Removed docker swarm config
Added K8S config With big refactor
This commit is contained in:
@@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o deploy/bin/register-service deploy/bin/register-service.go
|
||||
138
deploy/scripts/gen-certs.sh
Normal file → Executable file
138
deploy/scripts/gen-certs.sh
Normal file → Executable file
@@ -1,53 +1,45 @@
|
||||
# #!/bin/bash
|
||||
#!/bin/bash
|
||||
|
||||
export DEPLOY_DIR="./deploy"
|
||||
export CERTS_DIR="${DEPLOY_DIR}/certs/"
|
||||
|
||||
export REGISTRY_CN="registry.egommerce.local,api-registry,server.dc.ego.io,localhost"
|
||||
export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:server.dc.ego.io,DNS:localhost,IP:127.0.0.1"
|
||||
export GATEWAY_CN="gateway.egommerce.local,api-gatway,gateway.dc.ego.io,localhost"
|
||||
export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:gateway.dc.ego.io,DNS:localhost,IP:127.0.0.1"
|
||||
export VAULT_CN="vault.egommerce.local,api-vault,localhost"
|
||||
export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1"
|
||||
export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost"
|
||||
export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,DNS:localhost,IP:127.0.0.1"
|
||||
export CACHE_CN="cache.egommerce.local,api-cache,localhost"
|
||||
export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,DNS:localhost,IP:127.0.0.1"
|
||||
export LOGGER_CN="logger.egommerce.local,api-logger,localhost"
|
||||
export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,DNS:localhost,IP:127.0.0.1"
|
||||
export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus,localhost"
|
||||
export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,DNS:localhost,IP:127.0.0.1"
|
||||
export GRAFANA_CN="grafana.egommerce.local,api-grafana,localhost"
|
||||
export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,DNS:localhost,IP:127.0.0.1"
|
||||
export POSTGRES_CN="postgresdb.egommerce.local,db-postgres,localhost"
|
||||
export POSTGRES_SAN="DNS:pstgresdb.egommerce.local,DNS:db-postgres,DNS:localhost,IP:127.0.0.1"
|
||||
export MONGO_CN="mongo.db.egommerce.local,db-mongo,localhost"
|
||||
export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,DNS:localhost,IP:127.0.0.1"
|
||||
export IDENTITY_CN="gateway.egommerce.local,identity.egommerce.local"
|
||||
export IDENTITY_SAN="DNS:gateway.egommerce.local,DNS:identity.egommerce.local,DNS:localhost,IP:127.0.0.1"
|
||||
export CATALOG_CN="gateway.egommerce.local, catalog.egommerce.local"
|
||||
export CATALOG_SAN="DNS:gateway.egommerce.local,DNS:catalog.egommerce.local,DNS:localhost,IP:127.0.0.1"
|
||||
export BASKET_CN="gateway.egommerce.local"
|
||||
export BASKET_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
|
||||
export ORDER_CN="gateway.egommerce.local"
|
||||
export ORDER_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
|
||||
export PRICING_CN="gateway.egommerce.local"
|
||||
export PRICING_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
|
||||
export GATEWAY_CN="gateway.egommerce.local,api-gatway"
|
||||
export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,IP:127.0.0.1"
|
||||
export EVENTBUS_CN="esb.egommerce.local,api-eventbus"
|
||||
export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,IP:127.0.0.1"
|
||||
export CACHE_CN="cache.egommerce.local,api-cache"
|
||||
export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,IP:127.0.0.1"
|
||||
export LOGGER_CN="logger.egommerce.local,api-logger"
|
||||
export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,IP:127.0.0.1"
|
||||
# export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus"
|
||||
# export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,IP:127.0.0.1"
|
||||
# export GRAFANA_CN="grafana.egommerce.local,api-grafana"
|
||||
# export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,IP:127.0.0.1"
|
||||
export POSTGRES_CN="db-postgres.egommerce.local,db-postgres"
|
||||
export POSTGRES_SAN="DNS:db-postgres.egommerce.local,DNS:db-postgres,IP:127.0.0.1"
|
||||
# export MONGO_CN="mongo.db.egommerce.local,db-mongo"
|
||||
# export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,IP:127.0.0.1"
|
||||
export IDENTITY_CN="identity-svc.egommerce.local"
|
||||
export IDENTITY_SAN="DNS:identity-svc.egommerce.local,IP:127.0.0.1"
|
||||
export CATALOG_CN="catalog-svc.egommerce.local,catalog-svc"
|
||||
export CATALOG_SAN="DNS:catalog-svc.egommerce.local,DNS:catalog-svc,IP:127.0.0.1"
|
||||
export BASKET_CN="basket-svc.egommerce.local,basket-svc"
|
||||
export BASKET_SAN="DNS:basket-svc.egommerce.local,DNS:basket-svc,IP:127.0.0.1"
|
||||
export ORDER_CN="order-svc.egommerce.local,order-svc"
|
||||
export ORDER_SAN="DNS:order-svc.egommerce.local,DNS:order-svc,IP:127.0.0.1"
|
||||
export PRICING_CN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc"
|
||||
export PRICING_SAN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc,IP:127.0.0.1"
|
||||
|
||||
# Create required directories
|
||||
mkdir -p \
|
||||
${CERTS_DIR} \
|
||||
${CERTS_DIR}ca-root \
|
||||
${CERTS_DIR}api-registry \
|
||||
${CERTS_DIR}api-gateway \
|
||||
${CERTS_DIR}api-vault \
|
||||
${CERTS_DIR}api-eventbus \
|
||||
${CERTS_DIR}api-cache \
|
||||
${CERTS_DIR}api-logger \
|
||||
${CERTS_DIR}api-prometheus \
|
||||
${CERTS_DIR}api-grafana \
|
||||
${CERTS_DIR}db-postgres \
|
||||
${CERTS_DIR}db-mongo \
|
||||
# ${CERTS_DIR}db-mongo \
|
||||
${CERTS_DIR}identity-svc \
|
||||
${CERTS_DIR}basket-svc \
|
||||
${CERTS_DIR}catalog-svc \
|
||||
@@ -59,18 +51,8 @@ mkdir -p \
|
||||
# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \
|
||||
# -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null
|
||||
|
||||
|
||||
# Generate Registry cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$REGISTRY_CN" \
|
||||
-keyout ${CERTS_DIR}api-registry/api-registry.key \
|
||||
-out ${CERTS_DIR}api-registry/api-registry.csr >/dev/null
|
||||
|
||||
openssl x509 -req -days 365 \
|
||||
-in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
||||
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
|
||||
-out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null
|
||||
# Create fullchain pem file
|
||||
# cat ${CERTS_DIR}ca-root/ca-root.key ${CERTS_DIR}ca-root/ca-root.crt > ${CERTS_DIR}ca-root/ca-root.pem
|
||||
|
||||
|
||||
# Generate Gateway cert
|
||||
@@ -85,19 +67,8 @@ openssl x509 -req -days 365 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
|
||||
-out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null
|
||||
|
||||
|
||||
# Generate Vault cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \
|
||||
-keyout ${CERTS_DIR}api-vault/api-vault.key \
|
||||
-out ${CERTS_DIR}api-vault/api-vault.csr >/dev/null
|
||||
|
||||
openssl x509 -req -days 365 \
|
||||
-in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
||||
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
|
||||
-out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null
|
||||
|
||||
# Create fullchain pem file
|
||||
cat ${CERTS_DIR}api-gateway/api-gateway.key ${CERTS_DIR}api-gateway/api-gateway.crt > ${CERTS_DIR}api-gateway/api-gateway.pem
|
||||
|
||||
# Generate Eventbus cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
@@ -137,33 +108,6 @@ openssl x509 -req -days 365 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
|
||||
-out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null
|
||||
|
||||
|
||||
# Generate Prometheus cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \
|
||||
-keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \
|
||||
-out ${CERTS_DIR}api-prometheus/api-prometheus.csr >/dev/null
|
||||
|
||||
openssl x509 -req -days 365 \
|
||||
-in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
||||
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
|
||||
-out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null
|
||||
|
||||
|
||||
# Generate Grafana cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \
|
||||
-keyout ${CERTS_DIR}api-grafana/api-grafana.key \
|
||||
-out ${CERTS_DIR}api-grafana/api-grafana.csr >/dev/null
|
||||
|
||||
openssl x509 -req -days 365 \
|
||||
-in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
||||
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
|
||||
-out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null
|
||||
|
||||
|
||||
# Generate Postgres cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \
|
||||
@@ -178,16 +122,16 @@ openssl x509 -req -days 365 \
|
||||
|
||||
|
||||
# Generate Mongo cert
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \
|
||||
-keyout ${CERTS_DIR}db-mongo/db-mongo.key \
|
||||
-out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null
|
||||
# openssl req -newkey rsa:2048 -nodes \
|
||||
# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \
|
||||
# -keyout ${CERTS_DIR}db-mongo/db-mongo.key \
|
||||
# -out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null
|
||||
|
||||
openssl x509 -req -days 365 \
|
||||
-in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
||||
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
||||
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
|
||||
-out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null
|
||||
# openssl x509 -req -days 365 \
|
||||
# -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
|
||||
# -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
|
||||
# -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
|
||||
# -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null
|
||||
|
||||
|
||||
# Generate Identity cert
|
||||
|
||||
21
deploy/scripts/init-k8s.sh
Normal file
21
deploy/scripts/init-k8s.sh
Normal file
@@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
|
||||
alias kubectl="microk8s kubectl" # MicroK8S fix
|
||||
|
||||
# Install plugins
|
||||
microk8s enable dns
|
||||
# microk8s enable ingress
|
||||
# microk8s enable storage
|
||||
# microk8s enable helm3
|
||||
# microk8s enable metallb:10.64.0.100-10.64.0.200
|
||||
|
||||
# API Gateway CRDs
|
||||
kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml
|
||||
kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml
|
||||
|
||||
# Create ca root tls secret
|
||||
kubectl create secret generic ca-root --from-file=ca-root.crt=deploy/certs/ca-root/ca-root.crt -n egommerce
|
||||
|
||||
# Create api-gateway tls secret
|
||||
kubectl create secret tls api-gateway-cert --cert=deploy/certs/api-gateway/api-gateway.crt --key=deploy/certs/api-gateway/api-gateway.key -n egommerce
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
docker rmi $(docker images --filter "dangling=true" -q --no-trunc)
|
||||
@@ -1,11 +0,0 @@
|
||||
#!/bin/sh
|
||||
# RUN IT FORM THE REPO ROOT DIR
|
||||
|
||||
echo "Starting egommerce docker stack..."
|
||||
docker stack deploy --with-registry-auth --detach=false \
|
||||
--compose-file deploy/docker/stack.yml \
|
||||
--compose-file deploy/docker/stack.dev.yml \
|
||||
--compose-file deploy/docker/stack.dev.local.yml \
|
||||
egommerce
|
||||
|
||||
echo "Done."
|
||||
@@ -1,12 +1,21 @@
|
||||
#!/bin/sh
|
||||
# RUN IT FORM THE REPO ROOT DIR
|
||||
|
||||
alias kubectl="microk8s kubectl" # MicroK8S fix
|
||||
|
||||
echo "Starting egommerce k8s stack..."
|
||||
|
||||
kubectl apply -f deploy/k8s/stack.yml
|
||||
# kubectl apply -f deploy/k8s/stack.prod.yml
|
||||
# kubectl apply -f deploy/k8s/stack.dev.yml
|
||||
# kubectl apply -f deploy/k8s/stack.dev.local.yml
|
||||
kubectl apply -f deploy/k8s/namespace.yml
|
||||
kubectl apply -f deploy/k8s/secret.yml
|
||||
|
||||
kubectl apply -f deploy/k8s/api-gateway.yml
|
||||
kubectl apply -f deploy/k8s/api-eventbus.yml
|
||||
kubectl apply -f deploy/k8s/api-cache.yml
|
||||
kubectl apply -f deploy/k8s/api-logger.yml
|
||||
kubectl apply -f deploy/k8s/db-postgres.yml
|
||||
# kubectl apply -f deploy/k8s/db-mongo.yml
|
||||
|
||||
kubectl apply -f deploy/k8s/identity-svc.yml
|
||||
kubectl apply -f deploy/k8s/catalog-svc.yml
|
||||
|
||||
echo "Done."
|
||||
|
||||
21
deploy/scripts/stop-k8s.sh
Normal file
21
deploy/scripts/stop-k8s.sh
Normal file
@@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
# RUN IT FORM THE REPO ROOT DIR
|
||||
|
||||
alias kubectl="microk8s kubectl" # MicroK8S fix
|
||||
|
||||
echo "Stopping egommerce k8s stack..."
|
||||
|
||||
kubectl delete -f deploy/k8s/identity-svc.yml
|
||||
kubectl delete -f deploy/k8s/catalog-svc.yml
|
||||
|
||||
# kubectl delete -f deploy/k8s/db-mongo.yml
|
||||
kubectl delete -f deploy/k8s/db-postgres.yml
|
||||
kubectl delete -f deploy/k8s/api-logger.yml
|
||||
kubectl delete -f deploy/k8s/api-cache.yml
|
||||
kubectl delete -f deploy/k8s/api-eventbus.yml
|
||||
kubectl delete -f deploy/k8s/api-gateway.yml
|
||||
|
||||
kubectl delete -f deploy/k8s/secret.yml
|
||||
# kubectl delete -f deploy/k8s/namespace.yml
|
||||
|
||||
echo "Done."
|
||||
@@ -1,45 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
vault secrets enable pki
|
||||
vault secrets tune -max-lease-ttl=87600h pki
|
||||
|
||||
vault write -field=certificate pki/root/generate/internal \
|
||||
common_name="ego.io" \
|
||||
ttl=87600h > CA_cert.crt
|
||||
|
||||
vault write pki/config/urls \
|
||||
issuing_certificates="https://127.0.0.1:8200/v1/pki/ca" \
|
||||
crl_distribution_points="https://127.0.0.1:8200/v1/pki/crl"
|
||||
|
||||
vault secrets enable -path=pki_int pki
|
||||
vault secrets tune -max-lease-ttl=43800h pki_int
|
||||
|
||||
vault write -format=json pki_int/intermediate/generate/internal \
|
||||
common_name="ego.io Intermediate Authority" \
|
||||
| jq -r '.data.csr' > pki_intermediate.csr
|
||||
|
||||
vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \
|
||||
format=pem_bundle ttl="43800h" \
|
||||
| jq -r '.data.certificate' > intermediate.cert.pem
|
||||
|
||||
vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem
|
||||
|
||||
vault write pki_int/roles/ego.io \
|
||||
allowed_domains="ego.io" \
|
||||
allow_subdomains=true \
|
||||
generate_lease=true \
|
||||
max_ttl="720h"
|
||||
|
||||
vault write pki_int/issue/ego.io \
|
||||
common_name="catalog.service.ego.io" \
|
||||
ttl="24h" | tee certs.txt
|
||||
|
||||
|
||||
# CONFIGURE CONSUL
|
||||
mkdir -p /opt/consul/agent-certs
|
||||
|
||||
grep -Pzo "(?s)(?<=certificate)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.crt
|
||||
grep -Pzo "(?s)(?<=private_key)[^\-]*.*?END RSA PRIVATE KEY[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.key
|
||||
grep -Pzo "(?s)(?<=issuing_ca)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/ca.crt
|
||||
## FIXME ^^ invalid pattern flag...
|
||||
|
||||
Reference in New Issue
Block a user