Skip to content

Commit

Permalink
M3l4 devops
Browse files Browse the repository at this point in the history
  • Loading branch information
@svok
svok committed Jul 20, 2024
1 parent 315bc34 commit 6c6bcff
Show file tree
Hide file tree
Showing 6 changed files with 67 additions and 110 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ jobs:
steps:
- uses: actions/checkout@v3

- name: Set up JDK 17
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '17'
java-version: '21'
distribution: 'temurin'

- name: Validate Gradle wrapper
Expand Down
6 changes: 2 additions & 4 deletions deploy/call-envoy.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,9 @@ TOKEN=$(./keycloak-tokens.sh)
#curl -H "Authorization: Bearer ${TOKEN}" \
# -H "X-Request-ID: 1234" \
# -H "x-client-request-id: 1235" \
# -H "Content-Type: application/json" \
# http://localhost:8090/v1/create \
# -d '{"debug":{"mode":"stub","stub":"success"},"ad":{"title":"my title","description":"my description","adType":"demand","visibility":"public","productId":"23423423"}}'
# http://localhost:8080/

curl -H "Authorization: Bearer ${TOKEN}" \
-H "X-Request-ID: 1234" \
-H "x-client-request-id: 1235" \
http://localhost:8090/
http://localhost:8080/v1/ad/
22 changes: 16 additions & 6 deletions deploy/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,15 @@ services:
- ./volumes/envoy/envoy.yaml:/etc/envoy/envoy.yaml # Mount your Envoy configuration file
# - ./envoy/certs:/etc/envoy/certs # Mount your TLS certificates
ports:
- "15001:15001"
- "8090:8090"
- "8080:8080"
depends_on:
keycloak:
condition: service_healthy

keycloak:
image: quay.io/keycloak/keycloak:latest
ports:
- "8081:8080"
image: quay.io/keycloak/keycloak:24.0.4
# ports:
# - "8081:8080"
volumes:
# - ./keycloak:/tmp
- ./volumes/keycloak/import:/opt/keycloak/data/import
Expand All @@ -106,11 +108,19 @@ services:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KEYCLOAK_IMPORT: "/tmp/realm-export.json"
KC_HEALTH_ENABLED: "true"
KC_HOSTNAME_URL: "http://localhost:8080/"
healthcheck:
test: [ "CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e \"GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"]
interval: 10s
timeout: 5s
retries: 15
command:
- start-dev
# - --features admin-fine-grained-authz
- --hostname-port=8081
- --import-realm
- --proxy-headers=forwarded
- --hostname-strict=false

volumes:
opensearch-data:
2 changes: 1 addition & 1 deletion deploy/keycloak-tokens.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash

KCHOST=http://localhost:8081
KCHOST=http://localhost:8080
REALM=otus-marketplace
CLIENT_ID=otus-marketplace-service
UNAME=otus-test
Expand Down
58 changes: 0 additions & 58 deletions deploy/volumes/envoy/envoy-default.yml
View file

This file was deleted.

85 changes: 46 additions & 39 deletions deploy/volumes/envoy/envoy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,47 +11,54 @@ static_resources:
address:
socket_address:
address: 0.0.0.0
port_value: 8090
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: app
max_grpc_timeout: 0s
http_filters:
- name: envoy.filters.http.jwt_authn
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
providers:
keycloak_provider:
issuer: "http://localhost:8081/realms/otus-marketplace"
remote_jwks:
http_uri:
uri: http://keycloak:8080/realms/otus-marketplace/protocol/openid-connect/certs
cluster: keycloak
timeout: 5s
cache_duration:
seconds: 300
# Пробрасываем JWT в заголовок запроса
forward: true
forward_payload_header: x-jwt-payload
rules:
- match: {prefix: /}
requires: {provider_name: keycloak_provider}
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: [ "*" ]
routes:
- match: { path: "/" }
route: { cluster: app }
- match: { prefix: "/v1/ad/" }
route: { cluster: app }
- match: { prefix: "/v2/ad/" }
route: { cluster: app }
- match: { prefix: "/realms/" }
route: { cluster: keycloak }
- match: { prefix: "/resources/" }
route: { cluster: keycloak }
http_filters:
- name: envoy.filters.http.jwt_authn
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
providers:
keycloak_provider:
issuer: "http://localhost:8080/realms/otus-marketplace"
remote_jwks:
http_uri:
uri: http://keycloak:8080/realms/otus-marketplace/protocol/openid-connect/certs
cluster: keycloak
timeout: 5s
cache_duration:
seconds: 300
# Пробрасываем JWT в заголовок запроса
forward: true
forward_payload_header: x-jwt-payload
rules:
- match: { prefix: /v1/ad/ }
requires: { provider_name: keycloak_provider }
- match: { prefix: /v2/ad/ }
requires: { provider_name: keycloak_provider }
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: app
connect_timeout: 30s
Expand Down

0 comments on commit 6c6bcff

Please sign in to comment.