacerts -noprompt -alias root -file "$CA_ROOT/root.pem" -# # keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias ca -file "$CA_ROOT/ca.pem" -# # keytool -storetype PKCS12 -keystore "$SERVICE/keystore.p12" -storepass $PASSWORD -importcert -alias $SERVICE -file "$SERVICE/$SERVICE.pem" diff --git a/deploy/build-register-service.sh b/deploy/scripts/build-register-service-binary.sh similarity index 100% rename from deploy/build-register-service.sh rename to deploy/scripts/build-register-service-binary.sh diff --git a/deploy/scripts/gen-certs.sh b/deploy/scripts/gen-certs.sh new file mode 100644 index 0000000..7621e2a --- /dev/null +++ b/deploy/scripts/gen-certs.sh @@ -0,0 +1,255 @@ +# #!/bin/bash + +export DEPLOY_DIR="./deploy" +export CERTS_DIR="${DEPLOY_DIR}/certs/" + +export REGISTRY_CN="registry.egommerce.local,api-registry,localhost" +export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:localhost,IP:127.0.0.1" +export GATEWAY_CN="gateway.egommerce.local,api-gatway,localhost" +export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:localhost,IP:127.0.0.1" +export VAULT_CN="vault.egommerce.local,api-vault,localhost" +export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1" +export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost" +export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,DNS:localhost,IP:127.0.0.1" +export CACHE_CN="cache.egommerce.local,api-cache,localhost" +export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,DNS:localhost,IP:127.0.0.1" +export LOGGER_CN="logger.egommerce.local,api-logger,localhost" +export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,DNS:localhost,IP:127.0.0.1" +export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus,localhost" +export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,DNS:localhost,IP:127.0.0.1" +export GRAFANA_CN="grafana.egommerce.local,api-grafana,localhost" +export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,DNS:localhost,IP:127.0.0.1" +export POSTGRES_CN="postgresdb.egommerce.local,db-postgres,localhost" +export POSTGRES_SAN="DNS:pstgresdb.egommerce.local,DNS:db-postgres,DNS:localhost,IP:127.0.0.1" +export MONGO_CN="mongo.db.egommerce.local,db-mongo,localhost" +export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,DNS:localhost,IP:127.0.0.1" +export IDENTITY_CN="gateway.egommerce.local,identity.egommerce.local" +export IDENTITY_SAN="DNS:gateway.egommerce.local,DNS:identity.egommerce.local,DNS:localhost,IP:127.0.0.1" +export CATALOG_CN="gateway.egommerce.local, catalog.egommerce.local" +export CATALOG_SAN="DNS:gateway.egommerce.local,DNS:catalog.egommerce.local,DNS:localhost,IP:127.0.0.1" +export BASKET_CN="gateway.egommerce.local" +export BASKET_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" +export ORDER_CN="gateway.egommerce.local" +export ORDER_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" +export PRICING_CN="gateway.egommerce.local" +export PRICING_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" + +# Create required directories +mkdir -p \ + ${CERTS_DIR} \ + ${CERTS_DIR}ca-root \ + ${CERTS_DIR}api-registry \ + ${CERTS_DIR}api-gateway \ + ${CERTS_DIR}api-vault \ + ${CERTS_DIR}api-eventbus \ + ${CERTS_DIR}api-cache \ + ${CERTS_DIR}api-logger \ + ${CERTS_DIR}api-prometheus \ + ${CERTS_DIR}api-grafana \ + ${CERTS_DIR}db-postgres \ + ${CERTS_DIR}db-mongo \ + ${CERTS_DIR}identity-svc \ + ${CERTS_DIR}basket-svc \ + ${CERTS_DIR}catalog-svc \ + ${CERTS_DIR}order-svc \ + ${CERTS_DIR}pricing-svc + +# Generate Root CA cert +# openssl req -newkey rsa:2048 -nodes -x509 -days 1024 \ +# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \ +# -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null + + +# Generate Registry cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$REGISTRY_CN" \ + -keyout ${CERTS_DIR}api-registry/api-registry.key \ + -out ${CERTS_DIR}api-registry/api-registry.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null + + +# Generate Gateway cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GATEWAY_CN" \ + -keyout ${CERTS_DIR}api-gateway/api-gateway.key \ + -out ${CERTS_DIR}api-gateway/api-gateway.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-gateway/api-gateway.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null + + +# Genearte Vault cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \ + -keyout ${CERTS_DIR}api-vault/api-vault.key \ + -out ${CERTS_DIR}api-vault/api-vault.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null + + +# Genearte Eventbus cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$EVENTBUS_CN" \ + -keyout ${CERTS_DIR}api-eventbus/api-eventbus.key \ + -out ${CERTS_DIR}api-eventbus/api-eventbus.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-eventbus/api-eventbus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${EVENTBUS_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-eventbus/api-eventbus.crt >/dev/null + + +# Genearte Cache cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CACHE_CN" \ + -keyout ${CERTS_DIR}api-cache/api-cache.key \ + -out ${CERTS_DIR}api-cache/api-cache.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-cache/api-cache.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CACHE_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-cache/api-cache.crt >/dev/null + + +# Genearte Logger cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$LOGGER_CN" \ + -keyout ${CERTS_DIR}api-logger/api-logger.key \ + -out ${CERTS_DIR}api-logger/api-logger.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-logger/api-logger.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null + + +# Genearte Prometheus cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \ + -keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \ + -out ${CERTS_DIR}api-prometheus/api-prometheus.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null + + +# Genearte Grafana cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \ + -keyout ${CERTS_DIR}api-grafana/api-grafana.key \ + -out ${CERTS_DIR}api-grafana/api-grafana.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null + + +# Genearte Postgres cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \ + -keyout ${CERTS_DIR}db-postgres/db-postgres.key \ + -out ${CERTS_DIR}db-postgres/db-postgres.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}db-postgres/db-postgres.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${POSTGRES_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}db-postgres/db-postgres.crt >/dev/null + + +# Genearte Mongo cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ + -keyout ${CERTS_DIR}db-mongo/db-mongo.key \ + -out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null + + +# Genearte Identity cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$IDENTITY_CN" \ + -keyout ${CERTS_DIR}identity-svc/identity-svc.key \ + -out ${CERTS_DIR}identity-svc/identity-svc.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}identity-svc/identity-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${IDENTITY_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}identity-svc/identity-svc.crt >/dev/null + + +# Genearte Basket cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$BASKET_CN" \ + -keyout ${CERTS_DIR}basket-svc/basket-svc.key \ + -out ${CERTS_DIR}basket-svc/basket-svc.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}basket-svc/basket-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${BASKET_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}basket-svc/basket-svc.crt >/dev/null + + +# Genearte Catalog cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$CATALOG_CN" \ + -keyout ${CERTS_DIR}catalog-svc/catalog-svc.key \ + -out ${CERTS_DIR}catalog-svc/catalog-svc.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}catalog-svc/catalog-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CATALOG_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}catalog-svc/catalog-svc.crt >/dev/null + + +# Genearte Order cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$ORDER_CN" \ + -keyout ${CERTS_DIR}order-svc/order-svc.key \ + -out ${CERTS_DIR}order-svc/order-svc.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}order-svc/order-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${ORDER_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}order-svc/order-svc.crt >/dev/null + + +# Genearte Pricing cert +openssl req -newkey rsa:2048 -nodes \ + -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PRICING_CN" \ + -keyout ${CERTS_DIR}pricing-svc/pricing-svc.key \ + -out ${CERTS_DIR}pricing-svc/pricing-svc.csr >/dev/null + +openssl x509 -req -days 365 \ + -in ${CERTS_DIR}pricing-svc/pricing-svc.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ + -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PRICING_SAN}")) \ + -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ + -out ${CERTS_DIR}pricing-svc/pricing-svc.crt >/dev/null diff --git a/deploy/remove_dangling_images.sh b/deploy/scripts/remove-dangling-images.sh similarity index 100% rename from deploy/remove_dangling_images.sh rename to deploy/scripts/remove-dangling-images.sh diff --git a/deploy/start-docker.sh b/deploy/scripts/start-docker.sh similarity index 100% rename from deploy/start-docker.sh rename to deploy/scripts/start-docker.sh diff --git a/deploy/start-k8s.sh b/deploy/scripts/start-k8s.sh similarity index 100% rename from deploy/start-k8s.sh rename to deploy/scripts/start-k8s.sh diff --git a/deploy/scripts/vault-init-template.sh b/deploy/scripts/vault-init-template.sh new file mode 100644 index 0000000..66032f8 --- /dev/null +++ b/deploy/scripts/vault-init-template.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +vault secrets enable pki +vault secrets tune -max-lease-ttl=87600h pki + +vault write -field=certificate pki/root/generate/internal \ + common_name="ego.io" \ + ttl=87600h > CA_cert.crt + +vault write pki/config/urls \ + issuing_certificates="https://127.0.0.1:8200/v1/pki/ca" \ + crl_distribution_points="https://127.0.0.1:8200/v1/pki/crl" + +vault secrets enable -path=pki_int pki +vault secrets tune -max-lease-ttl=43800h pki_int + +vault write -format=json pki_int/intermediate/generate/internal \ + common_name="ego.io Intermediate Authority" \ + | jq -r '.data.csr' > pki_intermediate.csr + +vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \ + format=pem_bundle ttl="43800h" \ + | jq -r '.data.certificate' > intermediate.cert.pem + +vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem + +vault write pki_int/roles/ego.io \ + allowed_domains="ego.io" \ + allow_subdomains=true \ + generate_lease=true \ + max_ttl="720h" + +vault write pki_int/issue/ego.io \ + common_name="catalog.service.ego.io" \ + ttl="24h" | tee certs.txt + + +# CONFIGURE CONSUL +mkdir -p /opt/consul/agent-certs + +grep -Pzo "(?s)(?<=certificate)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.crt +grep -Pzo "(?s)(?<=private_key)[^\-]*.*?END RSA PRIVATE KEY[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.key +grep -Pzo "(?s)(?<=issuing_ca)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/ca.crt +## FIXME ^^ invalid pattern flag... + diff --git a/deploy/volumes-restart.sh b/deploy/scripts/volumes-restart.sh similarity index 100% rename from deploy/volumes-restart.sh rename to deploy/scripts/volumes-restart.sh