feat(proto): adding working envoy proxy config

xmlking · Feb 4, 2020 · 8086fdf · 8086fdf
1 parent 59c22ff
commit 8086fdf
Show file tree

Hide file tree

Showing 28 changed files with 678 additions and 32 deletions.
diff --git a/.gitignore b/.gitignore
@@ -56,8 +56,8 @@ scully-routes.json
 # Firebase
 .firebase
 
-# Local
-todo
-
-# temp
-deploy
+# Project
+TODO
+deploy/overlays/e2e/secrets/.dockerconfigjson
+deploy/overlays/production/secrets/.dockerconfigjson
+deploy/overlays/consul/secrets/.dockerconfigjson
diff --git a/README.md b/README.md
@@ -50,6 +50,9 @@ yarn run scully --project webapp
 # serve static content
 yarn run lite-server
 
+# kill if 'zombie' server
+yarn scully killServer
+
 # Or do all with:
 yarn run scully:all
 ```

diff --git a/apps/api/src/app/echo/echo.controller.ts b/apps/api/src/app/echo/echo.controller.ts
@@ -1,10 +1,11 @@
 import { GrpcMethod, GrpcService } from '@nestjs/microservices';
 import { EchoRequest, EchoResponse } from './interfaces/echo';
-
+// var fakeUser [] = []
 @GrpcService()
 export class EchoController {
   @GrpcMethod('EchoService')
   echo(data: EchoRequest, metadata: any): EchoResponse {
+    console.log('request', data);
     return {
       message: data.message
     };

diff --git a/deploy/README.md b/deploy/README.md
@@ -0,0 +1,15 @@
+# Deployment
+
+deploying with **Kustomize**
+
+
+
+## Reference
+
+1. <https://github.com/kubernetes-sigs/kustomize/blob/master/docs/glossary.md>
+2. <https://blog.jetstack.io/blog/kustomize-cert-manager/>
+3. <https://kustomize.io/>
+4. with sops <https://teuto.net/deploying-jupyterhub-to-kubernetes-via-kustomize-using-sops-secret-management/?lang=en>
+5. <https://github.com/pwittrock-me/petclinic-config/tree/master/config>
+6. [TODO: gRPC-Web Istio Demo](https://github.com/venilnoronha/grpc-web-istio-demo)
+7. patch example, keycloak traefik <https://github.com/piotrjanik/opa-warsaw-cloud-native-conf/tree/master/manifests>
diff --git a/deploy/bases/envoy/README.md b/deploy/bases/envoy/README.md
@@ -0,0 +1,48 @@
+# envoy
+
+### Prerequisite
+
+```bash
+wget -O ~/Downloads/protoc-gen-grpc-web https://github.com/grpc/grpc-web/releases/download/1.0.7/protoc-gen-grpc-web-1.0.7-darwin-x86_64
+chmod +x ~/Downloads/protoc-gen-grpc-web
+mv  ~/Downloads/protoc-gen-grpc-web /usr/local/bin/protoc-gen-grpc-web
+
+yarn global add grpc-tools
+```
+
+### Reference
+
+```bash
+# minikube mount /Users/schintha/Developer/Work:/Work
+docker-compose up envoy
+
+
+docker run -it --rm --name envoy \
+-p 9090:9090 -p 9901:9901  \
+-v "$(pwd)/deploy/bases/envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro"  \
+envoyproxy/envoy:latest
+
+docker exec -it envoy /bin/bash
+
+# admin http://localhost:9901/
+
+ curl 'http://localhost:9090/greetersrv/Greeter.Hello' \
+ -H 'Content-Type: application/grpc-web+proto' \
+ -H 'X-Grpc-Web: 1' \
+ -H 'custom-header-1: value1' \
+ -H 'Accept: */*' \
+ -H 'Connection: keep-alive' \
+ --data-binary $'\x00\x00\x00\x00\x05\n\x03abc' --compressed
+
+curl 'http://localhost:9090/yeti.EchoService/Echo' \
+-H 'Accept: application/grpc-web-text' \
+-H 'Content-Type: application/grpc-web-text' \
+-H 'X-Grpc-Web: 1' \
+-H 'Connection: keep-alive' \
+-H 'Accept-Encoding: gzip, deflate, br' \
+--data-binary 'AAAAAAYKBHN1bW8=' --compressed
+
+
+```
+
+1. https://github.com/jrockway/jrock.us/blob/master/ingress/envoy.yaml
diff --git a/deploy/bases/envoy/deployment.yaml b/deploy/bases/envoy/deployment.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: envoy
+spec:
+  template:
+    spec:
+      containers:
+      - name: envoy
+        image: envoyproxy/envoy:latest
+        command:
+            - "envoy"
+        args:
+            - "-c"
+            - "/etc/envoy/envoy.yaml"
+        volumeMounts:
+          - name: envoy-config
+            mountPath: /etc/envoy
+        readinessProbe:
+              httpGet:
+                  path: /server_info
+                  port: 9901
+        livenessProbe:
+            httpGet:
+                path: /server_info
+                port: 9901
+        ports:
+        - name: envoy-admin
+          containerPort: 9901
+        - name: http
+          containerPort: 9090
+        - name: https
+          containerPort: 9443
+
diff --git a/envoy.yaml → deploy/bases/envoy/envoy.yaml b/envoy.yaml → deploy/bases/envoy/envoy.yaml
@@ -20,15 +20,11 @@ static_resources:
                     - name: local_service
                       domains: ['*']
                       routes:
-                        - match: { prefix: '/accountsrv' }
+                        - match: { prefix: '/yeti.AccountService' }
                           route:
                             cluster: account_service
                             max_grpc_timeout: 0s
-                        - match: { prefix: '/greetersrv' }
-                          route:
-                            cluster: greeter_service
-                            max_grpc_timeout: 0s
-                        - match: { prefix: '/echo' }
+                        - match: { prefix: '/yeti.EchoService' }
                           route:
                             cluster: echo_service
                             max_grpc_timeout: 0s
@@ -52,13 +48,6 @@ static_resources:
       lb_policy: round_robin
       # win/mac hosts: Use address: host.docker.internal instead of address: localhost in the line below
       hosts: [{ socket_address: { address: host.docker.internal, port_value: 8080 } }]
-    - name: greeter_service
-      connect_timeout: 0.25s
-      type: logical_dns
-      http2_protocol_options: {}
-      lb_policy: round_robin
-      # win/mac hosts: Use address: host.docker.internal instead of address: localhost in the line below
-      hosts: [{ socket_address: { address: host.docker.internal, port_value: 8081 } }]
     - name: echo_service
       connect_timeout: 0.25s
       type: logical_dns

diff --git a/deploy/bases/envoy/kustomization.yaml b/deploy/bases/envoy/kustomization.yaml
@@ -0,0 +1,24 @@
+commonLabels:
+  app.kubernetes.io/name: envoy
+  app.kubernetes.io/instance: envoy-abcxzy
+  app.kubernetes.io/component: infra
+  app.kubernetes.io/part-of: micro-starter-kit
+  app.kubernetes.io/managed-by: kustomize
+commonAnnotations:
+  org: acmeCorporation
+
+resources:
+  - deployment.yaml
+
+configMapGenerator:
+  - name: envoy-config
+    files: ["envoy.yaml"]
+
+vars:
+  - name: ENVOY_SRV_ENDPOINT
+    objref:
+      kind: EtcdCluster
+      name: etcd-cluster
+      apiVersion: etcd.database.coreos.com/v1beta2
+    fieldref:
+      fieldpath: metadata.name
diff --git a/deploy/bases/envoy/service.yaml b/deploy/bases/envoy/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: envoy
+  annotations:
+    service.beta.kubernetes.io/do-loadbalancer-protocol: "tcp"
+    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
+spec:
+  type: LoadBalancer
+  # We want the servers to become available even if they're not ready
+  publishNotReadyAddresses: true
+  ports:
+  - name: grpc-web
+    port: 9090
+    protocol: TCP
+    targetPort: envoy
diff --git a/deploy/bases/postgres/kustomization.yaml b/deploy/bases/postgres/kustomization.yaml
@@ -0,0 +1,29 @@
+commonLabels:
+  app.kubernetes.io/name: postgres
+  app.kubernetes.io/instance: postgres-abcxzy
+  app.kubernetes.io/component: database
+
+resources:
+  - postgres.yaml
+  - service.yaml
+
+secretGenerator:
+  - name: postgres-secrets
+    literals:
+      - postgres-password=postgres123
+
+# labels for generated secrets at this level
+generatorOptions:
+  labels:
+    app.kubernetes.io/name: postgres-secrets
+    app.kubernetes.io/instance: postgres-secrets-abcxzy
+    app.kubernetes.io/component: secrets
+
+vars:
+  - name: DATABASE_ENDPOINT
+    objref:
+      kind: Service
+      name: postgres
+      apiVersion: v1
+    fieldref:
+      fieldpath: metadata.name
diff --git a/deploy/bases/postgres/postgres.yaml b/deploy/bases/postgres/postgres.yaml
@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  replicas: 1
+  serviceName: postgres-internal
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      terminationGracePeriodSeconds: 0
+      containers:
+        - name: postgres
+          image: postgres:11.5-alpine
+          imagePullPolicy: Always
+          ports:
+            - name: tcp-pg
+              containerPort: 5432
+              protocol: TCP
+          env:
+            - name: POSTGRES_DB
+              value: postgres
+            - name: POSTGRES_USER
+              value: postgres
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-secrets
+                  key: postgres-password
+          livenessProbe:
+            exec:
+              command: ["pg_isready", "-U", "$(POSTGRES_USER)"]
+            initialDelaySeconds: 3
+            timeoutSeconds: 2
+          readinessProbe:
+            exec:
+              command: ["pg_isready", "-U", "$(POSTGRES_USER)"]
+            initialDelaySeconds: 3
+            timeoutSeconds: 2
+          volumeMounts:
+            - name: database-storage
+              mountPath: /var/lib/postgresql/data
+  volumeClaimTemplates:
+    - metadata:
+        name: postgres-storage
+        labels:
+          app: postgres
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        # storageClassName: <custom storage class>
+        resources:
+          requests:
+            storage: 1Gi
diff --git a/deploy/bases/postgres/scripts/create_databases.sh b/deploy/bases/postgres/scripts/create_databases.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+set -u
+
+function create_user_and_database() {
+	local database=$1
+	local username=$2
+	local password=$3
+	echo "  Creating user '$username' and database '$database'"
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+	    CREATE ROLE $username WITH PASSWORD '$password' NOSUPERUSER LOGIN;
+	    CREATE DATABASE $database;
+	    GRANT ALL PRIVILEGES ON DATABASE $database TO $username;
+EOSQL
+}
+
+if [ -n "$KEYCLOAK_DB" ]; then
+		create_user_and_database $KEYCLOAK_DB $KEYCLOAK_DB_USER $KEYCLOAK_DB_PASSWORD
+fi
+
diff --git a/deploy/bases/postgres/scripts/create_extensions.sh b/deploy/bases/postgres/scripts/create_extensions.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+set -u
+
+function create_extension() {
+    local database=$1
+    echo "  Creating uuid-ossp extension"
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+        CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+EOSQL
+}
+
+if [ -n "$POSTGRES_DB" ]; then
+	create_extension $POSTGRES_DB
+fi
diff --git a/deploy/bases/postgres/service-headless.yaml b/deploy/bases/postgres/service-headless.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-headless
+  labels:
+    app: postgres
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - name: tcp-pg
+      port: 5432
+      targetPort: tcp-pg
+  selector:
+    app: postgres
diff --git a/deploy/bases/postgres/service.yaml b/deploy/bases/postgres/service.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  type: NodePort
+  ports:
+    - name: tcp-pg
+      port: 5432
+      targetPort: tcp-pg
+      nodePort: 31432
+  selector:
+    app: postgres
+    role: master