elias/booking-microservices
1
0
Fork 0
mirror of https://github.com/meysamhadeli/booking-microservices.git synced 2026-04-11 02:20:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Update kubernetes configs

Browse Source
This commit is contained in:
Pc 2023-02-21 22:19:42 +03:30
parent 5b940857f1
commit 20795825a3
33 changed files with 1288 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/docker-build-publish/action.yml vendored
View File

@ -43,11 +43,11 @@ runs:
if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash
run: |
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.5.9 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.0 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
- name: Publish Docker Image
if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash
run: |
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.5.9
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.0

8
deployments/docker-compose/infrastracture.yaml
View File

@ -1,9 +1,9 @@
version: "3.3"
services:
# #######################################################
# # Rabbitmq
# #######################################################
#######################################################
# Rabbitmq
#######################################################
rabbitmq:
container_name: rabbitmq
image: rabbitmq:3-management
@ -16,7 +16,7 @@ services:
#######################################################
# Postgres
# Postgres
######################################################
postgres:
image: postgres:latest

19
deployments/kubernetes/booking.yml → deployments/k8s/booking.yml
View File

@ -15,7 +15,7 @@ spec:
app: booking
spec:
containers:
- image: meysamh66/booking-microservices-booking:v1.5.2
- image: meysamh66/booking-microservices-booking:v1.5.7
name: booking
ports:
- containerPort: 80
@ -23,7 +23,19 @@ spec:
- name: "ASPNETCORE_ENVIRONMENT"
value: "docker"
- name: ASPNETCORE_URLS
value: "http://+"
value: "http://+"
# - name: "RabbitMqOptions__HostName"
# value: "localhost"
# - name: "RabbitMqOptions__ExchangeName"
# value: "booking"
# - name: "RabbitMqOptions__UserName"
# value: "guest"
# - name: "RabbitMqOptions__Password"
# value: "guest"
# - name: "RabbitMqOptions__Port"
# value: "5672"
- name: "EventStore__ConnectionString"
value: "esdb://eventstore:2113?tls=false"
volumeMounts:
- name: appsettings-volume
mountPath: /app/Settings
@ -41,6 +53,7 @@ spec:
app: booking
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
type: ClusterIP

12
deployments/k8s/certificate.yml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: booking-microservices-cert
namespace: default
spec:
secretName: booking-tls-secret
issuerRef:
name: booking-microservices-issuer
kind: Issuer
dnsNames:
- booking-microservices.com

9
deployments/k8s/certs/booking-cert/booking-secret.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: booking-tls
namespace: default
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGS1RDQ0F4R2dBd0lCQWdJVUZhOWxoMTc2enQxK3pSb013TEpoVWI5YUVHc3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SkRFaU1DQUdBMVVFQXd3WlltOXZhMmx1WnkxdGFXTnliM05sY25acFkyVnpMbU52YlRBZUZ3MHlNekF5DQpNakV4TVRRM01UQmFGdzB5TkRBeU1qRXhNVFEzTVRCYU1DUXhJakFnQmdOVkJBTU1HV0p2YjJ0cGJtY3RiV2xqDQpjbTl6WlhKMmFXTmxjeTVqYjIwd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURVDQpqZ01vWHh0YXZzTVhVb0h2YTBXVWZSeWJKTVVnR1NQbml3ZWF3eW41RmlnVVR4Nmd2NlZ2T3pxU21HWjE4NVA0DQpVSWJXQ3VkOVdqRUNFU0pVSkI0cVpiUmlEWUlNQWQyMzM2Y2k1d0RzbkRGVXpuWHRNOWc1VUZmS3dPd2VPVmN2DQpqc1N0WWY2Szl3ZC8xaXRMb3JIeDV0eEVQblBkVGRGR0ZqOVlVT2t1MmM1VllIMk9LaUk3ampDaDAwc3RaZHo4DQp0NWkvL0t2MjdQRHQ2REc3L3VuMHlnVEcxa21NVU1QcnBSQmVIbFFNWWZ0N09xTTNHSHJEZml1SDdjNVpGNWM2DQphRGdQeWt5dzJSM2dMYkJqeUhiamE5VkZKcytkTUViUE1sa0RLeklWK2dndWdWR3d1UWRvRDUvSnZrem8zcVhUDQpjWkp3R0U3Mk9FRmlKbi9Wd1dPSDBXamxYS2pIQkFqaFNuOW42M05GamhzM1NHS3RkaW9xSEJPaVpDeEI2NjZyDQpNSEdaeTE1a0R5emdEVVNGNU9JK0svbWIza3dHRDhTNXV6ZW1PNmRXeFdRd0w3ek5ScHhNaUg0YjhEOENGQlV1DQpyQ0lDSWt1NWhTRC9MTnZ0K05PVnRDUllUalNMT01kWmFjdEg3MFAxRXdxckpHUzJzSms4RERpMmg1bzJDaG5JDQpXL2t4TU95WnIzYk9EQUJaTGlhTndIWXZFSEJISHdndWVYR0hiaVlVRGg3czlzTWZKUVpyR1pEbmQ3R0h5STdIDQplbWRzYkIwMnN2ekRQckFFOUxRZjRXQi9kcWFOUmxJMmZ0SnIzSEo1YTlnWUJvSkRLWnU2OVI0N0c2MGozbXJrDQp4SHVYR1JDYzh4QW1PcUk0VWNla3RXb0RaR1prTEUxVXdIeFlQRVJ4WndJREFRQUJvMU13VVRBZEJnTlZIUTRFDQpGZ1FVR3lxY1p6U2NSWWJtcDNOZkhGc1k1NHJaUU5Jd0h3WURWUjBqQkJnd0ZvQVVHeXFjWnpTY1JZYm1wM05mDQpIRnNZNTRyWlFOSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFiaU9xDQpYUFowcW9yZmZZOW5YUWtpY2RaQjdmTXFEZjV6WjIybFdCRTRmbER6ZDhmZk82TmVIL0Z0N1UzWXdwS3N0dXpoDQozbkhWYlIrVDM1YnVmVXBMeVBibStKL2dJRzlTSHk1TlRrMmVuKzdseHJvYmVzTlZuNjY5Uy9UQW1yd2ZwbEN5DQpWZXB0WVQ0MkpsMy9TZDY0RHdINExIQVVyUGpzZFVoeVl5V2FXbnRUZ3JxeEF5K3RVb1B4anZyWDE0ZVdDNndIDQpjOHQxb3ZNU2ZTczVlYXBzd1JPUUsyVkFyKzE5cDJwRllQVEVMNzVlcENoeG4yZjI4Z1ZubEVWZ21rQW9rNFBSDQpJV2s0aldkei9IU0duT1BJNU5DbW1vZW9nUkFjdTNUOWp4cE9vRkFHWFlFMU9FdEdxV2kxeUpBRUo0NU9WVHNZDQprQk9pRnhsOC8xZUIySmRWWFBDRVRVaFZ6Uy93bGZIOG5vd1pzenk1OHNRNVF3RzllMXduVXcvMFI3M3NTMUVHDQpxY0hraUJFRDB5Z05DTndNT1ZYTW5hbEREbmlYS0JKd3FaMFk1SytMOVlYek9HaU8raEJNMUxFVFRxeXVHdzdJDQpVM1NwcUR3SVZJU2gzRDhNVzc3WFFXZmdQZXk1TE1Fa0x1SHQ4akt5aTVCMDZKOUE3Rm1XWGdzdmlqZnJjbGFBDQp3ZHBDakJWN2pjY216Qkl4WVV3cEtOUHljY1Q5Mk43UDg2VlEzV2NPQ1BqSGJnUDNtMXRTUlQ2UG9nakRibjdNDQp3VmhUeUNvMGN1cTJRV2I0cUtYN3NIUHZDSmJyS3pJY1Y2ZE9iZm1zUjUzMEt0cTZaU0xNbVQ5RzJkSnFzT0FtDQpsNXlMU1ByU2E5Tjl0UU03Q1lSMzB4N3ZnaTNHZ29GVGxrQ1hGV0E9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUkFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTNHdnZ2txQWdFQUFvSUNBUURVamdNb1h4dGF2c01YDQpVb0h2YTBXVWZSeWJKTVVnR1NQbml3ZWF3eW41RmlnVVR4Nmd2NlZ2T3pxU21HWjE4NVA0VUliV0N1ZDlXakVDDQpFU0pVSkI0cVpiUmlEWUlNQWQyMzM2Y2k1d0RzbkRGVXpuWHRNOWc1VUZmS3dPd2VPVmN2anNTdFlmNks5d2QvDQoxaXRMb3JIeDV0eEVQblBkVGRGR0ZqOVlVT2t1MmM1VllIMk9LaUk3ampDaDAwc3RaZHo4dDVpLy9LdjI3UER0DQo2REc3L3VuMHlnVEcxa21NVU1QcnBSQmVIbFFNWWZ0N09xTTNHSHJEZml1SDdjNVpGNWM2YURnUHlreXcyUjNnDQpMYkJqeUhiamE5VkZKcytkTUViUE1sa0RLeklWK2dndWdWR3d1UWRvRDUvSnZrem8zcVhUY1pKd0dFNzJPRUZpDQpKbi9Wd1dPSDBXamxYS2pIQkFqaFNuOW42M05GamhzM1NHS3RkaW9xSEJPaVpDeEI2NjZyTUhHWnkxNWtEeXpnDQpEVVNGNU9JK0svbWIza3dHRDhTNXV6ZW1PNmRXeFdRd0w3ek5ScHhNaUg0YjhEOENGQlV1ckNJQ0lrdTVoU0QvDQpMTnZ0K05PVnRDUllUalNMT01kWmFjdEg3MFAxRXdxckpHUzJzSms4RERpMmg1bzJDaG5JVy9reE1PeVpyM2JPDQpEQUJaTGlhTndIWXZFSEJISHdndWVYR0hiaVlVRGg3czlzTWZKUVpyR1pEbmQ3R0h5STdIZW1kc2JCMDJzdnpEDQpQckFFOUxRZjRXQi9kcWFOUmxJMmZ0SnIzSEo1YTlnWUJvSkRLWnU2OVI0N0c2MGozbXJreEh1WEdSQ2M4eEFtDQpPcUk0VWNla3RXb0RaR1prTEUxVXdIeFlQRVJ4WndJREFRQUJBb0lDQVFDUEQ1NVVkOTdqYnUzRUxzWkJyTVBDDQpNNHNqYU5ZOHltNytFdmRsVk9KVlFuSnJhTzFHYUhjaXJJeTV5bFY4SWh0LzBFTlFvVG81aHBEaHdVS0h1MStLDQpUYlhoSVJKY25venFpMS9rLy9JQlR3ZHMreUVvSy9MbWNJc0dibDc5NEw0cnhqM2VMTXkwSDV3dWtLbkhXSlBJDQpLd2dwN3BieFpzVHFGV05CUUFRU2dvcDdzRndSYVk1czQwRWNTaWlaUDZ4RGRCY2RjU1VWSjFqcDU1UkI0a3I1DQpkVmROdFVEL2JnVFAvK05LVmNOZ0tqcW5NRXBXZE9WNzJ0blZ2VnRiWDZOcnJtVzlTdjNmTWVNSDFmaVkwSDRrDQpoNW1kMTRkNVZ0cng3Z00zUE1XVFFSeHNvS0dvL29CYnE5aHlZdUZGQTBZOVVIMnRjTThFcmN4a0VXR05MNEthDQoxcjdvOTR5QWlHemRYd2xLbjdoSFBMWHlhc0lyYmF1T3FrSUE1ZUNnRkplQm9McUkrU1UyakJEZ3NPZlVOaHpWDQpNTmIxQzNoNGl3OUp2TER6MXMzaDJPbGxCY080WnBSamF0ODBQY1E4Sm5SK2l4VWUvYWdiS3ZRR056cEVobkovDQpOdWt2V2NWdXJrZUNRY1lQc01rWlMvUGlHK0U1NElSUVlvRHBoakZIUHd1cW12bWZKMTNUMjN2NXAvelVBNXVUDQoxQVFkMWRWL1JrQmtBcG9RWm51c1g3Q1ZCcWpUaGRWREVVem91OVRrK09nR016WkZRd0NjYVNWQllWVlg5OXkwDQpUTVpReFN6MlllUS9hZmZ2M2FDZ3dkZHhyZERFQzNDYm9BUks1bW91ZEhxaUVhSExROEswR3pValdzTDhTVnhGDQpOZ2JHNnFLcW5XWUJyeFIrWkFsOUlRS0NBUUVBK1puaE8zOWNNUnJhdk1EYzdNYjlkdFFoSFBYeFpnR2xaVGZTDQpWMHhrV3RPZEFqZjNHVlJ2RERqRE1oMk9hQUZiakFDSVBYdGoyaWxWV2MxSWIwQmxTbTVnVEdHeERrMVIvVTg3DQo2QUVGa3ZxME8rTWtSZjhQS21LQWpCa1RYY1VhbVo1NjFwQWRaaldSeDVBNi9IbW5lWGxxbzM3VDBhaTg5alRUDQpGMXpKeWZ4SXNwVGZ2YVJDUFQrSndMNWx6TmRFUmpUd0MzZDZRSWhRM2Q2MWhYMFFvVFhjeFpXRmNvMjNCemFwDQpMei9uYjNqOG81TFNnQ2JCNUdDQzd6SGtUYlN2SHNjdnVOOWFySDkwNE5CZ3g4aWJ6b3B6WHdaaFhzK3pxZWp1DQpkSVgxWHhONUFUSVEwak1hK0I3WnI1Tmp3TnU0T1JtdjQwZUpzNlhFOHgza0FXNjdMd0tDQVFFQTJnRC93RHRmDQpsU2l6c0g0cnExK1pFZE96K3AvQ2Fjdk1CK2lxdTczdEJROG8xR1ViVlJ3Q0h0TjkzeHQ0RUEyMGk2NjFobU5LDQoxL2kxNWljeERiVG44akg4SStOd0F2clRVSzJ3eGVkRXNxK3ZWZWtUaWoya0NLOVVJMGh1eFBFSTlkMVdKNnk4DQp1eDhibFFyNTMyUEpYT2FLMlpUOEE0eERBMk8wOThNOFQydUdlTEtlM1phc0ppRjJLTXJuMyt6TlRmWW91ODJVDQpacDdwN2MrbDh0bmRIUC80MUxjQno2dklPQUhDb3lKYTZmeEY0YWhMRThiU3VUaFBGVS8rRGpIZm1nb0xiMTgrDQpyZDJSR09ZU0R5dWZPT1lKN3NBY1hKVGFRK2hjVVpuRHFOcktLZkdBTlhGYzVUSGVEYTlkamRHMkNLaURhVXNHDQpFWEE4SGxvMWRFZS9TUUtDQVFFQXJoYkQzNG12Tlppelk5OW90OFQ2MkR5UWMvQ2VWRFZsdExsQWZoOE1COFY4DQp4eVZkdFU4TXZRdUNLWnd2elI3VlNVcTl1NVFxU3VsMVhGTXY2RmlUelZ3NjBrdDVBSzZ4TnVwaXNDaTJTSk9QDQp6ZzFaS1hFQ2xOOXJKVXdBRS9ENzRwV0V1ODU4a3VOZU1FREt3M25lYzMxYUFYcmVKbWQ0bElpM2lwM3ZLSEJNDQpEREtGODNGenVlQnRKZ0FtWkw3b0ljZWVmWUR4eGJ6T0dsSFJiYStUUDcyZnBEZnJnY0NTSGZmai9NNm5qenBsDQppM2xHVkplenVLUVA3dUZ2aVRzeXdWYlFWRE9FdkxlUlA1UlhURUVCV3dkNS9KY29wc1piVzNEWmtIQTJlZi9NDQo4Q2FKVVBMUUpxcnR6ZVlSTjF5SW0xcnRNS3Fld3F3bU9DTnErZ3pQaFFLQ0FRRUFySUJ4M3hpY0w1ai9acjdQDQpxMUYvKzkwNjR5d2JXRC9NK00wZ25HSlM5TmZrQlB6a1BkcGx5eUtxelNvZFBRYTdRSFJFYTB5U1lvY0kyRTlXDQp2M1BRdlpMVDQwb0t6akRQbVYxM0xZSXNsLy93aTloY2Y5ejZ1V3lTOVVCUmRrRU1TQkNXSmRySGxJR3UvNmFwDQp4aHhkcjhjMVE2cGlLQ1NLdWxuaFR0UU1Hd1FJYWVWZFZCWHZybFIzL1J0aGs0ejdmNTh5NkRocUh6SE1CVU4wDQpHdEJONks2YnBTWVNwdE5WSVF3emlZYWJ6ZDZ6SlRaWUFoUW5saXg2VjNEdXBTak51RVFPZkZndmJzQ09HZGVqDQpucUZ6NGtBVXgvajMrRUpJMjhjM2xkSklRb3F0d2JhNUxwQy9ZeFNza3NPYkVhZEpsVnhTYjdUUDNtaWpDWmwwDQpCc2puRVFLQ0FRQTZDSG5LZTNWNEF5WkRJV1N5UE0xZ2Q4VWVyQWY3V2paLzJ1RU0yWC9Nc1JvN2pHeHh4U0JMDQpUOE5vemtuZ05GbXV2SENnOURpdXRxZ0N0eHV5TXZ6MmJ2MnhXdWxPMm9ZL0NVdUQvVzV6aU44NzlnenBPSStPDQo5T0d4NklUV2xqZ0FKQmt4U1RaYXpYd0NVK05qNDlkY2ZicWhEZGtTQWZ6RW1COGpCRzEzaXprcVZEQTdYU0lBDQoxWDNUdEpkSGwzUmYwNFpoUUN1aCthWEdlRjdHOHQ0QTFhZW1iWWIyUStjM1BPK0s2ZlZZU3doTC9PeEdFdmUzDQpEc2x1aUZ2ZnM1cFIwb3B0ZWR6Y1RQdHhQM29tK0JiSThvUnVHVUdMdkNKbS9GYlNOL0c1TGFZS1U4YlkydHlhDQo1L05QTjR1OTZCcStRYUFsS0hKc24xL01XRWRaTS9ocg0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K

30
deployments/k8s/certs/booking-cert/tls.crt Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFKTCCAxGgAwIBAgIUFa9lh176zt1+zRoMwLJhUb9aEGswDQYJKoZIhvcNAQEL
BQAwJDEiMCAGA1UEAwwZYm9va2luZy1taWNyb3NlcnZpY2VzLmNvbTAeFw0yMzAy
MjExMTQ3MTBaFw0yNDAyMjExMTQ3MTBaMCQxIjAgBgNVBAMMGWJvb2tpbmctbWlj
cm9zZXJ2aWNlcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU
jgMoXxtavsMXUoHva0WUfRybJMUgGSPniweawyn5FigUTx6gv6VvOzqSmGZ185P4
UIbWCud9WjECESJUJB4qZbRiDYIMAd2336ci5wDsnDFUznXtM9g5UFfKwOweOVcv
jsStYf6K9wd/1itLorHx5txEPnPdTdFGFj9YUOku2c5VYH2OKiI7jjCh00stZdz8
t5i//Kv27PDt6DG7/un0ygTG1kmMUMPrpRBeHlQMYft7OqM3GHrDfiuH7c5ZF5c6
aDgPykyw2R3gLbBjyHbja9VFJs+dMEbPMlkDKzIV+ggugVGwuQdoD5/Jvkzo3qXT
cZJwGE72OEFiJn/VwWOH0WjlXKjHBAjhSn9n63NFjhs3SGKtdioqHBOiZCxB666r
MHGZy15kDyzgDUSF5OI+K/mb3kwGD8S5uzemO6dWxWQwL7zNRpxMiH4b8D8CFBUu
rCICIku5hSD/LNvt+NOVtCRYTjSLOMdZactH70P1EwqrJGS2sJk8DDi2h5o2ChnI
W/kxMOyZr3bODABZLiaNwHYvEHBHHwgueXGHbiYUDh7s9sMfJQZrGZDnd7GHyI7H
emdsbB02svzDPrAE9LQf4WB/dqaNRlI2ftJr3HJ5a9gYBoJDKZu69R47G60j3mrk
xHuXGRCc8xAmOqI4UcektWoDZGZkLE1UwHxYPERxZwIDAQABo1MwUTAdBgNVHQ4E
FgQUGyqcZzScRYbmp3NfHFsY54rZQNIwHwYDVR0jBBgwFoAUGyqcZzScRYbmp3Nf
HFsY54rZQNIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbiOq
XPZ0qorffY9nXQkicdZB7fMqDf5zZ22lWBE4flDzd8ffO6NeH/Ft7U3YwpKstuzh
3nHVbR+T35bufUpLyPbm+J/gIG9SHy5NTk2en+7lxrobesNVn669S/TAmrwfplCy
VeptYT42Jl3/Sd64DwH4LHAUrPjsdUhyYyWaWntTgrqxAy+tUoPxjvrX14eWC6wH
c8t1ovMSfSs5eapswROQK2VAr+19p2pFYPTEL75epChxn2f28gVnlEVgmkAok4PR
IWk4jWdz/HSGnOPI5NCmmoeogRAcu3T9jxpOoFAGXYE1OEtGqWi1yJAEJ45OVTsY
kBOiFxl8/1eB2JdVXPCETUhVzS/wlfH8nowZszy58sQ5QwG9e1wnUw/0R73sS1EG
qcHkiBED0ygNCNwMOVXMnalDDniXKBJwqZ0Y5K+L9YXzOGiO+hBM1LETTqyuGw7I
U3SpqDwIVISh3D8MW77XQWfgPey5LMEkLuHt8jKyi5B06J9A7FmWXgsvijfrclaA
wdpCjBV7jccmzBIxYUwpKNPyccT92N7P86VQ3WcOCPjHbgP3m1tSRT6PogjDbn7M
wVhTyCo0cuq2QWb4qKX7sHPvCJbrKzIcV6dObfmsR530Ktq6ZSLMmT9G2dJqsOAm
l5yLSPrSa9N9tQM7CYR30x7vgi3GgoFTlkCXFWA=
-----END CERTIFICATE-----

52
deployments/k8s/certs/booking-cert/tls.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDUjgMoXxtavsMX
UoHva0WUfRybJMUgGSPniweawyn5FigUTx6gv6VvOzqSmGZ185P4UIbWCud9WjEC
ESJUJB4qZbRiDYIMAd2336ci5wDsnDFUznXtM9g5UFfKwOweOVcvjsStYf6K9wd/
1itLorHx5txEPnPdTdFGFj9YUOku2c5VYH2OKiI7jjCh00stZdz8t5i//Kv27PDt
6DG7/un0ygTG1kmMUMPrpRBeHlQMYft7OqM3GHrDfiuH7c5ZF5c6aDgPykyw2R3g
LbBjyHbja9VFJs+dMEbPMlkDKzIV+ggugVGwuQdoD5/Jvkzo3qXTcZJwGE72OEFi
Jn/VwWOH0WjlXKjHBAjhSn9n63NFjhs3SGKtdioqHBOiZCxB666rMHGZy15kDyzg
DUSF5OI+K/mb3kwGD8S5uzemO6dWxWQwL7zNRpxMiH4b8D8CFBUurCICIku5hSD/
LNvt+NOVtCRYTjSLOMdZactH70P1EwqrJGS2sJk8DDi2h5o2ChnIW/kxMOyZr3bO
DABZLiaNwHYvEHBHHwgueXGHbiYUDh7s9sMfJQZrGZDnd7GHyI7HemdsbB02svzD
PrAE9LQf4WB/dqaNRlI2ftJr3HJ5a9gYBoJDKZu69R47G60j3mrkxHuXGRCc8xAm
OqI4UcektWoDZGZkLE1UwHxYPERxZwIDAQABAoICAQCPD55Ud97jbu3ELsZBrMPC
M4sjaNY8ym7+EvdlVOJVQnJraO1GaHcirIy5ylV8Iht/0ENQoTo5hpDhwUKHu1+K
TbXhIRJcnozqi1/k//IBTwds+yEoK/LmcIsGbl794L4rxj3eLMy0H5wukKnHWJPI
Kwgp7pbxZsTqFWNBQAQSgop7sFwRaY5s40EcSiiZP6xDdBcdcSUVJ1jp55RB4kr5
dVdNtUD/bgTP/+NKVcNgKjqnMEpWdOV72tnVvVtbX6NrrmW9Sv3fMeMH1fiY0H4k
h5md14d5Vtrx7gM3PMWTQRxsoKGo/oBbq9hyYuFFA0Y9UH2tcM8ErcxkEWGNL4Ka
1r7o94yAiGzdXwlKn7hHPLXyasIrbauOqkIA5eCgFJeBoLqI+SU2jBDgsOfUNhzV
MNb1C3h4iw9JvLDz1s3h2OllBcO4ZpRjat80PcQ8JnR+ixUe/agbKvQGNzpEhnJ/
NukvWcVurkeCQcYPsMkZS/PiG+E54IRQYoDphjFHPwuqmvmfJ13T23v5p/zUA5uT
1AQd1dV/RkBkApoQZnusX7CVBqjThdVDEUzou9Tk+OgGMzZFQwCcaSVBYVVX99y0
TMZQxSz2YeQ/affv3aCgwddxrdDEC3CboARK5moudHqiEaHLQ8K0GzUjWsL8SVxF
NgbG6qKqnWYBrxR+ZAl9IQKCAQEA+ZnhO39cMRravMDc7Mb9dtQhHPXxZgGlZTfS
V0xkWtOdAjf3GVRvDDjDMh2OaAFbjACIPXtj2ilVWc1Ib0BlSm5gTGGxDk1R/U87
6AEFkvq0O+MkRf8PKmKAjBkTXcUamZ561pAdZjWRx5A6/HmneXlqo37T0ai89jTT
F1zJyfxIspTfvaRCPT+JwL5lzNdERjTwC3d6QIhQ3d61hX0QoTXcxZWFco23Bzap
Lz/nb3j8o5LSgCbB5GCC7zHkTbSvHscvuN9arH904NBgx8ibzopzXwZhXs+zqeju
dIX1XxN5ATIQ0jMa+B7Zr5NjwNu4ORmv40eJs6XE8x3kAW67LwKCAQEA2gD/wDtf
lSizsH4rq1+ZEdOz+p/CacvMB+iqu73tBQ8o1GUbVRwCHtN93xt4EA20i661hmNK
1/i15icxDbTn8jH8I+NwAvrTUK2wxedEsq+vVekTij2kCK9UI0huxPEI9d1WJ6y8
ux8blQr532PJXOaK2ZT8A4xDA2O098M8T2uGeLKe3ZasJiF2KMrn3+zNTfYou82U
Zp7p7c+l8tndHP/41LcBz6vIOAHCoyJa6fxF4ahLE8bSuThPFU/+DjHfmgoLb18+
rd2RGOYSDyufOOYJ7sAcXJTaQ+hcUZnDqNrKKfGANXFc5THeDa9djdG2CKiDaUsG
EXA8Hlo1dEe/SQKCAQEArhbD34mvNZizY99ot8T62DyQc/CeVDVltLlAfh8MB8V8
xyVdtU8MvQuCKZwvzR7VSUq9u5QqSul1XFMv6FiTzVw60kt5AK6xNupisCi2SJOP
zg1ZKXEClN9rJUwAE/D74pWEu858kuNeMEDKw3nec31aAXreJmd4lIi3ip3vKHBM
DDKF83FzueBtJgAmZL7oIceefYDxxbzOGlHRba+TP72fpDfrgcCSHffj/M6njzpl
i3lGVJezuKQP7uFviTsywVbQVDOEvLeRP5RXTEEBWwd5/JcopsZbW3DZkHA2ef/M
8CaJUPLQJqrtzeYRN1yIm1rtMKqewqwmOCNq+gzPhQKCAQEArIBx3xicL5j/Zr7P
q1F/+9064ywbWD/M+M0gnGJS9NfkBPzkPdplyyKqzSodPQa7QHREa0ySYocI2E9W
v3PQvZLT40oKzjDPmV13LYIsl//wi9hcf9z6uWyS9UBRdkEMSBCWJdrHlIGu/6ap
xhxdr8c1Q6piKCSKulnhTtQMGwQIaeVdVBXvrlR3/Rthk4z7f58y6DhqHzHMBUN0
GtBN6K6bpSYSptNVIQwziYabzd6zJTZYAhQnlix6V3DupSjNuEQOfFgvbsCOGdej
nqFz4kAUx/j3+EJI28c3ldJIQoqtwba5LpC/YxSsksObEadJlVxSb7TP3mijCZl0
BsjnEQKCAQA6CHnKe3V4AyZDIWSyPM1gd8UerAf7WjZ/2uEM2X/MsRo7jGxxxSBL
T8NozkngNFmuvHCg9DiutqgCtxuyMvz2bv2xWulO2oY/CUuD/W5ziN879gzpOI+O
9OGx6ITWljgAJBkxSTZazXwCU+Nj49dcfbqhDdkSAfzEmB8jBG13izkqVDA7XSIA
1X3TtJdHl3Rf04ZhQCuh+aXGeF7G8t4A1aembYb2Q+c3PO+K6fVYSwhL/OxGEve3
DsluiFvfs5pR0optedzcTPtxP3om+BbI8oRuGUGLvCJm/FbSN/G5LaYKU8bY2tya
5/NPN4u96Bq+QaAlKHJsn1/MWEdZM/hr
-----END PRIVATE KEY-----

9
deployments/k8s/certs/identity-cert/identity-secret.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: identity-tls
namespace: default
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGSHpDQ0F3ZWdBd0lCQWdJVWJ4K1lESEs0cFlrQkM5d2lsVEJBa05NMFNPVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3SHpFZE1Cc0dBMVVFQXd3VWJYbHBaR1Z1ZEdsMGVYTmxjblpsY2k1amIyMHdIaGNOTWpNd01qSXhNVEUxDQpPRFV3V2hjTk1qUXdNakl4TVRFMU9EVXdXakFmTVIwd0d3WURWUVFEREJSdGVXbGtaVzUwYVhSNWMyVnlkbVZ5DQpMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTHZDWGU2cy9waW50czc1DQpOcUJmeTFyUkZLREc4Ky9qSFZVaTh0VE1XNU1qbHh3SW9WQ004WXVVSk8vTFNjbVNueFZHdXNBTEk5TkJMeXFKDQo4U2dCY0VXQ1h4aDI0VmRpUmk2d05jSzF1TkNwY0t1VVA0bDZQYVhFaHZtU2YycnBScDgrWGxKeWZOTFBodXhUDQpOUy84MWl3UXRoelc0WGFPbEVGYzhxbFd2ODZjbjdoci9QbDhUNGZIVmp5UHNJdHVrOExTSTBPdmUrQUd5L3F3DQpkL1hQcE12dXVSbndRRFBuWHE1NE56djFHMTMyRDh4eitoWko4eTNlTEtUTXF0U2ZEQm9SdWpoQmVjNVp1ckxKDQplYVJEYmlWdU9LMy9oRm9TVGxkaFYxMTViVDFZcTU3QnNhQlNQeXdSUE1JbldOZ1p0QnhtRUgxVTR2aGJKZmtKDQo0TnAvMkFQYzY2WDFTelp1c0s3aEZ4WHBtVTRJYXZiNXAzcDhpVVZEekNPN0U1OURkT2Z6QzNCYXg1YzZPUXZSDQo5d0FkTXlVSmhCaFU0eW9KOXQ1WTljV1BRcU94U25WT3Z1NXFOVHI5UDBBVFdLcE9NVkZZWklib0VCQW9oWmlwDQpKT3FkYWxVSnFqcEp0TzRxeTVaL3orclZPMjRCdzUzMWJ4SkFoanBWYWQxU1NOZm5xdXI0TFZ4V0JyYXFqUU90DQpPT1VPaHEwd2Y0UUdEc3NIM2NOMkJaK2Z4OVJDY0dmOW1kTkdSTDFoK29IalVHYjVaS2dxcWlOZDNZVWlKWlpSDQpIN1VvQmV2eXlLcVFiYmE4NFVXSXRhVHJPT0kxN3JKSWJ3dlZsdjgrUENGWGZPNjdDMENYN243YWwxM040ZkNlDQoyaWYyT01uQ0pJOWI5VXJSZGZxTDkvbG9wZ0J4QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSRzRzTHh2QmxSDQprNmhveXVxdDg0MUE1TTlCVGpBZkJnTlZIU01FR0RBV2dCUkc0c0x4dkJsUms2aG95dXF0ODQxQTVNOUJUakFQDQpCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmVJb0xCaUMvNGxaNnhHYzJnDQpWNG5JM0lmQ2YyY3BWVFhaME5zTjFxL0o4TXZrRnBHNENkeUZlRStoZjdPbmpVVjlIQnlVR2JpRDFoZlJCSmJWDQpaNXAxS1BxQ0ltQXlZcm1KVnU4dllEVlJGcXY0bW5kSUN4ZzBRaGNEbWZTU3NCZXl6UXpDUExTd21HUzd2OVk5DQpTTjFTTUU0cE5jMWdBaU5OTWhKS1NBcnowWTV5TmRsWDNNcTRXTHZrd01iZXN0TjlDRFRaZ2VVTDVuRkxCdFFhDQpaZkY2Z0NBTVI1WktITmNaTEp3ejdZcU5ZT0tUN2s1OHRCSXJMV1FWNWFXWTlPSUVqQ1VNMEtneUVBbzE1dDA5DQpwQmorUWVrK25HOFdxNTRxbnNjSnVyeWxaaWVNdXBDOGdYdUhlL1BMb3ZSQksvUkp5VDF0YTZvb1VHWW00VWRzDQpnWWF4RUpWVVFqNUowZXF4U2JMVHg3UUxNR2xNNGc2V1dOUmVUWE9VOE41OG5SSzBtTVRISVBEQ0ZBeVRMNlpKDQo1ZG5aYjhZN3UySDJvNDRJQlRvdFBiQmYrT3h6dTV2dTl0TzluelN1ZWtWd0EvbDhWRkJibnY3SG9CU1oxMDFUDQpFU0ZUVDBmR0NvNGpkbnhhOC8wcElwelo1M0ZDSG5yZGdjUXd2amJrb2tybzV1L0o3dXdFRHNsaE9hM0FkdlIxDQpMTXhIVFRvR01QaDdCT0RTb2FybWRsR2hReVI3TU1lYWwxUzRHOWZHMmZUczZsYXBrcFJ2d3V0RzMxUWJiNXhrDQpKemNTSXIwTWlheGVGdTcyL2J5aWFDTFEwQ2c5SHQ4THlpZ2VMRFhQMFJjeXVRNXk1bUdVYXY1cnBWRTZiMkRGDQpoU1pUZmdOL3ZzUitJdExueU9EVkt0WWJ1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUXdJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTMHdnZ2twQWdFQUFvSUNBUUM3d2wzdXJQNllwN2JPDQorVGFnWDh0YTBSU2d4dlB2NHgxVkl2TFV6RnVUSTVjY0NLRlFqUEdMbENUdnkwbkprcDhWUnJyQUN5UFRRUzhxDQppZkVvQVhCRmdsOFlkdUZYWWtZdXNEWEN0YmpRcVhDcmxEK0plajJseEliNWtuOXE2VWFmUGw1U2NuelN6NGJzDQpVelV2L05Zc0VMWWMxdUYyanBSQlhQS3BWci9PbkorNGEvejVmRStIeDFZOGo3Q0xicFBDMGlORHIzdmdCc3Y2DQpzSGYxejZUTDdya1o4RUF6NTE2dWVEYzc5UnRkOWcvTWMvb1dTZk10M2l5a3pLclVud3dhRWJvNFFYbk9XYnF5DQp5WG1rUTI0bGJqaXQvNFJhRWs1WFlWZGRlVzA5V0t1ZXdiR2dVajhzRVR6Q0oxallHYlFjWmhCOVZPTDRXeVg1DQpDZURhZjlnRDNPdWw5VXMyYnJDdTRSY1Y2WmxPQ0dyMithZDZmSWxGUTh3anV4T2ZRM1RuOHd0d1dzZVhPamtMDQowZmNBSFRNbENZUVlWT01xQ2ZiZVdQWEZqMEtqc1VwMVRyN3VhalU2L1Q5QUUxaXFUakZSV0dTRzZCQVFLSVdZDQpxU1RxbldwVkNhbzZTYlR1S3N1V2Y4L3ExVHR1QWNPZDlXOFNRSVk2VlduZFVralg1NnJxK0MxY1ZnYTJxbzBEDQpyVGpsRG9hdE1IK0VCZzdMQjkzRGRnV2ZuOGZVUW5Cbi9ablRSa1M5WWZxQjQxQm0rV1NvS3FvalhkMkZJaVdXDQpVUisxS0FYcjhzaXFrRzIydk9GRmlMV2s2emppTmU2eVNHOEwxWmIvUGp3aFYzenV1d3RBbCs1KzJwZGR6ZUh3DQpudG9uOWpqSndpU1BXL1ZLMFhYNmkvZjVhS1lBY1FJREFRQUJBb0lDQUE1OE1FTDVsYXF4UmFreUVNVE9ueUdpDQpmN1RucEdvZFcyWDJERVhlZmpJYnpNeWMzZFVaQ29sNkpGOWJqNVc5ZWdocUxINGtYZDh1YURVZjd6cm00WUo3DQpURnJXMFF1c3lUMVEydFRxc0Jkbyt3aEJwNlV6aVE0QTIyamxwRzdiRUZlNHVBNGtSdno4aGF3MXZ5UzBuTkZKDQplTU5BMEtRVTI5c3ZFSWwvNTh4SXlRbXhTeEwwUkM1MWNuRzVwQ1Vkb3NpazdaT0xOa05TUXVwVU11MEQxL0xqDQp0K1FJWk91Y0xmSEgxSHNMcmREUjZ1WWJESEFyeEZjRmpPd3AzZ1FKUVNYQnVGd2VzUWI2WlN6bDNqeU45ekZzDQpEM05kQXhqdjBKdHRKeEJQRGQ1dHVNL0dvYTE4cXVMN2NYU0pGSkdYYWczRzBmN1pUYWxiWHRLWHNJRXEyNzlPDQpoWFNNVkcxODZVNU9GdThQQ1hITVRSSXp1ZGlnaHRvaExSTXE4ZDAvdTdHSWNzRVNiZGdCKzlhT0hBYU42SUtwDQo0REpYQWtzQ3E0NmVyaGlRWEdnaGpKZUd6YjlONzBJV1I0NVpGZGNpUlhlbnp0djRBOENXeUdyZk1lOWFBMjUyDQpWbmNHa1o2bDVrTFZ3aUVLZU1uK1RYV2ZPQUVnMVNZb3F6RTJYanVSOENvUmJ6aFBRQjVxRlVhZEZYMGwwWlpqDQo1YlcxOHNtcG5xM1h5WlpmSVNIOEFYeGZndzEraFEzVldodENlNU9qQkV0dlNoeDIrR1czTVNmRVQxNXVORTFXDQpQR3A1RFBGNjMzaXZXdDRBMUVUckpkbE5UcnVxbVh2b3hZWGlnUWNjdURRM2YvZnkvcmprRDY1eDRDaEpLc1F4DQpEcmZWMHF6MGV3TmxHbTc0U3dBQkFvSUJBUUQwTmFPdngvNFdNdXNLUFhNU1NycFRtVlMyd1ZROUpmbGw2Y0EwDQpKTG9HTk1hdVBIenJsVzIxamFCcXhXTGhlVkY5R1c3MU9lSmxtdjA2SWZwbUJlS0F4c3grR0lnWUZqRG50aVlFDQpUVjRQSkRFVFB2TDQxU3ZLT0NDUWx4eXVwY2tGbUoyLzJYd0Z2REVqdVBPeUJyZ0VrT3dlUXJxSEhnWXI3cWhzDQphM0U4bkliVWhPWVF1QnNpNHpXanFnTGI3eS9XeVhkbm9LbXNJRlp5bHc2OUxjQVAvaW9WQkIrS1h3aXZsTnpYDQpoaGZ0QkY2RXRsLzFkbFN3MmtmUTBIMmlYdkR5ZTEySEFJNlZYZXQ3dXJoSFRzeG5JaW5remx6d0lJcUJFOFduDQpnVXJJcXBhays1OVNGRkpvbjB0RkV5cmVhK2dMQmVpKzhGTitzZVFydytHNmYyVnhBb0lCQVFERTB3U2NqVUV3DQpjM20rUi9VcjhJOWRZZW1ER1Y4OXkwTmI1amd2TDBwc21GNmc4aDFNYWxlMFJiaXI3SVJ0TU9MUjhWV1EyQ281DQo1bGlBTlhPKzIrdHJhaFlDbkY1d0t6Q3dsM01qNVRYMlQ5MHE1Sk9XSVZldTIvZTE0Vkl3UDBITXV3KzZCdTIyDQpvbVdQcjd3cm5weUVISjlnTkcwbWRNL1JHK3ZvVXNWeHdOSThUVHdFNFZ2UzBYYzcrN3VNbEhEcnV6dlRkOThjDQpJTEdMOTVJUVppeWxUdnR0ZVgvT1pyTmNIeUg2Ym5SaXFIZWszSHdQMm1VZkg1ek9oOGwzdmVQSXVET2xaOE5ODQppbloyN1VrMmJxZW8vT3BCTWcwMVo0dE82RzBha2RaSjUraFlBS3hZWUdyWmZBbTZRTTJpTFd1bDliRzVwdG5MDQo0YW5RSEdTQkZzc0JBb0lCQVFESmhtSTNzdkJJM1dmOG9VME9jVUJsc0lpcDc4eFdVYm9Ia2VnY241b3JlTzNqDQo1dUtuZmo1MHJoVU5SeW9jS3dOR0d2RG55UWE5RmpPVi8yZ2xQUUgzaHhaRmtIVHVlNUdNQlZKR0JwcHlJRW1uDQpPakZEaXBhQ1grTHZydVBxYzhENXIwR3VpZ2pBcXRaYVJreEVReXNrQ1h2d1ZOeWNsL2c3MU15RCsvNE1LSmRUDQpWUUNPRjMrOVFJYUpNc2o5T2RyZWdvN1lvMHFoVW1aRVZjZkI4YmttK1hVOHRwUlltYWdQVE9jWnEveWVpUlorDQpxZ2x5QkY1TE96WThhWERqeHpsS3dPY2pleUF1dnJ5TzlEMFNDMEsrY1FEbFlpNXJzazdaeWJrNFM0ZXRKS2tBDQpLTzBHek9KY2wrZURieGZYU0hES2QrdmpkV3RSaC9kazdsYWVrbmJoQW9JQkFRQ2dMUEoxek9hZVhYdFlCUXRiDQpCTnhITEtWeVVUV1cvbElFK2VnRFRrTU0rVHNaVTYvUVBrSzlySGZMUWlITEVwdWtLdmh0ZGQxM1hTUHN3cE05DQpZWS9HeklDNUF6US9xSVpwVC9jZDRTejNGS3R5ZXE0NDRVMlFPZWJ2RnoxaGtqa2tPWjlrenJxcGhLT09PWCt6DQpKOU5NR0ZjRFhlYnVBdVlVME5vOUtROFJzYy9senh6bkE5ZE1TN2J6RTd2ZmZmWWZnVElBdUc3VFh5L2VMazJxDQpGdHlDY3pKZU55QnhnbGE0dzRWTlhwSk1yN2tlYTJoekpsSmc3OE1XdUo2V1dleURycFFwS2JaZzVpdmVRT0R4DQo4VDkwWU03cTI2YXdMV0hMaDQ4eXJqaHIwTlRldVQySWRuNitHeGwzZjhGWkdBbWc5Ny80eS9ZMjI2RHNnZzZ3DQpseklCQW9JQkFHNTdVSVpvL012VXRHelVQWnh0QTJmSmZ4RDhhOE92M25RVTN6akpMd0pYenIrOHp2eVpOUnhvDQp4eCs5ZGlMdWlYQ2hHT3VpU0NUOXVtci9KSWRzVmEwb200TCtQMHA3V01MK1QrYlBhVHFmWjJnY1Z1QitadFg3DQpKR1gzdForTHpkYWtRNkxTYTRaRlFlMmNTYzcxYWF2YnJZMTU0RGpYUmI4c25BQTlkczBENk10U0crTjlhQjZaDQpaRFZEc1MveUk1Z0VLV3FtN1B0RDR1VWhNazViUmFLbkdLS1ZVR0NOak9DN0NETEZVSU1OcDRRSDFhb1lMcTJuDQpCNy9GdHlQb09MNkxDTytCUk9FY2NSZXZYQWJyOTJ0dzhoQzNqaGJGS3dCTThJMUFWdWgxdS9qWFg1ZDgrRGVNDQpQQ0ZNNHlLZnNGb24zTW1sMDR4eXhKU3RqL2Zhc01jPQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K

30
deployments/k8s/certs/identity-cert/tls.crt Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFHzCCAwegAwIBAgIUbx+YDHK4pYkBC9wilTBAkNM0SOUwDQYJKoZIhvcNAQEL
BQAwHzEdMBsGA1UEAwwUbXlpZGVudGl0eXNlcnZlci5jb20wHhcNMjMwMjIxMTE1
ODUwWhcNMjQwMjIxMTE1ODUwWjAfMR0wGwYDVQQDDBRteWlkZW50aXR5c2VydmVy
LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALvCXe6s/pints75
NqBfy1rRFKDG8+/jHVUi8tTMW5MjlxwIoVCM8YuUJO/LScmSnxVGusALI9NBLyqJ
8SgBcEWCXxh24VdiRi6wNcK1uNCpcKuUP4l6PaXEhvmSf2rpRp8+XlJyfNLPhuxT
NS/81iwQthzW4XaOlEFc8qlWv86cn7hr/Pl8T4fHVjyPsItuk8LSI0Ove+AGy/qw
d/XPpMvuuRnwQDPnXq54Nzv1G132D8xz+hZJ8y3eLKTMqtSfDBoRujhBec5ZurLJ
eaRDbiVuOK3/hFoSTldhV115bT1Yq57BsaBSPywRPMInWNgZtBxmEH1U4vhbJfkJ
4Np/2APc66X1SzZusK7hFxXpmU4Iavb5p3p8iUVDzCO7E59DdOfzC3Bax5c6OQvR
9wAdMyUJhBhU4yoJ9t5Y9cWPQqOxSnVOvu5qNTr9P0ATWKpOMVFYZIboEBAohZip
JOqdalUJqjpJtO4qy5Z/z+rVO24Bw531bxJAhjpVad1SSNfnqur4LVxWBraqjQOt
OOUOhq0wf4QGDssH3cN2BZ+fx9RCcGf9mdNGRL1h+oHjUGb5ZKgqqiNd3YUiJZZR
H7UoBevyyKqQbba84UWItaTrOOI17rJIbwvVlv8+PCFXfO67C0CX7n7al13N4fCe
2if2OMnCJI9b9UrRdfqL9/lopgBxAgMBAAGjUzBRMB0GA1UdDgQWBBRG4sLxvBlR
k6hoyuqt841A5M9BTjAfBgNVHSMEGDAWgBRG4sLxvBlRk6hoyuqt841A5M9BTjAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBeIoLBiC/4lZ6xGc2g
V4nI3IfCf2cpVTXZ0NsN1q/J8MvkFpG4CdyFeE+hf7OnjUV9HByUGbiD1hfRBJbV
Z5p1KPqCImAyYrmJVu8vYDVRFqv4mndICxg0QhcDmfSSsBeyzQzCPLSwmGS7v9Y9
SN1SME4pNc1gAiNNMhJKSArz0Y5yNdlX3Mq4WLvkwMbestN9CDTZgeUL5nFLBtQa
ZfF6gCAMR5ZKHNcZLJwz7YqNYOKT7k58tBIrLWQV5aWY9OIEjCUM0KgyEAo15t09
pBj+Qek+nG8Wq54qnscJurylZieMupC8gXuHe/PLovRBK/RJyT1ta6ooUGYm4Uds
gYaxEJVUQj5J0eqxSbLTx7QLMGlM4g6WWNReTXOU8N58nRK0mMTHIPDCFAyTL6ZJ
5dnZb8Y7u2H2o44IBTotPbBf+Oxzu5vu9tO9nzSuekVwA/l8VFBbnv7HoBSZ101T
ESFTT0fGCo4jdnxa8/0pIpzZ53FCHnrdgcQwvjbkokro5u/J7uwEDslhOa3AdvR1
LMxHTToGMPh7BODSoarmdlGhQyR7MMeal1S4G9fG2fTs6lapkpRvwutG31Qbb5xk
JzcSIr0MiaxeFu72/byiaCLQ0Cg9Ht8LyigeLDXP0RcyuQ5y5mGUav5rpVE6b2DF
hSZTfgN/vsR+ItLnyODVKtYbuw==
-----END CERTIFICATE-----

52
deployments/k8s/certs/identity-cert/tls.key Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7wl3urP6Yp7bO
+TagX8ta0RSgxvPv4x1VIvLUzFuTI5ccCKFQjPGLlCTvy0nJkp8VRrrACyPTQS8q
ifEoAXBFgl8YduFXYkYusDXCtbjQqXCrlD+Jej2lxIb5kn9q6UafPl5ScnzSz4bs
UzUv/NYsELYc1uF2jpRBXPKpVr/OnJ+4a/z5fE+Hx1Y8j7CLbpPC0iNDr3vgBsv6
sHf1z6TL7rkZ8EAz516ueDc79Rtd9g/Mc/oWSfMt3iykzKrUnwwaEbo4QXnOWbqy
yXmkQ24lbjit/4RaEk5XYVddeW09WKuewbGgUj8sETzCJ1jYGbQcZhB9VOL4WyX5
CeDaf9gD3Oul9Us2brCu4RcV6ZlOCGr2+ad6fIlFQ8wjuxOfQ3Tn8wtwWseXOjkL
0fcAHTMlCYQYVOMqCfbeWPXFj0KjsUp1Tr7uajU6/T9AE1iqTjFRWGSG6BAQKIWY
qSTqnWpVCao6SbTuKsuWf8/q1TtuAcOd9W8SQIY6VWndUkjX56rq+C1cVga2qo0D
rTjlDoatMH+EBg7LB93DdgWfn8fUQnBn/ZnTRkS9YfqB41Bm+WSoKqojXd2FIiWW
UR+1KAXr8siqkG22vOFFiLWk6zjiNe6ySG8L1Zb/PjwhV3zuuwtAl+5+2pddzeHw
nton9jjJwiSPW/VK0XX6i/f5aKYAcQIDAQABAoICAA58MEL5laqxRakyEMTOnyGi
f7TnpGodW2X2DEXefjIbzMyc3dUZCol6JF9bj5W9eghqLH4kXd8uaDUf7zrm4YJ7
TFrW0QusyT1Q2tTqsBdo+whBp6UziQ4A22jlpG7bEFe4uA4kRvz8haw1vyS0nNFJ
eMNA0KQU29svEIl/58xIyQmxSxL0RC51cnG5pCUdosik7ZOLNkNSQupUMu0D1/Lj
t+QIZOucLfHH1HsLrdDR6uYbDHArxFcFjOwp3gQJQSXBuFwesQb6ZSzl3jyN9zFs
D3NdAxjv0JttJxBPDd5tuM/Goa18quL7cXSJFJGXag3G0f7ZTalbXtKXsIEq279O
hXSMVG186U5OFu8PCXHMTRIzudightohLRMq8d0/u7GIcsESbdgB+9aOHAaN6IKp
4DJXAksCq46erhiQXGghjJeGzb9N70IWR45ZFdciRXenztv4A8CWyGrfMe9aA252
VncGkZ6l5kLVwiEKeMn+TXWfOAEg1SYoqzE2XjuR8CoRbzhPQB5qFUadFX0l0ZZj
5bW18smpnq3XyZZfISH8AXxfgw1+hQ3VWhtCe5OjBEtvShx2+GW3MSfET15uNE1W
PGp5DPF633ivWt4A1ETrJdlNTruqmXvoxYXigQccuDQ3f/fy/rjkD65x4ChJKsQx
DrfV0qz0ewNlGm74SwABAoIBAQD0NaOvx/4WMusKPXMSSrpTmVS2wVQ9Jfll6cA0
JLoGNMauPHzrlW21jaBqxWLheVF9GW71OeJlmv06IfpmBeKAxsx+GIgYFjDntiYE
TV4PJDETPvL41SvKOCCQlxyupckFmJ2/2XwFvDEjuPOyBrgEkOweQrqHHgYr7qhs
a3E8nIbUhOYQuBsi4zWjqgLb7y/WyXdnoKmsIFZylw69LcAP/ioVBB+KXwivlNzX
hhftBF6Etl/1dlSw2kfQ0H2iXvDye12HAI6VXet7urhHTsxnIinkzlzwIIqBE8Wn
gUrIqpak+59SFFJon0tFEyrea+gLBei+8FN+seQrw+G6f2VxAoIBAQDE0wScjUEw
c3m+R/Ur8I9dYemDGV89y0Nb5jgvL0psmF6g8h1Male0Rbir7IRtMOLR8VWQ2Co5
5liANXO+2+trahYCnF5wKzCwl3Mj5TX2T90q5JOWIVeu2/e14VIwP0HMuw+6Bu22
omWPr7wrnpyEHJ9gNG0mdM/RG+voUsVxwNI8TTwE4VvS0Xc7+7uMlHDruzvTd98c
ILGL95IQZiylTvtteX/OZrNcHyH6bnRiqHek3HwP2mUfH5zOh8l3vePIuDOlZ8NN
inZ27Uk2bqeo/OpBMg01Z4tO6G0akdZJ5+hYAKxYYGrZfAm6QM2iLWul9bG5ptnL
4anQHGSBFssBAoIBAQDJhmI3svBI3Wf8oU0OcUBlsIip78xWUboHkegcn5oreO3j
5uKnfj50rhUNRyocKwNGGvDnyQa9FjOV/2glPQH3hxZFkHTue5GMBVJGBppyIEmn
OjFDipaCX+LvruPqc8D5r0GuigjAqtZaRkxEQyskCXvwVNycl/g71MyD+/4MKJdT
VQCOF3+9QIaJMsj9Odrego7Yo0qhUmZEVcfB8bkm+XU8tpRYmagPTOcZq/yeiRZ+
qglyBF5LOzY8aXDjxzlKwOcjeyAuvryO9D0SC0K+cQDlYi5rsk7Zybk4S4etJKkA
KO0GzOJcl+eDbxfXSHDKd+vjdWtRh/dk7laeknbhAoIBAQCgLPJ1zOaeXXtYBQtb
BNxHLKVyUTWW/lIE+egDTkMM+TsZU6/QPkK9rHfLQiHLEpukKvhtdd13XSPswpM9
YY/GzIC5AzQ/qIZpT/cd4Sz3FKtyeq444U2QOebvFz1hkjkkOZ9kzrqphKOOOX+z
J9NMGFcDXebuAuYU0No9KQ8Rsc/lzxznA9dMS7bzE7vfffYfgTIAuG7TXy/eLk2q
FtyCczJeNyBxgla4w4VNXpJMr7kea2hzJlJg78MWuJ6WWeyDrpQpKbZg5iveQODx
8T90YM7q26awLWHLh48yrjhr0NTeuT2Idn6+Gxl3f8FZGAmg97/4y/Y226Dsgg6w
lzIBAoIBAG57UIZo/MvUtGzUPZxtA2fJfxD8a8Ov3nQU3zjJLwJXzr+8zvyZNRxo
xx+9diLuiXChGOuiSCT9umr/JIdsVa0om4L+P0p7WML+T+bPaTqfZ2gcVuB+ZtX7
JGX3tZ+LzdakQ6LSa4ZFQe2cSc71aavbrY154DjXRb8snAA9ds0D6MtSG+N9aB6Z
ZDVDsS/yI5gEKWqm7PtD4uUhMk5bRaKnGKKVUGCNjOC7CDLFUIMNp4QH1aoYLq2n
B7/FtyPoOL6LCO+BROEccRevXAbr92tw8hC3jhbFKwBM8I1AVuh1u/jXX5d8+DeM
PCFM4yKfsFon3Mml04xyxJStj/fasMc=
-----END PRIVATE KEY-----

6
deployments/k8s/certs/tls.txt Normal file
View File

@ -0,0 +1,6 @@
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=booking-microservices.com" -days 365
kubectl create secret tls booking-tls --key tls.key --cert tls.crt
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=myidentityserver.com" -days 365
kubectl create secret tls identity-tls --key tls.key --cert tls.crt

3
deployments/kubernetes/configmap.yml → deployments/k8s/configmap.yml
View File

@ -6,4 +6,5 @@ data:
appsettings.json: |-
{
.Files.Get "settings/appsettings.docker.json"
}
}
#ref: https://www.mrjamiebowman.com/software-development/dotnet/kubernetes-configmaps-with-net-core/

70
deployments/k8s/flight.yml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flight-deployment
labels:
app: flight
spec:
replicas: 1
selector:
matchLabels:
app: flight
template:
metadata:
labels:
app: flight
spec:
containers:
- image: meysamh66/booking-microservices-flight:v1.5.9
name: flight
ports:
- containerPort: 80
env:
- name: "ASPNETCORE_ENVIRONMENT"
value: "docker"
- name: ASPNETCORE_URLS
value: "http://+"
- name: "RabbitMqOptions__HostName"
value: "rabbitmq"
- name: "RabbitMqOptions__ExchangeName"
value: "flight"
- name: "RabbitMqOptions__UserName"
value: "guest"
- name: "RabbitMqOptions__Password"
value: "guest"
- name: "RabbitMqOptions__Port"
value: "5672"
- name: "MongoOptions__ConnectionString"
value: "mongodb://mongo:27017"
- name: "MongoOptions__DatabaseName"
value: "flight-db"
- name: "Jwt__Authority"
value: "http://127.0.0.1:13872"
- name: "Jwt__Audience"
value: "flight-api"
- name: "Jwt__RequireHttpsMetadata"
value: "false"
# - name: "HealthOptions__Enabled"
# value: "true"
volumeMounts:
- name: appsettings-volume
mountPath: /app/Settings
volumes:
- name: appsettings-volume
configMap:
name: appsettings
---
apiVersion: v1
kind: Service
metadata:
name: flight-service
spec:
selector:
app: flight
ports:
- name: http
protocol: TCP
port: 80
# targetPort: 80
nodePort: 30444
type: NodePort

6
deployments/kubernetes/identity.yml → deployments/k8s/identity.yml
View File

@ -15,7 +15,7 @@ spec:
app: identity
spec:
containers:
- image: meysamh66/booking-microservices-identity:v1.5.8
- image: meysamh66/booking-microservices-identity:v1.5.9
name: identity
ports:
- containerPort: 80
@ -41,6 +41,8 @@ spec:
app: identity
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
nodePort: 30443
type: NodePort

26
deployments/kubernetes/infrastructure.yml → deployments/k8s/infrastructure.yml
View File

@ -24,8 +24,8 @@ apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
kompose.version: 1.28.0 (c4137012e)
kompose.cmd: kompose convert -f infrastracture.yaml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.service: elasticsearch
@ -40,8 +40,8 @@ spec:
template:
metadata:
annotations:
kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
kompose.version: 1.28.0 (c4137012e)
kompose.cmd: kompose convert -f infrastracture.yaml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.network/booking: "true"
@ -76,8 +76,8 @@ apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
kompose.version: 1.28.0 (c4137012e)
kompose.cmd: kompose convert -f infrastracture.yaml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.service: elasticsearch
@ -114,8 +114,8 @@ apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
kompose.version: 1.28.0 (c4137012e)
kompose.cmd: kompose convert -f infrastracture.yaml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.service: kibana
@ -129,8 +129,8 @@ spec:
template:
metadata:
annotations:
kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
kompose.version: 1.28.0 (c4137012e)
kompose.cmd: kompose convert -f infrastracture.yaml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.network/booking: "true"
@ -139,7 +139,7 @@ spec:
containers:
- env:
- name: ELASTICSEARCH_URL
value: http://localhost:9200
value: elasticsearch:9200
image: kibana:7.17.9
name: kibana
ports:
@ -152,8 +152,8 @@ apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
kompose.version: 1.28.0 (c4137012e)
kompose.cmd: kompose convert -f infrastracture.yaml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.service: kibana

57
deployments/k8s/ingress.yml Normal file
View File

@ -0,0 +1,57 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: booking-microservies
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
nginx.ingress.kubernetes.io/proxy-buffers: "4 256k"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
nginx.ingress.kubernetes.io/client-header-buffer-size: "64k"
nginx.ingress.kubernetes.io/http2-max-field-size: "16k"
nginx.ingress.kubernetes.io/http2-max-header-size: "128k"
nginx.ingress.kubernetes.io/large-client-header-buffers: "8 64k"
spec:
ingressClassName: nginx
# tls:
# - hosts:
# - myidentityserver.com
# secretName: identity-tls
# - hosts:
# - booking-microservices.com
# secretName: booking-tls
rules:
# - host: myidentityserver.com
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: identity-service
# port:
# number: 80
- host: booking-microservices.com
http:
paths:
- path: /flight
pathType: Prefix
backend:
service:
name: flight-service
port:
number: 80
- path: /passenger
pathType: Prefix
backend:
service:
name: passenger-service
port:
number: 80
- path: /booking
pathType: Prefix
backend:
service:
name: booking-service
port:
number: 80

9
deployments/k8s/ip-address-pool.yml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.49.220-192.168.49.230
# renge ip address base on cluster ip

8
deployments/k8s/issuer.yml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: booking-microservices-issuer
namespace: default
spec:
ca:
secretName: booking-microservices-secret

8
deployments/k8s/l2-advertisement.yml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system
spec:
ipAddressPools:
- first-pool

5
deployments/kubernetes/passenger.yml → deployments/k8s/passenger.yml
View File

@ -15,7 +15,7 @@ spec:
app: passenger
spec:
containers:
- image: meysamh66/booking-microservices-passenger:v1.5.2
- image: meysamh66/booking-microservices-passenger:v1.5.7
name: passenger
ports:
- containerPort: 80
@ -41,6 +41,7 @@ spec:
app: passenger
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
type: ClusterIP

872
deployments/k8s/traefik-values.yml Normal file
View File

@ -0,0 +1,872 @@
# Default values for Traefik
image:
repository: traefik
# defaults to appVersion
tag: ""
pullPolicy: IfNotPresent
#
# Configure integration with Traefik Hub
#
hub:
## Enabling Hub will:
# * enable Traefik Hub integration on Traefik
# * add `traefikhub-tunl` endpoint
# * enable Prometheus metrics with addRoutersLabels
# * enable allowExternalNameServices on KubernetesIngress provider
# * enable allowCrossNamespace on KubernetesCRD provider
# * add an internal (ClusterIP) Service, dedicated for Traefik Hub
enabled: false
## Default port can be changed
# tunnelPort: 9901
## TLS is optional. Insecure is mutually exclusive with any other options
# tls:
# insecure: false
# ca: "/path/to/ca.pem"
# cert: "/path/to/cert.pem"
# key: "/path/to/key.pem"
#
# Configure the deployment
#
deployment:
enabled: true
# Can be either Deployment or DaemonSet
kind: Deployment
# Number of pods of the deployment (only applies when kind == Deployment)
replicas: 1
# Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
# revisionHistoryLimit: 1
# Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
terminationGracePeriodSeconds: 60
# The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
minReadySeconds: 0
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# Additional deployment labels (e.g. for filtering deployment by custom labels)
labels: {}
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
podAnnotations: {}
# Additional Pod labels (e.g. for filtering Pod by custom labels)
podLabels: {}
# Additional containers (e.g. for metric offloading sidecars)
additionalContainers: []
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
# - name: socat-proxy
# image: alpine/socat:1.0.5
# args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
# volumeMounts:
# - name: dsdsocket
# mountPath: /socket
# Additional volumes available for use with initContainers and additionalContainers
additionalVolumes: []
# - name: dsdsocket
# hostPath:
# path: /var/run/statsd-exporter
# Additional initContainers (e.g. for setting file permission as shown below)
initContainers: []
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/traefik/traefik/issues/6825
# - name: volume-permissions
# image: busybox:1.35
# command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
# volumeMounts:
# - name: data
# mountPath: /data
# Use process namespace sharing
shareProcessNamespace: false
# Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet
# Additional imagePullSecrets
imagePullSecrets: []
# - name: myRegistryKeySecretName
# Pod lifecycle actions
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "sleep 40"]
# postStart:
# httpGet:
# path: /ping
# port: 9000
# host: localhost
# scheme: HTTP
# Pod disruption budget
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# maxUnavailable: 33%
# minAvailable: 0
# minAvailable: 25%
# Create a default IngressClass for Traefik
ingressClass:
enabled: true
isDefaultClass: true
# Enable experimental features
experimental:
v3:
enabled: false
plugins:
enabled: false
kubernetesGateway:
enabled: false
gateway:
enabled: true
# certificate:
# group: "core"
# kind: "Secret"
# name: "mysecret"
# By default, Gateway would be created to the Namespace you are deploying Traefik to.
# You may create that Gateway in another namespace, setting its name below:
# namespace: default
# Additional gateway annotations (e.g. for cert-manager.io/issuer)
# annotations:
# cert-manager.io/issuer: letsencrypt
# Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
# The router match rule used for the dashboard ingressRoute
matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
# Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
# By default, it's using traefik entrypoint, which is not exposed.
# /!\ Do not expose your dashboard without any protection over the internet /!\
entryPoints: ["traefik"]
# Additional ingressRoute middlewares (e.g. for authentication)
middlewares: []
# TLS options (e.g. secret containing certificate)
tls: {}
# Customize updateStrategy of traefik pods
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
# Customize liveness and readiness probe values.
readinessProbe:
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
#
# Configure providers
#
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: false
allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
#
# Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
# - "--ping"
# - "--ping.entrypoint=web"
volumes: []
# - name: public-cert
# mountPath: "/certs"
# type: secret
# - name: '{{ printf "%s-configs" .Release.Name }}'
# mountPath: "/config"
# type: configMap
# Additional volumeMounts to add to the Traefik container
additionalVolumeMounts: []
# For instance when using a logshipper for access logs
# - name: traefik-logs
# mountPath: /var/log/traefik
## Logs
## https://docs.traefik.io/observability/logs/
logs:
## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR.
# Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
## By default, logs are written using the Common Log Format (CLF) on stdout.
## To write logs in JSON, use json in the format option.
## If the given format is unsupported, the default (CLF) is used instead.
# format: json
# filePath: "/var/log/traefik/access.log
## To write the logs in an asynchronous fashion, specify a bufferingSize option.
## This option represents the number of log lines Traefik will keep in memory before writing
## them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
## Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
## Fields
## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
## Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
## Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
metrics:
## Prometheus is enabled by default.
## It can be disabled by setting "prometheus: null"
prometheus:
## Entry point used to expose metrics.
entryPoint: metrics
## Enable metrics on entry points. Default=true
# addEntryPointsLabels: false
## Enable metrics on routers. Default=false
# addRoutersLabels: true
## Enable metrics on services. Default=true
# addServicesLabels: false
## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0"
# buckets: "0.5,1.0,2.5"
## When manualRouting is true, it disables the default internal router in
## order to allow creating a custom router for prometheus@internal service.
# manualRouting: true
# datadog:
# ## Address instructs exporter to send metrics to datadog-agent at this address.
# address: "127.0.0.1:8125"
# ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
# # pushInterval: 30s
# ## The prefix to use for metrics collection. Default="traefik"
# # prefix: traefik
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# influxdb:
# ## Address instructs exporter to send metrics to influxdb at this address.
# address: localhost:8089
# ## InfluxDB's address protocol (udp or http). Default="udp"
# protocol: udp
# ## InfluxDB database used when protocol is http. Default=""
# # database: ""
# ## InfluxDB retention policy used when protocol is http. Default=""
# # retentionPolicy: ""
# ## InfluxDB username (only with http). Default=""
# # username: ""
# ## InfluxDB password (only with http). Default=""
# # password: ""
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## Additional labels (influxdb tags) on all metrics.
# # additionalLabels:
# # env: production
# # foo: bar
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# influxdb2:
# ## Address instructs exporter to send metrics to influxdb v2 at this address.
# address: localhost:8086
# ## Token with which to connect to InfluxDB v2.
# token: xxx
# ## Organisation where metrics will be stored.
# org: ""
# ## Bucket where metrics will be stored.
# bucket: ""
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## Additional labels (influxdb tags) on all metrics.
# # additionalLabels:
# # env: production
# # foo: bar
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# statsd:
# ## Address instructs exporter to send metrics to statsd at this address.
# address: localhost:8125
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## The prefix to use for metrics collection. Default="traefik"
# # prefix: traefik
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# openTelemetry:
# ## Address of the OpenTelemetry Collector to send metrics to.
# address: "localhost:4318"
# ## Enable metrics on entry points.
# addEntryPointsLabels: true
# ## Enable metrics on routers.
# addRoutersLabels: true
# ## Enable metrics on services.
# addServicesLabels: true
# ## Explicit boundaries for Histogram data points.
# explicitBoundaries:
# - "0.1"
# - "0.3"
# - "1.2"
# - "5.0"
# ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
# headers:
# foo: bar
# test: test
# ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
# insecure: true
# ## Interval at which metrics are sent to the OpenTelemetry Collector.
# pushInterval: 10s
# ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
# path: /foo/v1/traces
# ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
# tls:
# ## The path to the certificate authority, it defaults to the system bundle.
# ca: path/to/ca.crt
# ## The path to the public certificate. When using this option, setting the key option is required.
# cert: path/to/foo.cert
# ## The path to the private key. When using this option, setting the cert option is required.
# key: path/to/key.key
# ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
# insecureSkipVerify: true
# ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
# grpc: true
##
## enable optional CRDs for Prometheus Operator
##
## Create a dedicated metrics service for use with ServiceMonitor
## When hub.enabled is set to true, it's not needed: it will use hub service.
# service:
# enabled: false
# labels: {}
# annotations: {}
## When set to true, it won't check if Prometheus Operator CRDs are deployed
# disableAPICheck: false
# serviceMonitor:
# metricRelabelings: []
# - sourceLabels: [__name__]
# separator: ;
# regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
# replacement: $1
# action: drop
# relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
# jobLabel: traefik
# interval: 30s
# honorLabels: true
# # (Optional)
# # scrapeTimeout: 5s
# # honorTimestamps: true
# # enableHttp2: true
# # followRedirects: true
# # additionalLabels:
# # foo: bar
# # namespace: "another-namespace"
# # namespaceSelector: {}
# prometheusRule:
# additionalLabels: {}
# namespace: "another-namespace"
# rules:
# - alert: TraefikDown
# expr: up{job="traefik"} == 0
# for: 5m
# labels:
# context: traefik
# severity: warning
# annotations:
# summary: "Traefik Down"
# description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
tracing: {}
# instana:
# localAgentHost: 127.0.0.1
# localAgentPort: 42699
# logLevel: info
# enableAutoProfile: true
# datadog:
# localAgentHostPort: 127.0.0.1:8126
# debug: false
# globalTag: ""
# prioritySampling: false
# jaeger:
# samplingServerURL: http://localhost:5778/sampling
# samplingType: const
# samplingParam: 1.0
# localAgentHostPort: 127.0.0.1:6831
# gen128Bit: false
# propagation: jaeger
# traceContextHeaderName: uber-trace-id
# disableAttemptReconnecting: true
# collector:
# endpoint: ""
# user: ""
# password: ""
# zipkin:
# httpEndpoint: http://localhost:9411/api/v2/spans
# sameSpan: false
# id128Bit: true
# sampleRate: 1.0
# haystack:
# localAgentHost: 127.0.0.1
# localAgentPort: 35000
# globalTag: ""
# traceIDHeaderName: ""
# parentIDHeaderName: ""
# spanIDHeaderName: ""
# baggagePrefixHeaderName: ""
# elastic:
# serverURL: http://localhost:8200
# secretToken: ""
# serviceEnvironment: ""
globalArguments:
- "--global.checknewversion"
- "--global.sendanonymoususage"
#
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments: []
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# Environment variables to be passed to Traefik's binary
env: []
# - name: SOME_VAR
# value: some-var-value
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# Configure ports
ports:
# The name of this one can't be changed as it is used for the readiness and
# liveness probes, but you can adjust its config to your liking
traefik:
port: 9000
# Use hostPort if set.
# hostPort: 9000
#
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Override the liveness/readiness port. This is useful to integrate traefik
# with an external Load Balancer that performs healthchecks.
# Default: ports.traefik.port
# healthchecksPort: 9000
# Override the liveness/readiness scheme. Useful for getting ping to
# respond on websecure entryPoint.
# healthchecksScheme: HTTPS
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You SHOULD NOT expose the traefik port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl port-forward` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8000
# hostPort: 8000
expose: true
exposedPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
# Use nodeport if set. This is useful if you have configured Traefik in a
# LoadBalancer.
# nodePort: 32080
# Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection
# redirectTo: websecure
#
# Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
# Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
websecure:
## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8443
# hostPort: 8443
expose: true
exposedPort: 443
## The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
#
## Enable HTTP/3 on the entrypoint
## Enabling it will also enable http3 experimental feature
## https://doc.traefik.io/traefik/routing/entrypoints/#http3
## There are known limitations when trying to listen on same ports for
## TCP & UDP (Http3). There is a workaround in this chart using dual Service.
## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741
http3:
enabled: false
# advertisedPort: 4443
#
## Trust forwarded headers information (X-Forwarded-*).
#forwardedHeaders:
# trustedIPs: []
# insecure: false
#
## Enable the Proxy Protocol header parsing for the entry point
#proxyProtocol:
# trustedIPs: []
# insecure: false
#
## Set TLS at the entrypoint
## https://doc.traefik.io/traefik/routing/entrypoints/#tls
tls:
enabled: true
# this is the name of a TLSOption definition
options: ""
certResolver: ""
domains: []
# - main: example.com
# sans:
# - foo.example.com
# - bar.example.com
#
# One can apply Middlewares on an entrypoint
# https://doc.traefik.io/traefik/middlewares/overview/
# https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
# /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
# It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
# middlewares:
# - namespace-name1@kubernetescrd
# - namespace-name2@kubernetescrd
middlewares: []
metrics:
# When using hostNetwork, use another port to avoid conflict with node exporter:
# https://github.com/prometheus/prometheus/wiki/Default-port-allocations
port: 9100
# hostPort: 9100
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You may not want to expose the metrics port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl port-forward` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9100
# The port protocol (TCP/UDP)
protocol: TCP
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
# tlsOptions:
# default:
# sniStrict: true
# preferServerCipherSuites: true
# foobar:
# curvePreferences:
# - CurveP521
# - CurveP384
tlsOptions: {}
# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
# https://doc.traefik.io/traefik/https/tls/#default-certificate
# Example:
# tlsStore:
# default:
# defaultCertificate:
# secretName: tls-cert
tlsStore: {}
# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
enabled: true
## Single service is using `MixedProtocolLBService` feature gate.
## When set to false, it will create two Service, one for TCP and one for UDP.
single: true
type: LoadBalancer
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
annotations: {}
# Additional annotations for TCP service only
annotationsTCP: {}
# Additional annotations for UDP service only
annotationsUDP: {}
# Additional service labels (e.g. for filtering Service by custom labels)
labels: {}
# Additional entries here will be added to the service spec.
# Cannot contain type, selector or ports entries.
spec: {}
# externalTrafficPolicy: Cluster
# loadBalancerIP: "1.2.3.4"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges: []
# - 192.168.0.1/32
# - 172.16.0.0/16
externalIPs: []
# - 1.2.3.4
## One of SingleStack, PreferDualStack, or RequireDualStack.
# ipFamilyPolicy: SingleStack
## List of IP families (e.g. IPv4 and/or IPv6).
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
# ipFamilies:
# - IPv4
# - IPv6
##
## An additionnal and optional internal Service.
## Same parameters as external Service
# internal:
# type: ClusterIP
# # labels: {}
# # annotations: {}
# # spec: {}
# # loadBalancerSourceRanges: []
# # externalIPs: []
# # ipFamilies: [ "IPv4","IPv6" ]
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 60
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 60
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 60
# Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# It can be used to store TLS certificates, see `storage` in certResolvers
persistence:
enabled: true
name: data
# existingClaim: ""
accessMode: ReadWriteOnce
size: 128Mi
# storageClass: ""
# volumeName: ""
path: /data
annotations: {}
# subPath: "" # only mount a subpath of the Volume into the pod
certResolvers: {}
# letsencrypt:
# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
# email: email@example.com
# dnsChallenge:
# # also add the provider's required configuration under env
# # or expand then from secrets/configmaps with envfrom
# # cf. https://doc.traefik.io/traefik/https/acme/#providers
# provider: digitalocean
# # add futher options for the dns challenge as needed
# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
# delayBeforeCheck: 30
# resolvers:
# - 1.1.1.1
# - 8.8.8.8
# tlsChallenge: true
# httpChallenge:
# entryPoint: "web"
# # It has to match the path with a persistent volume
# storage: /data/acme.json
# If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default.
hostNetwork: false
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
# If set to true, installs Role and RoleBinding. Providers will only watch target namespace.
namespaced: false
# Enable user-facing roles
# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
# aggregateTo: [ "admin" ]
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
podSecurityPolicy:
enabled: false
# The service account the pods will use to interact with the Kubernetes API
serviceAccount:
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name: ""
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
# This example pod anti-affinity forces the scheduler to put traefik pods
# on nodes where no other traefik pods are scheduled.
# It should be used when hostNetwork: true to prevent port conflicts
affinity: {}
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchLabels:
# app.kubernetes.io/name: '{{ template "traefik.name" . }}'
# app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
# topologyKey: kubernetes.io/hostname
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
# # This example topologySpreadConstraints forces the scheduler to put traefik pods
# # on nodes where no other traefik pods are scheduled.
# - labelSelector:
# matchLabels:
# app: '{{ template "traefik.name" . }}'
# maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# Pods can have priority.
# Priority indicates the importance of a Pod relative to other Pods.
priorityClassName: ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
#
# Extra objects to deploy (value evaluated as a template)
#
# In some cases, it can avoid the need for additional, extended or adhoc deployments.
# See #595 for more details and traefik/tests/values/extra.yaml for example.
extraObjects: []
# This will override the default Release Namespace for Helm.
# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
# namespaceOverride: traefik
#
## This will override the default app.kubernetes.io/instance label for all Objects.
# instanceLabelOverride: traefik

46
deployments/kubernetes/flight.yml
View File

@ -1,46 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flight-deployment
labels:
app: flight
spec:
replicas: 1
selector:
matchLabels:
app: flight
template:
metadata:
labels:
app: flight
spec:
containers:
- image: meysamh66/booking-microservices-flight:v1.5.8
name: flight
ports:
- containerPort: 80
env:
- name: "ASPNETCORE_ENVIRONMENT"
value: "docker"
- name: ASPNETCORE_URLS
value: "http://+"
volumeMounts:
- name: appsettings-volume
mountPath: /app/Settings
volumes:
- name: appsettings-volume
configMap:
name: appsettings
---
apiVersion: v1
kind: Service
metadata:
name: flight-service
spec:
selector:
app: flight
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP

56
deployments/kubernetes/ingress.yml
View File

@ -1,56 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: booking-microservices
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-buffers: "4 256k"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
nginx.ingress.kubernetes.io/client-header-buffer-size: "64k"
nginx.ingress.kubernetes.io/http2-max-field-size: "16k"
nginx.ingress.kubernetes.io/http2-max-header-size: "128k"
nginx.ingress.kubernetes.io/large-client-header-buffers: "8 64k"
spec:
ingressClassName: nginx
tls:
- hosts:
- myidentityserver.com
- booking-microservices.com
secretName: nginx-tls-secret
rules:
- host: booking-microservices.com
http:
paths:
- path: /flight
pathType: Exact
backend:
service:
name: flight-service
port:
name: http
- path: /passenger
pathType: Exact
backend:
service:
name: passenger-service
port:
name: http
- path: /booking
pathType: Exact
backend:
service:
name: booking-service
port:
name: http
- host: myidentityserver.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: identity-service
port:
name: http

9
src/BuildingBlocks/MassTransit/Extensions.cs
View File

@ -13,12 +13,6 @@ using Exception;
public static class Extensions
{
private static bool? _isRunningInContainer;
private static bool IsRunningInContainer => _isRunningInContainer ??=
bool.TryParse(Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER"), out var inContainer) &&
inContainer;
public static IServiceCollection AddCustomMassTransit(this IServiceCollection services,
IWebHostEnvironment env, Assembly assembly)
{
@ -48,9 +42,8 @@ public static class Extensions
{
var rabbitMqOptions = services.GetOptions<RabbitMqOptions>(nameof(RabbitMqOptions));
var host = IsRunningInContainer ? "rabbitmq" : rabbitMqOptions.HostName;
configurator.Host(host, rabbitMqOptions?.Port ?? 5672, "/", h =>
configurator.Host(rabbitMqOptions?.HostName, rabbitMqOptions?.Port ?? 5672, "/", h =>
{
h.Username(rabbitMqOptions?.UserName);
h.Password(rabbitMqOptions?.Password);

2
src/Services/Flight/src/Flight.Api/appsettings.docker.json
View File

@ -27,7 +27,7 @@
"Audience": "flight-api",
"RequireHttpsMetadata": false
},
"RabbitMq": {
"RabbitMqOptions": {
"HostName": "rabbitmq",
"ExchangeName": "flight",
"UserName": "guest",

2
src/Services/Flight/src/Flight.Api/appsettings.json
View File

@ -31,7 +31,7 @@
"Jwt": {
"Authority": "https://localhost:5005",
"Audience": "flight-api",
"RequireHttpsMetadata": true
"RequireHttpsMetadata": false
},
"RabbitMqOptions": {
"HostName": "localhost",

5
src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs
View File

@ -1,8 +1,5 @@
using System;
using System.Collections.Generic;
using System.Reflection;
using System.Threading.RateLimiting;
using BuildingBlocks.Caching;
using BuildingBlocks.Core;
using BuildingBlocks.EFCore;
using BuildingBlocks.Exception;
@ -90,6 +87,8 @@ public static class InfrastructureExtensions
builder.Services.AddEasyCaching(options => { options.UseInMemory(configuration, "mem"); });
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
return builder;
}

1
src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs
View File

@ -1,6 +1,5 @@
using AutoBogus;
using BuildingBlocks.IdsGenerator;
using Flight.Aircrafts.Features.CreateAircraft;
using Flight.Aircrafts.Features.CreateAircraft.Commands.V1;
namespace Integration.Test.Fakes;

1
src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs
View File

@ -1,6 +1,5 @@
using AutoBogus;
using BuildingBlocks.IdsGenerator;
using Flight.Airports.Features.CreateAirport;
using Flight.Airports.Features.CreateAirport.Commands.V1;
namespace Integration.Test.Fakes;

14
src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs
View File

@ -1,14 +0,0 @@
using Flight.Flights.Features.CreateFlight.Commands.V1;
namespace Integration.Test.Fakes;
public static class FakeFlightCreated
{
public static global::Flight.Flights.Models.Flight Generate(CreateFlightCommand command)
{
return global::Flight.Flights.Models.Flight.Create(command.Id, command.FlightNumber,
command.AircraftId, command.DepartureAirportId, command.DepartureDate,
command.ArriveDate, command.ArriveAirportId, command.DurationMinutes,
command.FlightDate, command.Status, command.Price);
}
}

14
src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs
View File

@ -1,14 +0,0 @@
using Flight.Seats.Features.CreateSeat;
using Flight.Seats.Features.CreateSeat.Commands.V1;
using Flight.Seats.Models;
namespace Integration.Test.Fakes;
public static class FakeSeatCreated
{
public static global::Flight.Seats.Models.Seat Generate(CreateSeatCommand command)
{
return global::Flight.Seats.Models.Seat.Create(command.Id, command.SeatNumber, command.Type, command.Class, command.FlightId);
}
}

1
src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json Normal file
View File

@ -0,0 +1 @@
{"Version":1,"Id":"DCE5098F8B9D1301447CC90AB1307BB1","Created":"2023-02-21T14:52:03.5423989Z","Algorithm":"RS256","IsX509Certificate":false,"Data":"CfDJ8Pno3caweVxDrMdMtoqjLU-zkq97hfMbqd_a71uRzwCkfuVDrGVJuTHsecFn6xm9QskMBE5i1dNJ4l-EBrrflUZ0_ZiqESp5NGi4Uw7SaU-kijgI8566Ll_A6uy2dYsA6plpZ_1L2KFJuaCwGdMs68NXgZj8-8shIngrOBjTkvNeH0j1BUmvj7iHu1dheRQHBamrlh4L-pdPNAx9lR-yeOWoyJCUSNCviC9P-hLsd9nJzfn77gU4Kc4i8pfDyPf-pN3_IFSMU1T-PiVUwBobxXxEDj8oS5hSUDRVi49n4u5oluz68chky3NhxWjYNyfmjOS8CD0-GsL7VPxApDP8z33pOW8hSwSF-PWsQczitlvFqSf45kGpYBCs8JmwU1yqAgeKKho6tICk1CK4Zad1-0WMok6HMUHixqaB9MfEBWUqdeLjQcwLZo-iJ5LGLzAhL5o7JgtufV_c1RgYPXH1umXdIKD2IK_vWtDUv3Y7GHOiSyYBIJCaBxhVrk9ruztu-BWno4E_U-Jej_t18P7QBwAT9FQsO2lryGOEtG6f-zf_JwwHeJE9CtFxofXzkIKtc5fqliCYTp8JAfgzZ_8MKxLfs-ZD_iZPiLX8clAbFokJ86fqsL2s3EmTGTVxcc2nP7xmYm_5D9R_7QqBZPM5az0vIayvAbkjGFII6P6WyfB1j2nl1BwamMb8EdCuM7FOvD_bnstXETFpYC8oYhJYQNruRhWjY_tv7F1cVPCWD-pX5IARvRgsJEbE_WdgvicWcwLpz0MWu89GrI4qP7WSoLGorlFmss_Ubf5feu7KYbpPrdGVLJbaaipYFTQgxaZ0GB9CjjMe8LPmU_9P-5wbkZ69LDyzIVIEpCuTF1fZr7SWr-C8NIVEvIyCTQoJmaFbvfdejVTxm2eOyolJLTGedHOkuaDg90hBFDtyQ78DVgzihZX3uZ0BwkCkkkiBB1boY3B0IWKDR3OWsG2lDqIn61FcLaAHgAqQF7JdMSmjEIGOVKUAEcnDf7NyVbWjZtPhpMLhmwu3OmPPrIqu-8_2e2RjlRuvXClhNpLyo-H4HipVztSUkP7ujukuZsRwJFj4p-VV2O7lyB7ogocAHF-AEMvw7ywmMPysYY_-_EU3U2vtRYIisKOV_VrsaMujNhMbrZUCq-ZIIsA-8GdLA2dqargOfd4f7jodpAtrBm6a5O8vWyAehdKfGj9i29tgfAQd2VnRqtN0eArruLGuIopP9FcEK_lNmHPjrpDaHZzA7AnfYBJsnOVKRehZSAmZGQUdlXV0rDzmLxgMZSN4P68eTLFCil8RwJFHzdExHk7VWd6xMo1m-EG_BioFcpazqEJYPjwCt9Rx_9_NMuvu1IiTiP_U2GO65dvZh2-iDPMGyTfeFJBuiIHW9fGg2BH5dw6Q9swMNXBmO174dGhQSA9BWTXnDFW3PsKEhFj5avEbV2Tkp4QQAiTkLaRbDSVfFH7NiKImy4Py4l1W52ftVBt5yPUDJi2GHHk-zxhgqBmY2k-duV9eeiNvXklDHySo0dOZShzUTqYmg0tUgdrthytN8TMp6BSAZtO0YFZgELPkeFKoE9Rz_BwazdwK1OphzQ8dvECEVO5nJRil8_6iwvu04aQ_s_fFMmwa2xrft3DY1uGXswukhOcw_he_nnwAfY7ExA__BbLiEc0NNgG8ZDd6hKdiR_RZeY-4FHMl0J59TwSgc2KNnWEqsUHLXN4Y6VC1TA4eVf9zcku4CPNQCMZPFAE7hgYdttLzrRyEPnsfGTWBYt_wVN7EszCbidkGLIvHr3ZNd0Oz49W7KNRZzVydOMila9AytE1tRegU3e3HSoFFqF9Gqr1mKAQ_B4N5UBxYB39ta5cPwVXGHTsvrak3XggzuHOIqsGyLxEYZka2-ykx0gKMCIWqf_w63Mu_IYkSOQT4HQ3yheBchqeUZPqAAZASp00SvWIt_Cirj1O1XKxQyNVWiv-Im_i6xy4V5dl1RQSwmxQYe_7oiPS6dqewVR1WJZsmnptq521SsJLZQffHK-CDtxT69fE218ZIaNOzkDERp6c422B8wqZK5rf1zn6lO1I4MwTjkETMY_jFtFZw3_Yo9zYMLmC2kIzkupXjhrzT1vCWIaU6UYegi72Ikbx9fvmDHV6g9Kiy_KPBR8ECe89Skqz8DklPIhm3tqy5eaQ5iqcyW8Gxyq1K2DN1BMoCAqIya5d-RddpLvRv-W_cTf-DfJOxmGpKlYCcp4d6pel32a2ykGlNQSWJ9_8hk5jcypkosDWN8M8OROkBxLo9qtP0FWLnITuw1aXC-c03ypfeGJeE2HN9vwT3Rxk4i_rlGUXgIDgSk9XfyQghfKXBTpuOvrbf1VoEcsS_E6qaNJmpGpz9Ok7Ks4UDb3DtnadbABdyhZQLGg49QAywXqj4qFdgLBnDmVTHLm8eyIDDeVC0SiD061DhZ7qtzI9U7wYbWpp1oRNTuPZDlypBaZpE","DataProtected":true}

29
src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs
View File

@ -26,9 +26,6 @@ using Serilog;
namespace Identity.Extensions.Infrastructure;
using Duende.IdentityServer.Extensions;
using Microsoft.AspNetCore.HttpOverrides;
public static class InfrastructureExtensions
{
public static WebApplicationBuilder AddInfrastructure(this WebApplicationBuilder builder)
@ -81,11 +78,13 @@ public static class InfrastructureExtensions
//ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2
//ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
// builder.Services.Configure<ForwardedHeadersOptions>(options =>
// {
// options.ForwardedHeaders =
// ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
// });
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
return builder;
}
@ -98,7 +97,7 @@ public static class InfrastructureExtensions
//ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2
//ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466
app.UseForwardedHeaders();
// app.UseForwardedHeaders();
app.UseProblemDetails();
app.UseSerilogRequestLogging(options =>
@ -114,12 +113,12 @@ public static class InfrastructureExtensions
app.MapMetrics();
app.MapGet("/", x => x.Response.WriteAsync(appOptions.Name));
app.Use((httpContext, next) =>
{
httpContext.Request.Scheme = "https";
return next();
});
//
// app.Use((httpContext, next) =>
// {
// httpContext.Request.Scheme = "https";
// return next();
// });
if (env.IsDevelopment())
{