egommerce/stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed docker swarm config

Browse Source 
Added K8S config
With big refactor
This commit is contained in:
PB
2025-10-20 13:51:45 +02:00
parent fa62c0b817
commit 0938338b99
40 changed files with 1147 additions and 1675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,3 +1,3 @@
.idea/ .idea/
#*.local.yml deploy/certs/

19
Makefile
View File

@@ -1,22 +1,13 @@
DEPLOY_DIR := ./deploy DEPLOY_DIR := ./deploy
init:
- sh ${DEPLOY_DIR}/scripts/init-k8s.sh
up: up:
- sh ${DEPLOY_DIR}/scripts/start-docker.sh
down:
- docker stack rm egommerce
k8s-up:
- sh ${DEPLOY_DIR}/scripts/start-k8s.sh - sh ${DEPLOY_DIR}/scripts/start-k8s.sh
k8s-down: down:
- kubectl delete -f deploy/k8s/stack.yml - sh ${DEPLOY_DIR}/scripts/stop-k8s.sh
# GENERATING CERTS
certs: certs:
- bash ${DEPLOY_DIR}/scripts/gen-certs.sh - bash ${DEPLOY_DIR}/scripts/gen-certs.sh
volumes-restart:
- docker stack rm egommerce
- docker volume prune -af
- sh ${DEPLOY_DIR}/start-stack.sh

15
README.md
View File

@@ -1,4 +1,4 @@
# Egommerce docker stack # Egommerce K8S stack
## Start ## Start
@@ -8,16 +8,7 @@
# $ make down # $ make down
# Egommerce K8S stack (currently experimental)
## Start
# $ make k8s-up
## Shutdown
# $ make k8s-down
## Maintenance ## Maintenance
# Generate certs
### If certificate doesn't work try to copy contents of the key file at the end of the cert file. # $ make certs

6
deploy/.env.dist
View File

@@ -1,6 +0,0 @@
API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443
# REGISTRY_ADDR=registry.service.ego.io
REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501

6
deploy/.env.local
View File

@@ -1,6 +0,0 @@
API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443
# REGISTRY_ADDR=registry.service.ego.io
#REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501

6
deploy/.env.prod
View File

@@ -1,6 +0,0 @@
API_GATEWAY_ADDR=gw.service.ego.io
API_GATEWAY_PORT=443
# REGISTRY_ADDR=registry.service.ego.io
#REGISTRY_ADDR=api-registry
API_REGISTRY_PORT=8501

BIN
deploy/bin/register-service
View File

Binary file not shown.

57
deploy/bin/register-service.go
View File

@@ -1,57 +0,0 @@
package main
import (
"log"
"net"
"net/http"
"os"
"strings"
)
func main() {
addr, port := env("REGISTRY_ADDR", "api-registry"), env("API_REGISTRY_PORT", "8501")
regUrl := "https://" + addr + ":" + port + "/v1/agent/service/register?replace-existing-checks=true"
regData, err := os.ReadFile("/.app.config")
if err != nil {
log.Fatal(err)
}
ip := getIP()
strRegData := string(regData)
strRegData = strings.Replace(strRegData, "__IP__", ip, -1)
req, err := http.NewRequest(http.MethodPut, regUrl, strings.NewReader(strRegData))
if err != nil {
log.Fatal(err)
}
resp, err := http.DefaultClient.Do(req)
if err != nil {
log.Printf(err.Error())
log.Fatal(err)
}
var respBody []byte
resp.Body.Read(respBody)
log.Printf("Successfully registered")
}
func env(name, def string) string {
val := os.Getenv(name)
if len(val) == 0 {
return def
}
return val
}
func getIP() string {
host, _ := os.Hostname()
ips, _ := net.LookupIP(host)
for _, ip := range ips {
return ip.String()
}
return host
}

9
deploy/bin/update-resolv
View File

@@ -1,9 +0,0 @@
#!/usr/bin/env sh
# modify /etc/resolv.conf
registryIP=$(nslookup -type=A api-registry. | awk '/^Name:/ {c=2;N=$2} !--c {print N,$2}' | awk '{printf "%s", $2}')
resolvFile=$(cat /etc/resolv.conf)
echo -e "nameserver $registryIP" >>/etc/resolv.conf
# echo "$registryIP registry.service.ego.io" >> /etc/hosts # Add consul host with static IP (consul register itself as 127.0.0.1)
# nslookup api-registry

4
deploy/certs/.gitignore vendored
View File

@@ -1,4 +0,0 @@
# Ignore everything in this directory
*
# Except this file
!.gitignore

3
deploy/db_migrations/init/init.sql
View File

@@ -4,3 +4,6 @@ CREATE DATABASE egommerce;
GRANT ALL PRIVILEGES ON DATABASE egommerce TO egommerce; GRANT ALL PRIVILEGES ON DATABASE egommerce TO egommerce;
CREATE EXTENSION IF NOT EXISTS "pgcrypto"; CREATE EXTENSION IF NOT EXISTS "pgcrypto";
CREATE SCHEMA "identity-svc"
AUTHORIZATION postgres;

179
deploy/docker/stack.dev.local.yml
View File

@@ -1,179 +0,0 @@
version: "3.9"
services:
api-registry:
env_file: ../.env.local
environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes:
- ../certs/api-registry/api-registry.crt:/etc/certs/registry.local.crt:ro
# - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro
api-gateway:
env_file: ../.env.local
environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes:
- ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.local.crt:ro
# - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro
api-vault:
env_file: ../.env.local
# command: ["vault", "server", "-dev", "-dev-tls", "-dev-listen-address=0.0.0.0:8200", "-dev-root-token-id=dev-vault-token"]
environment:
- CONSUL_HTTP_TOKEN=784746ec-0d5d-fb12-1a79-95f912dcaabd
- VAULT_TOKEN=hvs.s6d6dyijMAyJ6b0WQYdjadZG # ROOT TOKEN
# - VAULT_TOKEN=hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE
volumes:
- ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro
# - ../certs/ca/vault-root.pem:/usr/local/share/ca-certificates/vaultCA.pem:ro
ports:
- 48250:8200
api-eventbus:
env_file: ../.env.local
volumes:
- ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.local.crt:ro
# - ../certs/api-eventbus/eventbus.key:/etc/certs/eventbus.local.key:ro
labels:
- traefik.tcp.routers.eventbus.rule=HostSNI(`esb.service.ego.io`)
ports:
- 48200:15672
- 48201:5672
api-cache:
env_file: ../.env.local
command: ["redis-server", "/etc/redis.conf", "--requirepass", "12345678"]
ports:
- 48300:6379
api-logger:
env_file: ../.env.local
ports:
- 48400:24224
# api-prometheus:
# ports:
# - 9090:9090
# api-grafana:
# ports:
# - 3000:3000
db-postgres:
env_file: ../.env.local
ports:
- 48500:5432
# db-mongo:
# env_file: ../.env.local
# environment:
# - APP_DOMAIN=mongodb.egommerce.local # FIXME
# ports:
# - 48600:27017
identity-svc:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
# - EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 48780:443
catalog-svc:
deploy:
mode: replicated
replicas: 1
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 48781:443
basket-svc:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 48782:443
order-svc:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 48783:443
pricing-svc:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
ports:
- 48784:443
# Workers (EventBus)
basket-worker:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
catalog-worker:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
pricing-worker:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672
order-worker:
deploy:
mode: replicated
replicas: 0
env_file: ../.env.local
environment:
- DATABASE_URL=postgres://postgres:12345678@postgres-db:5432/egommerce
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
- EVENTBUS_URL=amqp://guest:guest@api-eventbus:5672

126
deploy/docker/stack.dev.yml
View File

@@ -1,126 +0,0 @@
version: "3.9"
services:
api-registry:
image: git.ego.cloudns.be/egommerce/api-registry:dev
environment:
- APP_DOMAIN=registry.service.ego.io
# - VAULT_API_ADDR=https://api-vault:8200
# - ENVOY_VERSION_STRING=1.26.3
ports:
- 48100:8501
api-gateway:
image: git.ego.cloudns.be/egommerce/api-registry:dev
environment:
- APP_DOMAIN=gw.service.ego.io
# - ENVOY_VERSION_STRING=1.26.3
ports:
- 48101:8501
- 48443:8443 # consul & envoy api gateway port
api-vault:
image: git.ego.cloudns.be/egommerce/api-vault:dev
environment:
- APP_DOMAIN=vault.service.ego.io
- CONSUL_HTTP_ADDR=https://api-registry:8501
api-eventbus:
image: git.ego.cloudns.be/egommerce/api-eventbus:dev
environment:
- APP_DOMAIN=esb.service.ego.io
# - RABBITMQ_NODENAME=api-eventbus
# - RABBITMQ_USE_LONGNAME=true
# - RABBITMQ_DEFAULT_USER = admin
# - RABBITMQ_DEFAULT_PASS = passw123
api-cache:
image: git.ego.cloudns.be/egommerce/api-cache:dev
environment:
- APP_DOMAIN=cache.service.ego.io
- PASSWORD=12345678
api-logger:
image: git.ego.cloudns.be/egommerce/api-logger:dev
environment:
- APP_DOMAIN=logger.service.ego.io
# api-prometheus:
# image: prom/prometheus:latest # FIXME: create private image(prod/dev)...
# environment:
# - APP_DOMAIN=prometheus.service.ego.io
# api-grafana:
# image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)...
# environment:
# - APP_DOMAIN=grafana.service.ego.io
db-postgres:
image: git.ego.cloudns.be/egommerce/db-postgres:dev
environment:
- APP_DOMAIN=postgresdb.service.ego.io
- POSTGRESQL_PASSWORD=12345678
# db-mongo:
# environment:
# - MONGO_INITDB_ROOT_PASSWORD=12345678
# API micro-services
identity-svc:
image: git.ego.cloudns.be/egommerce/identity-svc:dev
environment:
# - SERVER_ADDR=basket.service.ego.io
- APP_DOMAIN=identity.service.ego.io
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
catalog-svc:
image: git.ego.cloudns.be/egommerce/catalog-svc:dev
environment:
# - REGISTRY_USE_DOMAIN_OVER_IP=false
- APP_DOMAIN=catalog.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
basket-svc:
image: git.ego.cloudns.be/egommerce/basket-svc:dev
environment:
- APP_DOMAIN=basket.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
order-svc:
image: git.ego.cloudns.be/egommerce/order-svc:dev
environment:
- APP_DOMAIN=order.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
# volumes:
# - ../etc/resolv.conf:/etc/resolv.conf
pricing-svc:
image: git.ego.cloudns.be/egommerce/pricing-svc:dev
environment:
- APP_DOMAIN=pricing.service.ego.io
- AUTH_HANDLER_URL=https://identity.service.ego.io/api/v1/traefik
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
# Workers (Eventbus)
basket-worker:
image: git.ego.cloudns.be/egommerce/basket-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
catalog-worker:
image: git.ego.cloudns.be/egommerce/catalog-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
pricing-worker:
image: git.ego.cloudns.be/egommerce/pricing-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017
order-worker:
image: git.ego.cloudns.be/egommerce/order-worker:dev
environment:
- MONGODB_URL=mongodb://mongodb:12345678@mongo-db:27017

142
deploy/docker/stack.prod.yml
View File

@@ -1,142 +0,0 @@
version: "3.9"
services:
api-registry:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/api-registry:prod
environment:
- APP_DOMAIN=registry.service.ego.io
api-gateway:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/api-registry:prod
environment:
- APP_DOMAIN=gw.service.ego.io
api-vault:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/api-vault:prod
command: ["vault", "server", "-config=/vault/config/server.hcl"]
environment:
- APP_DOMAIN=vault.service.ego.io
- VAULT_ADDR=https://localhost:8200
# - VAULT_API_ADDR=https://localhost:8200
api-eventbus:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/api-eventbus:prod
environment:
- APP_DOMAIN=esb.service.ego.io
api-cache:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/api-cache:prod
environment:
- APP_DOMAIN=cache.service.ego.io
api-logger:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/api-logger:prod
environment:
- APP_DOMAIN=logger.service.ego.io
# api-prometheus:
# image: prom/prometheus:prod # FIXME: create private image(prod/dev)...
# user: root
# environment:
# - APP_NAME=api-prometheus
# api-grafana:
# image: grafana/grafana-oss:prod # FIXME: create private image(prod/dev)...
# environment:
# - APP_NAME=api-grafana
db-postgres:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/db-postgres:prod
environment:
- APP_DOMAIN=postgresdb.service.ego.io
- POSTGRESQL_USERNAME=egommerce
- POSTGRESQL_DATABASE=egommerce
# db-mongo:
# env_file: ../.env.prod
# environment:
# - APP_NAME=db-mongo
# - APP_DOMAIN=mongo-db.service.ego.io
# - MONGO_INITDB_ROOT_USERNAME=mongodb
# API micro-services
identity-svc:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/identity-svc:prod
environment:
- APP_DOMAIN=identity.service.ego.io
- APP_PATH_PREFIX=/identity
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
catalog-svc:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/catalog-svc:prod
environment:
- APP_DOMAIN=catalog.service.ego.io
- APP_PATH_PREFIX=/catalog
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
basket-svc:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/basket-svc:prod
environment:
- APP_DOMAIN=basket.service.ego.io
- APP_PATH_PREFIX=/basket
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
pricing-svc:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/pricing-svc:prod
environment:
- APP_DOMAIN=pricing.service.ego.io
- APP_PATH_PREFIX=/pricing
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
order-svc:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/order-svc:prod
environment:
- APP_DOMAIN=order.service.ego.io
- APP_PATH_PREFIX=/order
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
# Workers (Eventbus)
basket-worker:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/basket-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
catalog-worker:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/catalog-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
pricing-worker:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/pricing-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672
order-worker:
env_file: ../.env.prod
image: git.ego.cloudns.be/egommerce/order-worker:prod
environment:
- DATABASE_URL=postgres://postgres:12345678@postgresdb.service.ego.io:5432/egommerce
- EVENTBUS_URL=amqp://guest:guest@esb.service.ego.io:5672

485
deploy/docker/stack.yml
View File

@@ -1,485 +0,0 @@
version: "3.9"
services:
api-registry:
image: git.ego.cloudns.be/egommerce/api-registry:latest
command: [
"consul",
"agent",
"-config-file=/consul/config/server.hcl",
# "-config-dir=/consul/config",
"-node=registry",
"-bootstrap-expect=1"
]
environment:
- APP_DOMAIN
- APP_NAME=api-registry
- CONSUL_HTTP_ADDR=127.0.0.1:8501
- CONSUL_HTTP_SSL=true
- CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt
- CONSUL_CLIENT_CERT=/etc/certs/registry.crt
- CONSUL_CLIENT_KEY=/etc/certs/registry.key
- VAULT_ADDR=https://api-vault:8200
# - VAULT_API_ADDR=https://api-vault:8200
volumes:
- registry_data:/consul/data
- ../certs/api-registry/api-registry.crt:/etc/certs/registry.crt:ro
- ../certs/api-registry/api-registry.key:/etc/certs/registry.key:ro
- ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
# - ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
api-gateway: # consul client running as api-gateway
image: git.ego.cloudns.be/egommerce/api-registry:latest
command: [
"consul",
"agent",
"-config-file=/consul/config/gateway.hcl",
# "-config-file=/consul/config/gateway-config.hcl",
# "-config-file=/consul/config/gateway-routes.hcl",
# "-config-dir=/consul/config",
"-node=gateway",
"-retry-join=api-registry"
]
environment:
- APP_DOMAIN
- APP_NAME=api-gateway
- CONSUL_HTTP_ADDR=127.0.0.1:8501
- CONSUL_HTTP_SSL=true
- CONSUL_CACERT=/usr/share/pki/ca-trust-source/anchors/internalCA.crt
- CONSUL_CLIENT_CERT=/etc/certs/gateway.crt
- CONSUL_CLIENT_KEY=/etc/certs/gateway.key
- VAULT_ADDR=https://api-vault:8200
# - VAULT_API_ADDR=https://api-vault:8200
volumes:
- gateway_data:/consul/data
- ../certs/api-gateway/api-gateway.crt:/etc/certs/gateway.crt:ro
- ../certs/api-gateway/api-gateway.key:/etc/certs/gateway.key:ro
- ../certs/catalog-svc/catalog-svc.crt:/etc/certs/catalog.crt:ro
- ../certs/catalog-svc/catalog-svc.key:/etc/certs/catalog.key:ro
- ../certs/ca-root/ca-root.crt:/usr/share/pki/ca-trust-source/anchors/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
api-vault:
image: git.ego.cloudns.be/egommerce/api-vault:latest
command: ["vault", "server", "-config=/vault/config/server.hcl"]
environment:
- APP_DOMAIN
- APP_NAME=api-vault
- REGISTRY_ADDR=api-registry
- VAULT_ADDR=https://localhost:8200
- VAULT_API_ADDR=https://localhost:8200
volumes:
- vault_data:/vault/data
- ../certs/api-vault/api-vault.crt:/etc/certs/vault.crt:ro
- ../certs/api-vault/api-vault.key:/etc/certs/vault.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
cap_add:
- IPC_LOCK
networks:
- egommerce-network
# cap_add:
# - IPC_LOCK
api-eventbus:
image: git.ego.cloudns.be/egommerce/api-eventbus:latest
environment:
# - RABBITMQ_NODENAME=api-eventbus
- RABBITMQ_ERLANG_COOKIE=rabbitmq
- APP_DOMAIN
- APP_NAME=api-eventbus
- REGISTRY_ADDR=api-registry
volumes:
- eventbus_data:/var/lib/rabbitmq
- eventbus_logs:/var/log/rabbitmq
- ../certs/api-eventbus/api-eventbus.crt:/etc/certs/eventbus.crt:ro
- ../certs/api-eventbus/api-eventbus.key:/etc/certs/eventbus.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
api-cache:
image: git.ego.cloudns.be/egommerce/api-cache:latest
environment:
- APP_DOMAIN
- APP_NAME=api-cache
- REGISTRY_ADDR=api-registry
volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
api-logger:
image: git.ego.cloudns.be/egommerce/api-logger:latest
environment:
- APP_DOMAIN
- APP_NAME=api-logger
- REGISTRY_ADDR=api-registry
volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
# api-prometheus:
# image: prom/prometheus:latest # FIXME: create private image(prod/dev)...
# user: root
# environment:
# - APP_DOMAIN
# - APP_NAME=api-prometheus
# - REGISTRY_ADDR=api-registry
# volumes:
# - ../etc/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/register-service:/bin/register-service
# - ../bin/update-resolv:/bin/update-resolv
# - /var/run/docker.sock:/var/run/docker.sock
# depends_on:
# - api-registry
# networks:
# - egommerce-network
# api-grafana:
# image: grafana/grafana-oss:latest # FIXME: create private image(prod/dev)...
# environment:
# - APP_DOMAIN
# - APP_NAME=api-grafana
# - REGISTRY_ADDR=api-registry
# volumes:
# - grafana-db:/var/lib/grafana
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/update-resolv:/bin/update-resolv
# - ../bin/register-service:/bin/register-service
# depends_on:
# - api-registry
# networks:
# - egommerce-network
db-postgres:
image: git.ego.cloudns.be/egommerce/db-postgres:latest
environment:
- APP_DOMAIN
- APP_NAME=db-postgres
- REGISTRY_ADDR=api-registry
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_DATABASE=postgres
- POSTGRESQL_PASSWORD=H5Gd7^37*Hka*a72
volumes:
- postgres_data:/var/lib/postgresql/data
# - ./db_migrations/init/:/docker-entrypoint-initdb.d/
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
# db-mongo:
# image: mongo:5.0.14
# environment:
# - APP_DOMAIN
# - APP_NAME=mongo-db
# - REGISTRY_ADDR=api-registry
# - MONGO_INITDB_ROOT_USERNAME=mongodb
# - MONGO_INITDB_ROOT_PASSWORD
# volumes:
# - mongodb_data:/data/db
# - ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
# - ../bin/register-service:/bin/register-service
# - ../bin/update-resolv:/bin/update-resolv
# depends_on:
# - api-registry
# deploy:
# mode: replicated
# replicas: 1
# extra_hosts:
# - "host.docker.internal:host-gateway"
# networks:
# - egommerce-network
# API micro-services
identity-svc:
image: git.ego.cloudns.be/egommerce/identity-svc:latest
environment:
- APP_NAME=identity-svc
- APP_PATH_PREFIX=/identity
- REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN
- APP_KV_NAMESPACE
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/identity-svc/identity-svc.crt:/certs/client.crt:ro
- ../certs/identity-svc/identity-svc.key:/certs/client.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/identity-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
catalog-svc:
image: git.ego.cloudns.be/egommerce/catalog-svc:latest
environment:
- APP_NAME=catalog-svc
- APP_PATH_PREFIX=/catalog
- REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/catalog-svc/catalog-svc.crt:/certs/client.crt:ro
- ../certs/catalog-svc/catalog-svc.key:/certs/client.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/catalog-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
basket-svc:
image: git.ego.cloudns.be/egommerce/basket-svc:latest
environment:
- APP_NAME=basket-svc
- APP_PATH_PREFIX=/basket
- REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/basket-svc/basket-svc.crt:/certs/client.crt:ro
- ../certs/basket-svc/basket-svc.key:/certs/client.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/basket-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
order-svc:
image: git.ego.cloudns.be/egommerce/order-svc:latest
environment:
- APP_NAME=order-svc
- APP_PATH_PREFIX=/order
- REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/order-svc/order-svc.crt:/certs/client.crt:ro
- ../certs/order-svc/order-svc.key:/certs/client.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/order-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
pricing-svc:
image: git.ego.cloudns.be/egommerce/pricing-svc:latest
environment:
- APP_NAME=pricing-svc
- APP_PATH_PREFIX=/pricing
- REGISTRY_ADDR=https://api-gateway:8501
- APP_DOMAIN
- APP_KV_NAMESPACE
- AUTH_HANDLER_URL
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/pricing-svc/pricing-svc.crt:/certs/client.crt:ro
- ../certs/pricing-svc/pricing-svc.key:/certs/client.key:ro
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../db_migrations/pricing-svc:/migrations
- ../bin/register-service:/bin/register-service
- ../bin/update-resolv:/bin/update-resolv
depends_on:
- api-registry
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
# Workers (Eventbus)
basket-worker:
image: git.ego.cloudns.be/egommerce/basket-worker:latest
environment:
- APP_NAME=basket-worker
- APP_KV_NAMESPACE
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
catalog-worker:
image: git.ego.cloudns.be/egommerce/catalog-worker:latest
environment:
- APP_NAME=catalog-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
pricing-worker:
image: git.ego.cloudns.be/egommerce/pricing-worker:latest
environment:
- APP_NAME=pricing-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
order-worker:
image: git.ego.cloudns.be/egommerce/order-worker:latest
environment:
- APP_NAME=order-worker
- DATABASE_URL
- MONGODB_URL
- EVENTBUS_URL
volumes:
- ../certs/ca-root/ca-root.crt:/usr/local/share/ca-certificates/internalCA.crt:ro
- ../bin/update-resolv:/bin/update-resolv
deploy:
mode: replicated
replicas: 1
extra_hosts:
- "host.docker.internal:host-gateway"
networks:
- egommerce-network
volumes:
postgres_data: ~
mongodb_data: ~
registry_data: ~
gateway_data: ~
vault_data: ~
eventbus_data: ~
eventbus_logs: ~
# grafana-db: ~
networks:
# Infrastructure networks
egommerce-network:
driver: overlay

120
deploy/etc/nginx/nginx-vhost.dev.conf
View File

@@ -1,120 +0,0 @@
upstream egommerce-api-gw {
server 127.0.0.1:48443;
}
upstream egommerce-api-gw-dashboard {
server 127.0.0.1:48444;
}
upstream egommerce-api-registry-ui {
server 127.0.0.1:48445;
}
upstream egommerce-api-eventbus-mngmt {
server 127.0.0.1:48446;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/admin.egommerce.pbiernat.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.egommerce.pbiernat.io/privkey.pem;
server_name admin.egommerce.pbiernat.io;
# Traefik redirects
location /dashboard {
if ($http_referer ~ (/gateway)) {
proxy_pass http://egommerce-api-gw-dashboard;
}
}
location /api {
if ($http_referer ~ (/gateway)) {
proxy_pass http://egommerce-api-gw-dashboard;
}
}
location /gateway/ {
proxy_pass http://egommerce-api-gw-dashboard/dashboard/;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
# Consul redirects
location /ui {
if ($http_referer ~ (/registry)) {
proxy_pass http://egommerce-api-registry-ui;
}
}
location /v1 {
if ($http_referer ~ (/registry)) {
proxy_pass http://egommerce-api-registry-ui;
}
}
location /registry {
proxy_pass http://egommerce-api-registry-ui;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
# RabbitMQ Mngmt redirects
location /eventbus {
return 302 /eventbus/;
}
location ~* /eventbus/api/(.*?)/(.*) {
proxy_pass http://egommerce-api-eventbus-mngmt/api/$1/%2F/$2?$query_string;
proxy_buffering off;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* /eventbus/(.*) {
rewrite ^/eventbus/(.*)$ /$1 break;
proxy_pass http://egommerce-api-eventbus-mngmt;
proxy_buffering off;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_log /var/log/nginx/admin-egommerce.pbiernat.io-error.log;
access_log /var/log/nginx/admin-egommerce.pbiernat.io-access.log combined;
}
#server {
# listen 443 ssl;
# ssl_certificate /etc/letsencrypt/live/egommerce.pbiernat.io/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/egommerce.pbiernat.io/privkey.pem;
#
# server_name egommerce.pbiernat.io;
#
# # Pass all requests to the API Gateway
# location / {
# proxy_pass https://egommerce-api-gw;
# proxy_http_version 1.1;
# proxy_pass_header Server;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# client_max_body_size 0;
# }
#
# error_log /var/log/nginx/egommerce.pbiernat.io-error.log;
# access_log /var/log/nginx/egommerce.pbiernat.io-access.log combined;
#}

109
deploy/etc/nginx/nginx-vhost.local.conf
View File

@@ -1,109 +0,0 @@
upstream egommerce-api-gw {
server 127.0.0.1:48443;
}
upstream egommerce-api-gw-dashboard {
server 127.0.0.1:48444;
}
upstream egommerce-api-registry-ui {
server 127.0.0.1:48445;
}
upstream egommerce-api-eventbus-mngmt {
server 127.0.0.1:48446;
}
server {
listen 443 ssl;
ssl_certificate /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.cert;
ssl_certificate_key /home/keedosn/workspace/golang/src/git.pbiernat.io/egommerce/stack/deploy/certs/api-gateway/localhost.key;
server_name egommerce.local;
# Traefik redirects
location /dashboard {
if ($http_referer ~ (/gateway)) {
proxy_pass http://egommerce-api-gw-dashboard;
}
}
location /api {
if ($http_referer ~ (/gateway)) {
proxy_pass http://egommerce-api-gw-dashboard;
}
}
location /gateway/ {
proxy_pass http://egommerce-api-gw-dashboard/dashboard/;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
# Consul redirects
location /ui {
if ($http_referer ~ (/registry)) {
proxy_pass http://egommerce-api-registry-ui;
}
}
location /v1 {
if ($http_referer ~ (/registry)) {
proxy_pass http://egommerce-api-registry-ui;
}
}
location /registry {
proxy_pass http://egommerce-api-registry-ui;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
# RabbitMQ Mngmt redirects
location /eventbus {
return 302 /eventbus/;
}
location ~* /eventbus/api/(.*?)/(.*) {
proxy_pass http://egommerce-api-eventbus-mngmt/api/$1/%2F/$2?$query_string;
proxy_buffering off;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* /eventbus/(.*) {
rewrite ^/eventbus/(.*)$ /$1 break;
proxy_pass http://egommerce-api-eventbus-mngmt;
proxy_buffering off;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Pass all requests to the API Gateway
location / {
proxy_pass https://egommerce-api-gw;
proxy_http_version 1.1;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
error_log /var/log/nginx/egommerce.local-error.log;
access_log /var/log/nginx/egommerce.local-access.log combined;
}

82
deploy/etc/prometheus/prometheus.yml
View File

@@ -1,82 +0,0 @@
global:
scrape_interval: 10s
evaluation_interval: 10s
# rule_files:
# - "first.rules"
# - "second.rules"
scrape_configs:
- job_name: prometheus
static_configs:
- targets: ['localhost:9090']
- job_name: docker
dockerswarm_sd_configs:
- host: unix:///var/run/docker.sock
role: tasks
relabel_configs:
- source_labels: [__meta_dockerswarm_service_name, __address__]
regex: egommerce_(api-eventbus|api-gateway);(.*):(.*)
action: replace
replacement: '$2:8084'
target_label: __address__
# - source_labels: [__meta_dockerswarm_service_name, __address__]
# regex: egommerce_api-gateway;(.*):(.*)
# action: replace
# replacement: '$1:8084'
# target_label: __address__
# Only keep containers that should be running.
- source_labels: [__meta_dockerswarm_service_label_com_docker_stack_namespace]
regex: egommerce
action: keep
- source_labels: [__meta_dockerswarm_task_desired_state]
regex: running
action: keep
# - source_labels: [__meta_dockerswarm_network_name]
# regex: ingress
# action: keep
- source_labels: [__meta_dockerswarm_service_name]
action: replace
replacement: '$1'
target_label: instance
# - source_labels: [__meta_dockerswarm_task_desired_state]
# regex: running
# action: keep
# - job_name: consul
# consul_sd_configs:
# - server: api-registry:8501
# services:
# - consul
# - basket-server
# - catalog-server
# - identity-svc
# - order-svc
# - pricing-svc
# - consul
# - job_name: rabbitmq
# consul_sd_configs:
# - server: api-registry:8501
# services:
# - api-eventbus
# relabel_configs:
# - source_labels: ['__meta_consul_service_address']
# replacement: '$1:8084'
# target_label: __address__
# - source_labels: ['__meta_consul_service_port']
# replacement: '8084'
# target_label: __meta_consul_service_port
# - job_name: 'api-gateway'
# static_configs:
# - targets: ['api-gateway:8084']
# - job_name: 'api-eventbus'
# static_configs:
# - targets: ['api-eventbus:8084']
# - job_name: 'catalog-svc'
# static_configs:
# - targets: ['catalog-svc:8084']

72
deploy/k8s/api-cache.yml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: api-cache
namespace: egommerce
labels:
app: api-cache
spec:
type: NodePort
selector:
app: api-cache
ports:
- port: 6379
nodePort: 31300
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: api-cache-metrics
# namespace: egommerce
# labels:
# app: api-cache
# spec:
# type: NodePort
# selector:
# app: api-cache
# ports:
# - port: 9121
# nodePort: 31301
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-cache
namespace: egommerce
spec:
replicas: 1
selector:
matchLabels:
app: api-cache
template:
metadata:
labels:
app: api-cache
spec:
containers:
- name: api-cache
image: git.ego.freeddns.org/egommerce/api-cache:dev
imagePullPolicy: Always
command: [
"redis-server"
]
args: [
"/etc/redis.conf"
]
env:
- name: APP_NAME
value: api-cache
- name: REDIS_PASSWORD
value: "12345678"
resources:
limits:
cpu: "1"
memory: 512M
ports:
- containerPort: 6379
- name: api-cache-metrics
image: oliver006/redis_exporter:latest
args:
- --redis.addr=redis://api-cache:6379
ports:
- containerPort: 9121

66
deploy/k8s/api-eventbus.yml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: api-eventbus
namespace: egommerce
labels:
app: api-eventbus
spec:
type: NodePort
selector:
app: api-eventbus
ports:
- name: api-eventbus-mngmnt
protocol: TCP
port: 15672
nodePort: 31200
# - name: api-eventbus-metrics
# protocol: TCP
# port: 15692
# nodePort: 31201
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-eventbus
namespace: egommerce
spec:
replicas: 1
selector:
matchLabels:
app: api-eventbus
template:
metadata:
labels:
app: api-eventbus
spec:
containers:
- name: api-eventbus
image: git.ego.freeddns.org/egommerce/api-eventbus:dev
imagePullPolicy: Always
command: [
"rabbitmq-server"
]
env:
- name: APP_NAME
value: api-eventbus
- name: RABBITMQ_ERLANG_COOKIE
value: rabbitmq
volumeMounts:
- name: eventbus-data
mountPath: /var/lib/rabbitmq
- name: eventbus-logs
mountPath: /var/log/rabbitmq
resources:
limits:
cpu: "1"
memory: 1G
ports:
- containerPort: 5672
- containerPort: 15672
- containerPort: 15692
volumes:
- name: eventbus-data
emptyDir:
- name: eventbus-logs
emptyDir:

130
deploy/k8s/api-gateway.yml Normal file
View File

@@ -0,0 +1,130 @@
apiVersion: v1
kind: Service
metadata:
name: api-gateway
namespace: egommerce
spec:
type: NodePort
ports:
- name: https
port: 8443
nodePort: 31800
selector:
app: api-gateway
---
kind: IngressClass
apiVersion: networking.k8s.io/v1
metadata:
name: haproxy
namespace: egommerce
spec:
controller: haproxy.org/ingress-controller/haproxy
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-gateway
namespace: egommerce
annotations:
haproxy.org/server-ssl: "true"
haproxy.org/server-ca: "egommerce/ca-root"
haproxy.org/path-rewrite: |
/api/identity/(.*) /\1
/api/catalog/(.*) /\1
spec:
ingressClassName: haproxy
tls:
- secretName: api-gateway-cert
hosts:
- "egommerce.io" # FIXME use domain name here eg. egommerce.io
rules:
- host: egommerce.io
http:
paths:
- path: /api/identity
pathType: Prefix
backend:
service:
name: identity-svc
port:
number: 443
# - path: /api/catalog
# pathType: Prefix
# backend:
# service:
# name: catalog-svc
# port:
# number: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway
namespace: egommerce
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway
template:
metadata:
labels:
app: api-gateway
spec:
restartPolicy: Always
containers:
- name: api-gateway
image: git.ego.freeddns.org/egommerce/api-gateway:dev
imagePullPolicy: Always
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 50m
memory: 256Mi
ports:
- containerPort: 8443
args:
- --configmap=egommerce/api-gateway
- --publish-service=egommerce/api-gateway
- --ingress.class=haproxy
# - --http-bind-port=8080
- --https-bind-port=8443
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
# runAsUser: 1000
# runAsGroup: 1000
# runAsNonRoot: true
# allowPrivilegeEscalation: false
# seccompProfile:
# type: RuntimeDefault
volumeMounts:
- name: root-ca
mountPath: /etc/certs/root-ca.pem
readOnly: true
volumes:
- name: root-ca
hostPath:
path: /egommerce/stack/deploy/certs/ca-root/ca-root.pem
type: File

432
deploy/k8s/api-logger.yml Normal file
View File

@@ -0,0 +1,432 @@
apiVersion: v1
kind: Service
metadata:
name: api-logger-loki
namespace: egommerce
labels:
app: api-logger-loki
spec:
type: NodePort
selector:
app: api-logger-loki
ports:
- protocol: TCP
port: 3100
nodePort: 31401
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-logger-loki
namespace: egommerce
labels:
app: api-logger-loki
spec:
replicas: 1
selector:
matchLabels:
app: api-logger-loki
template:
metadata:
labels:
app: api-logger-loki
spec:
containers:
- name: api-logger-loki
image: git.ego.freeddns.org/egommerce/api-logger-loki:dev
imagePullPolicy: Always
args:
- "-config.file=/etc/loki/loki.yaml"
ports:
- containerPort: 3100
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: api-logger-promtail-ac
namespace: egommerce
labels:
app: api-logger-promtail-ac
annotations: {}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: api-logger-promtail
namespace: egommerce
labels:
app: api-logger-promtail
spec:
revisionHistoryLimit: 1
selector:
matchLabels:
app: api-logger-promtail
# updateStrategy:
# type: RollingUpdate
template:
metadata:
labels:
app: api-logger-promtail
annotations:
prometheus.io/port: http-metrics
prometheus.io/scrape: "true"
spec:
serviceAccountName: api-logger-promtail-ac
automountServiceAccountToken: true
containers:
- name: api-logger-promtail
image: git.ego.freeddns.org/egommerce/api-logger-promtail:dev
imagePullPolicy: Always
env:
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: '1'
resource: limits.cpu
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: '1'
resource: limits.memory
ports:
- name: promtail-http
containerPort: 3101
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
livenessProbe:
httpGet:
path: /ready
port: promtail-http
initialDelaySeconds: 45
readinessProbe:
httpGet:
path: /ready
port: promtail-http
initialDelaySeconds: 45
volumeMounts:
# - name: api-logger-promtail-config
# mountPath: /etc/promtail
- name: api-logger-promtail-run
mountPath: /run/promtail
- name: api-logger-promtail-varlog
mountPath: /var/log
readOnly: true
- name: api-logger-promtail-docker
mountPath: /var/lib/docker/containers
readOnly: true
- name: api-logger-promtail-tmp
mountPath: /tmp
subPath: tmp
readOnly: false
securityContext:
privileged: true
readOnlyRootFilesystem: true
runAsUser: 0
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
terminationGracePeriodSeconds: 60
volumes:
- name: api-logger-promtail-run
hostPath:
path: /run/promtail
- name: api-logger-promtail-varlog
hostPath:
path: /var/log
- name: api-logger-promtail-docker
hostPath:
path: /var/lib/docker/containers
- name: api-logger-promtail-tmp
emptyDir:
sizeLimit: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: api-logger-prometheus-pv
namespace: egommerce
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
storageClassName: api-logger-prometheus-pv
hostPath:
path: "/home/keedosn/.egommerce/prometheus" # Ensure this path exists on the node
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: api-logger-prometheus-pvc
namespace: egommerce
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: api-logger-prometheus-pv
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: api-logger-prometheus
namespace: egommerce
labels:
name: api-logger-prometheus
annotations: {}
---
apiVersion: v1
kind: Service
metadata:
name: api-logger-prometheus
namespace: egommerce
labels:
app: api-logger-prometheus
spec:
type: NodePort
selector:
app: api-logger-prometheus
ports:
- name: api-logger-prometheus
protocol: TCP
port: 9090
nodePort: 31402
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-logger-prometheus
namespace: egommerce
labels:
app: api-logger-prometheus
spec:
# revisionHistoryLimit: 1
# replicas: 1
selector:
matchLabels:
app: api-logger-prometheus
template:
metadata:
labels:
app: api-logger-prometheus
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: prometheus-http
spec:
serviceAccountName: api-logger-prometheus
automountServiceAccountToken: true
securityContext:
runAsGroup: 10001
runAsUser: 10001
runAsNonRoot: true
containers:
- name: api-logger-prometheus
image: git.ego.freeddns.org/egommerce/api-logger-prometheus:dev
imagePullPolicy: Always
env:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: '1'
resource: limits.cpu
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: '1'
resource: limits.memory
args:
# - '--storage.tsdb.retention.time=15d'
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus/data/'
# - '--web.console.libraries=/etc/prometheus/console_libraries'
# - '--web.console.templates=/etc/prometheus/consoles'
# - '--enable-feature=concurrent-rule-eval,promql-experimental-functions,exemplar-storage,promql-per-step-stats,native-histograms'
# - '--web.enable-remote-write-receiver'
# - '--web.enable-otlp-receiver'
# - '--web.enable-lifecycle'
- '--log.level=info'
# - '--log.format=json'
ports:
- name: prometheus-http
containerPort: 9090
# livenessProbe:
# httpGet:
# path: /-/healthy
# port: prometheus-http
# readinessProbe:
# httpGet:
# path: /-/ready
# port: prometheus-http
resources:
limits:
cpu: 150m
memory: 894Mi
requests:
cpu: 100m
memory: 512Mi
volumeMounts:
# - name: config-volume
# mountPath: /etc/prometheus
# - name: config-volume
# mountPath: /etc/config/alerting_rules.yml
# subPath: alerting_rules.yml
- name: api-logger-prometheus-storage
mountPath: /prometheus/data
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false #true DEFAULT !!!
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
volumes:
- name: api-logger-prometheus-storage
persistentVolumeClaim:
claimName: api-logger-prometheus-pvc
---
apiVersion: v1
kind: Service
metadata:
name: api-logger-grafana
namespace: egommerce
labels:
app: api-logger-grafana
spec:
type: NodePort
selector:
app: api-logger-grafana
ports:
- name: api-logger-grafana-api
protocol: TCP
port: 3000
nodePort: 31400
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: api-logger-grafana-pv
namespace: egommerce
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
storageClassName: api-logger-grafana-pv
hostPath:
path: "/home/keedosn/.egommerce/grafana" # Ensure this path exists on the node
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: api-logger-grafana-pvc
namespace: egommerce
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: api-logger-grafana-pv
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-logger-grafana
namespace: egommerce
labels:
app: api-logger-grafana
spec:
revisionHistoryLimit: 1
replicas: 1
selector:
matchLabels:
app: api-logger-grafana
template:
metadata:
labels:
app: api-logger-grafana
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3000"
filter.by.port.name: "true"
spec:
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsGroup: 65534
runAsUser: 65534
initContainers:
- name: curl
image: curlimages/curl:latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -c
- |
which curl
volumeMounts:
- name: api-logger-grafana-storage
mountPath: /var/lib/grafana
subPath: grafana
containers:
- name: api-logger-grafana
image: git.ego.freeddns.org/egommerce/api-logger-grafana:dev
imagePullPolicy: Always
env:
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: '1'
resource: limits.cpu
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: '1'
resource: limits.memory
ports:
- containerPort: 3000
resources:
limits:
cpu: 100m
memory: 768Mi
requests:
cpu: 50m
memory: 512Mi
volumeMounts:
- name: api-logger-grafana-storage
mountPath: /var/lib/grafana
subPath: grafana
- name: api-logger-grafana-storage
mountPath: /var/lib/grafana/dashboards
subPath: dashboards
- name: api-logger-grafana-storage
mountPath: /tmp
subPath: tmp
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
volumes:
- name: api-logger-grafana-storage
persistentVolumeClaim:
claimName: api-logger-grafana-pvc

91
deploy/k8s/catalog-svc.yml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: v1
kind: Service
metadata:
name: catalog-svc
namespace: egommerce
labels:
app: catalog-svc
spec:
type: NodePort
selector:
app: catalog-svc
ports:
- name: catalog-svc
protocol: TCP
port: 443
nodePort: 31830
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: catalog-svc
namespace: egommerce
spec:
replicas: 1
selector:
matchLabels:
app: catalog-svc
template:
metadata:
labels:
app: catalog-svc
spec:
containers:
- name: catalog-svc
image: git.ego.freeddns.org/egommerce/catalog-svc:dev
imagePullPolicy: Always
command: [
"sh"
]
args: [
"-c",
"/app"
]
env:
- name: APP_NAME
value: catalog-svc
- name: APP_DOMAIN
value: catalog-svc.egommerce.local
- name: APP_PATH_PREFIX
value: /catalog
- name: API_EVENTBUS_URL
value: amqp://guest:guest@api-eventbus:5672
# - name: API_MONGODB_URL
# value: mongodb://mongodb:12345678@mongo-db:27017
readinessProbe:
httpGet:
scheme: HTTPS
port: 443
path: /health
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 5
livenessProbe:
httpGet:
scheme: HTTPS
port: 443
path: /health
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 1
volumeMounts:
- name: catalog-cert
mountPath: /certs/catalog-svc.crt
readOnly: true
- name: catalog-key
mountPath: /certs/catalog-svc.key
resources:
limits:
cpu: "1"
memory: 512M
ports:
- containerPort: 443
volumes:
- name: catalog-cert
hostPath:
path: /egommerce/stack/deploy/certs/catalog-svc/catalog-svc.crt
type: File
- name: catalog-key
hostPath:
path: /egommerce/stack/deploy/certs/catalog-svc/catalog-svc.key
type: File

119
deploy/k8s/db-postgres.yml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: db-postgres-pv
namespace: egommerce
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
storageClassName: db-postgres-pv
hostPath:
path: "/home/keedosn/.egommerce/postgres" # Ensure this path exists on the node
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: db-postgres-pvc
namespace: egommerce
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: db-postgres-pv
---
apiVersion: v1
kind: Service
metadata:
name: db-postgres
namespace: egommerce
labels:
app: db-postgres
spec:
type: NodePort
selector:
app: db-postgres
ports:
- name: db-postgres
protocol: TCP
port: 5432
nodePort: 31500
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: db-postgres-metrics
# namespace: egommerce
# labels:
# app: db-postgres
# spec:
# type: NodePort
# selector:
# app: db-postgres
# ports:
# - name: db-postgres
# protocol: TCP
# port: 9187
# nodePort: 31501
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: db-postgres
namespace: egommerce
spec:
replicas: 1
selector:
matchLabels:
app: db-postgres
template:
metadata:
labels:
app: db-postgres
spec:
securityContext:
runAsUser: 70 # postgres user
fsGroup: 70 # postgres user
# remember to change perms and owner of ~/.egommerce/postgres directory
containers:
- name: db-postgres
image: git.ego.freeddns.org/egommerce/db-postgres:dev
imagePullPolicy: Always
env:
- name: APP_NAME
value: db-postgres
- name: APP_DOMAIN
value: db-postgres.egommerce.local
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_DB
value: egommerce
- name: POSTGRES_PASSWORD
# value: H5Gd7^37*Hka*a72
value: "12345678"
- name: PGDATA
value: /var/lib/postgresql/data
resources:
limits:
cpu: "1"
memory: 512M
ports:
- containerPort: 5432
volumeMounts:
- name: db-postgres-storage
mountPath: /var/lib/postgresql/data
# subPath: data
- name: db-postgres-metrics
image: prometheuscommunity/postgres-exporter:latest
ports:
- containerPort: 9187
env:
- name: DATA_SOURCE_NAME
value: "postgresql://postgres:12345678@db-postgres:5432/egommerce" #?sslmode=disable
volumes:
- name: db-postgres-storage
persistentVolumeClaim:
claimName: db-postgres-pvc

115
deploy/k8s/identity-svc.yml Normal file
View File

@@ -0,0 +1,115 @@
apiVersion: v1
kind: Service
metadata:
name: identity-svc
namespace: egommerce
labels:
app: identity-svc
spec:
type: NodePort
selector:
app: identity-svc
ports:
- name: identity-svc
port: 443
nodePort: 31810
# - name: identity-svc-metrics
# port: 9090
# nodePort: 31811
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: identity-svc
namespace: egommerce
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 # Number of extra pods that can be created during update
maxUnavailable: 1 # Max number of pods that can be unavailable during update
selector:
matchLabels:
app: identity-svc
template:
metadata:
labels:
app: identity-svc
spec:
# initContainers:
# - name: identity-svc-init
# image: busybox:1.28
# command: [
# 'sh',
# '-c',
# '/bin/migrate'
# ]
containers:
- name: identity-svc
image: git.ego.freeddns.org/egommerce/identity-svc:dev
imagePullPolicy: Always
env:
- name: APP_NAME
value: identity-svc
- name: APP_DOMAIN
value: identity-svc.egommerce.local
- name: APP_PATH_PREFIX
value: /identity
- name: API_EVENTBUS_URL
value: amqp://guest:guest@api-eventbus:5672
- name: API_MONGODB_URL
value: mongodb://mongodb:12345678@mongo-db:27017
readinessProbe:
httpGet:
scheme: HTTPS
port: identity-svc
path: /health
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 1
livenessProbe:
httpGet:
scheme: HTTPS
port: identity-svc
path: /health
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 1
volumeMounts:
- name: identity-cert
mountPath: /certs/identity-svc.crt
readOnly: true
- name: identity-key
mountPath: /certs/identity-svc.key
readOnly: true
- name: identity-migrations
mountPath: /migrations
readOnly: true
resources:
limits:
cpu: "1"
memory: 512M
ports:
- name: identity-svc
containerPort: 443
# - name: identity-svc-metrics
# image: prom/prometheus-exporter:latest
# ports:
# - containerPort: 9090
# args:
# - --web.listen-address=:9090
# - --web.telemetry-path=/metrics
volumes:
- name: identity-cert
hostPath:
path: /egommerce/stack/deploy/certs/identity-svc/identity-svc.crt
type: File
- name: identity-key
hostPath:
path: /egommerce/stack/deploy/certs/identity-svc/identity-svc.key
type: File
- name: identity-migrations
hostPath:
path: /egommerce/stack/deploy/db_migrations/identity-svc
type: Directory

6
deploy/k8s/namespace.yml Normal file
View File

@@ -0,0 +1,6 @@
kind: Namespace
apiVersion: v1
metadata:
name: egommerce
labels:
name: egommerce

8
deploy/k8s/secret.yml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: regcred
namespace: egommerce
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJnaXQuZWdvLmNsb3VkbnMuYmUiOiB7CgkJCSJhdXRoIjogImEyVmxaRzl6YmpwWGIyeHVaVFZQY0hKdlozSmhiVzkzWVc1cFpVQT0iCgkJfSwKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewoJCQkiYXV0aCI6ICJhMlZsWkc5emJqcGtiMk5yWlhKdmQyVTFiMkp5WVhwNSIKCQl9Cgl9Cn0=
type: kubernetes.io/dockerconfigjson

0
deploy/k8s/stack.dev.local.yml
View File

48
deploy/k8s/stack.dev.yml
View File

@@ -1,48 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: api-registry
labels:
app.kubernetes.io/name: api-registry
spec:
containers:
- name: api-registry
image: git.ego.cloudns.be/egommerce/api-registry:dev
resources:
limits:
cpu: "1"
memory: 512M
ports:
- containerPort: 8501
name: api-registry-ui
---
apiVersion: v1
kind: Service
metadata:
name: api-registry
spec:
selector:
app.kubernetes.io/name: api-registry
ports:
- name: api-registry-ui
protocol: TCP
port: 8501
targetPort: api-registry-ui
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-registry
spec:
replicas: 1
selector:
matchLabels:
app: api-registry
template:
metadata:
labels:
app: api-registry
spec:
containers:
- name: api-registry
image: git.ego.cloudns.be/egommerce/api-registry:dev

28
deploy/k8s/stack.prod.yml
View File

@@ -1,28 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: api-registry
labels:
app.kubernetes.io/name: api-registry
spec:
containers:
- name: api-registry
image: git.ego.cloudns.be/egommerce/api-registry:prod
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-registry
spec:
replicas: 1
selector:
matchLabels:
app: api-registry
template:
metadata:
labels:
app: api-registry
spec:
containers:
- name: api-registry
image: git.ego.cloudns.be/egommerce/api-registry:prod

78
deploy/k8s/stack.yml
View File

@@ -1,78 +0,0 @@
# kind: Namespace
# apiVersion: v1
# metadata:
# name: egommerce
# labels:
# name: egommerce
# ---
apiVersion: v1
kind: Secret
metadata:
name: docker-credentials
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJnaXQucGJpZXJuYXQuaW8iOiB7CgkJCSJhdXRoIjogImEyVmxaRzl6YmpwWGIyeHVaVFZQY0hKdlozSmhiVzkzWVc1cFpVQT0iCgkJfSwKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewoJCQkiYXV0aCI6ICJhMlZsWkc5emJqcGtiMk5yWlhKdmQyVTFiMkp5WVhwNSIKCQl9Cgl9Cn0=
type: kubernetes.io/dockerconfigjson
---
# apiVersion: v1
# kind: Pod
# metadata:
# name: api-registry
# labels:
# app.kubernetes.io/name: api-registry
# spec:
# hostNetwork: true
# containers:
# - name: api-registry
# image: git.pbiernat.dev/egommerce/api-registry:dev
# resources:
# limits:
# cpu: "1"
# memory: 512M
# ports:
# - containerPort: 8501
# name: api-registry-ui
# ---
apiVersion: v1
kind: Service
metadata:
name: api-registry
spec:
selector:
app.kubernetes.io/name: api-registry
ports:
- name: api-registry-ui
protocol: TCP
port: 8501
targetPort: api-registry-ui
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-registry
spec:
replicas: 1
selector:
matchLabels:
app: api-registry
template:
metadata:
labels:
app: api-registry
spec:
hostNetwork: true
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "git.pbiernat.io"
dnsPolicy: ClusterFirstWithHostNet
restartPolicy: Always
containers:
- name: api-registry
image: git.pbiernat.dev/egommerce/api-registry:dev
resources:
limits:
cpu: "1"
memory: 512M
ports:
- containerPort: 53
- containerPort: 8501

3
deploy/scripts/build-register-service-binary.sh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o deploy/bin/register-service deploy/bin/register-service.go

138
deploy/scripts/gen-certs.sh Normal file → Executable file
View File

@@ -1,53 +1,45 @@
# #!/bin/bash #!/bin/bash
export DEPLOY_DIR="./deploy" export DEPLOY_DIR="./deploy"
export CERTS_DIR="${DEPLOY_DIR}/certs/" export CERTS_DIR="${DEPLOY_DIR}/certs/"
export REGISTRY_CN="registry.egommerce.local,api-registry,server.dc.ego.io,localhost" export GATEWAY_CN="gateway.egommerce.local,api-gatway"
export REGISTRY_SAN="DNS:registry.egommerce.local,DNS:api-registry,DNS:server.dc.ego.io,DNS:localhost,IP:127.0.0.1" export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,IP:127.0.0.1"
export GATEWAY_CN="gateway.egommerce.local,api-gatway,gateway.dc.ego.io,localhost" export EVENTBUS_CN="esb.egommerce.local,api-eventbus"
export GATEWAY_SAN="DNS:gateway.egommerce.local,DNS:api-gateway,DNS:gw.egommerce.local,DNS:gateway.dc.ego.io,DNS:localhost,IP:127.0.0.1" export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,IP:127.0.0.1"
export VAULT_CN="vault.egommerce.local,api-vault,localhost" export CACHE_CN="cache.egommerce.local,api-cache"
export VAULT_SAN="DNS:vault.egommerce.local,DNS:api-vault,DNS:localhost,IP:127.0.0.1" export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,IP:127.0.0.1"
export EVENTBUS_CN="esb.egommerce.local,api-eventbus,localhost" export LOGGER_CN="logger.egommerce.local,api-logger"
export EVENTBUS_SAN="DNS:esb.egommerce.local,DNS:api-eventbus,DNS:localhost,IP:127.0.0.1" export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,IP:127.0.0.1"
export CACHE_CN="cache.egommerce.local,api-cache,localhost" # export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus"
export CACHE_SAN="DNS:cache.egommerce.local,DNS:api-cache,DNS:localhost,IP:127.0.0.1" # export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,IP:127.0.0.1"
export LOGGER_CN="logger.egommerce.local,api-logger,localhost" # export GRAFANA_CN="grafana.egommerce.local,api-grafana"
export LOGGER_SAN="DNS:logger.egommerce.local,DNS:api-logger,DNS:localhost,IP:127.0.0.1" # export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,IP:127.0.0.1"
export PROMETHEUS_CN="prometheus.egommerce.local,api-prometheus,localhost" export POSTGRES_CN="db-postgres.egommerce.local,db-postgres"
export PROMETHEUS_SAN="DNS:prometheus.egommerce.local,DNS:api-prometheus,DNS:localhost,IP:127.0.0.1" export POSTGRES_SAN="DNS:db-postgres.egommerce.local,DNS:db-postgres,IP:127.0.0.1"
export GRAFANA_CN="grafana.egommerce.local,api-grafana,localhost" # export MONGO_CN="mongo.db.egommerce.local,db-mongo"
export GRAFANA_SAN="DNS:grafana.egommerce.local,DNS:api-grafana,DNS:localhost,IP:127.0.0.1" # export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,IP:127.0.0.1"
export POSTGRES_CN="postgresdb.egommerce.local,db-postgres,localhost" export IDENTITY_CN="identity-svc.egommerce.local"
export POSTGRES_SAN="DNS:pstgresdb.egommerce.local,DNS:db-postgres,DNS:localhost,IP:127.0.0.1" export IDENTITY_SAN="DNS:identity-svc.egommerce.local,IP:127.0.0.1"
export MONGO_CN="mongo.db.egommerce.local,db-mongo,localhost" export CATALOG_CN="catalog-svc.egommerce.local,catalog-svc"
export MONGO_SAN="DNS:mongo.db.egommerce.local,DNS:db-mongo,DNS:localhost,IP:127.0.0.1" export CATALOG_SAN="DNS:catalog-svc.egommerce.local,DNS:catalog-svc,IP:127.0.0.1"
export IDENTITY_CN="gateway.egommerce.local,identity.egommerce.local" export BASKET_CN="basket-svc.egommerce.local,basket-svc"
export IDENTITY_SAN="DNS:gateway.egommerce.local,DNS:identity.egommerce.local,DNS:localhost,IP:127.0.0.1" export BASKET_SAN="DNS:basket-svc.egommerce.local,DNS:basket-svc,IP:127.0.0.1"
export CATALOG_CN="gateway.egommerce.local, catalog.egommerce.local" export ORDER_CN="order-svc.egommerce.local,order-svc"
export CATALOG_SAN="DNS:gateway.egommerce.local,DNS:catalog.egommerce.local,DNS:localhost,IP:127.0.0.1" export ORDER_SAN="DNS:order-svc.egommerce.local,DNS:order-svc,IP:127.0.0.1"
export BASKET_CN="gateway.egommerce.local" export PRICING_CN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc"
export BASKET_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1" export PRICING_SAN="DNS:pricing-svc.egommerce.local,DNS:pricing-svc,IP:127.0.0.1"
export ORDER_CN="gateway.egommerce.local"
export ORDER_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
export PRICING_CN="gateway.egommerce.local"
export PRICING_SAN="DNS:gateway.egommerce.local,DNS:localhost,IP:127.0.0.1"
# Create required directories # Create required directories
mkdir -p \ mkdir -p \
${CERTS_DIR} \ ${CERTS_DIR} \
${CERTS_DIR}ca-root \ ${CERTS_DIR}ca-root \
${CERTS_DIR}api-registry \
${CERTS_DIR}api-gateway \ ${CERTS_DIR}api-gateway \
${CERTS_DIR}api-vault \
${CERTS_DIR}api-eventbus \ ${CERTS_DIR}api-eventbus \
${CERTS_DIR}api-cache \ ${CERTS_DIR}api-cache \
${CERTS_DIR}api-logger \ ${CERTS_DIR}api-logger \
${CERTS_DIR}api-prometheus \
${CERTS_DIR}api-grafana \
${CERTS_DIR}db-postgres \ ${CERTS_DIR}db-postgres \
${CERTS_DIR}db-mongo \ # ${CERTS_DIR}db-mongo \
${CERTS_DIR}identity-svc \ ${CERTS_DIR}identity-svc \
${CERTS_DIR}basket-svc \ ${CERTS_DIR}basket-svc \
${CERTS_DIR}catalog-svc \ ${CERTS_DIR}catalog-svc \
@@ -59,18 +51,8 @@ mkdir -p \
# -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \ # -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/OU=DevOps Team/CN=Egommerce CA" \
# -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null # -keyout ${CERTS_DIR}ca-root/ca-root.key -out ${CERTS_DIR}ca-root/ca-root.crt >/dev/null
# Create fullchain pem file
# Generate Registry cert # cat ${CERTS_DIR}ca-root/ca-root.key ${CERTS_DIR}ca-root/ca-root.crt > ${CERTS_DIR}ca-root/ca-root.pem
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$REGISTRY_CN" \
-keyout ${CERTS_DIR}api-registry/api-registry.key \
-out ${CERTS_DIR}api-registry/api-registry.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-registry/api-registry.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${REGISTRY_SAN}")) \
-out ${CERTS_DIR}api-registry/api-registry.crt >/dev/null
# Generate Gateway cert # Generate Gateway cert
@@ -85,19 +67,8 @@ openssl x509 -req -days 365 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GATEWAY_SAN}")) \
-out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null -out ${CERTS_DIR}api-gateway/api-gateway.crt >/dev/null
# Create fullchain pem file
# Generate Vault cert cat ${CERTS_DIR}api-gateway/api-gateway.key ${CERTS_DIR}api-gateway/api-gateway.crt > ${CERTS_DIR}api-gateway/api-gateway.pem
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$VAULT_CN" \
-keyout ${CERTS_DIR}api-vault/api-vault.key \
-out ${CERTS_DIR}api-vault/api-vault.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-vault/api-vault.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${VAULT_SAN}")) \
-out ${CERTS_DIR}api-vault/api-vault.crt >/dev/null
# Generate Eventbus cert # Generate Eventbus cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
@@ -137,33 +108,6 @@ openssl x509 -req -days 365 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \ -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${LOGGER_SAN}")) \
-out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null -out ${CERTS_DIR}api-logger/api-logger.crt >/dev/null
# Generate Prometheus cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$PROMETHEUS_CN" \
-keyout ${CERTS_DIR}api-prometheus/api-prometheus.key \
-out ${CERTS_DIR}api-prometheus/api-prometheus.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-prometheus/api-prometheus.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${PROMETHEUS_SAN}")) \
-out ${CERTS_DIR}api-prometheus/api-prometheus.crt >/dev/null
# Generate Grafana cert
openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$GRAFANA_CN" \
-keyout ${CERTS_DIR}api-grafana/api-grafana.key \
-out ${CERTS_DIR}api-grafana/api-grafana.csr >/dev/null
openssl x509 -req -days 365 \
-in ${CERTS_DIR}api-grafana/api-grafana.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${GRAFANA_SAN}")) \
-out ${CERTS_DIR}api-grafana/api-grafana.crt >/dev/null
# Generate Postgres cert # Generate Postgres cert
openssl req -newkey rsa:2048 -nodes \ openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \ -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$POSTGRES_CN" \
@@ -178,16 +122,16 @@ openssl x509 -req -days 365 \
# Generate Mongo cert # Generate Mongo cert
openssl req -newkey rsa:2048 -nodes \ # openssl req -newkey rsa:2048 -nodes \
-subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \ # -subj "/C=PL/ST=Silesia/L=Gliwice/O=Egommerce.dev/CN=$MONGO_CN" \
-keyout ${CERTS_DIR}db-mongo/db-mongo.key \ # -keyout ${CERTS_DIR}db-mongo/db-mongo.key \
-out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null # -out ${CERTS_DIR}db-mongo/db-mongo.csr >/dev/null
openssl x509 -req -days 365 \ # openssl x509 -req -days 365 \
-in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \ # -in ${CERTS_DIR}db-mongo/db-mongo.csr -CA ${CERTS_DIR}ca-root/ca-root.crt \
-CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \ # -CAkey ${CERTS_DIR}ca-root/ca-root.key -set_serial 01 \
-extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \ # -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${MONGO_SAN}")) \
-out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null # -out ${CERTS_DIR}db-mongo/db-mongo.crt >/dev/null
# Generate Identity cert # Generate Identity cert

21
deploy/scripts/init-k8s.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
alias kubectl="microk8s kubectl" # MicroK8S fix
# Install plugins
microk8s enable dns
# microk8s enable ingress
# microk8s enable storage
# microk8s enable helm3
# microk8s enable metallb:10.64.0.100-10.64.0.200
# API Gateway CRDs
kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/latest/download/standard-install.yaml
kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/webhook-install.yaml
# Create ca root tls secret
kubectl create secret generic ca-root --from-file=ca-root.crt=deploy/certs/ca-root/ca-root.crt -n egommerce
# Create api-gateway tls secret
kubectl create secret tls api-gateway-cert --cert=deploy/certs/api-gateway/api-gateway.crt --key=deploy/certs/api-gateway/api-gateway.key -n egommerce

3
deploy/scripts/remove-dangling-images.sh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
docker rmi $(docker images --filter "dangling=true" -q --no-trunc)

11
deploy/scripts/start-docker.sh
View File

@@ -1,11 +0,0 @@
#!/bin/sh
# RUN IT FORM THE REPO ROOT DIR
echo "Starting egommerce docker stack..."
docker stack deploy --with-registry-auth --detach=false \
--compose-file deploy/docker/stack.yml \
--compose-file deploy/docker/stack.dev.yml \
--compose-file deploy/docker/stack.dev.local.yml \
egommerce
echo "Done."

17
deploy/scripts/start-k8s.sh
View File

@@ -1,12 +1,21 @@
#!/bin/sh #!/bin/sh
# RUN IT FORM THE REPO ROOT DIR # RUN IT FORM THE REPO ROOT DIR
alias kubectl="microk8s kubectl" # MicroK8S fix
echo "Starting egommerce k8s stack..." echo "Starting egommerce k8s stack..."
kubectl apply -f deploy/k8s/stack.yml kubectl apply -f deploy/k8s/namespace.yml
# kubectl apply -f deploy/k8s/stack.prod.yml kubectl apply -f deploy/k8s/secret.yml
# kubectl apply -f deploy/k8s/stack.dev.yml
# kubectl apply -f deploy/k8s/stack.dev.local.yml
kubectl apply -f deploy/k8s/api-gateway.yml
kubectl apply -f deploy/k8s/api-eventbus.yml
kubectl apply -f deploy/k8s/api-cache.yml
kubectl apply -f deploy/k8s/api-logger.yml
kubectl apply -f deploy/k8s/db-postgres.yml
# kubectl apply -f deploy/k8s/db-mongo.yml
kubectl apply -f deploy/k8s/identity-svc.yml
kubectl apply -f deploy/k8s/catalog-svc.yml
echo "Done." echo "Done."

21
deploy/scripts/stop-k8s.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
# RUN IT FORM THE REPO ROOT DIR
alias kubectl="microk8s kubectl" # MicroK8S fix
echo "Stopping egommerce k8s stack..."
kubectl delete -f deploy/k8s/identity-svc.yml
kubectl delete -f deploy/k8s/catalog-svc.yml
# kubectl delete -f deploy/k8s/db-mongo.yml
kubectl delete -f deploy/k8s/db-postgres.yml
kubectl delete -f deploy/k8s/api-logger.yml
kubectl delete -f deploy/k8s/api-cache.yml
kubectl delete -f deploy/k8s/api-eventbus.yml
kubectl delete -f deploy/k8s/api-gateway.yml
kubectl delete -f deploy/k8s/secret.yml
# kubectl delete -f deploy/k8s/namespace.yml
echo "Done."

45
deploy/scripts/vault-init-template.sh
View File

@@ -1,45 +0,0 @@
#!/bin/sh
vault secrets enable pki
vault secrets tune -max-lease-ttl=87600h pki
vault write -field=certificate pki/root/generate/internal \
common_name="ego.io" \
ttl=87600h > CA_cert.crt
vault write pki/config/urls \
issuing_certificates="https://127.0.0.1:8200/v1/pki/ca" \
crl_distribution_points="https://127.0.0.1:8200/v1/pki/crl"
vault secrets enable -path=pki_int pki
vault secrets tune -max-lease-ttl=43800h pki_int
vault write -format=json pki_int/intermediate/generate/internal \
common_name="ego.io Intermediate Authority" \
| jq -r '.data.csr' > pki_intermediate.csr
vault write -format=json pki/root/sign-intermediate csr=@pki_intermediate.csr \
format=pem_bundle ttl="43800h" \
| jq -r '.data.certificate' > intermediate.cert.pem
vault write pki_int/intermediate/set-signed certificate=@intermediate.cert.pem
vault write pki_int/roles/ego.io \
allowed_domains="ego.io" \
allow_subdomains=true \
generate_lease=true \
max_ttl="720h"
vault write pki_int/issue/ego.io \
common_name="catalog.service.ego.io" \
ttl="24h" | tee certs.txt
# CONFIGURE CONSUL
mkdir -p /opt/consul/agent-certs
grep -Pzo "(?s)(?<=certificate)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.crt
grep -Pzo "(?s)(?<=private_key)[^\-]*.*?END RSA PRIVATE KEY[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/agent.key
grep -Pzo "(?s)(?<=issuing_ca)[^\-]*.*?END CERTIFICATE[^\n]*\n" certs.txt | sed 's/^\s*-/-/g' > /opt/consul/agent-certs/ca.crt
## FIXME ^^ invalid pattern flag...

0
deploy/scripts/volumes-restart.sh
View File