Compare commits
8 Commits
dev/migrat
...
dev/migrat
| Author | SHA1 | Date | |
|---|---|---|---|
| bf913bc358 | |||
| a5f126a510 | |||
| d8fd717c92 | |||
| 07a137df8f | |||
| 7fb75167d4 | |||
| 85377e241b | |||
| 933dfbced6 | |||
| 9d46b89873 |
23
Dockerfile
23
Dockerfile
@@ -1,13 +1,18 @@
|
||||
FROM traefik:v2.9.5
|
||||
FROM envoyproxy/envoy:v1.22.8
|
||||
|
||||
LABEL author="Piotr Biernat"
|
||||
LABEL service="api-gateway"
|
||||
LABEL vendor="Egommerce"
|
||||
LABEL version="1.0"
|
||||
ARG BUILD_TIME
|
||||
|
||||
COPY ./api-gateway/etc /etc/traefik
|
||||
COPY ./api-gateway/plugins /plugins-local
|
||||
LABEL dev.egommerce.image.author="Piotr Biernat"
|
||||
LABEL dev.egommerce.image.vendor="Egommerce"
|
||||
LABEL dev.egommerce.image.service="api-gateway"
|
||||
LABEL dev.egommerce.image.version="1.0"
|
||||
LABEL dev.egommerce.image.build_time=${BUILD_TIME}
|
||||
|
||||
COPY ./api-gateway/etc /etc/envoy
|
||||
# COPY ./api-gateway/plugins /plugins-local
|
||||
COPY ./api-gateway/entrypoint.sh ./api-gateway/wait-for-it.sh /
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"]
|
||||
|
||||
EXPOSE 443 8080
|
||||
|
||||
# ENTRYPOINT ["/traefik"] # FIXME stack->stack config.yml
|
||||
|
||||
13
README.md
13
README.md
@@ -1,12 +1,3 @@
|
||||
# apigw-service
|
||||
# API Gateway
|
||||
|
||||
API Gateway - simple Nginx image with pre-configured reverse proxy's
|
||||
|
||||
Generowanie Klucza autoryzacji
|
||||
$ openssl rand -base64 24
|
||||
|
||||
Budowanie obrazu:
|
||||
$ sh deploy/image-build.sh
|
||||
|
||||
Opublikowanie obrazu:
|
||||
$ sh deploy/image-push.sh
|
||||
API Gateway - API Gateway based on Envoy service
|
||||
|
||||
15
api-gateway/.vscode/launch.json
vendored
15
api-gateway/.vscode/launch.json
vendored
@@ -1,15 +0,0 @@
|
||||
{
|
||||
// Use IntelliSense to learn about possible attributes.
|
||||
// Hover to view descriptions of existing attributes.
|
||||
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
|
||||
"version": "0.2.0",
|
||||
"configurations": [
|
||||
{
|
||||
"type": "java",
|
||||
"name": "Debug App",
|
||||
"request": "launch",
|
||||
"mainClass": "com.egommerce.apigateway.Bootstrap",
|
||||
"projectName": "api-gateway"
|
||||
}
|
||||
]
|
||||
}
|
||||
4
api-gateway/.vscode/settings.json
vendored
4
api-gateway/.vscode/settings.json
vendored
@@ -1,4 +0,0 @@
|
||||
{
|
||||
"java.configuration.updateBuildConfiguration": "interactive",
|
||||
"maven.view": "hierarchical"
|
||||
}
|
||||
36
api-gateway/entrypoint.sh
Executable file
36
api-gateway/entrypoint.sh
Executable file
@@ -0,0 +1,36 @@
|
||||
#!/bin/sh
|
||||
set +e
|
||||
|
||||
waitForService()
|
||||
{
|
||||
./wait-for-it.sh $1 -t 2 1>/dev/null 2>&1
|
||||
status=$?
|
||||
while [ $status != 0 ]
|
||||
do
|
||||
echo "[x] wating for $1..."
|
||||
sleep 1
|
||||
./wait-for-it.sh $1 -t 2 1>/dev/null 2>&1
|
||||
status=$?
|
||||
done
|
||||
}
|
||||
|
||||
# waitForService "api-registry:8500"
|
||||
|
||||
set -e
|
||||
|
||||
# first arg is `-f` or `--some-option`
|
||||
if [ "${1#-}" != "$1" ]; then
|
||||
set -- envoy "$@"
|
||||
fi
|
||||
|
||||
# if our command is a valid Envoy subcommand, let's invoke it through Envoy instead
|
||||
# (this allows for "docker run envoy version", etc)
|
||||
if envoy "$1" --help >/dev/null 2>&1
|
||||
then
|
||||
set -- envoy "$@"
|
||||
else
|
||||
echo "= '$1' is not a Envoy command: assuming shell execution." 1>&2
|
||||
fi
|
||||
|
||||
# echo "Executing: $@"
|
||||
exec "$@"
|
||||
23
api-gateway/etc/cds.yaml
Normal file
23
api-gateway/etc/cds.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
resources:
|
||||
- "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster
|
||||
name: example_proxy_cluster
|
||||
type: STRICT_DNS
|
||||
typed_extension_protocol_options:
|
||||
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
|
||||
"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
|
||||
explicit_http_config:
|
||||
http2_protocol_options: {}
|
||||
load_assignment:
|
||||
cluster_name: example_proxy_cluster
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: www.envoyproxy.io
|
||||
port_value: 443
|
||||
transport_socket:
|
||||
name: envoy.transport_sockets.tls
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
|
||||
sni: www.envoyproxy.io
|
||||
12
api-gateway/etc/envoy.yaml
Normal file
12
api-gateway/etc/envoy.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
dynamic_resources:
|
||||
cds_config:
|
||||
path: /etc/envoy/cds.yaml
|
||||
lds_config:
|
||||
path: /etc/envoy/lds.yaml
|
||||
|
||||
admin:
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 8080
|
||||
|
||||
29
api-gateway/etc/lds.yaml
Normal file
29
api-gateway/etc/lds.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
resources:
|
||||
- "@type": type.googleapis.com/envoy.config.listener.v3.Listener
|
||||
name: listener_0
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 8443
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.http_connection_manager
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: ingress_http
|
||||
http_filters:
|
||||
- name: envoy.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: local_service
|
||||
domains:
|
||||
- "*"
|
||||
routes:
|
||||
- match:
|
||||
prefix: "/"
|
||||
route:
|
||||
host_rewrite_literal: www.envoyproxy.io
|
||||
cluster: example_proxy_cluster
|
||||
@@ -1,76 +0,0 @@
|
||||
################################################################
|
||||
# global:
|
||||
# checkNewVersion: true
|
||||
# sendAnonymousUsage: true
|
||||
|
||||
################################################################
|
||||
entryPoints:
|
||||
https:
|
||||
address: :443
|
||||
transport:
|
||||
respondingTimeouts:
|
||||
readTimeout: '10ms'
|
||||
writeTimeout: '10ms'
|
||||
idleTimeout: '20ms'
|
||||
db:
|
||||
address: :5432
|
||||
mongodb:
|
||||
address: :27017
|
||||
eventbus:
|
||||
address: :5672
|
||||
# redis:
|
||||
# address: :6379
|
||||
|
||||
################################################################
|
||||
serversTransport:
|
||||
# # insecureSkipVerify: true
|
||||
rootCAs:
|
||||
- /etc/traefik/certs/identity-svc/server.cert
|
||||
- /etc/traefik/certs/basket-svc/server.cert
|
||||
- /etc/traefik/certs/catalog-svc/server.cert
|
||||
- /etc/traefik/certs/postgres-db/server.cert
|
||||
# - /etc/traefik/certs/api-eventbus/server.cert
|
||||
|
||||
################################################################
|
||||
api:
|
||||
insecure: true
|
||||
# dashboard: true
|
||||
|
||||
################################################################
|
||||
providers:
|
||||
# file:
|
||||
# directory: /etc/traefik/services
|
||||
################################################################
|
||||
docker:
|
||||
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
|
||||
# endpoint: unix:///var/run/docker.sock
|
||||
exposedByDefault: false
|
||||
# network: api-gateway-network
|
||||
# useBindPortIP: true
|
||||
|
||||
# Default host rule.
|
||||
# Optional
|
||||
# Default: "Host(`{{ normalize .Name }}`)"
|
||||
# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
|
||||
################################################################
|
||||
consulCatalog:
|
||||
exposedByDefault: false
|
||||
# serviceName: api-gateway
|
||||
refreshInterval: 30s
|
||||
endpoint:
|
||||
address: api-registry:8500
|
||||
|
||||
################################################################
|
||||
log:
|
||||
level: DEBUG
|
||||
# filePath: log/traefik.log
|
||||
# format: json
|
||||
|
||||
################################################################
|
||||
# accessLog: {}
|
||||
|
||||
################################################################
|
||||
experimental:
|
||||
localPlugins:
|
||||
requestid:
|
||||
moduleName: "git.pbiernat.dev/traefik/plugin-requestid"
|
||||
@@ -1,6 +0,0 @@
|
||||
displayName: Add X-Request-ID Header
|
||||
type: middleware
|
||||
import: git.pbiernat.dev/traefik/plugin-requestid
|
||||
summary: 'Add a X-Request-ID header for tracing'
|
||||
|
||||
testData: {}
|
||||
@@ -1,3 +0,0 @@
|
||||
# plugin-requestid
|
||||
|
||||
Add X-Request-ID header
|
||||
@@ -1,3 +0,0 @@
|
||||
module git.pbiernat.dev/traefik/plugin-requestid
|
||||
|
||||
go 1.18
|
||||
@@ -1,61 +0,0 @@
|
||||
package plugin_requestid
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
const defaultHeaderName = "X-Request-ID"
|
||||
|
||||
// Config plugin configuration
|
||||
type Config struct {
|
||||
HeaderName string `json:"headerName"`
|
||||
}
|
||||
|
||||
// CreateConfig create default plugin configuration
|
||||
func CreateConfig() *Config {
|
||||
return &Config{
|
||||
HeaderName: defaultHeaderName,
|
||||
}
|
||||
}
|
||||
|
||||
// RequestIDHeader
|
||||
type RequestIDHeader struct {
|
||||
headerName string
|
||||
name string
|
||||
next http.Handler
|
||||
}
|
||||
|
||||
// New create new RequestIDHeader
|
||||
func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
|
||||
hdr := &RequestIDHeader{
|
||||
next: next,
|
||||
name: name,
|
||||
}
|
||||
|
||||
if config == nil {
|
||||
return nil, fmt.Errorf("config can not be nil")
|
||||
}
|
||||
|
||||
if config.HeaderName == "" {
|
||||
hdr.headerName = defaultHeaderName
|
||||
} else {
|
||||
hdr.headerName = config.HeaderName
|
||||
}
|
||||
|
||||
return hdr, nil
|
||||
|
||||
}
|
||||
|
||||
func (r *RequestIDHeader) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
uuid := newUUID().String()
|
||||
|
||||
// header injection to backend service
|
||||
req.Header.Add(r.headerName, uuid)
|
||||
|
||||
// header injection to client response
|
||||
rw.Header().Add(r.headerName, uuid)
|
||||
|
||||
r.next.ServeHTTP(rw, req)
|
||||
}
|
||||
@@ -1,58 +0,0 @@
|
||||
// source: https://github.com/trinnylondon/traefik-add-trace-id/blob/master/rand-utils.go
|
||||
package plugin_requestid
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"io"
|
||||
)
|
||||
|
||||
var rander = rand.Reader // random function
|
||||
type UUID [16]byte
|
||||
|
||||
func must(uuid UUID, err error) UUID {
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return uuid
|
||||
}
|
||||
|
||||
func newUUID() UUID {
|
||||
return must(newRandom())
|
||||
}
|
||||
|
||||
func newRandom() (UUID, error) {
|
||||
return newRandomFromReader(rander)
|
||||
}
|
||||
|
||||
// newRandomFromReader returns a UUID based on bytes read from a given io.Reader.
|
||||
func newRandomFromReader(r io.Reader) (UUID, error) {
|
||||
var uuid UUID
|
||||
_, err := io.ReadFull(r, uuid[:])
|
||||
if err != nil {
|
||||
return UUID{}, err
|
||||
}
|
||||
uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4
|
||||
uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10
|
||||
return uuid, nil
|
||||
}
|
||||
|
||||
// String returns the string form of uuid, xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
|
||||
// , or "" if uuid is invalid.
|
||||
func (uuid UUID) String() string {
|
||||
var buf [36]byte
|
||||
encodeHex(buf[:], uuid)
|
||||
return string(buf[:])
|
||||
}
|
||||
|
||||
func encodeHex(dst []byte, uuid UUID) {
|
||||
hex.Encode(dst, uuid[:4])
|
||||
dst[8] = '-'
|
||||
hex.Encode(dst[9:13], uuid[4:6])
|
||||
dst[13] = '-'
|
||||
hex.Encode(dst[14:18], uuid[6:8])
|
||||
dst[18] = '-'
|
||||
hex.Encode(dst[19:23], uuid[8:10])
|
||||
dst[23] = '-'
|
||||
hex.Encode(dst[24:], uuid[10:])
|
||||
}
|
||||
165
api-gateway/wait-for-it.sh
Executable file
165
api-gateway/wait-for-it.sh
Executable file
@@ -0,0 +1,165 @@
|
||||
#!/usr/bin/env sh
|
||||
# Use this script to test if a given TCP host/port are available
|
||||
|
||||
set -e
|
||||
|
||||
cmdname=$(basename "$0")
|
||||
|
||||
echoerr() {
|
||||
if [ "$QUIET" -ne 1 ]; then
|
||||
printf "%s\n" "$*" 1>&2;
|
||||
fi
|
||||
}
|
||||
|
||||
usage()
|
||||
{
|
||||
exitcode="$1"
|
||||
cat << USAGE >&2
|
||||
Usage:
|
||||
$cmdname host:port [-s] [-t timeout] [-- command args]
|
||||
-h HOST | --host=HOST Host or IP under test
|
||||
-p PORT | --port=PORT TCP port under test
|
||||
Alternatively, you specify the host and port as host:port
|
||||
-s | --strict Only execute subcommand if the test succeeds
|
||||
-q | --quiet Don't output any status messages
|
||||
-t TIMEOUT | --timeout=TIMEOUT
|
||||
Timeout in seconds, zero for no timeout
|
||||
-- COMMAND ARGS Execute command with args after the test finishes
|
||||
USAGE
|
||||
exit "$exitcode"
|
||||
}
|
||||
|
||||
wait_for()
|
||||
{
|
||||
if [ "$TIMEOUT" -gt 0 ]; then
|
||||
echoerr "$cmdname: waiting $TIMEOUT seconds for $HOST:$PORT"
|
||||
else
|
||||
echoerr "$cmdname: waiting for $HOST:$PORT without a timeout"
|
||||
fi
|
||||
start_ts=$(date +%s)
|
||||
while true
|
||||
do
|
||||
nc -z "$HOST" "$PORT" >/dev/null 2>&1
|
||||
result=$?
|
||||
if [ $result -eq 0 ]; then
|
||||
end_ts=$(date +%s)
|
||||
echoerr "$cmdname: $HOST:$PORT is available after $((end_ts - start_ts)) seconds"
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
return $result
|
||||
}
|
||||
|
||||
wait_for_wrapper()
|
||||
{
|
||||
# In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
|
||||
if [ "$QUIET" -eq 1 ]; then
|
||||
timeout "$TIMEOUT" "$0" -q -child "$HOST":"$PORT" -t "$TIMEOUT" &
|
||||
else
|
||||
timeout "$TIMEOUT" "$0" --child "$HOST":"$PORT" -t "$TIMEOUT" &
|
||||
fi
|
||||
PID=$!
|
||||
trap 'kill -INT -$PID' INT
|
||||
wait $PID
|
||||
RESULT=$?
|
||||
if [ $RESULT -ne 0 ]; then
|
||||
echoerr "$cmdname: timeout occurred after waiting $TIMEOUT seconds for $HOST:$PORT"
|
||||
fi
|
||||
return $RESULT
|
||||
}
|
||||
|
||||
TIMEOUT=15
|
||||
STRICT=0
|
||||
CHILD=0
|
||||
QUIET=0
|
||||
# process arguments
|
||||
while [ $# -gt 0 ]
|
||||
do
|
||||
case "$1" in
|
||||
*:* )
|
||||
HOST=$(printf "%s\n" "$1"| cut -d : -f 1)
|
||||
PORT=$(printf "%s\n" "$1"| cut -d : -f 2)
|
||||
shift 1
|
||||
;;
|
||||
--child)
|
||||
CHILD=1
|
||||
shift 1
|
||||
;;
|
||||
-q | --quiet)
|
||||
QUIET=1
|
||||
shift 1
|
||||
;;
|
||||
-s | --strict)
|
||||
STRICT=1
|
||||
shift 1
|
||||
;;
|
||||
-h)
|
||||
HOST="$2"
|
||||
if [ "$HOST" = "" ]; then break; fi
|
||||
shift 2
|
||||
;;
|
||||
--host=*)
|
||||
HOST=$(printf "%s" "$1" | cut -d = -f 2)
|
||||
shift 1
|
||||
;;
|
||||
-p)
|
||||
PORT="$2"
|
||||
if [ "$PORT" = "" ]; then break; fi
|
||||
shift 2
|
||||
;;
|
||||
--port=*)
|
||||
PORT="${1#*=}"
|
||||
shift 1
|
||||
;;
|
||||
-t)
|
||||
TIMEOUT="$2"
|
||||
if [ "$TIMEOUT" = "" ]; then break; fi
|
||||
shift 2
|
||||
;;
|
||||
--timeout=*)
|
||||
TIMEOUT="${1#*=}"
|
||||
shift 1
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
break
|
||||
;;
|
||||
--help)
|
||||
usage 0
|
||||
;;
|
||||
*)
|
||||
echoerr "Unknown argument: $1"
|
||||
usage 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ "$HOST" = "" -o "$PORT" = "" ]; then
|
||||
echoerr "Error: you need to provide a host and port to test."
|
||||
usage 2
|
||||
fi
|
||||
|
||||
if [ $CHILD -gt 0 ]; then
|
||||
wait_for
|
||||
RESULT=$?
|
||||
exit $RESULT
|
||||
else
|
||||
if [ "$TIMEOUT" -gt 0 ]; then
|
||||
wait_for_wrapper
|
||||
RESULT=$?
|
||||
else
|
||||
wait_for
|
||||
RESULT=$?
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$*" != "" ]; then
|
||||
if [ $RESULT -ne 0 -a $STRICT -eq 1 ]; then
|
||||
echoerr "$cmdname: strict mode, refusing to execute subprocess"
|
||||
exit $RESULT
|
||||
fi
|
||||
exec "$@"
|
||||
else
|
||||
exit $RESULT
|
||||
fi
|
||||
@@ -2,15 +2,16 @@
|
||||
# RUN IN REPO ROOT DIR !!
|
||||
|
||||
export IMAGE_NAME="git.pbiernat.dev/egommerce/api-gateway"
|
||||
export BUILD_TIME=$(date +"%Y%m%d%H%M%S")
|
||||
|
||||
TARGET=${1:-latest}
|
||||
|
||||
echo "Building: $IMAGE_NAME:$TARGET"
|
||||
if [ $TARGET = "dev" ]
|
||||
then
|
||||
docker build --rm --no-cache -t "$IMAGE_NAME:dev" . # >/dev/null 2>&1
|
||||
docker build --build-arg BUILD_TIME --rm --no-cache -t "$IMAGE_NAME:dev" . # >/dev/null 2>&1
|
||||
else
|
||||
docker build --rm --cache-from "$IMAGE_NAME:$TARGET" -t "$IMAGE_NAME:$TARGET" . >/dev/null 2>&1
|
||||
docker build --build-arg BUILD_TIME --rm --cache-from "$IMAGE_NAME:$TARGET" -t "$IMAGE_NAME:$TARGET" . >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
echo "Done."
|
||||
|
||||
@@ -3,5 +3,7 @@
|
||||
|
||||
export IMAGE_NAME="git.pbiernat.dev/egommerce/api-gateway"
|
||||
|
||||
TARGET=${1:-latest}
|
||||
|
||||
echo $DOCKER_PASSWORD | docker login git.pbiernat.dev -u $DOCKER_USERNAME --password-stdin
|
||||
docker push "$IMAGE_NAME:latest"
|
||||
docker push "$IMAGE_NAME:$TARGET"
|
||||
|
||||
Reference in New Issue
Block a user