diff --git a/.gitignore b/.gitignore index 8909034..03ce96b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ .idea/ -#*.local.yml +deploy/certs/ diff --git a/Makefile b/Makefile index 676d8d7..e4db8b4 100644 --- a/Makefile +++ b/Makefile @@ -1,22 +1,13 @@ DEPLOY_DIR := ./deploy +init: + - sh ${DEPLOY_DIR}/scripts/init-k8s.sh + up: - - sh ${DEPLOY_DIR}/scripts/start-docker.sh - -down: - - docker stack rm egommerce - -k8s-up: - sh ${DEPLOY_DIR}/scripts/start-k8s.sh -k8s-down: - - kubectl delete -f deploy/k8s/stack.yml +down: + - sh ${DEPLOY_DIR}/scripts/stop-k8s.sh -# GENERATING CERTS certs: - bash ${DEPLOY_DIR}/scripts/gen-certs.sh - -volumes-restart: - - docker stack rm egommerce - - docker volume prune -af - - sh ${DEPLOY_DIR}/start-stack.sh diff --git a/README.md b/README.md index f740d33..772bc50 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Egommerce docker stack +# Egommerce K8S stack ## Start @@ -8,16 +8,7 @@ # $ make down -# Egommerce K8S stack (currently experimental) - -## Start - -# $ make k8s-up - -## Shutdown - -# $ make k8s-down - ## Maintenance +# Generate certs -### If certificate doesn't work try to copy contents of the key file at the end of the cert file. +# $ make certs diff --git a/deploy/.env.dist b/deploy/.env.dist deleted file mode 100644 index a66a317..0000000 --- a/deploy/.env.dist +++ /dev/null @@ -1,6 +0,0 @@ -API_GATEWAY_ADDR=gw.service.ego.io -API_GATEWAY_PORT=443 - -# REGISTRY_ADDR=registry.service.ego.io -REGISTRY_ADDR=api-registry -API_REGISTRY_PORT=8501 diff --git a/deploy/.env.local b/deploy/.env.local deleted file mode 100644 index 91be335..0000000 --- a/deploy/.env.local +++ /dev/null @@ -1,6 +0,0 @@ -API_GATEWAY_ADDR=gw.service.ego.io -API_GATEWAY_PORT=443 - -# REGISTRY_ADDR=registry.service.ego.io -#REGISTRY_ADDR=api-registry -API_REGISTRY_PORT=8501 diff --git a/deploy/.env.prod b/deploy/.env.prod deleted file mode 100644 index 91be335..0000000 --- a/deploy/.env.prod +++ /dev/null @@ -1,6 +0,0 @@ -API_GATEWAY_ADDR=gw.service.ego.io -API_GATEWAY_PORT=443 - -# REGISTRY_ADDR=registry.service.ego.io -#REGISTRY_ADDR=api-registry -API_REGISTRY_PORT=8501 diff --git a/deploy/bin/register-service b/deploy/bin/register-service deleted file mode 100755 index 5dd4fd1..0000000 Binary files a/deploy/bin/register-service and /dev/null differ diff --git a/deploy/bin/register-service.go b/deploy/bin/register-service.go deleted file mode 100644 index 61ac2e4..0000000 --- a/deploy/bin/register-service.go +++ /dev/null @@ -1,57 +0,0 @@ -package main - -import ( - "log" - "net" - "net/http" - "os" - "strings" -) - -func main() { - addr, port := env("REGISTRY_ADDR", "api-registry"), env("API_REGISTRY_PORT", "8501") - regUrl := "https://" + addr + ":" + port + "/v1/agent/service/register?replace-existing-checks=true" - regData, err := os.ReadFile("/.app.config") - if err != nil { - log.Fatal(err) - } - - ip := getIP() - strRegData := string(regData) - strRegData = strings.Replace(strRegData, "__IP__", ip, -1) - - req, err := http.NewRequest(http.MethodPut, regUrl, strings.NewReader(strRegData)) - if err != nil { - log.Fatal(err) - } - - resp, err := http.DefaultClient.Do(req) - if err != nil { - log.Printf(err.Error()) - log.Fatal(err) - } - var respBody []byte - resp.Body.Read(respBody) - - log.Printf("Successfully registered") -} - -func env(name, def string) string { - val := os.Getenv(name) - - if len(val) == 0 { - return def - } - - return val -} - -func getIP() string { - host, _ := os.Hostname() - ips, _ := net.LookupIP(host) - for _, ip := range ips { - return ip.String() - } - - return host -} diff --git a/deploy/bin/update-resolv b/deploy/bin/update-resolv deleted file mode 100755 index dd13b62..0000000 --- a/deploy/bin/update-resolv +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env sh - -# modify /etc/resolv.conf -registryIP=$(nslookup -type=A api-registry. | awk '/^Name:/ {c=2;N=$2} !--c {print N,$2}' | awk '{printf "%s", $2}') -resolvFile=$(cat /etc/resolv.conf) - -echo -e "nameserver $registryIP" >>/etc/resolv.conf -# echo "$registryIP registry.service.ego.io" >> /etc/hosts # Add consul host with static IP (consul register itself as 127.0.0.1) -# nslookup api-registry diff --git a/deploy/certs/.gitignore b/deploy/certs/.gitignore deleted file mode 100644 index 5e7d273..0000000 --- a/deploy/certs/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -# Ignore everything in this directory -* -# Except this file -!.gitignore diff --git a/deploy/db_migrations/init/init.sql b/deploy/db_migrations/init/init.sql index 7c46dec..2496097 100644 --- a/deploy/db_migrations/init/init.sql +++ b/deploy/db_migrations/init/init.sql @@ -4,3 +4,6 @@ CREATE DATABASE egommerce; GRANT ALL PRIVILEGES ON DATABASE egommerce TO egommerce; CREATE EXTENSION IF NOT EXISTS "pgcrypto"; + +CREATE SCHEMA "identity-svc" + AUTHORIZATION postgres; diff --git a/deploy/docker/stack.dev.local.yml b/deploy/docker/stack.dev.local.yml deleted file mode 100644 index 44439a1..0000000 --- a/deploy/docker/stack.dev.local.yml +++ /dev/null @@ -1,179 +0,0 @@ -version: "3.9" - -services: - api-registry: - env_file: ../.env.local - environment: - - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN - # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE - volumes: - - ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro - # - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro - - api-gateway: - env_file: ../.env.local - environment: - - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN - # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE - volumes: - - ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro - # - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro - - api-vault: - env_file: ../.env.local - # command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"] - environment: - - CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd - - VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN - # - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE - volumes: - - ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro - # - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro - ports: - - 48250:8200 - - api-eventbus: - env_file: ../.env.local - volumes: - - ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.local.crt:ro - # - ../certs/api-eventbus/eventbus.key:/etc/certs/eventbus.local.key:ro - labels: - - traefik.tcp.routers.eventbus.rule=HostSNI(`esb.service.ego.io`) - ports: - - 48200:15672 - - 48201:5672 - - api-cache: - env_file: ../.env.local - command: ["redis-server", "/etc/redis.conf", "--requirepass", "12345678"] - ports: - - 48300:6379 - - api-logger: - env_file: ../.env.local - ports: - - 48400:24224 - - # api-prometheus: - # ports: - # - 9090:9090 - - # api-grafana: - # ports: - # - 3000:3000 - - db-postgres: - env_file: ../.env.local - ports: - - 48500:5432 - - # db-mongo: - # env_file: ../.env.local - # environment: - # - APP_DOMAIN=mongodb.egommerce.local # FIXME - # ports: - # - 48600:27017 - - identity-svc: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - # - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 48780:443 - - catalog-svc: - deploy: - mode: replicated - replicas: 1 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 48781:443 - - basket-svc: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 48782:443 - - order-svc: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 48783:443 - - pricing-svc: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - ports: - - 48784:443 - - # Workers (EventBus) - basket-worker: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - catalog-worker: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - pricing-worker: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 - - order-worker: - deploy: - mode: replicated - replicas: 0 - env_file: ../.env.local - environment: - - DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672 diff --git a/deploy/docker/stack.dev.yml b/deploy/docker/stack.dev.yml deleted file mode 100644 index 33199ee..0000000 --- a/deploy/docker/stack.dev.yml +++ /dev/null @@ -1,126 +0,0 @@ -version: "3.9" - -services: - api-registry: - image: git.ego.cloudns.be/egommerce/api-registry:dev - environment: - - APP_DOMAIN=registry.service.ego.io - # - VAULT_API_ADDR=https://api-vault:8200 - # - ENVOY_VERSION_STRING=1.26.3 - ports: - - 48100:8501 - - api-gateway: - image: git.ego.cloudns.be/egommerce/api-registry:dev - environment: - - APP_DOMAIN=gw.service.ego.io - # - ENVOY_VERSION_STRING=1.26.3 - ports: - - 48101:8501 - - 48443:8443 # consul & envoy api gateway port - - api-vault: - image: git.ego.cloudns.be/egommerce/api-vault:dev - environment: - - APP_DOMAIN=vault.service.ego.io - - CONSUL_HTTP_ADDR=https://api-registry:8501 - - api-eventbus: - image: git.ego.cloudns.be/egommerce/api-eventbus:dev - environment: - - APP_DOMAIN=esb.service.ego.io - # - RABBITMQ_NODENAME=api-eventbus - # - RABBITMQ_USE_LONGNAME=true - # - RABBITMQ_DEFAULT_USER = admin - # - RABBITMQ_DEFAULT_PASS = passw123 - - api-cache: - image: git.ego.cloudns.be/egommerce/api-cache:dev - environment: - - APP_DOMAIN=cache.service.ego.io - - PASSWORD=12345678 - - api-logger: - image: git.ego.cloudns.be/egommerce/api-logger:dev - environment: - - APP_DOMAIN=logger.service.ego.io - - # api-prometheus: - # image: prom/prometheus:latest # FIXME: create private image(prod/dev)... - # environment: - # - APP_DOMAIN=prometheus.service.ego.io - - # api-grafana: - # image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)... - # environment: - # - APP_DOMAIN=grafana.service.ego.io - - db-postgres: - image: git.ego.cloudns.be/egommerce/db-postgres:dev - environment: - - APP_DOMAIN=postgresdb.service.ego.io - - POSTGRESQL_PASSWORD=12345678 - - # db-mongo: - # environment: - # - MONGO_INITDB_ROOT_PASSWORD=12345678 - - # API micro-services - identity-svc: - image: git.ego.cloudns.be/egommerce/identity-svc:dev - environment: - # - SERVER_ADDR=basket.service.ego.io - - APP_DOMAIN=identity.service.ego.io - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - catalog-svc: - image: git.ego.cloudns.be/egommerce/catalog-svc:dev - environment: - # - REGISTRY_USE_DOMAIN_OVER_IP=false - - APP_DOMAIN=catalog.service.ego.io - - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - basket-svc: - image: git.ego.cloudns.be/egommerce/basket-svc:dev - environment: - - APP_DOMAIN=basket.service.ego.io - - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - order-svc: - image: git.ego.cloudns.be/egommerce/order-svc:dev - environment: - - APP_DOMAIN=order.service.ego.io - - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - # volumes: - # - ../etc/resolv.conf:/etc/resolv.conf - - pricing-svc: - image: git.ego.cloudns.be/egommerce/pricing-svc:dev - environment: - - APP_DOMAIN=pricing.service.ego.io - - AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - # Workers (Eventbus) - basket-worker: - image: git.ego.cloudns.be/egommerce/basket-worker:dev - environment: - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - catalog-worker: - image: git.ego.cloudns.be/egommerce/catalog-worker:dev - environment: - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - pricing-worker: - image: git.ego.cloudns.be/egommerce/pricing-worker:dev - environment: - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 - - order-worker: - image: git.ego.cloudns.be/egommerce/order-worker:dev - environment: - - MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017 diff --git a/deploy/docker/stack.prod.yml b/deploy/docker/stack.prod.yml deleted file mode 100644 index 34acf28..0000000 --- a/deploy/docker/stack.prod.yml +++ /dev/null @@ -1,142 +0,0 @@ -version: "3.9" - -services: - api-registry: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/api-registry:prod - environment: - - APP_DOMAIN=registry.service.ego.io - - api-gateway: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/api-registry:prod - environment: - - APP_DOMAIN=gw.service.ego.io - - api-vault: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/api-vault:prod - command: ["vault", "server", "-config=/vault/config/server.hcl"] - environment: - - APP_DOMAIN=vault.service.ego.io - - VAULT_ADDR=https://localhost:8200 - # - VAULT_API_ADDR=https://localhost:8200 - - api-eventbus: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/api-eventbus:prod - environment: - - APP_DOMAIN=esb.service.ego.io - - api-cache: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/api-cache:prod - environment: - - APP_DOMAIN=cache.service.ego.io - - api-logger: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/api-logger:prod - environment: - - APP_DOMAIN=logger.service.ego.io - - # api-prometheus: - # image: prom/prometheus:prod # FIXME: create private image(prod/dev)... - # user: root - # environment: - # - APP_NAME=api-prometheus - - # api-grafana: - # image: grafana/grafana-oss:prod # FIXME: create private image(prod/dev)... - # environment: - # - APP_NAME=api-grafana - - db-postgres: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/db-postgres:prod - environment: - - APP_DOMAIN=postgresdb.service.ego.io - - POSTGRESQL_USERNAME=egommerce - - POSTGRESQL_DATABASE=egommerce - - # db-mongo: - # env_file: ../.env.prod - # environment: - # - APP_NAME=db-mongo - # - APP_DOMAIN=mongo-db.service.ego.io - # - MONGO_INITDB_ROOT_USERNAME=mongodb - - # API micro-services - identity-svc: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/identity-svc:prod - environment: - - APP_DOMAIN=identity.service.ego.io - - APP_PATH_PREFIX=/identity - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - catalog-svc: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/catalog-svc:prod - environment: - - APP_DOMAIN=catalog.service.ego.io - - APP_PATH_PREFIX=/catalog - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - basket-svc: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/basket-svc:prod - environment: - - APP_DOMAIN=basket.service.ego.io - - APP_PATH_PREFIX=/basket - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - pricing-svc: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/pricing-svc:prod - environment: - - APP_DOMAIN=pricing.service.ego.io - - APP_PATH_PREFIX=/pricing - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - order-svc: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/order-svc:prod - environment: - - APP_DOMAIN=order.service.ego.io - - APP_PATH_PREFIX=/order - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - # Workers (Eventbus) - basket-worker: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/basket-worker:prod - environment: - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - catalog-worker: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/catalog-worker:prod - environment: - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - pricing-worker: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/pricing-worker:prod - environment: - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 - - order-worker: - env_file: ../.env.prod - image: git.ego.cloudns.be/egommerce/order-worker:prod - environment: - - DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce - - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672 diff --git a/deploy/docker/stack.yml b/deploy/docker/stack.yml deleted file mode 100644 index aae52af..0000000 --- a/deploy/docker/stack.yml +++ /dev/null @@ -1,485 +0,0 @@ -version: "3.9" - -services: - api-registry: - image: git.ego.cloudns.be/egommerce/api-registry:latest - command: [ - "consul", - "agent", - "-config-file=/consul/config/server.hcl", - # "-config-dir=/consul/config", - "-node=registry", - "-bootstrap-expect=1" - ] - environment: - - APP_DOMAIN - - APP_NAME=api-registry - - CONSUL_HTTP_ADDR=127.0.0.1:8501 - - CONSUL_HTTP_SSL=true - - CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt - - CONSUL_CLIENT_CERT=/etc/certs/registry.crt - - CONSUL_CLIENT_KEY=/etc/certs/registry.key - - VAULT_ADDR=https://api-vault:8200 - # - VAULT_API_ADDR=https://api-vault:8200 - volumes: - - registry_data:/consul/data - - ../certs/api-registry/api-registry.crt:/etc/certs/registry.crt:ro - - ../certs/api-registry/api-registry.key:/etc/certs/registry.key:ro - - ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - # - ../bin/update-resolv:/bin/update-resolv - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - api-gateway: # consul client running as api-gateway - image: git.ego.cloudns.be/egommerce/api-registry:latest - command: [ - "consul", - "agent", - "-config-file=/consul/config/gateway.hcl", - # "-config-file=/consul/config/gateway-config.hcl", - # "-config-file=/consul/config/gateway-routes.hcl", - # "-config-dir=/consul/config", - "-node=gateway", - "-retry-join=api-registry" - ] - environment: - - APP_DOMAIN - - APP_NAME=api-gateway - - CONSUL_HTTP_ADDR=127.0.0.1:8501 - - CONSUL_HTTP_SSL=true - - CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt - - CONSUL_CLIENT_CERT=/etc/certs/gateway.crt - - CONSUL_CLIENT_KEY=/etc/certs/gateway.key - - VAULT_ADDR=https://api-vault:8200 - # - VAULT_API_ADDR=https://api-vault:8200 - volumes: - - gateway_data:/consul/data - - ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.crt:ro - - ../certs/api-gateway/api-gateway.key:/etc/certs/gateway.key:ro - - ../certs/catalog-svc/catalog-svc.crt:/etc/certs/catalog.crt:ro - - ../certs/catalog-svc/catalog-svc.key:/etc/certs/catalog.key:ro - - ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - api-vault: - image: git.ego.cloudns.be/egommerce/api-vault:latest - command: ["vault", "server", "-config=/vault/config/server.hcl"] - environment: - - APP_DOMAIN - - APP_NAME=api-vault - - REGISTRY_ADDR=api-registry - - VAULT_ADDR=https://localhost:8200 - - VAULT_API_ADDR=https://localhost:8200 - volumes: - - vault_data:/vault/data - - ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro - - ../certs/api-vault/api-vault.key:/etc/certs/vault.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - cap_add: - - IPC_LOCK - networks: - - egommerce-network - # cap_add: - # - IPC_LOCK - - api-eventbus: - image: git.ego.cloudns.be/egommerce/api-eventbus:latest - environment: - # - RABBITMQ_NODENAME=api-eventbus - - RABBITMQ_ERLANG_COOKIE=rabbitmq - - APP_DOMAIN - - APP_NAME=api-eventbus - - REGISTRY_ADDR=api-registry - volumes: - - eventbus_data:/var/lib/rabbitmq - - eventbus_logs:/var/log/rabbitmq - - ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.crt:ro - - ../certs/api-eventbus/api-eventbus.key:/etc/certs/eventbus.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - api-cache: - image: git.ego.cloudns.be/egommerce/api-cache:latest - environment: - - APP_DOMAIN - - APP_NAME=api-cache - - REGISTRY_ADDR=api-registry - volumes: - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - api-logger: - image: git.ego.cloudns.be/egommerce/api-logger:latest - environment: - - APP_DOMAIN - - APP_NAME=api-logger - - REGISTRY_ADDR=api-registry - volumes: - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - # api-prometheus: - # image: prom/prometheus:latest # FIXME: create private image(prod/dev)... - # user: root - # environment: - # - APP_DOMAIN - # - APP_NAME=api-prometheus - # - REGISTRY_ADDR=api-registry - # volumes: - # - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml - # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - # - ../bin/register-service:/bin/register-service - # - ../bin/update-resolv:/bin/update-resolv - # - /var/run/docker.sock:/var/run/docker.sock - # depends_on: - # - api-registry - # networks: - # - egommerce-network - - # api-grafana: - # image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)... - # environment: - # - APP_DOMAIN - # - APP_NAME=api-grafana - # - REGISTRY_ADDR=api-registry - # volumes: - # - grafana-db:/var/lib/grafana - # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - # - ../bin/update-resolv:/bin/update-resolv - # - ../bin/register-service:/bin/register-service - # depends_on: - # - api-registry - # networks: - # - egommerce-network - - db-postgres: - image: git.ego.cloudns.be/egommerce/db-postgres:latest - environment: - - APP_DOMAIN - - APP_NAME=db-postgres - - REGISTRY_ADDR=api-registry - - POSTGRESQL_USERNAME=postgres - - POSTGRESQL_DATABASE=postgres - - POSTGRESQL_PASSWORD=H5Gd7^37*Hka*a72 - volumes: - - postgres_data:/var/lib/postgresql/data - # - ./db_migrations/init/:/docker-entrypoint-initdb.d/ - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - # db-mongo: - # image: mongo:5.0.14 - # environment: - # - APP_DOMAIN - # - APP_NAME=mongo-db - # - REGISTRY_ADDR=api-registry - # - MONGO_INITDB_ROOT_USERNAME=mongodb - # - MONGO_INITDB_ROOT_PASSWORD - # volumes: - # - mongodb_data:/data/db - # - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - # - ../bin/register-service:/bin/register-service - # - ../bin/update-resolv:/bin/update-resolv - # depends_on: - # - api-registry - # deploy: - # mode: replicated - # replicas: 1 - # extra_hosts: - # - "host.docker.internal:host-gateway" - # networks: - # - egommerce-network - - # API micro-services - identity-svc: - image: git.ego.cloudns.be/egommerce/identity-svc:latest - environment: - - APP_NAME=identity-svc - - APP_PATH_PREFIX=/identity - - REGISTRY_ADDR=https://api-gateway:8501 - - APP_DOMAIN - - APP_KV_NAMESPACE - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/identity-svc/identity-svc.crt:/certs/client.crt:ro - - ../certs/identity-svc/identity-svc.key:/certs/client.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../db_migrations/identity-svc:/migrations - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - catalog-svc: - image: git.ego.cloudns.be/egommerce/catalog-svc:latest - environment: - - APP_NAME=catalog-svc - - APP_PATH_PREFIX=/catalog - - REGISTRY_ADDR=https://api-gateway:8501 - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/catalog-svc/catalog-svc.crt:/certs/client.crt:ro - - ../certs/catalog-svc/catalog-svc.key:/certs/client.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../db_migrations/catalog-svc:/migrations - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - basket-svc: - image: git.ego.cloudns.be/egommerce/basket-svc:latest - environment: - - APP_NAME=basket-svc - - APP_PATH_PREFIX=/basket - - REGISTRY_ADDR=https://api-gateway:8501 - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/basket-svc/basket-svc.crt:/certs/client.crt:ro - - ../certs/basket-svc/basket-svc.key:/certs/client.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../db_migrations/basket-svc:/migrations - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - order-svc: - image: git.ego.cloudns.be/egommerce/order-svc:latest - environment: - - APP_NAME=order-svc - - APP_PATH_PREFIX=/order - - REGISTRY_ADDR=https://api-gateway:8501 - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/order-svc/order-svc.crt:/certs/client.crt:ro - - ../certs/order-svc/order-svc.key:/certs/client.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../db_migrations/order-svc:/migrations - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - pricing-svc: - image: git.ego.cloudns.be/egommerce/pricing-svc:latest - environment: - - APP_NAME=pricing-svc - - APP_PATH_PREFIX=/pricing - - REGISTRY_ADDR=https://api-gateway:8501 - - APP_DOMAIN - - APP_KV_NAMESPACE - - AUTH_HANDLER_URL - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/pricing-svc/pricing-svc.crt:/certs/client.crt:ro - - ../certs/pricing-svc/pricing-svc.key:/certs/client.key:ro - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../db_migrations/pricing-svc:/migrations - - ../bin/register-service:/bin/register-service - - ../bin/update-resolv:/bin/update-resolv - depends_on: - - api-registry - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - # Workers (Eventbus) - basket-worker: - image: git.ego.cloudns.be/egommerce/basket-worker:latest - environment: - - APP_NAME=basket-worker - - APP_KV_NAMESPACE - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv:/bin/update-resolv - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - catalog-worker: - image: git.ego.cloudns.be/egommerce/catalog-worker:latest - environment: - - APP_NAME=catalog-worker - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv:/bin/update-resolv - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - pricing-worker: - image: git.ego.cloudns.be/egommerce/pricing-worker:latest - environment: - - APP_NAME=pricing-worker - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv:/bin/update-resolv - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - - order-worker: - image: git.ego.cloudns.be/egommerce/order-worker:latest - environment: - - APP_NAME=order-worker - - DATABASE_URL - - MONGODB_URL - - EVENTBUS_URL - volumes: - - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro - - ../bin/update-resolv:/bin/update-resolv - deploy: - mode: replicated - replicas: 1 - extra_hosts: - - "host.docker.internal:host-gateway" - networks: - - egommerce-network - -volumes: - postgres_data: ~ - mongodb_data: ~ - registry_data: ~ - gateway_data: ~ - vault_data: ~ - eventbus_data: ~ - eventbus_logs: ~ - # grafana-db: ~ - -networks: - # Infrastructure networks - egommerce-network: - driver: overlay diff --git a/deploy/etc/nginx/nginx-vhost.dev.conf b/deploy/etc/nginx/nginx-vhost.dev.conf deleted file mode 100644 index 7555129..0000000 --- a/deploy/etc/nginx/nginx-vhost.dev.conf +++ /dev/null @@ -1,120 +0,0 @@ -upstream egommerce-api-gw { - server 127.0.0.1:48443; -} - -upstream egommerce-api-gw-dashboard { - server 127.0.0.1:48444; -} - -upstream egommerce-api-registry-ui { - server 127.0.0.1:48445; -} - -upstream egommerce-api-eventbus-mngmt { - server 127.0.0.1:48446; -} - -server { - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/admin.egommerce.pbiernat.io/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/admin.egommerce.pbiernat.io/privkey.pem; - - server_name admin.egommerce.pbiernat.io; - - # Traefik redirects - location /dashboard { - if ($http_referer ~ (/gateway)) { - proxy_pass http://egommerce-api-gw-dashboard; - } - } - location /api { - if ($http_referer ~ (/gateway)) { - proxy_pass http://egommerce-api-gw-dashboard; - } - } - - location /gateway/ { - proxy_pass http://egommerce-api-gw-dashboard/dashboard/; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 0; - } - - # Consul redirects - location /ui { - if ($http_referer ~ (/registry)) { - proxy_pass http://egommerce-api-registry-ui; - } - } - - location /v1 { - if ($http_referer ~ (/registry)) { - proxy_pass http://egommerce-api-registry-ui; - } - } - - location /registry { - proxy_pass http://egommerce-api-registry-ui; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 0; - } - - - # RabbitMQ Mngmt redirects - location /eventbus { - return 302 /eventbus/; - } - location ~* /eventbus/api/(.*?)/(.*) { - proxy_pass http://egommerce-api-eventbus-mngmt/api/$1/%2F/$2?$query_string; - proxy_buffering off; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - location ~* /eventbus/(.*) { - rewrite ^/eventbus/(.*)$ /$1 break; - proxy_pass http://egommerce-api-eventbus-mngmt; - proxy_buffering off; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - error_log /var/log/nginx/admin-egommerce.pbiernat.io-error.log; - access_log /var/log/nginx/admin-egommerce.pbiernat.io-access.log combined; -} - -#server { -# listen 443 ssl; -# ssl_certificate /etc/letsencrypt/live/egommerce.pbiernat.io/fullchain.pem; -# ssl_certificate_key /etc/letsencrypt/live/egommerce.pbiernat.io/privkey.pem; -# -# server_name egommerce.pbiernat.io; -# -# # Pass all requests to the API Gateway -# location / { -# proxy_pass https://egommerce-api-gw; -# proxy_http_version 1.1; -# proxy_pass_header Server; -# proxy_set_header Host $host; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-Proto $scheme; -# client_max_body_size 0; -# } -# -# error_log /var/log/nginx/egommerce.pbiernat.io-error.log; -# access_log /var/log/nginx/egommerce.pbiernat.io-access.log combined; -#} - diff --git a/deploy/etc/nginx/nginx-vhost.local.conf b/deploy/etc/nginx/nginx-vhost.local.conf deleted file mode 100644 index f9fcadf..0000000 --- a/deploy/etc/nginx/nginx-vhost.local.conf +++ /dev/null @@ -1,109 +0,0 @@ -upstream egommerce-api-gw { - server 127.0.0.1:48443; -} - -upstream egommerce-api-gw-dashboard { - server 127.0.0.1:48444; -} - -upstream egommerce-api-registry-ui { - server 127.0.0.1:48445; -} - -upstream egommerce-api-eventbus-mngmt { - server 127.0.0.1:48446; -} - -server { - listen 443 ssl; - ssl_certificate /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.cert; - ssl_certificate_key /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.key; - - server_name egommerce.local; - - # Traefik redirects - location /dashboard { - if ($http_referer ~ (/gateway)) { - proxy_pass http://egommerce-api-gw-dashboard; - } - } - location /api { - if ($http_referer ~ (/gateway)) { - proxy_pass http://egommerce-api-gw-dashboard; - } - } - - location /gateway/ { - proxy_pass http://egommerce-api-gw-dashboard/dashboard/; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 0; - } - - # Consul redirects - location /ui { - if ($http_referer ~ (/registry)) { - proxy_pass http://egommerce-api-registry-ui; - } - } - - location /v1 { - if ($http_referer ~ (/registry)) { - proxy_pass http://egommerce-api-registry-ui; - } - } - - location /registry { - proxy_pass http://egommerce-api-registry-ui; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 0; - } - - - # RabbitMQ Mngmt redirects - location /eventbus { - return 302 /eventbus/; - } - location ~* /eventbus/api/(.*?)/(.*) { - proxy_pass http://egommerce-api-eventbus-mngmt/api/$1/%2F/$2?$query_string; - proxy_buffering off; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - location ~* /eventbus/(.*) { - rewrite ^/eventbus/(.*)$ /$1 break; - proxy_pass http://egommerce-api-eventbus-mngmt; - proxy_buffering off; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # Pass all requests to the API Gateway - location / { - proxy_pass https://egommerce-api-gw; - proxy_http_version 1.1; - proxy_pass_header Server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 0; - } - - error_log /var/log/nginx/egommerce.local-error.log; - access_log /var/log/nginx/egommerce.local-access.log combined; -} - diff --git a/deploy/etc/prometheus/prometheus.yml b/deploy/etc/prometheus/prometheus.yml deleted file mode 100644 index 9ef76c4..0000000 --- a/deploy/etc/prometheus/prometheus.yml +++ /dev/null @@ -1,82 +0,0 @@ -global: - scrape_interval: 10s - evaluation_interval: 10s - -# rule_files: - # - "first.rules" - # - "second.rules" - -scrape_configs: - - job_name: prometheus - static_configs: - - targets: ['localhost:9090'] - - - job_name: docker - dockerswarm_sd_configs: - - host: unix:///var/run/docker.sock - role: tasks - relabel_configs: - - source_labels: [__meta_dockerswarm_service_name, __address__] - regex: egommerce_(api-eventbus|api-gateway);(.*):(.*) - action: replace - replacement: '$2:8084' - target_label: __address__ - # - source_labels: [__meta_dockerswarm_service_name, __address__] - # regex: egommerce_api-gateway;(.*):(.*) - # action: replace - # replacement: '$1:8084' - # target_label: __address__ - # Only keep containers that should be running. - - source_labels: [__meta_dockerswarm_service_label_com_docker_stack_namespace] - regex: egommerce - action: keep - - source_labels: [__meta_dockerswarm_task_desired_state] - regex: running - action: keep - # - source_labels: [__meta_dockerswarm_network_name] - # regex: ingress - # action: keep - - source_labels: [__meta_dockerswarm_service_name] - action: replace - replacement: '$1' - target_label: instance - # - source_labels: [__meta_dockerswarm_task_desired_state] - # regex: running - # action: keep - - - # - job_name: consul - # consul_sd_configs: - # - server: api-registry:8501 - # services: - # - consul - # - basket-server - # - catalog-server - # - identity-svc - # - order-svc - # - pricing-svc - # - consul - - # - job_name: rabbitmq - # consul_sd_configs: - # - server: api-registry:8501 - # services: - # - api-eventbus - # relabel_configs: - # - source_labels: ['__meta_consul_service_address'] - # replacement: '$1:8084' - # target_label: __address__ - # - source_labels: ['__meta_consul_service_port'] - # replacement: '8084' - # target_label: __meta_consul_service_port - - # - job_name: 'api-gateway' - # static_configs: - # - targets: ['api-gateway:8084'] - # - job_name: 'api-eventbus' - # static_configs: - # - targets: ['api-eventbus:8084'] - - # - job_name: 'catalog-svc' - # static_configs: - # - targets: ['catalog-svc:8084'] diff --git a/deploy/k8s/api-cache.yml b/deploy/k8s/api-cache.yml new file mode 100644 index 0000000..5c12812 --- /dev/null +++ b/deploy/k8s/api-cache.yml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-cache + namespace: egommerce + labels: + app: api-cache +spec: + type: NodePort + selector: + app: api-cache + ports: + - port: 6379 + nodePort: 31300 +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: api-cache-metrics +# namespace: egommerce +# labels: +# app: api-cache +# spec: +# type: NodePort +# selector: +# app: api-cache +# ports: +# - port: 9121 +# nodePort: 31301 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-cache + namespace: egommerce +spec: + replicas: 1 + selector: + matchLabels: + app: api-cache + template: + metadata: + labels: + app: api-cache + spec: + containers: + - name: api-cache + image: git.ego.freeddns.org/egommerce/api-cache:dev + imagePullPolicy: Always + command: [ + "redis-server" + ] + args: [ + "/etc/redis.conf" + ] + env: + - name: APP_NAME + value: api-cache + - name: REDIS_PASSWORD + value: "12345678" + resources: + limits: + cpu: "1" + memory: 512M + ports: + - containerPort: 6379 + - name: api-cache-metrics + image: oliver006/redis_exporter:latest + args: + - --redis.addr=redis://api-cache:6379 + ports: + - containerPort: 9121 \ No newline at end of file diff --git a/deploy/k8s/api-eventbus.yml b/deploy/k8s/api-eventbus.yml new file mode 100644 index 0000000..24b10d8 --- /dev/null +++ b/deploy/k8s/api-eventbus.yml @@ -0,0 +1,66 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-eventbus + namespace: egommerce + labels: + app: api-eventbus +spec: + type: NodePort + selector: + app: api-eventbus + ports: + - name: api-eventbus-mngmnt + protocol: TCP + port: 15672 + nodePort: 31200 + # - name: api-eventbus-metrics + # protocol: TCP + # port: 15692 + # nodePort: 31201 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-eventbus + namespace: egommerce +spec: + replicas: 1 + selector: + matchLabels: + app: api-eventbus + template: + metadata: + labels: + app: api-eventbus + spec: + containers: + - name: api-eventbus + image: git.ego.freeddns.org/egommerce/api-eventbus:dev + imagePullPolicy: Always + command: [ + "rabbitmq-server" + ] + env: + - name: APP_NAME + value: api-eventbus + - name: RABBITMQ_ERLANG_COOKIE + value: rabbitmq + volumeMounts: + - name: eventbus-data + mountPath: /var/lib/rabbitmq + - name: eventbus-logs + mountPath: /var/log/rabbitmq + resources: + limits: + cpu: "1" + memory: 1G + ports: + - containerPort: 5672 + - containerPort: 15672 + - containerPort: 15692 + volumes: + - name: eventbus-data + emptyDir: + - name: eventbus-logs + emptyDir: \ No newline at end of file diff --git a/deploy/k8s/api-gateway.yml b/deploy/k8s/api-gateway.yml new file mode 100644 index 0000000..d75b9f5 --- /dev/null +++ b/deploy/k8s/api-gateway.yml @@ -0,0 +1,130 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-gateway + namespace: egommerce +spec: + type: NodePort + ports: + - name: https + port: 8443 + nodePort: 31800 + selector: + app: api-gateway +--- +kind: IngressClass +apiVersion: networking.k8s.io/v1 +metadata: + name: haproxy + namespace: egommerce +spec: + controller: haproxy.org/ingress-controller/haproxy +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: api-gateway + namespace: egommerce + annotations: + haproxy.org/server-ssl: "true" + haproxy.org/server-ca: "egommerce/ca-root" + haproxy.org/path-rewrite: | + /api/identity/(.*) /\1 + /api/catalog/(.*) /\1 +spec: + ingressClassName: haproxy + tls: + - secretName: api-gateway-cert + hosts: + - "egommerce.io" # FIXME use domain name here eg. egommerce.io + rules: + - host: egommerce.io + http: + paths: + - path: /api/identity + pathType: Prefix + backend: + service: + name: identity-svc + port: + number: 443 + # - path: /api/catalog + # pathType: Prefix + # backend: + # service: + # name: catalog-svc + # port: + # number: 443 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-gateway + namespace: egommerce +spec: + replicas: 1 + selector: + matchLabels: + app: api-gateway + template: + metadata: + labels: + app: api-gateway + spec: + restartPolicy: Always + containers: + - name: api-gateway + image: git.ego.freeddns.org/egommerce/api-gateway:dev + imagePullPolicy: Always + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 50m + memory: 256Mi + ports: + - containerPort: 8443 + args: + - --configmap=egommerce/api-gateway + - --publish-service=egommerce/api-gateway + - --ingress.class=haproxy + # - --http-bind-port=8080 + - --https-bind-port=8443 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + # runAsUser: 1000 + # runAsGroup: 1000 + # runAsNonRoot: true + # allowPrivilegeEscalation: false + # seccompProfile: + # type: RuntimeDefault + volumeMounts: + - name: root-ca + mountPath: /etc/certs/root-ca.pem + readOnly: true + volumes: + - name: root-ca + hostPath: + path: /egommerce/stack/deploy/certs/ca-root/ca-root.pem + type: File \ No newline at end of file diff --git a/deploy/k8s/api-logger.yml b/deploy/k8s/api-logger.yml new file mode 100644 index 0000000..4d24725 --- /dev/null +++ b/deploy/k8s/api-logger.yml @@ -0,0 +1,432 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-logger-loki + namespace: egommerce + labels: + app: api-logger-loki +spec: + type: NodePort + selector: + app: api-logger-loki + ports: + - protocol: TCP + port: 3100 + nodePort: 31401 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-logger-loki + namespace: egommerce + labels: + app: api-logger-loki +spec: + replicas: 1 + selector: + matchLabels: + app: api-logger-loki + template: + metadata: + labels: + app: api-logger-loki + spec: + containers: + - name: api-logger-loki + image: git.ego.freeddns.org/egommerce/api-logger-loki:dev + imagePullPolicy: Always + args: + - "-config.file=/etc/loki/loki.yaml" + ports: + - containerPort: 3100 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: api-logger-promtail-ac + namespace: egommerce + labels: + app: api-logger-promtail-ac + annotations: {} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: api-logger-promtail + namespace: egommerce + labels: + app: api-logger-promtail +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + app: api-logger-promtail + # updateStrategy: + # type: RollingUpdate + template: + metadata: + labels: + app: api-logger-promtail + annotations: + prometheus.io/port: http-metrics + prometheus.io/scrape: "true" + spec: + serviceAccountName: api-logger-promtail-ac + automountServiceAccountToken: true + containers: + - name: api-logger-promtail + image: git.ego.freeddns.org/egommerce/api-logger-promtail:dev + imagePullPolicy: Always + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: '1' + resource: limits.cpu + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: '1' + resource: limits.memory + ports: + - name: promtail-http + containerPort: 3101 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + livenessProbe: + httpGet: + path: /ready + port: promtail-http + initialDelaySeconds: 45 + readinessProbe: + httpGet: + path: /ready + port: promtail-http + initialDelaySeconds: 45 + volumeMounts: + # - name: api-logger-promtail-config + # mountPath: /etc/promtail + - name: api-logger-promtail-run + mountPath: /run/promtail + - name: api-logger-promtail-varlog + mountPath: /var/log + readOnly: true + - name: api-logger-promtail-docker + mountPath: /var/lib/docker/containers + readOnly: true + - name: api-logger-promtail-tmp + mountPath: /tmp + subPath: tmp + readOnly: false + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + terminationGracePeriodSeconds: 60 + volumes: + - name: api-logger-promtail-run + hostPath: + path: /run/promtail + - name: api-logger-promtail-varlog + hostPath: + path: /var/log + - name: api-logger-promtail-docker + hostPath: + path: /var/lib/docker/containers + - name: api-logger-promtail-tmp + emptyDir: + sizeLimit: 1Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: api-logger-prometheus-pv + namespace: egommerce +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + storageClassName: api-logger-prometheus-pv + hostPath: + path: "/home/keedosn/.egommerce/prometheus" # Ensure this path exists on the node +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: api-logger-prometheus-pvc + namespace: egommerce +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: api-logger-prometheus-pv +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: api-logger-prometheus + namespace: egommerce + labels: + name: api-logger-prometheus + annotations: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: api-logger-prometheus + namespace: egommerce + labels: + app: api-logger-prometheus +spec: + type: NodePort + selector: + app: api-logger-prometheus + ports: + - name: api-logger-prometheus + protocol: TCP + port: 9090 + nodePort: 31402 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-logger-prometheus + namespace: egommerce + labels: + app: api-logger-prometheus +spec: + # revisionHistoryLimit: 1 + # replicas: 1 + selector: + matchLabels: + app: api-logger-prometheus + template: + metadata: + labels: + app: api-logger-prometheus + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: prometheus-http + spec: + serviceAccountName: api-logger-prometheus + automountServiceAccountToken: true + securityContext: + runAsGroup: 10001 + runAsUser: 10001 + runAsNonRoot: true + containers: + - name: api-logger-prometheus + image: git.ego.freeddns.org/egommerce/api-logger-prometheus:dev + imagePullPolicy: Always + env: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: '1' + resource: limits.cpu + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: '1' + resource: limits.memory + args: + # - '--storage.tsdb.retention.time=15d' + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus/data/' + # - '--web.console.libraries=/etc/prometheus/console_libraries' + # - '--web.console.templates=/etc/prometheus/consoles' + # - '--enable-feature=concurrent-rule-eval,promql-experimental-functions,exemplar-storage,promql-per-step-stats,native-histograms' + # - '--web.enable-remote-write-receiver' + # - '--web.enable-otlp-receiver' + # - '--web.enable-lifecycle' + - '--log.level=info' + # - '--log.format=json' + ports: + - name: prometheus-http + containerPort: 9090 + # livenessProbe: + # httpGet: + # path: /-/healthy + # port: prometheus-http + # readinessProbe: + # httpGet: + # path: /-/ready + # port: prometheus-http + resources: + limits: + cpu: 150m + memory: 894Mi + requests: + cpu: 100m + memory: 512Mi + volumeMounts: + # - name: config-volume + # mountPath: /etc/prometheus + # - name: config-volume + # mountPath: /etc/config/alerting_rules.yml + # subPath: alerting_rules.yml + - name: api-logger-prometheus-storage + mountPath: /prometheus/data + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false #true DEFAULT !!! + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + volumes: + - name: api-logger-prometheus-storage + persistentVolumeClaim: + claimName: api-logger-prometheus-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: api-logger-grafana + namespace: egommerce + labels: + app: api-logger-grafana +spec: + type: NodePort + selector: + app: api-logger-grafana + ports: + - name: api-logger-grafana-api + protocol: TCP + port: 3000 + nodePort: 31400 +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: api-logger-grafana-pv + namespace: egommerce +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + storageClassName: api-logger-grafana-pv + hostPath: + path: "/home/keedosn/.egommerce/grafana" # Ensure this path exists on the node +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: api-logger-grafana-pvc + namespace: egommerce +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: api-logger-grafana-pv +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-logger-grafana + namespace: egommerce + labels: + app: api-logger-grafana +spec: + revisionHistoryLimit: 1 + replicas: 1 + selector: + matchLabels: + app: api-logger-grafana + template: + metadata: + labels: + app: api-logger-grafana + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + filter.by.port.name: "true" + spec: + automountServiceAccountToken: false + securityContext: + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + initContainers: + - name: curl + image: curlimages/curl:latest + imagePullPolicy: IfNotPresent + command: + - /bin/sh + args: + - -c + - | + which curl + volumeMounts: + - name: api-logger-grafana-storage + mountPath: /var/lib/grafana + subPath: grafana + containers: + - name: api-logger-grafana + image: git.ego.freeddns.org/egommerce/api-logger-grafana:dev + imagePullPolicy: Always + env: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: '1' + resource: limits.cpu + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: '1' + resource: limits.memory + ports: + - containerPort: 3000 + resources: + limits: + cpu: 100m + memory: 768Mi + requests: + cpu: 50m + memory: 512Mi + volumeMounts: + - name: api-logger-grafana-storage + mountPath: /var/lib/grafana + subPath: grafana + - name: api-logger-grafana-storage + mountPath: /var/lib/grafana/dashboards + subPath: dashboards + - name: api-logger-grafana-storage + mountPath: /tmp + subPath: tmp + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + volumes: + - name: api-logger-grafana-storage + persistentVolumeClaim: + claimName: api-logger-grafana-pvc \ No newline at end of file diff --git a/deploy/k8s/catalog-svc.yml b/deploy/k8s/catalog-svc.yml new file mode 100644 index 0000000..5c98294 --- /dev/null +++ b/deploy/k8s/catalog-svc.yml @@ -0,0 +1,91 @@ +apiVersion: v1 +kind: Service +metadata: + name: catalog-svc + namespace: egommerce + labels: + app: catalog-svc +spec: + type: NodePort + selector: + app: catalog-svc + ports: + - name: catalog-svc + protocol: TCP + port: 443 + nodePort: 31830 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: catalog-svc + namespace: egommerce +spec: + replicas: 1 + selector: + matchLabels: + app: catalog-svc + template: + metadata: + labels: + app: catalog-svc + spec: + containers: + - name: catalog-svc + image: git.ego.freeddns.org/egommerce/catalog-svc:dev + imagePullPolicy: Always + command: [ + "sh" + ] + args: [ + "-c", + "/app" + ] + env: + - name: APP_NAME + value: catalog-svc + - name: APP_DOMAIN + value: catalog-svc.egommerce.local + - name: APP_PATH_PREFIX + value: /catalog + - name: API_EVENTBUS_URL + value: amqp://guest:guest@api-eventbus:5672 + # - name: API_MONGODB_URL + # value: mongodb://mongodb:12345678@mongo-db:27017 + readinessProbe: + httpGet: + scheme: HTTPS + port: 443 + path: /health + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 5 + livenessProbe: + httpGet: + scheme: HTTPS + port: 443 + path: /health + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 1 + volumeMounts: + - name: catalog-cert + mountPath: /certs/catalog-svc.crt + readOnly: true + - name: catalog-key + mountPath: /certs/catalog-svc.key + resources: + limits: + cpu: "1" + memory: 512M + ports: + - containerPort: 443 + volumes: + - name: catalog-cert + hostPath: + path: /egommerce/stack/deploy/certs/catalog-svc/catalog-svc.crt + type: File + - name: catalog-key + hostPath: + path: /egommerce/stack/deploy/certs/catalog-svc/catalog-svc.key + type: File \ No newline at end of file diff --git a/deploy/k8s/db-postgres.yml b/deploy/k8s/db-postgres.yml new file mode 100644 index 0000000..14f3139 --- /dev/null +++ b/deploy/k8s/db-postgres.yml @@ -0,0 +1,119 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: db-postgres-pv + namespace: egommerce +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + storageClassName: db-postgres-pv + hostPath: + path: "/home/keedosn/.egommerce/postgres" # Ensure this path exists on the node +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: db-postgres-pvc + namespace: egommerce +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: db-postgres-pv +--- +apiVersion: v1 +kind: Service +metadata: + name: db-postgres + namespace: egommerce + labels: + app: db-postgres +spec: + type: NodePort + selector: + app: db-postgres + ports: + - name: db-postgres + protocol: TCP + port: 5432 + nodePort: 31500 +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: db-postgres-metrics +# namespace: egommerce +# labels: +# app: db-postgres +# spec: +# type: NodePort +# selector: +# app: db-postgres +# ports: +# - name: db-postgres +# protocol: TCP +# port: 9187 +# nodePort: 31501 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: db-postgres + namespace: egommerce +spec: + replicas: 1 + selector: + matchLabels: + app: db-postgres + template: + metadata: + labels: + app: db-postgres + spec: + securityContext: + runAsUser: 70 # postgres user + fsGroup: 70 # postgres user + # remember to change perms and owner of ~/.egommerce/postgres directory + containers: + - name: db-postgres + image: git.ego.freeddns.org/egommerce/db-postgres:dev + imagePullPolicy: Always + env: + - name: APP_NAME + value: db-postgres + - name: APP_DOMAIN + value: db-postgres.egommerce.local + - name: POSTGRES_USER + value: postgres + - name: POSTGRES_DB + value: egommerce + - name: POSTGRES_PASSWORD + # value: H5Gd7^37*Hka*a72 + value: "12345678" + - name: PGDATA + value: /var/lib/postgresql/data + resources: + limits: + cpu: "1" + memory: 512M + ports: + - containerPort: 5432 + volumeMounts: + - name: db-postgres-storage + mountPath: /var/lib/postgresql/data + # subPath: data + - name: db-postgres-metrics + image: prometheuscommunity/postgres-exporter:latest + ports: + - containerPort: 9187 + env: + - name: DATA_SOURCE_NAME + value: "postgresql://postgres:12345678@db-postgres:5432/egommerce" #?sslmode=disable + volumes: + - name: db-postgres-storage + persistentVolumeClaim: + claimName: db-postgres-pvc \ No newline at end of file diff --git a/deploy/k8s/identity-svc.yml b/deploy/k8s/identity-svc.yml new file mode 100644 index 0000000..402008c --- /dev/null +++ b/deploy/k8s/identity-svc.yml @@ -0,0 +1,115 @@ +apiVersion: v1 +kind: Service +metadata: + name: identity-svc + namespace: egommerce + labels: + app: identity-svc +spec: + type: NodePort + selector: + app: identity-svc + ports: + - name: identity-svc + port: 443 + nodePort: 31810 + # - name: identity-svc-metrics + # port: 9090 + # nodePort: 31811 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: identity-svc + namespace: egommerce +spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 # Number of extra pods that can be created during update + maxUnavailable: 1 # Max number of pods that can be unavailable during update + selector: + matchLabels: + app: identity-svc + template: + metadata: + labels: + app: identity-svc + spec: + # initContainers: + # - name: identity-svc-init + # image: busybox:1.28 + # command: [ + # 'sh', + # '-c', + # '/bin/migrate' + # ] + containers: + - name: identity-svc + image: git.ego.freeddns.org/egommerce/identity-svc:dev + imagePullPolicy: Always + env: + - name: APP_NAME + value: identity-svc + - name: APP_DOMAIN + value: identity-svc.egommerce.local + - name: APP_PATH_PREFIX + value: /identity + - name: API_EVENTBUS_URL + value: amqp://guest:guest@api-eventbus:5672 + - name: API_MONGODB_URL + value: mongodb://mongodb:12345678@mongo-db:27017 + readinessProbe: + httpGet: + scheme: HTTPS + port: identity-svc + path: /health + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 1 + livenessProbe: + httpGet: + scheme: HTTPS + port: identity-svc + path: /health + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 1 + volumeMounts: + - name: identity-cert + mountPath: /certs/identity-svc.crt + readOnly: true + - name: identity-key + mountPath: /certs/identity-svc.key + readOnly: true + - name: identity-migrations + mountPath: /migrations + readOnly: true + resources: + limits: + cpu: "1" + memory: 512M + ports: + - name: identity-svc + containerPort: 443 + # - name: identity-svc-metrics + # image: prom/prometheus-exporter:latest + # ports: + # - containerPort: 9090 + # args: + # - --web.listen-address=:9090 + # - --web.telemetry-path=/metrics + volumes: + - name: identity-cert + hostPath: + path: /egommerce/stack/deploy/certs/identity-svc/identity-svc.crt + type: File + - name: identity-key + hostPath: + path: /egommerce/stack/deploy/certs/identity-svc/identity-svc.key + type: File + - name: identity-migrations + hostPath: + path: /egommerce/stack/deploy/db_migrations/identity-svc + type: Directory \ No newline at end of file diff --git a/deploy/k8s/namespace.yml b/deploy/k8s/namespace.yml new file mode 100644 index 0000000..f34ff99 --- /dev/null +++ b/deploy/k8s/namespace.yml @@ -0,0 +1,6 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: egommerce + labels: + name: egommerce \ No newline at end of file diff --git a/deploy/k8s/secret.yml b/deploy/k8s/secret.yml new file mode 100644 index 0000000..7d787c1 --- /dev/null +++ b/deploy/k8s/secret.yml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: egommerce +data: + .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJnaXQuZWdvLmNsb3VkbnMuYmUiOiB7CgkJCSJhdXRoIjogImEyVmxaRzl6YmpwWGIyeHVaVFZQY0hKdlozSmhiVzkzWVc1cFpVQT0iCgkJfSwKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewoJCQkiYXV0aCI6ICJhMlZsWkc5emJqcGtiMk5yWlhKdmQyVTFiMkp5WVhwNSIKCQl9Cgl9Cn0= +type: kubernetes.io/dockerconfigjson \ No newline at end of file diff --git a/deploy/k8s/stack.dev.local.yml b/deploy/k8s/stack.dev.local.yml deleted file mode 100644 index e69de29..0000000 diff --git a/deploy/k8s/stack.dev.yml b/deploy/k8s/stack.dev.yml deleted file mode 100644 index 2accdd7..0000000 --- a/deploy/k8s/stack.dev.yml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: api-registry - labels: - app.kubernetes.io/name: api-registry -spec: - containers: - - name: api-registry - image: git.ego.cloudns.be/egommerce/api-registry:dev - resources: - limits: - cpu: "1" - memory: 512M - ports: - - containerPort: 8501 - name: api-registry-ui ---- -apiVersion: v1 -kind: Service -metadata: - name: api-registry -spec: - selector: - app.kubernetes.io/name: api-registry - ports: - - name: api-registry-ui - protocol: TCP - port: 8501 - targetPort: api-registry-ui ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: api-registry -spec: - replicas: 1 - selector: - matchLabels: - app: api-registry - template: - metadata: - labels: - app: api-registry - spec: - containers: - - name: api-registry - image: git.ego.cloudns.be/egommerce/api-registry:dev diff --git a/deploy/k8s/stack.prod.yml b/deploy/k8s/stack.prod.yml deleted file mode 100644 index 5ec2d63..0000000 --- a/deploy/k8s/stack.prod.yml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: api-registry - labels: - app.kubernetes.io/name: api-registry -spec: - containers: - - name: api-registry - image: git.ego.cloudns.be/egommerce/api-registry:prod ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: api-registry -spec: - replicas: 1 - selector: - matchLabels: - app: api-registry - template: - metadata: - labels: - app: api-registry - spec: - containers: - - name: api-registry - image: git.ego.cloudns.be/egommerce/api-registry:prod diff --git a/deploy/k8s/stack.yml b/deploy/k8s/stack.yml deleted file mode 100644 index de1793b..0000000 --- a/deploy/k8s/stack.yml +++ /dev/null @@ -1,78 +0,0 @@ -# kind: Namespace -# apiVersion: v1 -# metadata: -# name: egommerce -# labels: -# name: egommerce -# --- -apiVersion: v1 -kind: Secret -metadata: - name: docker-credentials -data: - .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJnaXQucGJpZXJuYXQuaW8iOiB7CgkJCSJhdXRoIjogImEyVmxaRzl6YmpwWGIyeHVaVFZQY0hKdlozSmhiVzkzWVc1cFpVQT0iCgkJfSwKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewoJCQkiYXV0aCI6ICJhMlZsWkc5emJqcGtiMk5yWlhKdmQyVTFiMkp5WVhwNSIKCQl9Cgl9Cn0= -type: kubernetes.io/dockerconfigjson ---- -# apiVersion: v1 -# kind: Pod -# metadata: -# name: api-registry -# labels: -# app.kubernetes.io/name: api-registry -# spec: -# hostNetwork: true -# containers: -# - name: api-registry -# image: git.pbiernat.dev/egommerce/api-registry:dev -# resources: -# limits: -# cpu: "1" -# memory: 512M -# ports: -# - containerPort: 8501 -# name: api-registry-ui -# --- -apiVersion: v1 -kind: Service -metadata: - name: api-registry -spec: - selector: - app.kubernetes.io/name: api-registry - ports: - - name: api-registry-ui - protocol: TCP - port: 8501 - targetPort: api-registry-ui ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: api-registry -spec: - replicas: 1 - selector: - matchLabels: - app: api-registry - template: - metadata: - labels: - app: api-registry - spec: - hostNetwork: true - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "git.pbiernat.io" - dnsPolicy: ClusterFirstWithHostNet - restartPolicy: Always - containers: - - name: api-registry - image: git.pbiernat.dev/egommerce/api-registry:dev - resources: - limits: - cpu: "1" - memory: 512M - ports: - - containerPort: 53 - - containerPort: 8501 diff --git a/deploy/scripts/build-register-service-binary.sh b/deploy/scripts/build-register-service-binary.sh deleted file mode 100755 index 200ca5c..0000000 --- a/deploy/scripts/build-register-service-binary.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o deploy/bin/register-service deploy/bin/register-service.go diff --git a/deploy/scripts/gen-certs.sh b/deploy/scripts/gen-certs.sh old mode 100644 new mode 100755 index 6925f95..1e5a902 --- a/deploy/scripts/gen-certs.sh +++ b/deploy/scripts/gen-certs.sh @@ -1,53 +1,45 @@ -# #!/bin/bash +#!/bin/bash export DEPLOY_DIR="./deploy" export CERTS_DIR="${DEPLOY_DIR}/certs/" -export REGISTRY_CN="registry.egommerce.local,api-registry,server.dc.ego.io,localhost" -export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:server.dc.ego.io,DNS:localhost,IP:127.0.0.1" -export GATEWAY_CN="gateway.egommerce.local,api-gatway,gateway.dc.ego.io,localhost" -export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:gateway.dc.ego.io,DNS:localhost,IP:127.0.0.1" -export VAULT_CN="vault.egommerce.local,api-vault,localhost" -export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1" -export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost" -export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,DNS:localhost,IP:127.0.0.1" -export CACHE_CN="cache.egommerce.local,api-cache,localhost" -export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,DNS:localhost,IP:127.0.0.1" -export LOGGER_CN="logger.egommerce.local,api-logger,localhost" -export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,DNS:localhost,IP:127.0.0.1" -export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus,localhost" -export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,DNS:localhost,IP:127.0.0.1" -export GRAFANA_CN="grafana.egommerce.local,api-grafana,localhost" -export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,DNS:localhost,IP:127.0.0.1" -export POSTGRES_CN="postgresdb.egommerce.local,db-postgres,localhost" -export POSTGRES_SAN="DNS:pstgresdb.egommerce.local,DNS:db-postgres,DNS:localhost,IP:127.0.0.1" -export MONGO_CN="mongo.db.egommerce.local,db-mongo,localhost" -export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,DNS:localhost,IP:127.0.0.1" -export IDENTITY_CN="gateway.egommerce.local,identity.egommerce.local" -export IDENTITY_SAN="DNS:gateway.egommerce.local,DNS:identity.egommerce.local,DNS:localhost,IP:127.0.0.1" -export CATALOG_CN="gateway.egommerce.local, catalog.egommerce.local" -export CATALOG_SAN="DNS:gateway.egommerce.local,DNS:catalog.egommerce.local,DNS:localhost,IP:127.0.0.1" -export BASKET_CN="gateway.egommerce.local" -export BASKET_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" -export ORDER_CN="gateway.egommerce.local" -export ORDER_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" -export PRICING_CN="gateway.egommerce.local" -export PRICING_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" +export GATEWAY_CN="gateway.egommerce.local,api-gatway" +export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,IP:127.0.0.1" +export EVENTBUS_CN="esb.egommerce.local,api-eventbus" +export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,IP:127.0.0.1" +export CACHE_CN="cache.egommerce.local,api-cache" +export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,IP:127.0.0.1" +export LOGGER_CN="logger.egommerce.local,api-logger" +export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,IP:127.0.0.1" +# export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus" +# export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,IP:127.0.0.1" +# export GRAFANA_CN="grafana.egommerce.local,api-grafana" +# export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,IP:127.0.0.1" +export POSTGRES_CN="db-postgres.egommerce.local,db-postgres" +export POSTGRES_SAN="DNS:db-postgres.egommerce.local,DNS:db-postgres,IP:127.0.0.1" +# export MONGO_CN="mongo.db.egommerce.local,db-mongo" +# export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,IP:127.0.0.1" +export IDENTITY_CN="identity-svc.egommerce.local" +export IDENTITY_SAN="DNS:identity-svc.egommerce.local,IP:127.0.0.1" +export CATALOG_CN="catalog-svc.egommerce.local,catalog-svc" +export CATALOG_SAN="DNS:catalog-svc.egommerce.local,DNS:catalog-svc,IP:127.0.0.1" +export BASKET_CN="basket-svc.egommerce.local,basket-svc" +export BASKET_SAN="DNS:basket-svc.egommerce.local,DNS:basket-svc,IP:127.0.0.1" +export ORDER_CN="order-svc.egommerce.local,order-svc" +export ORDER_SAN="DNS:order-svc.egommerce.local,DNS:order-svc,IP:127.0.0.1" +export PRICING_CN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc" +export PRICING_SAN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc,IP:127.0.0.1" # Create required directories mkdir -p \ ${CERTS_DIR} \ ${CERTS_DIR}ca-root \ - ${CERTS_DIR}api-registry \ ${CERTS_DIR}api-gateway \ - ${CERTS_DIR}api-vault \ ${CERTS_DIR}api-eventbus \ ${CERTS_DIR}api-cache \ ${CERTS_DIR}api-logger \ - ${CERTS_DIR}api-prometheus \ - ${CERTS_DIR}api-grafana \ ${CERTS_DIR}db-postgres \ - ${CERTS_DIR}db-mongo \ + # ${CERTS_DIR}db-mongo \ ${CERTS_DIR}identity-svc \ ${CERTS_DIR}basket-svc \ ${CERTS_DIR}catalog-svc \ @@ -59,18 +51,8 @@ mkdir -p \ # -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \ # -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null - -# Generate Registry cert -openssl req -newkey rsa:2048 -nodes \ - -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$REGISTRY_CN" \ - -keyout ${CERTS_DIR}api-registry/api-registry.key \ - -out ${CERTS_DIR}api-registry/api-registry.csr >/dev/null - -openssl x509 -req -days 365 \ - -in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \ - -out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null +# Create fullchain pem file +# cat ${CERTS_DIR}ca-root/ca-root.key ${CERTS_DIR}ca-root/ca-root.crt > ${CERTS_DIR}ca-root/ca-root.pem # Generate Gateway cert @@ -85,19 +67,8 @@ openssl x509 -req -days 365 \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \ -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null - -# Generate Vault cert -openssl req -newkey rsa:2048 -nodes \ - -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \ - -keyout ${CERTS_DIR}api-vault/api-vault.key \ - -out ${CERTS_DIR}api-vault/api-vault.csr >/dev/null - -openssl x509 -req -days 365 \ - -in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \ - -out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null - +# Create fullchain pem file +cat ${CERTS_DIR}api-gateway/api-gateway.key ${CERTS_DIR}api-gateway/api-gateway.crt > ${CERTS_DIR}api-gateway/api-gateway.pem # Generate Eventbus cert openssl req -newkey rsa:2048 -nodes \ @@ -137,33 +108,6 @@ openssl x509 -req -days 365 \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \ -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null - -# Generate Prometheus cert -openssl req -newkey rsa:2048 -nodes \ - -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \ - -keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \ - -out ${CERTS_DIR}api-prometheus/api-prometheus.csr >/dev/null - -openssl x509 -req -days 365 \ - -in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \ - -out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null - - -# Generate Grafana cert -openssl req -newkey rsa:2048 -nodes \ - -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \ - -keyout ${CERTS_DIR}api-grafana/api-grafana.key \ - -out ${CERTS_DIR}api-grafana/api-grafana.csr >/dev/null - -openssl x509 -req -days 365 \ - -in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \ - -out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null - - # Generate Postgres cert openssl req -newkey rsa:2048 -nodes \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \ @@ -178,16 +122,16 @@ openssl x509 -req -days 365 \ # Generate Mongo cert -openssl req -newkey rsa:2048 -nodes \ - -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ - -keyout ${CERTS_DIR}db-mongo/db-mongo.key \ - -out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null +# openssl req -newkey rsa:2048 -nodes \ +# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ +# -keyout ${CERTS_DIR}db-mongo/db-mongo.key \ +# -out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null -openssl x509 -req -days 365 \ - -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ - -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ - -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ - -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null +# openssl x509 -req -days 365 \ +# -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ +# -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ +# -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ +# -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null # Generate Identity cert diff --git a/deploy/scripts/init-k8s.sh b/deploy/scripts/init-k8s.sh new file mode 100644 index 0000000..9e44ff3 --- /dev/null +++ b/deploy/scripts/init-k8s.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +alias kubectl="microk8s kubectl" # MicroK8S fix + +# Install plugins +microk8s enable dns +# microk8s enable ingress +# microk8s enable storage +# microk8s enable helm3 +# microk8s enable metallb:10.64.0.100-10.64.0.200 + +# API Gateway CRDs +kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml +kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml + +# Create ca root tls secret +kubectl create secret generic ca-root --from-file=ca-root.crt=deploy/certs/ca-root/ca-root.crt -n egommerce + +# Create api-gateway tls secret +kubectl create secret tls api-gateway-cert --cert=deploy/certs/api-gateway/api-gateway.crt --key=deploy/certs/api-gateway/api-gateway.key -n egommerce + diff --git a/deploy/scripts/remove-dangling-images.sh b/deploy/scripts/remove-dangling-images.sh deleted file mode 100644 index c1e00b5..0000000 --- a/deploy/scripts/remove-dangling-images.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -docker rmi $(docker images --filter "dangling=true" -q --no-trunc) diff --git a/deploy/scripts/start-docker.sh b/deploy/scripts/start-docker.sh deleted file mode 100644 index 7b9dbb6..0000000 --- a/deploy/scripts/start-docker.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# RUN IT FORM THE REPO ROOT DIR - -echo "Starting egommerce docker stack..." -docker stack deploy --with-registry-auth --detach=false \ - --compose-file deploy/docker/stack.yml \ - --compose-file deploy/docker/stack.dev.yml \ - --compose-file deploy/docker/stack.dev.local.yml \ - egommerce - -echo "Done." diff --git a/deploy/scripts/start-k8s.sh b/deploy/scripts/start-k8s.sh index 93d7760..1ee24cb 100644 --- a/deploy/scripts/start-k8s.sh +++ b/deploy/scripts/start-k8s.sh @@ -1,12 +1,21 @@ #!/bin/sh # RUN IT FORM THE REPO ROOT DIR +alias kubectl="microk8s kubectl" # MicroK8S fix + echo "Starting egommerce k8s stack..." -kubectl apply -f deploy/k8s/stack.yml -# kubectl apply -f deploy/k8s/stack.prod.yml -# kubectl apply -f deploy/k8s/stack.dev.yml -# kubectl apply -f deploy/k8s/stack.dev.local.yml +kubectl apply -f deploy/k8s/namespace.yml +kubectl apply -f deploy/k8s/secret.yml +kubectl apply -f deploy/k8s/api-gateway.yml +kubectl apply -f deploy/k8s/api-eventbus.yml +kubectl apply -f deploy/k8s/api-cache.yml +kubectl apply -f deploy/k8s/api-logger.yml +kubectl apply -f deploy/k8s/db-postgres.yml +# kubectl apply -f deploy/k8s/db-mongo.yml + +kubectl apply -f deploy/k8s/identity-svc.yml +kubectl apply -f deploy/k8s/catalog-svc.yml echo "Done." diff --git a/deploy/scripts/stop-k8s.sh b/deploy/scripts/stop-k8s.sh new file mode 100644 index 0000000..f793945 --- /dev/null +++ b/deploy/scripts/stop-k8s.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# RUN IT FORM THE REPO ROOT DIR + +alias kubectl="microk8s kubectl" # MicroK8S fix + +echo "Stopping egommerce k8s stack..." + +kubectl delete -f deploy/k8s/identity-svc.yml +kubectl delete -f deploy/k8s/catalog-svc.yml + +# kubectl delete -f deploy/k8s/db-mongo.yml +kubectl delete -f deploy/k8s/db-postgres.yml +kubectl delete -f deploy/k8s/api-logger.yml +kubectl delete -f deploy/k8s/api-cache.yml +kubectl delete -f deploy/k8s/api-eventbus.yml +kubectl delete -f deploy/k8s/api-gateway.yml + +kubectl delete -f deploy/k8s/secret.yml +# kubectl delete -f deploy/k8s/namespace.yml + +echo "Done." diff --git a/deploy/scripts/vault-init-template.sh b/deploy/scripts/vault-init-template.sh deleted file mode 100644 index 66032f8..0000000 --- a/deploy/scripts/vault-init-template.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -vault secrets enable pki -vault secrets tune -max-lease-ttl=87600h pki - -vault write -field=certificate pki/root/generate/internal \ - common_name="ego.io" \ - ttl=87600h > CA_cert.crt - -vault write pki/config/urls \ - issuing_certificates="https://127.0.0.1:8200/v1/pki/ca" \ - crl_distribution_points="https://127.0.0.1:8200/v1/pki/crl" - -vault secrets enable -path=pki_int pki -vault secrets tune -max-lease-ttl=43800h pki_int - -vault write -format=json pki_int/intermediate/generate/internal \ - common_name="ego.io Intermediate Authority" \ - | jq -r '.data.csr' > pki_intermediate.csr - -vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \ - format=pem_bundle ttl="43800h" \ - | jq -r '.data.certificate' > intermediate.cert.pem - -vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem - -vault write pki_int/roles/ego.io \ - allowed_domains="ego.io" \ - allow_subdomains=true \ - generate_lease=true \ - max_ttl="720h" - -vault write pki_int/issue/ego.io \ - common_name="catalog.service.ego.io" \ - ttl="24h" | tee certs.txt - - -# CONFIGURE CONSUL -mkdir -p /opt/consul/agent-certs - -grep -Pzo "(?s)(?<=certificate)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.crt -grep -Pzo "(?s)(?<=private_key)[^\-]*.*?END RSA PRIVATE KEY[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.key -grep -Pzo "(?s)(?<=issuing_ca)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/ca.crt -## FIXME ^^ invalid pattern flag... - diff --git a/deploy/scripts/volumes-restart.sh b/deploy/scripts/volumes-restart.sh deleted file mode 100644 index e69de29..0000000