From 20795825a38dae185dc6268580c38bab1e4b80da Mon Sep 17 00:00:00 2001 From: Pc Date: Tue, 21 Feb 2023 22:19:42 +0330 Subject: [PATCH] chore: Update kubernetes configs --- .../actions/docker-build-publish/action.yml | 4 +- .../docker-compose/infrastracture.yaml | 8 +- deployments/{kubernetes => k8s}/booking.yml | 19 +- deployments/k8s/certificate.yml | 12 + .../k8s/certs/booking-cert/booking-secret.yml | 9 + deployments/k8s/certs/booking-cert/tls.crt | 30 + deployments/k8s/certs/booking-cert/tls.key | 52 ++ .../certs/identity-cert/identity-secret.yml | 9 + deployments/k8s/certs/identity-cert/tls.crt | 30 + deployments/k8s/certs/identity-cert/tls.key | 52 ++ deployments/k8s/certs/tls.txt | 6 + deployments/{kubernetes => k8s}/configmap.yml | 3 +- deployments/k8s/flight.yml | 70 ++ deployments/{kubernetes => k8s}/identity.yml | 6 +- .../{kubernetes => k8s}/infrastructure.yml | 26 +- deployments/k8s/ingress.yml | 57 ++ deployments/k8s/ip-address-pool.yml | 9 + deployments/k8s/issuer.yml | 8 + deployments/k8s/l2-advertisement.yml | 8 + deployments/{kubernetes => k8s}/passenger.yml | 5 +- deployments/k8s/traefik-values.yml | 872 ++++++++++++++++++ deployments/kubernetes/flight.yml | 46 - deployments/kubernetes/ingress.yml | 56 -- src/BuildingBlocks/MassTransit/Extensions.cs | 9 +- .../src/Flight.Api/appsettings.docker.json | 2 +- .../Flight/src/Flight.Api/appsettings.json | 2 +- .../InfrastructureExtensions.cs | 5 +- .../Fakes/FakeCreateAircraftCommand.cs | 1 - .../Fakes/FakeCreateAirportCommand.cs | 1 - .../Fakes/FakeFlightCreated.cs | 14 - .../IntegrationTest/Fakes/FakeSeatCreated.cs | 14 - ...-key-DCE5098F8B9D1301447CC90AB1307BB1.json | 1 + .../InfrastructureExtensions.cs | 29 +- 33 files changed, 1288 insertions(+), 187 deletions(-) rename deployments/{kubernetes => k8s}/booking.yml (54%) create mode 100644 deployments/k8s/certificate.yml create mode 100644 deployments/k8s/certs/booking-cert/booking-secret.yml create mode 100644 deployments/k8s/certs/booking-cert/tls.crt create mode 100644 deployments/k8s/certs/booking-cert/tls.key create mode 100644 deployments/k8s/certs/identity-cert/identity-secret.yml create mode 100644 deployments/k8s/certs/identity-cert/tls.crt create mode 100644 deployments/k8s/certs/identity-cert/tls.key create mode 100644 deployments/k8s/certs/tls.txt rename deployments/{kubernetes => k8s}/configmap.yml (57%) create mode 100644 deployments/k8s/flight.yml rename deployments/{kubernetes => k8s}/identity.yml (87%) rename deployments/{kubernetes => k8s}/infrastructure.yml (92%) create mode 100644 deployments/k8s/ingress.yml create mode 100644 deployments/k8s/ip-address-pool.yml create mode 100644 deployments/k8s/issuer.yml create mode 100644 deployments/k8s/l2-advertisement.yml rename deployments/{kubernetes => k8s}/passenger.yml (95%) create mode 100644 deployments/k8s/traefik-values.yml delete mode 100644 deployments/kubernetes/flight.yml delete mode 100644 deployments/kubernetes/ingress.yml delete mode 100644 src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs delete mode 100644 src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs create mode 100644 src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json diff --git a/.github/actions/docker-build-publish/action.yml b/.github/actions/docker-build-publish/action.yml index 46115f4..6b19026 100644 --- a/.github/actions/docker-build-publish/action.yml +++ b/.github/actions/docker-build-publish/action.yml @@ -43,11 +43,11 @@ runs: if: ${{ github.ref == 'refs/heads/main' && success() }} shell: bash run: | - docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.5.9 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" . + docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.0 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" . - name: Publish Docker Image if: ${{ github.ref == 'refs/heads/main' && success() }} shell: bash run: | - docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.5.9 + docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.0 diff --git a/deployments/docker-compose/infrastracture.yaml b/deployments/docker-compose/infrastracture.yaml index 1da5b3e..6ea82b3 100644 --- a/deployments/docker-compose/infrastracture.yaml +++ b/deployments/docker-compose/infrastracture.yaml @@ -1,9 +1,9 @@ version: "3.3" services: - # ####################################################### - # # Rabbitmq - # ####################################################### + ####################################################### + # Rabbitmq + ####################################################### rabbitmq: container_name: rabbitmq image: rabbitmq:3-management @@ -16,7 +16,7 @@ services: ####################################################### - # Postgres + # Postgres ###################################################### postgres: image: postgres:latest diff --git a/deployments/kubernetes/booking.yml b/deployments/k8s/booking.yml similarity index 54% rename from deployments/kubernetes/booking.yml rename to deployments/k8s/booking.yml index c29cc93..97e375f 100644 --- a/deployments/kubernetes/booking.yml +++ b/deployments/k8s/booking.yml @@ -15,7 +15,7 @@ spec: app: booking spec: containers: - - image: meysamh66/booking-microservices-booking:v1.5.2 + - image: meysamh66/booking-microservices-booking:v1.5.7 name: booking ports: - containerPort: 80 @@ -23,7 +23,19 @@ spec: - name: "ASPNETCORE_ENVIRONMENT" value: "docker" - name: ASPNETCORE_URLS - value: "http://+" + value: "http://+" + # - name: "RabbitMqOptions__HostName" + # value: "localhost" + # - name: "RabbitMqOptions__ExchangeName" + # value: "booking" + # - name: "RabbitMqOptions__UserName" + # value: "guest" + # - name: "RabbitMqOptions__Password" + # value: "guest" + # - name: "RabbitMqOptions__Port" + # value: "5672" + - name: "EventStore__ConnectionString" + value: "esdb://eventstore:2113?tls=false" volumeMounts: - name: appsettings-volume mountPath: /app/Settings @@ -41,6 +53,7 @@ spec: app: booking ports: - name: http + protocol: TCP port: 80 targetPort: 80 - type: ClusterIP \ No newline at end of file + type: ClusterIP \ No newline at end of file diff --git a/deployments/k8s/certificate.yml b/deployments/k8s/certificate.yml new file mode 100644 index 0000000..14d58ac --- /dev/null +++ b/deployments/k8s/certificate.yml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: booking-microservices-cert + namespace: default +spec: + secretName: booking-tls-secret + issuerRef: + name: booking-microservices-issuer + kind: Issuer + dnsNames: + - booking-microservices.com \ No newline at end of file diff --git a/deployments/k8s/certs/booking-cert/booking-secret.yml b/deployments/k8s/certs/booking-cert/booking-secret.yml new file mode 100644 index 0000000..76b78e5 --- /dev/null +++ b/deployments/k8s/certs/booking-cert/booking-secret.yml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: booking-tls + namespace: default +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGS1RDQ0F4R2dBd0lCQWdJVUZhOWxoMTc2enQxK3pSb013TEpoVWI5YUVHc3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SkRFaU1DQUdBMVVFQXd3WlltOXZhMmx1WnkxdGFXTnliM05sY25acFkyVnpMbU52YlRBZUZ3MHlNekF5DQpNakV4TVRRM01UQmFGdzB5TkRBeU1qRXhNVFEzTVRCYU1DUXhJakFnQmdOVkJBTU1HV0p2YjJ0cGJtY3RiV2xqDQpjbTl6WlhKMmFXTmxjeTVqYjIwd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURVDQpqZ01vWHh0YXZzTVhVb0h2YTBXVWZSeWJKTVVnR1NQbml3ZWF3eW41RmlnVVR4Nmd2NlZ2T3pxU21HWjE4NVA0DQpVSWJXQ3VkOVdqRUNFU0pVSkI0cVpiUmlEWUlNQWQyMzM2Y2k1d0RzbkRGVXpuWHRNOWc1VUZmS3dPd2VPVmN2DQpqc1N0WWY2Szl3ZC8xaXRMb3JIeDV0eEVQblBkVGRGR0ZqOVlVT2t1MmM1VllIMk9LaUk3ampDaDAwc3RaZHo4DQp0NWkvL0t2MjdQRHQ2REc3L3VuMHlnVEcxa21NVU1QcnBSQmVIbFFNWWZ0N09xTTNHSHJEZml1SDdjNVpGNWM2DQphRGdQeWt5dzJSM2dMYkJqeUhiamE5VkZKcytkTUViUE1sa0RLeklWK2dndWdWR3d1UWRvRDUvSnZrem8zcVhUDQpjWkp3R0U3Mk9FRmlKbi9Wd1dPSDBXamxYS2pIQkFqaFNuOW42M05GamhzM1NHS3RkaW9xSEJPaVpDeEI2NjZyDQpNSEdaeTE1a0R5emdEVVNGNU9JK0svbWIza3dHRDhTNXV6ZW1PNmRXeFdRd0w3ek5ScHhNaUg0YjhEOENGQlV1DQpyQ0lDSWt1NWhTRC9MTnZ0K05PVnRDUllUalNMT01kWmFjdEg3MFAxRXdxckpHUzJzSms4RERpMmg1bzJDaG5JDQpXL2t4TU95WnIzYk9EQUJaTGlhTndIWXZFSEJISHdndWVYR0hiaVlVRGg3czlzTWZKUVpyR1pEbmQ3R0h5STdIDQplbWRzYkIwMnN2ekRQckFFOUxRZjRXQi9kcWFOUmxJMmZ0SnIzSEo1YTlnWUJvSkRLWnU2OVI0N0c2MGozbXJrDQp4SHVYR1JDYzh4QW1PcUk0VWNla3RXb0RaR1prTEUxVXdIeFlQRVJ4WndJREFRQUJvMU13VVRBZEJnTlZIUTRFDQpGZ1FVR3lxY1p6U2NSWWJtcDNOZkhGc1k1NHJaUU5Jd0h3WURWUjBqQkJnd0ZvQVVHeXFjWnpTY1JZYm1wM05mDQpIRnNZNTRyWlFOSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFiaU9xDQpYUFowcW9yZmZZOW5YUWtpY2RaQjdmTXFEZjV6WjIybFdCRTRmbER6ZDhmZk82TmVIL0Z0N1UzWXdwS3N0dXpoDQozbkhWYlIrVDM1YnVmVXBMeVBibStKL2dJRzlTSHk1TlRrMmVuKzdseHJvYmVzTlZuNjY5Uy9UQW1yd2ZwbEN5DQpWZXB0WVQ0MkpsMy9TZDY0RHdINExIQVVyUGpzZFVoeVl5V2FXbnRUZ3JxeEF5K3RVb1B4anZyWDE0ZVdDNndIDQpjOHQxb3ZNU2ZTczVlYXBzd1JPUUsyVkFyKzE5cDJwRllQVEVMNzVlcENoeG4yZjI4Z1ZubEVWZ21rQW9rNFBSDQpJV2s0aldkei9IU0duT1BJNU5DbW1vZW9nUkFjdTNUOWp4cE9vRkFHWFlFMU9FdEdxV2kxeUpBRUo0NU9WVHNZDQprQk9pRnhsOC8xZUIySmRWWFBDRVRVaFZ6Uy93bGZIOG5vd1pzenk1OHNRNVF3RzllMXduVXcvMFI3M3NTMUVHDQpxY0hraUJFRDB5Z05DTndNT1ZYTW5hbEREbmlYS0JKd3FaMFk1SytMOVlYek9HaU8raEJNMUxFVFRxeXVHdzdJDQpVM1NwcUR3SVZJU2gzRDhNVzc3WFFXZmdQZXk1TE1Fa0x1SHQ4akt5aTVCMDZKOUE3Rm1XWGdzdmlqZnJjbGFBDQp3ZHBDakJWN2pjY216Qkl4WVV3cEtOUHljY1Q5Mk43UDg2VlEzV2NPQ1BqSGJnUDNtMXRTUlQ2UG9nakRibjdNDQp3VmhUeUNvMGN1cTJRV2I0cUtYN3NIUHZDSmJyS3pJY1Y2ZE9iZm1zUjUzMEt0cTZaU0xNbVQ5RzJkSnFzT0FtDQpsNXlMU1ByU2E5Tjl0UU03Q1lSMzB4N3ZnaTNHZ29GVGxrQ1hGV0E9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUkFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTNHdnZ2txQWdFQUFvSUNBUURVamdNb1h4dGF2c01YDQpVb0h2YTBXVWZSeWJKTVVnR1NQbml3ZWF3eW41RmlnVVR4Nmd2NlZ2T3pxU21HWjE4NVA0VUliV0N1ZDlXakVDDQpFU0pVSkI0cVpiUmlEWUlNQWQyMzM2Y2k1d0RzbkRGVXpuWHRNOWc1VUZmS3dPd2VPVmN2anNTdFlmNks5d2QvDQoxaXRMb3JIeDV0eEVQblBkVGRGR0ZqOVlVT2t1MmM1VllIMk9LaUk3ampDaDAwc3RaZHo4dDVpLy9LdjI3UER0DQo2REc3L3VuMHlnVEcxa21NVU1QcnBSQmVIbFFNWWZ0N09xTTNHSHJEZml1SDdjNVpGNWM2YURnUHlreXcyUjNnDQpMYkJqeUhiamE5VkZKcytkTUViUE1sa0RLeklWK2dndWdWR3d1UWRvRDUvSnZrem8zcVhUY1pKd0dFNzJPRUZpDQpKbi9Wd1dPSDBXamxYS2pIQkFqaFNuOW42M05GamhzM1NHS3RkaW9xSEJPaVpDeEI2NjZyTUhHWnkxNWtEeXpnDQpEVVNGNU9JK0svbWIza3dHRDhTNXV6ZW1PNmRXeFdRd0w3ek5ScHhNaUg0YjhEOENGQlV1ckNJQ0lrdTVoU0QvDQpMTnZ0K05PVnRDUllUalNMT01kWmFjdEg3MFAxRXdxckpHUzJzSms4RERpMmg1bzJDaG5JVy9reE1PeVpyM2JPDQpEQUJaTGlhTndIWXZFSEJISHdndWVYR0hiaVlVRGg3czlzTWZKUVpyR1pEbmQ3R0h5STdIZW1kc2JCMDJzdnpEDQpQckFFOUxRZjRXQi9kcWFOUmxJMmZ0SnIzSEo1YTlnWUJvSkRLWnU2OVI0N0c2MGozbXJreEh1WEdSQ2M4eEFtDQpPcUk0VWNla3RXb0RaR1prTEUxVXdIeFlQRVJ4WndJREFRQUJBb0lDQVFDUEQ1NVVkOTdqYnUzRUxzWkJyTVBDDQpNNHNqYU5ZOHltNytFdmRsVk9KVlFuSnJhTzFHYUhjaXJJeTV5bFY4SWh0LzBFTlFvVG81aHBEaHdVS0h1MStLDQpUYlhoSVJKY25venFpMS9rLy9JQlR3ZHMreUVvSy9MbWNJc0dibDc5NEw0cnhqM2VMTXkwSDV3dWtLbkhXSlBJDQpLd2dwN3BieFpzVHFGV05CUUFRU2dvcDdzRndSYVk1czQwRWNTaWlaUDZ4RGRCY2RjU1VWSjFqcDU1UkI0a3I1DQpkVmROdFVEL2JnVFAvK05LVmNOZ0tqcW5NRXBXZE9WNzJ0blZ2VnRiWDZOcnJtVzlTdjNmTWVNSDFmaVkwSDRrDQpoNW1kMTRkNVZ0cng3Z00zUE1XVFFSeHNvS0dvL29CYnE5aHlZdUZGQTBZOVVIMnRjTThFcmN4a0VXR05MNEthDQoxcjdvOTR5QWlHemRYd2xLbjdoSFBMWHlhc0lyYmF1T3FrSUE1ZUNnRkplQm9McUkrU1UyakJEZ3NPZlVOaHpWDQpNTmIxQzNoNGl3OUp2TER6MXMzaDJPbGxCY080WnBSamF0ODBQY1E4Sm5SK2l4VWUvYWdiS3ZRR056cEVobkovDQpOdWt2V2NWdXJrZUNRY1lQc01rWlMvUGlHK0U1NElSUVlvRHBoakZIUHd1cW12bWZKMTNUMjN2NXAvelVBNXVUDQoxQVFkMWRWL1JrQmtBcG9RWm51c1g3Q1ZCcWpUaGRWREVVem91OVRrK09nR016WkZRd0NjYVNWQllWVlg5OXkwDQpUTVpReFN6MlllUS9hZmZ2M2FDZ3dkZHhyZERFQzNDYm9BUks1bW91ZEhxaUVhSExROEswR3pValdzTDhTVnhGDQpOZ2JHNnFLcW5XWUJyeFIrWkFsOUlRS0NBUUVBK1puaE8zOWNNUnJhdk1EYzdNYjlkdFFoSFBYeFpnR2xaVGZTDQpWMHhrV3RPZEFqZjNHVlJ2RERqRE1oMk9hQUZiakFDSVBYdGoyaWxWV2MxSWIwQmxTbTVnVEdHeERrMVIvVTg3DQo2QUVGa3ZxME8rTWtSZjhQS21LQWpCa1RYY1VhbVo1NjFwQWRaaldSeDVBNi9IbW5lWGxxbzM3VDBhaTg5alRUDQpGMXpKeWZ4SXNwVGZ2YVJDUFQrSndMNWx6TmRFUmpUd0MzZDZRSWhRM2Q2MWhYMFFvVFhjeFpXRmNvMjNCemFwDQpMei9uYjNqOG81TFNnQ2JCNUdDQzd6SGtUYlN2SHNjdnVOOWFySDkwNE5CZ3g4aWJ6b3B6WHdaaFhzK3pxZWp1DQpkSVgxWHhONUFUSVEwak1hK0I3WnI1Tmp3TnU0T1JtdjQwZUpzNlhFOHgza0FXNjdMd0tDQVFFQTJnRC93RHRmDQpsU2l6c0g0cnExK1pFZE96K3AvQ2Fjdk1CK2lxdTczdEJROG8xR1ViVlJ3Q0h0TjkzeHQ0RUEyMGk2NjFobU5LDQoxL2kxNWljeERiVG44akg4SStOd0F2clRVSzJ3eGVkRXNxK3ZWZWtUaWoya0NLOVVJMGh1eFBFSTlkMVdKNnk4DQp1eDhibFFyNTMyUEpYT2FLMlpUOEE0eERBMk8wOThNOFQydUdlTEtlM1phc0ppRjJLTXJuMyt6TlRmWW91ODJVDQpacDdwN2MrbDh0bmRIUC80MUxjQno2dklPQUhDb3lKYTZmeEY0YWhMRThiU3VUaFBGVS8rRGpIZm1nb0xiMTgrDQpyZDJSR09ZU0R5dWZPT1lKN3NBY1hKVGFRK2hjVVpuRHFOcktLZkdBTlhGYzVUSGVEYTlkamRHMkNLaURhVXNHDQpFWEE4SGxvMWRFZS9TUUtDQVFFQXJoYkQzNG12Tlppelk5OW90OFQ2MkR5UWMvQ2VWRFZsdExsQWZoOE1COFY4DQp4eVZkdFU4TXZRdUNLWnd2elI3VlNVcTl1NVFxU3VsMVhGTXY2RmlUelZ3NjBrdDVBSzZ4TnVwaXNDaTJTSk9QDQp6ZzFaS1hFQ2xOOXJKVXdBRS9ENzRwV0V1ODU4a3VOZU1FREt3M25lYzMxYUFYcmVKbWQ0bElpM2lwM3ZLSEJNDQpEREtGODNGenVlQnRKZ0FtWkw3b0ljZWVmWUR4eGJ6T0dsSFJiYStUUDcyZnBEZnJnY0NTSGZmai9NNm5qenBsDQppM2xHVkplenVLUVA3dUZ2aVRzeXdWYlFWRE9FdkxlUlA1UlhURUVCV3dkNS9KY29wc1piVzNEWmtIQTJlZi9NDQo4Q2FKVVBMUUpxcnR6ZVlSTjF5SW0xcnRNS3Fld3F3bU9DTnErZ3pQaFFLQ0FRRUFySUJ4M3hpY0w1ai9acjdQDQpxMUYvKzkwNjR5d2JXRC9NK00wZ25HSlM5TmZrQlB6a1BkcGx5eUtxelNvZFBRYTdRSFJFYTB5U1lvY0kyRTlXDQp2M1BRdlpMVDQwb0t6akRQbVYxM0xZSXNsLy93aTloY2Y5ejZ1V3lTOVVCUmRrRU1TQkNXSmRySGxJR3UvNmFwDQp4aHhkcjhjMVE2cGlLQ1NLdWxuaFR0UU1Hd1FJYWVWZFZCWHZybFIzL1J0aGs0ejdmNTh5NkRocUh6SE1CVU4wDQpHdEJONks2YnBTWVNwdE5WSVF3emlZYWJ6ZDZ6SlRaWUFoUW5saXg2VjNEdXBTak51RVFPZkZndmJzQ09HZGVqDQpucUZ6NGtBVXgvajMrRUpJMjhjM2xkSklRb3F0d2JhNUxwQy9ZeFNza3NPYkVhZEpsVnhTYjdUUDNtaWpDWmwwDQpCc2puRVFLQ0FRQTZDSG5LZTNWNEF5WkRJV1N5UE0xZ2Q4VWVyQWY3V2paLzJ1RU0yWC9Nc1JvN2pHeHh4U0JMDQpUOE5vemtuZ05GbXV2SENnOURpdXRxZ0N0eHV5TXZ6MmJ2MnhXdWxPMm9ZL0NVdUQvVzV6aU44NzlnenBPSStPDQo5T0d4NklUV2xqZ0FKQmt4U1RaYXpYd0NVK05qNDlkY2ZicWhEZGtTQWZ6RW1COGpCRzEzaXprcVZEQTdYU0lBDQoxWDNUdEpkSGwzUmYwNFpoUUN1aCthWEdlRjdHOHQ0QTFhZW1iWWIyUStjM1BPK0s2ZlZZU3doTC9PeEdFdmUzDQpEc2x1aUZ2ZnM1cFIwb3B0ZWR6Y1RQdHhQM29tK0JiSThvUnVHVUdMdkNKbS9GYlNOL0c1TGFZS1U4YlkydHlhDQo1L05QTjR1OTZCcStRYUFsS0hKc24xL01XRWRaTS9ocg0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K diff --git a/deployments/k8s/certs/booking-cert/tls.crt b/deployments/k8s/certs/booking-cert/tls.crt new file mode 100644 index 0000000..4f4aa26 --- /dev/null +++ b/deployments/k8s/certs/booking-cert/tls.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFKTCCAxGgAwIBAgIUFa9lh176zt1+zRoMwLJhUb9aEGswDQYJKoZIhvcNAQEL +BQAwJDEiMCAGA1UEAwwZYm9va2luZy1taWNyb3NlcnZpY2VzLmNvbTAeFw0yMzAy +MjExMTQ3MTBaFw0yNDAyMjExMTQ3MTBaMCQxIjAgBgNVBAMMGWJvb2tpbmctbWlj +cm9zZXJ2aWNlcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU +jgMoXxtavsMXUoHva0WUfRybJMUgGSPniweawyn5FigUTx6gv6VvOzqSmGZ185P4 +UIbWCud9WjECESJUJB4qZbRiDYIMAd2336ci5wDsnDFUznXtM9g5UFfKwOweOVcv +jsStYf6K9wd/1itLorHx5txEPnPdTdFGFj9YUOku2c5VYH2OKiI7jjCh00stZdz8 +t5i//Kv27PDt6DG7/un0ygTG1kmMUMPrpRBeHlQMYft7OqM3GHrDfiuH7c5ZF5c6 +aDgPykyw2R3gLbBjyHbja9VFJs+dMEbPMlkDKzIV+ggugVGwuQdoD5/Jvkzo3qXT +cZJwGE72OEFiJn/VwWOH0WjlXKjHBAjhSn9n63NFjhs3SGKtdioqHBOiZCxB666r +MHGZy15kDyzgDUSF5OI+K/mb3kwGD8S5uzemO6dWxWQwL7zNRpxMiH4b8D8CFBUu +rCICIku5hSD/LNvt+NOVtCRYTjSLOMdZactH70P1EwqrJGS2sJk8DDi2h5o2ChnI +W/kxMOyZr3bODABZLiaNwHYvEHBHHwgueXGHbiYUDh7s9sMfJQZrGZDnd7GHyI7H +emdsbB02svzDPrAE9LQf4WB/dqaNRlI2ftJr3HJ5a9gYBoJDKZu69R47G60j3mrk +xHuXGRCc8xAmOqI4UcektWoDZGZkLE1UwHxYPERxZwIDAQABo1MwUTAdBgNVHQ4E +FgQUGyqcZzScRYbmp3NfHFsY54rZQNIwHwYDVR0jBBgwFoAUGyqcZzScRYbmp3Nf +HFsY54rZQNIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbiOq +XPZ0qorffY9nXQkicdZB7fMqDf5zZ22lWBE4flDzd8ffO6NeH/Ft7U3YwpKstuzh +3nHVbR+T35bufUpLyPbm+J/gIG9SHy5NTk2en+7lxrobesNVn669S/TAmrwfplCy +VeptYT42Jl3/Sd64DwH4LHAUrPjsdUhyYyWaWntTgrqxAy+tUoPxjvrX14eWC6wH +c8t1ovMSfSs5eapswROQK2VAr+19p2pFYPTEL75epChxn2f28gVnlEVgmkAok4PR +IWk4jWdz/HSGnOPI5NCmmoeogRAcu3T9jxpOoFAGXYE1OEtGqWi1yJAEJ45OVTsY +kBOiFxl8/1eB2JdVXPCETUhVzS/wlfH8nowZszy58sQ5QwG9e1wnUw/0R73sS1EG +qcHkiBED0ygNCNwMOVXMnalDDniXKBJwqZ0Y5K+L9YXzOGiO+hBM1LETTqyuGw7I +U3SpqDwIVISh3D8MW77XQWfgPey5LMEkLuHt8jKyi5B06J9A7FmWXgsvijfrclaA +wdpCjBV7jccmzBIxYUwpKNPyccT92N7P86VQ3WcOCPjHbgP3m1tSRT6PogjDbn7M +wVhTyCo0cuq2QWb4qKX7sHPvCJbrKzIcV6dObfmsR530Ktq6ZSLMmT9G2dJqsOAm +l5yLSPrSa9N9tQM7CYR30x7vgi3GgoFTlkCXFWA= +-----END CERTIFICATE----- diff --git a/deployments/k8s/certs/booking-cert/tls.key b/deployments/k8s/certs/booking-cert/tls.key new file mode 100644 index 0000000..58a0ddf --- /dev/null +++ b/deployments/k8s/certs/booking-cert/tls.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDUjgMoXxtavsMX +UoHva0WUfRybJMUgGSPniweawyn5FigUTx6gv6VvOzqSmGZ185P4UIbWCud9WjEC +ESJUJB4qZbRiDYIMAd2336ci5wDsnDFUznXtM9g5UFfKwOweOVcvjsStYf6K9wd/ +1itLorHx5txEPnPdTdFGFj9YUOku2c5VYH2OKiI7jjCh00stZdz8t5i//Kv27PDt +6DG7/un0ygTG1kmMUMPrpRBeHlQMYft7OqM3GHrDfiuH7c5ZF5c6aDgPykyw2R3g +LbBjyHbja9VFJs+dMEbPMlkDKzIV+ggugVGwuQdoD5/Jvkzo3qXTcZJwGE72OEFi +Jn/VwWOH0WjlXKjHBAjhSn9n63NFjhs3SGKtdioqHBOiZCxB666rMHGZy15kDyzg +DUSF5OI+K/mb3kwGD8S5uzemO6dWxWQwL7zNRpxMiH4b8D8CFBUurCICIku5hSD/ +LNvt+NOVtCRYTjSLOMdZactH70P1EwqrJGS2sJk8DDi2h5o2ChnIW/kxMOyZr3bO +DABZLiaNwHYvEHBHHwgueXGHbiYUDh7s9sMfJQZrGZDnd7GHyI7HemdsbB02svzD +PrAE9LQf4WB/dqaNRlI2ftJr3HJ5a9gYBoJDKZu69R47G60j3mrkxHuXGRCc8xAm +OqI4UcektWoDZGZkLE1UwHxYPERxZwIDAQABAoICAQCPD55Ud97jbu3ELsZBrMPC +M4sjaNY8ym7+EvdlVOJVQnJraO1GaHcirIy5ylV8Iht/0ENQoTo5hpDhwUKHu1+K +TbXhIRJcnozqi1/k//IBTwds+yEoK/LmcIsGbl794L4rxj3eLMy0H5wukKnHWJPI +Kwgp7pbxZsTqFWNBQAQSgop7sFwRaY5s40EcSiiZP6xDdBcdcSUVJ1jp55RB4kr5 +dVdNtUD/bgTP/+NKVcNgKjqnMEpWdOV72tnVvVtbX6NrrmW9Sv3fMeMH1fiY0H4k +h5md14d5Vtrx7gM3PMWTQRxsoKGo/oBbq9hyYuFFA0Y9UH2tcM8ErcxkEWGNL4Ka +1r7o94yAiGzdXwlKn7hHPLXyasIrbauOqkIA5eCgFJeBoLqI+SU2jBDgsOfUNhzV +MNb1C3h4iw9JvLDz1s3h2OllBcO4ZpRjat80PcQ8JnR+ixUe/agbKvQGNzpEhnJ/ +NukvWcVurkeCQcYPsMkZS/PiG+E54IRQYoDphjFHPwuqmvmfJ13T23v5p/zUA5uT +1AQd1dV/RkBkApoQZnusX7CVBqjThdVDEUzou9Tk+OgGMzZFQwCcaSVBYVVX99y0 +TMZQxSz2YeQ/affv3aCgwddxrdDEC3CboARK5moudHqiEaHLQ8K0GzUjWsL8SVxF +NgbG6qKqnWYBrxR+ZAl9IQKCAQEA+ZnhO39cMRravMDc7Mb9dtQhHPXxZgGlZTfS +V0xkWtOdAjf3GVRvDDjDMh2OaAFbjACIPXtj2ilVWc1Ib0BlSm5gTGGxDk1R/U87 +6AEFkvq0O+MkRf8PKmKAjBkTXcUamZ561pAdZjWRx5A6/HmneXlqo37T0ai89jTT +F1zJyfxIspTfvaRCPT+JwL5lzNdERjTwC3d6QIhQ3d61hX0QoTXcxZWFco23Bzap +Lz/nb3j8o5LSgCbB5GCC7zHkTbSvHscvuN9arH904NBgx8ibzopzXwZhXs+zqeju +dIX1XxN5ATIQ0jMa+B7Zr5NjwNu4ORmv40eJs6XE8x3kAW67LwKCAQEA2gD/wDtf +lSizsH4rq1+ZEdOz+p/CacvMB+iqu73tBQ8o1GUbVRwCHtN93xt4EA20i661hmNK +1/i15icxDbTn8jH8I+NwAvrTUK2wxedEsq+vVekTij2kCK9UI0huxPEI9d1WJ6y8 +ux8blQr532PJXOaK2ZT8A4xDA2O098M8T2uGeLKe3ZasJiF2KMrn3+zNTfYou82U +Zp7p7c+l8tndHP/41LcBz6vIOAHCoyJa6fxF4ahLE8bSuThPFU/+DjHfmgoLb18+ +rd2RGOYSDyufOOYJ7sAcXJTaQ+hcUZnDqNrKKfGANXFc5THeDa9djdG2CKiDaUsG +EXA8Hlo1dEe/SQKCAQEArhbD34mvNZizY99ot8T62DyQc/CeVDVltLlAfh8MB8V8 +xyVdtU8MvQuCKZwvzR7VSUq9u5QqSul1XFMv6FiTzVw60kt5AK6xNupisCi2SJOP +zg1ZKXEClN9rJUwAE/D74pWEu858kuNeMEDKw3nec31aAXreJmd4lIi3ip3vKHBM +DDKF83FzueBtJgAmZL7oIceefYDxxbzOGlHRba+TP72fpDfrgcCSHffj/M6njzpl +i3lGVJezuKQP7uFviTsywVbQVDOEvLeRP5RXTEEBWwd5/JcopsZbW3DZkHA2ef/M +8CaJUPLQJqrtzeYRN1yIm1rtMKqewqwmOCNq+gzPhQKCAQEArIBx3xicL5j/Zr7P +q1F/+9064ywbWD/M+M0gnGJS9NfkBPzkPdplyyKqzSodPQa7QHREa0ySYocI2E9W +v3PQvZLT40oKzjDPmV13LYIsl//wi9hcf9z6uWyS9UBRdkEMSBCWJdrHlIGu/6ap +xhxdr8c1Q6piKCSKulnhTtQMGwQIaeVdVBXvrlR3/Rthk4z7f58y6DhqHzHMBUN0 +GtBN6K6bpSYSptNVIQwziYabzd6zJTZYAhQnlix6V3DupSjNuEQOfFgvbsCOGdej +nqFz4kAUx/j3+EJI28c3ldJIQoqtwba5LpC/YxSsksObEadJlVxSb7TP3mijCZl0 +BsjnEQKCAQA6CHnKe3V4AyZDIWSyPM1gd8UerAf7WjZ/2uEM2X/MsRo7jGxxxSBL +T8NozkngNFmuvHCg9DiutqgCtxuyMvz2bv2xWulO2oY/CUuD/W5ziN879gzpOI+O +9OGx6ITWljgAJBkxSTZazXwCU+Nj49dcfbqhDdkSAfzEmB8jBG13izkqVDA7XSIA +1X3TtJdHl3Rf04ZhQCuh+aXGeF7G8t4A1aembYb2Q+c3PO+K6fVYSwhL/OxGEve3 +DsluiFvfs5pR0optedzcTPtxP3om+BbI8oRuGUGLvCJm/FbSN/G5LaYKU8bY2tya +5/NPN4u96Bq+QaAlKHJsn1/MWEdZM/hr +-----END PRIVATE KEY----- diff --git a/deployments/k8s/certs/identity-cert/identity-secret.yml b/deployments/k8s/certs/identity-cert/identity-secret.yml new file mode 100644 index 0000000..ca00e35 --- /dev/null +++ b/deployments/k8s/certs/identity-cert/identity-secret.yml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: identity-tls + namespace: default +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGSHpDQ0F3ZWdBd0lCQWdJVWJ4K1lESEs0cFlrQkM5d2lsVEJBa05NMFNPVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3SHpFZE1Cc0dBMVVFQXd3VWJYbHBaR1Z1ZEdsMGVYTmxjblpsY2k1amIyMHdIaGNOTWpNd01qSXhNVEUxDQpPRFV3V2hjTk1qUXdNakl4TVRFMU9EVXdXakFmTVIwd0d3WURWUVFEREJSdGVXbGtaVzUwYVhSNWMyVnlkbVZ5DQpMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTHZDWGU2cy9waW50czc1DQpOcUJmeTFyUkZLREc4Ky9qSFZVaTh0VE1XNU1qbHh3SW9WQ004WXVVSk8vTFNjbVNueFZHdXNBTEk5TkJMeXFKDQo4U2dCY0VXQ1h4aDI0VmRpUmk2d05jSzF1TkNwY0t1VVA0bDZQYVhFaHZtU2YycnBScDgrWGxKeWZOTFBodXhUDQpOUy84MWl3UXRoelc0WGFPbEVGYzhxbFd2ODZjbjdoci9QbDhUNGZIVmp5UHNJdHVrOExTSTBPdmUrQUd5L3F3DQpkL1hQcE12dXVSbndRRFBuWHE1NE56djFHMTMyRDh4eitoWko4eTNlTEtUTXF0U2ZEQm9SdWpoQmVjNVp1ckxKDQplYVJEYmlWdU9LMy9oRm9TVGxkaFYxMTViVDFZcTU3QnNhQlNQeXdSUE1JbldOZ1p0QnhtRUgxVTR2aGJKZmtKDQo0TnAvMkFQYzY2WDFTelp1c0s3aEZ4WHBtVTRJYXZiNXAzcDhpVVZEekNPN0U1OURkT2Z6QzNCYXg1YzZPUXZSDQo5d0FkTXlVSmhCaFU0eW9KOXQ1WTljV1BRcU94U25WT3Z1NXFOVHI5UDBBVFdLcE9NVkZZWklib0VCQW9oWmlwDQpKT3FkYWxVSnFqcEp0TzRxeTVaL3orclZPMjRCdzUzMWJ4SkFoanBWYWQxU1NOZm5xdXI0TFZ4V0JyYXFqUU90DQpPT1VPaHEwd2Y0UUdEc3NIM2NOMkJaK2Z4OVJDY0dmOW1kTkdSTDFoK29IalVHYjVaS2dxcWlOZDNZVWlKWlpSDQpIN1VvQmV2eXlLcVFiYmE4NFVXSXRhVHJPT0kxN3JKSWJ3dlZsdjgrUENGWGZPNjdDMENYN243YWwxM040ZkNlDQoyaWYyT01uQ0pJOWI5VXJSZGZxTDkvbG9wZ0J4QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSRzRzTHh2QmxSDQprNmhveXVxdDg0MUE1TTlCVGpBZkJnTlZIU01FR0RBV2dCUkc0c0x4dkJsUms2aG95dXF0ODQxQTVNOUJUakFQDQpCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmVJb0xCaUMvNGxaNnhHYzJnDQpWNG5JM0lmQ2YyY3BWVFhaME5zTjFxL0o4TXZrRnBHNENkeUZlRStoZjdPbmpVVjlIQnlVR2JpRDFoZlJCSmJWDQpaNXAxS1BxQ0ltQXlZcm1KVnU4dllEVlJGcXY0bW5kSUN4ZzBRaGNEbWZTU3NCZXl6UXpDUExTd21HUzd2OVk5DQpTTjFTTUU0cE5jMWdBaU5OTWhKS1NBcnowWTV5TmRsWDNNcTRXTHZrd01iZXN0TjlDRFRaZ2VVTDVuRkxCdFFhDQpaZkY2Z0NBTVI1WktITmNaTEp3ejdZcU5ZT0tUN2s1OHRCSXJMV1FWNWFXWTlPSUVqQ1VNMEtneUVBbzE1dDA5DQpwQmorUWVrK25HOFdxNTRxbnNjSnVyeWxaaWVNdXBDOGdYdUhlL1BMb3ZSQksvUkp5VDF0YTZvb1VHWW00VWRzDQpnWWF4RUpWVVFqNUowZXF4U2JMVHg3UUxNR2xNNGc2V1dOUmVUWE9VOE41OG5SSzBtTVRISVBEQ0ZBeVRMNlpKDQo1ZG5aYjhZN3UySDJvNDRJQlRvdFBiQmYrT3h6dTV2dTl0TzluelN1ZWtWd0EvbDhWRkJibnY3SG9CU1oxMDFUDQpFU0ZUVDBmR0NvNGpkbnhhOC8wcElwelo1M0ZDSG5yZGdjUXd2amJrb2tybzV1L0o3dXdFRHNsaE9hM0FkdlIxDQpMTXhIVFRvR01QaDdCT0RTb2FybWRsR2hReVI3TU1lYWwxUzRHOWZHMmZUczZsYXBrcFJ2d3V0RzMxUWJiNXhrDQpKemNTSXIwTWlheGVGdTcyL2J5aWFDTFEwQ2c5SHQ4THlpZ2VMRFhQMFJjeXVRNXk1bUdVYXY1cnBWRTZiMkRGDQpoU1pUZmdOL3ZzUitJdExueU9EVkt0WWJ1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUXdJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTMHdnZ2twQWdFQUFvSUNBUUM3d2wzdXJQNllwN2JPDQorVGFnWDh0YTBSU2d4dlB2NHgxVkl2TFV6RnVUSTVjY0NLRlFqUEdMbENUdnkwbkprcDhWUnJyQUN5UFRRUzhxDQppZkVvQVhCRmdsOFlkdUZYWWtZdXNEWEN0YmpRcVhDcmxEK0plajJseEliNWtuOXE2VWFmUGw1U2NuelN6NGJzDQpVelV2L05Zc0VMWWMxdUYyanBSQlhQS3BWci9PbkorNGEvejVmRStIeDFZOGo3Q0xicFBDMGlORHIzdmdCc3Y2DQpzSGYxejZUTDdya1o4RUF6NTE2dWVEYzc5UnRkOWcvTWMvb1dTZk10M2l5a3pLclVud3dhRWJvNFFYbk9XYnF5DQp5WG1rUTI0bGJqaXQvNFJhRWs1WFlWZGRlVzA5V0t1ZXdiR2dVajhzRVR6Q0oxallHYlFjWmhCOVZPTDRXeVg1DQpDZURhZjlnRDNPdWw5VXMyYnJDdTRSY1Y2WmxPQ0dyMithZDZmSWxGUTh3anV4T2ZRM1RuOHd0d1dzZVhPamtMDQowZmNBSFRNbENZUVlWT01xQ2ZiZVdQWEZqMEtqc1VwMVRyN3VhalU2L1Q5QUUxaXFUakZSV0dTRzZCQVFLSVdZDQpxU1RxbldwVkNhbzZTYlR1S3N1V2Y4L3ExVHR1QWNPZDlXOFNRSVk2VlduZFVralg1NnJxK0MxY1ZnYTJxbzBEDQpyVGpsRG9hdE1IK0VCZzdMQjkzRGRnV2ZuOGZVUW5Cbi9ablRSa1M5WWZxQjQxQm0rV1NvS3FvalhkMkZJaVdXDQpVUisxS0FYcjhzaXFrRzIydk9GRmlMV2s2emppTmU2eVNHOEwxWmIvUGp3aFYzenV1d3RBbCs1KzJwZGR6ZUh3DQpudG9uOWpqSndpU1BXL1ZLMFhYNmkvZjVhS1lBY1FJREFRQUJBb0lDQUE1OE1FTDVsYXF4UmFreUVNVE9ueUdpDQpmN1RucEdvZFcyWDJERVhlZmpJYnpNeWMzZFVaQ29sNkpGOWJqNVc5ZWdocUxINGtYZDh1YURVZjd6cm00WUo3DQpURnJXMFF1c3lUMVEydFRxc0Jkbyt3aEJwNlV6aVE0QTIyamxwRzdiRUZlNHVBNGtSdno4aGF3MXZ5UzBuTkZKDQplTU5BMEtRVTI5c3ZFSWwvNTh4SXlRbXhTeEwwUkM1MWNuRzVwQ1Vkb3NpazdaT0xOa05TUXVwVU11MEQxL0xqDQp0K1FJWk91Y0xmSEgxSHNMcmREUjZ1WWJESEFyeEZjRmpPd3AzZ1FKUVNYQnVGd2VzUWI2WlN6bDNqeU45ekZzDQpEM05kQXhqdjBKdHRKeEJQRGQ1dHVNL0dvYTE4cXVMN2NYU0pGSkdYYWczRzBmN1pUYWxiWHRLWHNJRXEyNzlPDQpoWFNNVkcxODZVNU9GdThQQ1hITVRSSXp1ZGlnaHRvaExSTXE4ZDAvdTdHSWNzRVNiZGdCKzlhT0hBYU42SUtwDQo0REpYQWtzQ3E0NmVyaGlRWEdnaGpKZUd6YjlONzBJV1I0NVpGZGNpUlhlbnp0djRBOENXeUdyZk1lOWFBMjUyDQpWbmNHa1o2bDVrTFZ3aUVLZU1uK1RYV2ZPQUVnMVNZb3F6RTJYanVSOENvUmJ6aFBRQjVxRlVhZEZYMGwwWlpqDQo1YlcxOHNtcG5xM1h5WlpmSVNIOEFYeGZndzEraFEzVldodENlNU9qQkV0dlNoeDIrR1czTVNmRVQxNXVORTFXDQpQR3A1RFBGNjMzaXZXdDRBMUVUckpkbE5UcnVxbVh2b3hZWGlnUWNjdURRM2YvZnkvcmprRDY1eDRDaEpLc1F4DQpEcmZWMHF6MGV3TmxHbTc0U3dBQkFvSUJBUUQwTmFPdngvNFdNdXNLUFhNU1NycFRtVlMyd1ZROUpmbGw2Y0EwDQpKTG9HTk1hdVBIenJsVzIxamFCcXhXTGhlVkY5R1c3MU9lSmxtdjA2SWZwbUJlS0F4c3grR0lnWUZqRG50aVlFDQpUVjRQSkRFVFB2TDQxU3ZLT0NDUWx4eXVwY2tGbUoyLzJYd0Z2REVqdVBPeUJyZ0VrT3dlUXJxSEhnWXI3cWhzDQphM0U4bkliVWhPWVF1QnNpNHpXanFnTGI3eS9XeVhkbm9LbXNJRlp5bHc2OUxjQVAvaW9WQkIrS1h3aXZsTnpYDQpoaGZ0QkY2RXRsLzFkbFN3MmtmUTBIMmlYdkR5ZTEySEFJNlZYZXQ3dXJoSFRzeG5JaW5remx6d0lJcUJFOFduDQpnVXJJcXBhays1OVNGRkpvbjB0RkV5cmVhK2dMQmVpKzhGTitzZVFydytHNmYyVnhBb0lCQVFERTB3U2NqVUV3DQpjM20rUi9VcjhJOWRZZW1ER1Y4OXkwTmI1amd2TDBwc21GNmc4aDFNYWxlMFJiaXI3SVJ0TU9MUjhWV1EyQ281DQo1bGlBTlhPKzIrdHJhaFlDbkY1d0t6Q3dsM01qNVRYMlQ5MHE1Sk9XSVZldTIvZTE0Vkl3UDBITXV3KzZCdTIyDQpvbVdQcjd3cm5weUVISjlnTkcwbWRNL1JHK3ZvVXNWeHdOSThUVHdFNFZ2UzBYYzcrN3VNbEhEcnV6dlRkOThjDQpJTEdMOTVJUVppeWxUdnR0ZVgvT1pyTmNIeUg2Ym5SaXFIZWszSHdQMm1VZkg1ek9oOGwzdmVQSXVET2xaOE5ODQppbloyN1VrMmJxZW8vT3BCTWcwMVo0dE82RzBha2RaSjUraFlBS3hZWUdyWmZBbTZRTTJpTFd1bDliRzVwdG5MDQo0YW5RSEdTQkZzc0JBb0lCQVFESmhtSTNzdkJJM1dmOG9VME9jVUJsc0lpcDc4eFdVYm9Ia2VnY241b3JlTzNqDQo1dUtuZmo1MHJoVU5SeW9jS3dOR0d2RG55UWE5RmpPVi8yZ2xQUUgzaHhaRmtIVHVlNUdNQlZKR0JwcHlJRW1uDQpPakZEaXBhQ1grTHZydVBxYzhENXIwR3VpZ2pBcXRaYVJreEVReXNrQ1h2d1ZOeWNsL2c3MU15RCsvNE1LSmRUDQpWUUNPRjMrOVFJYUpNc2o5T2RyZWdvN1lvMHFoVW1aRVZjZkI4YmttK1hVOHRwUlltYWdQVE9jWnEveWVpUlorDQpxZ2x5QkY1TE96WThhWERqeHpsS3dPY2pleUF1dnJ5TzlEMFNDMEsrY1FEbFlpNXJzazdaeWJrNFM0ZXRKS2tBDQpLTzBHek9KY2wrZURieGZYU0hES2QrdmpkV3RSaC9kazdsYWVrbmJoQW9JQkFRQ2dMUEoxek9hZVhYdFlCUXRiDQpCTnhITEtWeVVUV1cvbElFK2VnRFRrTU0rVHNaVTYvUVBrSzlySGZMUWlITEVwdWtLdmh0ZGQxM1hTUHN3cE05DQpZWS9HeklDNUF6US9xSVpwVC9jZDRTejNGS3R5ZXE0NDRVMlFPZWJ2RnoxaGtqa2tPWjlrenJxcGhLT09PWCt6DQpKOU5NR0ZjRFhlYnVBdVlVME5vOUtROFJzYy9senh6bkE5ZE1TN2J6RTd2ZmZmWWZnVElBdUc3VFh5L2VMazJxDQpGdHlDY3pKZU55QnhnbGE0dzRWTlhwSk1yN2tlYTJoekpsSmc3OE1XdUo2V1dleURycFFwS2JaZzVpdmVRT0R4DQo4VDkwWU03cTI2YXdMV0hMaDQ4eXJqaHIwTlRldVQySWRuNitHeGwzZjhGWkdBbWc5Ny80eS9ZMjI2RHNnZzZ3DQpseklCQW9JQkFHNTdVSVpvL012VXRHelVQWnh0QTJmSmZ4RDhhOE92M25RVTN6akpMd0pYenIrOHp2eVpOUnhvDQp4eCs5ZGlMdWlYQ2hHT3VpU0NUOXVtci9KSWRzVmEwb200TCtQMHA3V01MK1QrYlBhVHFmWjJnY1Z1QitadFg3DQpKR1gzdForTHpkYWtRNkxTYTRaRlFlMmNTYzcxYWF2YnJZMTU0RGpYUmI4c25BQTlkczBENk10U0crTjlhQjZaDQpaRFZEc1MveUk1Z0VLV3FtN1B0RDR1VWhNazViUmFLbkdLS1ZVR0NOak9DN0NETEZVSU1OcDRRSDFhb1lMcTJuDQpCNy9GdHlQb09MNkxDTytCUk9FY2NSZXZYQWJyOTJ0dzhoQzNqaGJGS3dCTThJMUFWdWgxdS9qWFg1ZDgrRGVNDQpQQ0ZNNHlLZnNGb24zTW1sMDR4eXhKU3RqL2Zhc01jPQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K diff --git a/deployments/k8s/certs/identity-cert/tls.crt b/deployments/k8s/certs/identity-cert/tls.crt new file mode 100644 index 0000000..0765129 --- /dev/null +++ b/deployments/k8s/certs/identity-cert/tls.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHzCCAwegAwIBAgIUbx+YDHK4pYkBC9wilTBAkNM0SOUwDQYJKoZIhvcNAQEL +BQAwHzEdMBsGA1UEAwwUbXlpZGVudGl0eXNlcnZlci5jb20wHhcNMjMwMjIxMTE1 +ODUwWhcNMjQwMjIxMTE1ODUwWjAfMR0wGwYDVQQDDBRteWlkZW50aXR5c2VydmVy +LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALvCXe6s/pints75 +NqBfy1rRFKDG8+/jHVUi8tTMW5MjlxwIoVCM8YuUJO/LScmSnxVGusALI9NBLyqJ +8SgBcEWCXxh24VdiRi6wNcK1uNCpcKuUP4l6PaXEhvmSf2rpRp8+XlJyfNLPhuxT +NS/81iwQthzW4XaOlEFc8qlWv86cn7hr/Pl8T4fHVjyPsItuk8LSI0Ove+AGy/qw +d/XPpMvuuRnwQDPnXq54Nzv1G132D8xz+hZJ8y3eLKTMqtSfDBoRujhBec5ZurLJ +eaRDbiVuOK3/hFoSTldhV115bT1Yq57BsaBSPywRPMInWNgZtBxmEH1U4vhbJfkJ +4Np/2APc66X1SzZusK7hFxXpmU4Iavb5p3p8iUVDzCO7E59DdOfzC3Bax5c6OQvR +9wAdMyUJhBhU4yoJ9t5Y9cWPQqOxSnVOvu5qNTr9P0ATWKpOMVFYZIboEBAohZip +JOqdalUJqjpJtO4qy5Z/z+rVO24Bw531bxJAhjpVad1SSNfnqur4LVxWBraqjQOt +OOUOhq0wf4QGDssH3cN2BZ+fx9RCcGf9mdNGRL1h+oHjUGb5ZKgqqiNd3YUiJZZR +H7UoBevyyKqQbba84UWItaTrOOI17rJIbwvVlv8+PCFXfO67C0CX7n7al13N4fCe +2if2OMnCJI9b9UrRdfqL9/lopgBxAgMBAAGjUzBRMB0GA1UdDgQWBBRG4sLxvBlR +k6hoyuqt841A5M9BTjAfBgNVHSMEGDAWgBRG4sLxvBlRk6hoyuqt841A5M9BTjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBeIoLBiC/4lZ6xGc2g +V4nI3IfCf2cpVTXZ0NsN1q/J8MvkFpG4CdyFeE+hf7OnjUV9HByUGbiD1hfRBJbV +Z5p1KPqCImAyYrmJVu8vYDVRFqv4mndICxg0QhcDmfSSsBeyzQzCPLSwmGS7v9Y9 +SN1SME4pNc1gAiNNMhJKSArz0Y5yNdlX3Mq4WLvkwMbestN9CDTZgeUL5nFLBtQa +ZfF6gCAMR5ZKHNcZLJwz7YqNYOKT7k58tBIrLWQV5aWY9OIEjCUM0KgyEAo15t09 +pBj+Qek+nG8Wq54qnscJurylZieMupC8gXuHe/PLovRBK/RJyT1ta6ooUGYm4Uds +gYaxEJVUQj5J0eqxSbLTx7QLMGlM4g6WWNReTXOU8N58nRK0mMTHIPDCFAyTL6ZJ +5dnZb8Y7u2H2o44IBTotPbBf+Oxzu5vu9tO9nzSuekVwA/l8VFBbnv7HoBSZ101T +ESFTT0fGCo4jdnxa8/0pIpzZ53FCHnrdgcQwvjbkokro5u/J7uwEDslhOa3AdvR1 +LMxHTToGMPh7BODSoarmdlGhQyR7MMeal1S4G9fG2fTs6lapkpRvwutG31Qbb5xk +JzcSIr0MiaxeFu72/byiaCLQ0Cg9Ht8LyigeLDXP0RcyuQ5y5mGUav5rpVE6b2DF +hSZTfgN/vsR+ItLnyODVKtYbuw== +-----END CERTIFICATE----- diff --git a/deployments/k8s/certs/identity-cert/tls.key b/deployments/k8s/certs/identity-cert/tls.key new file mode 100644 index 0000000..21e904c --- /dev/null +++ b/deployments/k8s/certs/identity-cert/tls.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7wl3urP6Yp7bO ++TagX8ta0RSgxvPv4x1VIvLUzFuTI5ccCKFQjPGLlCTvy0nJkp8VRrrACyPTQS8q +ifEoAXBFgl8YduFXYkYusDXCtbjQqXCrlD+Jej2lxIb5kn9q6UafPl5ScnzSz4bs +UzUv/NYsELYc1uF2jpRBXPKpVr/OnJ+4a/z5fE+Hx1Y8j7CLbpPC0iNDr3vgBsv6 +sHf1z6TL7rkZ8EAz516ueDc79Rtd9g/Mc/oWSfMt3iykzKrUnwwaEbo4QXnOWbqy +yXmkQ24lbjit/4RaEk5XYVddeW09WKuewbGgUj8sETzCJ1jYGbQcZhB9VOL4WyX5 +CeDaf9gD3Oul9Us2brCu4RcV6ZlOCGr2+ad6fIlFQ8wjuxOfQ3Tn8wtwWseXOjkL +0fcAHTMlCYQYVOMqCfbeWPXFj0KjsUp1Tr7uajU6/T9AE1iqTjFRWGSG6BAQKIWY +qSTqnWpVCao6SbTuKsuWf8/q1TtuAcOd9W8SQIY6VWndUkjX56rq+C1cVga2qo0D +rTjlDoatMH+EBg7LB93DdgWfn8fUQnBn/ZnTRkS9YfqB41Bm+WSoKqojXd2FIiWW +UR+1KAXr8siqkG22vOFFiLWk6zjiNe6ySG8L1Zb/PjwhV3zuuwtAl+5+2pddzeHw +nton9jjJwiSPW/VK0XX6i/f5aKYAcQIDAQABAoICAA58MEL5laqxRakyEMTOnyGi +f7TnpGodW2X2DEXefjIbzMyc3dUZCol6JF9bj5W9eghqLH4kXd8uaDUf7zrm4YJ7 +TFrW0QusyT1Q2tTqsBdo+whBp6UziQ4A22jlpG7bEFe4uA4kRvz8haw1vyS0nNFJ +eMNA0KQU29svEIl/58xIyQmxSxL0RC51cnG5pCUdosik7ZOLNkNSQupUMu0D1/Lj +t+QIZOucLfHH1HsLrdDR6uYbDHArxFcFjOwp3gQJQSXBuFwesQb6ZSzl3jyN9zFs +D3NdAxjv0JttJxBPDd5tuM/Goa18quL7cXSJFJGXag3G0f7ZTalbXtKXsIEq279O +hXSMVG186U5OFu8PCXHMTRIzudightohLRMq8d0/u7GIcsESbdgB+9aOHAaN6IKp +4DJXAksCq46erhiQXGghjJeGzb9N70IWR45ZFdciRXenztv4A8CWyGrfMe9aA252 +VncGkZ6l5kLVwiEKeMn+TXWfOAEg1SYoqzE2XjuR8CoRbzhPQB5qFUadFX0l0ZZj +5bW18smpnq3XyZZfISH8AXxfgw1+hQ3VWhtCe5OjBEtvShx2+GW3MSfET15uNE1W +PGp5DPF633ivWt4A1ETrJdlNTruqmXvoxYXigQccuDQ3f/fy/rjkD65x4ChJKsQx +DrfV0qz0ewNlGm74SwABAoIBAQD0NaOvx/4WMusKPXMSSrpTmVS2wVQ9Jfll6cA0 +JLoGNMauPHzrlW21jaBqxWLheVF9GW71OeJlmv06IfpmBeKAxsx+GIgYFjDntiYE +TV4PJDETPvL41SvKOCCQlxyupckFmJ2/2XwFvDEjuPOyBrgEkOweQrqHHgYr7qhs +a3E8nIbUhOYQuBsi4zWjqgLb7y/WyXdnoKmsIFZylw69LcAP/ioVBB+KXwivlNzX +hhftBF6Etl/1dlSw2kfQ0H2iXvDye12HAI6VXet7urhHTsxnIinkzlzwIIqBE8Wn +gUrIqpak+59SFFJon0tFEyrea+gLBei+8FN+seQrw+G6f2VxAoIBAQDE0wScjUEw +c3m+R/Ur8I9dYemDGV89y0Nb5jgvL0psmF6g8h1Male0Rbir7IRtMOLR8VWQ2Co5 +5liANXO+2+trahYCnF5wKzCwl3Mj5TX2T90q5JOWIVeu2/e14VIwP0HMuw+6Bu22 +omWPr7wrnpyEHJ9gNG0mdM/RG+voUsVxwNI8TTwE4VvS0Xc7+7uMlHDruzvTd98c +ILGL95IQZiylTvtteX/OZrNcHyH6bnRiqHek3HwP2mUfH5zOh8l3vePIuDOlZ8NN +inZ27Uk2bqeo/OpBMg01Z4tO6G0akdZJ5+hYAKxYYGrZfAm6QM2iLWul9bG5ptnL +4anQHGSBFssBAoIBAQDJhmI3svBI3Wf8oU0OcUBlsIip78xWUboHkegcn5oreO3j +5uKnfj50rhUNRyocKwNGGvDnyQa9FjOV/2glPQH3hxZFkHTue5GMBVJGBppyIEmn +OjFDipaCX+LvruPqc8D5r0GuigjAqtZaRkxEQyskCXvwVNycl/g71MyD+/4MKJdT +VQCOF3+9QIaJMsj9Odrego7Yo0qhUmZEVcfB8bkm+XU8tpRYmagPTOcZq/yeiRZ+ +qglyBF5LOzY8aXDjxzlKwOcjeyAuvryO9D0SC0K+cQDlYi5rsk7Zybk4S4etJKkA +KO0GzOJcl+eDbxfXSHDKd+vjdWtRh/dk7laeknbhAoIBAQCgLPJ1zOaeXXtYBQtb +BNxHLKVyUTWW/lIE+egDTkMM+TsZU6/QPkK9rHfLQiHLEpukKvhtdd13XSPswpM9 +YY/GzIC5AzQ/qIZpT/cd4Sz3FKtyeq444U2QOebvFz1hkjkkOZ9kzrqphKOOOX+z +J9NMGFcDXebuAuYU0No9KQ8Rsc/lzxznA9dMS7bzE7vfffYfgTIAuG7TXy/eLk2q +FtyCczJeNyBxgla4w4VNXpJMr7kea2hzJlJg78MWuJ6WWeyDrpQpKbZg5iveQODx +8T90YM7q26awLWHLh48yrjhr0NTeuT2Idn6+Gxl3f8FZGAmg97/4y/Y226Dsgg6w +lzIBAoIBAG57UIZo/MvUtGzUPZxtA2fJfxD8a8Ov3nQU3zjJLwJXzr+8zvyZNRxo +xx+9diLuiXChGOuiSCT9umr/JIdsVa0om4L+P0p7WML+T+bPaTqfZ2gcVuB+ZtX7 +JGX3tZ+LzdakQ6LSa4ZFQe2cSc71aavbrY154DjXRb8snAA9ds0D6MtSG+N9aB6Z +ZDVDsS/yI5gEKWqm7PtD4uUhMk5bRaKnGKKVUGCNjOC7CDLFUIMNp4QH1aoYLq2n +B7/FtyPoOL6LCO+BROEccRevXAbr92tw8hC3jhbFKwBM8I1AVuh1u/jXX5d8+DeM +PCFM4yKfsFon3Mml04xyxJStj/fasMc= +-----END PRIVATE KEY----- diff --git a/deployments/k8s/certs/tls.txt b/deployments/k8s/certs/tls.txt new file mode 100644 index 0000000..e3d767e --- /dev/null +++ b/deployments/k8s/certs/tls.txt @@ -0,0 +1,6 @@ +openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=booking-microservices.com" -days 365 +kubectl create secret tls booking-tls --key tls.key --cert tls.crt + +openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=myidentityserver.com" -days 365 +kubectl create secret tls identity-tls --key tls.key --cert tls.crt + diff --git a/deployments/kubernetes/configmap.yml b/deployments/k8s/configmap.yml similarity index 57% rename from deployments/kubernetes/configmap.yml rename to deployments/k8s/configmap.yml index 8df828d..06630c1 100644 --- a/deployments/kubernetes/configmap.yml +++ b/deployments/k8s/configmap.yml @@ -6,4 +6,5 @@ data: appsettings.json: |- { .Files.Get "settings/appsettings.docker.json" - } \ No newline at end of file + } +#ref: https://www.mrjamiebowman.com/software-development/dotnet/kubernetes-configmaps-with-net-core/ \ No newline at end of file diff --git a/deployments/k8s/flight.yml b/deployments/k8s/flight.yml new file mode 100644 index 0000000..f5a342b --- /dev/null +++ b/deployments/k8s/flight.yml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: flight-deployment + labels: + app: flight +spec: + replicas: 1 + selector: + matchLabels: + app: flight + template: + metadata: + labels: + app: flight + spec: + containers: + - image: meysamh66/booking-microservices-flight:v1.5.9 + name: flight + ports: + - containerPort: 80 + env: + - name: "ASPNETCORE_ENVIRONMENT" + value: "docker" + - name: ASPNETCORE_URLS + value: "http://+" + - name: "RabbitMqOptions__HostName" + value: "rabbitmq" + - name: "RabbitMqOptions__ExchangeName" + value: "flight" + - name: "RabbitMqOptions__UserName" + value: "guest" + - name: "RabbitMqOptions__Password" + value: "guest" + - name: "RabbitMqOptions__Port" + value: "5672" + - name: "MongoOptions__ConnectionString" + value: "mongodb://mongo:27017" + - name: "MongoOptions__DatabaseName" + value: "flight-db" + - name: "Jwt__Authority" + value: "http://127.0.0.1:13872" + - name: "Jwt__Audience" + value: "flight-api" + - name: "Jwt__RequireHttpsMetadata" + value: "false" + # - name: "HealthOptions__Enabled" + # value: "true" + volumeMounts: + - name: appsettings-volume + mountPath: /app/Settings + volumes: + - name: appsettings-volume + configMap: + name: appsettings +--- +apiVersion: v1 +kind: Service +metadata: + name: flight-service +spec: + selector: + app: flight + ports: + - name: http + protocol: TCP + port: 80 + # targetPort: 80 + nodePort: 30444 + type: NodePort \ No newline at end of file diff --git a/deployments/kubernetes/identity.yml b/deployments/k8s/identity.yml similarity index 87% rename from deployments/kubernetes/identity.yml rename to deployments/k8s/identity.yml index 1df0e76..ad6a293 100644 --- a/deployments/kubernetes/identity.yml +++ b/deployments/k8s/identity.yml @@ -15,7 +15,7 @@ spec: app: identity spec: containers: - - image: meysamh66/booking-microservices-identity:v1.5.8 + - image: meysamh66/booking-microservices-identity:v1.5.9 name: identity ports: - containerPort: 80 @@ -41,6 +41,8 @@ spec: app: identity ports: - name: http + protocol: TCP port: 80 targetPort: 80 - type: ClusterIP \ No newline at end of file + nodePort: 30443 + type: NodePort \ No newline at end of file diff --git a/deployments/kubernetes/infrastructure.yml b/deployments/k8s/infrastructure.yml similarity index 92% rename from deployments/kubernetes/infrastructure.yml rename to deployments/k8s/infrastructure.yml index 580708f..59310b7 100644 --- a/deployments/kubernetes/infrastructure.yml +++ b/deployments/k8s/infrastructure.yml @@ -24,8 +24,8 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert - kompose.version: 1.28.0 (c4137012e) + kompose.cmd: kompose convert -f infrastracture.yaml + kompose.version: 1.26.0 (40646f47) creationTimestamp: null labels: io.kompose.service: elasticsearch @@ -40,8 +40,8 @@ spec: template: metadata: annotations: - kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert - kompose.version: 1.28.0 (c4137012e) + kompose.cmd: kompose convert -f infrastracture.yaml + kompose.version: 1.26.0 (40646f47) creationTimestamp: null labels: io.kompose.network/booking: "true" @@ -76,8 +76,8 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert - kompose.version: 1.28.0 (c4137012e) + kompose.cmd: kompose convert -f infrastracture.yaml + kompose.version: 1.26.0 (40646f47) creationTimestamp: null labels: io.kompose.service: elasticsearch @@ -114,8 +114,8 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert - kompose.version: 1.28.0 (c4137012e) + kompose.cmd: kompose convert -f infrastracture.yaml + kompose.version: 1.26.0 (40646f47) creationTimestamp: null labels: io.kompose.service: kibana @@ -129,8 +129,8 @@ spec: template: metadata: annotations: - kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert - kompose.version: 1.28.0 (c4137012e) + kompose.cmd: kompose convert -f infrastracture.yaml + kompose.version: 1.26.0 (40646f47) creationTimestamp: null labels: io.kompose.network/booking: "true" @@ -139,7 +139,7 @@ spec: containers: - env: - name: ELASTICSEARCH_URL - value: http://localhost:9200 + value: elasticsearch:9200 image: kibana:7.17.9 name: kibana ports: @@ -152,8 +152,8 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert - kompose.version: 1.28.0 (c4137012e) + kompose.cmd: kompose convert -f infrastracture.yaml + kompose.version: 1.26.0 (40646f47) creationTimestamp: null labels: io.kompose.service: kibana diff --git a/deployments/k8s/ingress.yml b/deployments/k8s/ingress.yml new file mode 100644 index 0000000..782e975 --- /dev/null +++ b/deployments/k8s/ingress.yml @@ -0,0 +1,57 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: booking-microservies + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-buffers: "4 256k" + nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k" + nginx.ingress.kubernetes.io/client-header-buffer-size: "64k" + nginx.ingress.kubernetes.io/http2-max-field-size: "16k" + nginx.ingress.kubernetes.io/http2-max-header-size: "128k" + nginx.ingress.kubernetes.io/large-client-header-buffers: "8 64k" +spec: + ingressClassName: nginx + # tls: + # - hosts: + # - myidentityserver.com + # secretName: identity-tls + # - hosts: + # - booking-microservices.com + # secretName: booking-tls + rules: + # - host: myidentityserver.com + # http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: identity-service + # port: + # number: 80 + - host: booking-microservices.com + http: + paths: + - path: /flight + pathType: Prefix + backend: + service: + name: flight-service + port: + number: 80 + - path: /passenger + pathType: Prefix + backend: + service: + name: passenger-service + port: + number: 80 + - path: /booking + pathType: Prefix + backend: + service: + name: booking-service + port: + number: 80 \ No newline at end of file diff --git a/deployments/k8s/ip-address-pool.yml b/deployments/k8s/ip-address-pool.yml new file mode 100644 index 0000000..09a34ad --- /dev/null +++ b/deployments/k8s/ip-address-pool.yml @@ -0,0 +1,9 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: first-pool + namespace: metallb-system +spec: + addresses: + - 192.168.49.220-192.168.49.230 + # renge ip address base on cluster ip \ No newline at end of file diff --git a/deployments/k8s/issuer.yml b/deployments/k8s/issuer.yml new file mode 100644 index 0000000..315c126 --- /dev/null +++ b/deployments/k8s/issuer.yml @@ -0,0 +1,8 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: booking-microservices-issuer + namespace: default +spec: + ca: + secretName: booking-microservices-secret \ No newline at end of file diff --git a/deployments/k8s/l2-advertisement.yml b/deployments/k8s/l2-advertisement.yml new file mode 100644 index 0000000..b6f8c4d --- /dev/null +++ b/deployments/k8s/l2-advertisement.yml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: example + namespace: metallb-system +spec: + ipAddressPools: + - first-pool \ No newline at end of file diff --git a/deployments/kubernetes/passenger.yml b/deployments/k8s/passenger.yml similarity index 95% rename from deployments/kubernetes/passenger.yml rename to deployments/k8s/passenger.yml index 99cac6b..37e78da 100644 --- a/deployments/kubernetes/passenger.yml +++ b/deployments/k8s/passenger.yml @@ -15,7 +15,7 @@ spec: app: passenger spec: containers: - - image: meysamh66/booking-microservices-passenger:v1.5.2 + - image: meysamh66/booking-microservices-passenger:v1.5.7 name: passenger ports: - containerPort: 80 @@ -41,6 +41,7 @@ spec: app: passenger ports: - name: http + protocol: TCP port: 80 targetPort: 80 - type: ClusterIP \ No newline at end of file + type: ClusterIP \ No newline at end of file diff --git a/deployments/k8s/traefik-values.yml b/deployments/k8s/traefik-values.yml new file mode 100644 index 0000000..dbee695 --- /dev/null +++ b/deployments/k8s/traefik-values.yml @@ -0,0 +1,872 @@ +# Default values for Traefik +image: + repository: traefik + # defaults to appVersion + tag: "" + pullPolicy: IfNotPresent + +# +# Configure integration with Traefik Hub +# +hub: + ## Enabling Hub will: + # * enable Traefik Hub integration on Traefik + # * add `traefikhub-tunl` endpoint + # * enable Prometheus metrics with addRoutersLabels + # * enable allowExternalNameServices on KubernetesIngress provider + # * enable allowCrossNamespace on KubernetesCRD provider + # * add an internal (ClusterIP) Service, dedicated for Traefik Hub + enabled: false + ## Default port can be changed + # tunnelPort: 9901 + ## TLS is optional. Insecure is mutually exclusive with any other options + # tls: + # insecure: false + # ca: "/path/to/ca.pem" + # cert: "/path/to/cert.pem" + # key: "/path/to/key.pem" + +# +# Configure the deployment +# +deployment: + enabled: true + # Can be either Deployment or DaemonSet + kind: Deployment + # Number of pods of the deployment (only applies when kind == Deployment) + replicas: 1 + # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) + # revisionHistoryLimit: 1 + # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down + terminationGracePeriodSeconds: 60 + # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available + minReadySeconds: 0 + # Additional deployment annotations (e.g. for jaeger-operator sidecar injection) + annotations: {} + # Additional deployment labels (e.g. for filtering deployment by custom labels) + labels: {} + # Additional pod annotations (e.g. for mesh injection or prometheus scraping) + podAnnotations: {} + # Additional Pod labels (e.g. for filtering Pod by custom labels) + podLabels: {} + # Additional containers (e.g. for metric offloading sidecars) + additionalContainers: [] + # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host + # - name: socat-proxy + # image: alpine/socat:1.0.5 + # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"] + # volumeMounts: + # - name: dsdsocket + # mountPath: /socket + # Additional volumes available for use with initContainers and additionalContainers + additionalVolumes: [] + # - name: dsdsocket + # hostPath: + # path: /var/run/statsd-exporter + # Additional initContainers (e.g. for setting file permission as shown below) + initContainers: [] + # The "volume-permissions" init container is required if you run into permission issues. + # Related issue: https://github.com/traefik/traefik/issues/6825 + # - name: volume-permissions + # image: busybox:1.35 + # command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"] + # volumeMounts: + # - name: data + # mountPath: /data + # Use process namespace sharing + shareProcessNamespace: false + # Custom pod DNS policy. Apply if `hostNetwork: true` + # dnsPolicy: ClusterFirstWithHostNet + # Additional imagePullSecrets + imagePullSecrets: [] + # - name: myRegistryKeySecretName + # Pod lifecycle actions + lifecycle: {} + # preStop: + # exec: + # command: ["/bin/sh", "-c", "sleep 40"] + # postStart: + # httpGet: + # path: /ping + # port: 9000 + # host: localhost + # scheme: HTTP + +# Pod disruption budget +podDisruptionBudget: + enabled: false + # maxUnavailable: 1 + # maxUnavailable: 33% + # minAvailable: 0 + # minAvailable: 25% + +# Create a default IngressClass for Traefik +ingressClass: + enabled: true + isDefaultClass: true + +# Enable experimental features +experimental: + v3: + enabled: false + plugins: + enabled: false + kubernetesGateway: + enabled: false + gateway: + enabled: true + # certificate: + # group: "core" + # kind: "Secret" + # name: "mysecret" + # By default, Gateway would be created to the Namespace you are deploying Traefik to. + # You may create that Gateway in another namespace, setting its name below: + # namespace: default + # Additional gateway annotations (e.g. for cert-manager.io/issuer) + # annotations: + # cert-manager.io/issuer: letsencrypt + +# Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} + # The router match rule used for the dashboard ingressRoute + matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure). + # By default, it's using traefik entrypoint, which is not exposed. + # /!\ Do not expose your dashboard without any protection over the internet /!\ + entryPoints: ["traefik"] + # Additional ingressRoute middlewares (e.g. for authentication) + middlewares: [] + # TLS options (e.g. secret containing certificate) + tls: {} + +# Customize updateStrategy of traefik pods +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + +# Customize liveness and readiness probe values. +readinessProbe: + failureThreshold: 1 + initialDelaySeconds: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + +livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + +# +# Configure providers +# +providers: + kubernetesCRD: + enabled: true + allowCrossNamespace: false + allowExternalNameServices: false + allowEmptyServices: false + # ingressClass: traefik-internal + # labelSelector: environment=production,method=traefik + namespaces: [] + # - "default" + + kubernetesIngress: + enabled: true + allowExternalNameServices: false + allowEmptyServices: false + # ingressClass: traefik-internal + # labelSelector: environment=production,method=traefik + namespaces: [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: false + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# +# Add volumes to the traefik pod. The volume name will be passed to tpl. +# This can be used to mount a cert pair or a configmap that holds a config.toml file. +# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: +# additionalArguments: +# - "--providers.file.filename=/config/dynamic.toml" +# - "--ping" +# - "--ping.entrypoint=web" +volumes: [] +# - name: public-cert +# mountPath: "/certs" +# type: secret +# - name: '{{ printf "%s-configs" .Release.Name }}' +# mountPath: "/config" +# type: configMap + +# Additional volumeMounts to add to the Traefik container +additionalVolumeMounts: [] + # For instance when using a logshipper for access logs + # - name: traefik-logs + # mountPath: /var/log/traefik + +## Logs +## https://docs.traefik.io/observability/logs/ +logs: + ## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the logs use a text format (common), but you can + # also ask for the json format in the format option + # format: json + # By default, the level is set to ERROR. + # Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + access: + # To enable access logs + enabled: false + ## By default, logs are written using the Common Log Format (CLF) on stdout. + ## To write logs in JSON, use json in the format option. + ## If the given format is unsupported, the default (CLF) is used instead. + # format: json + # filePath: "/var/log/traefik/access.log + ## To write the logs in an asynchronous fashion, specify a bufferingSize option. + ## This option represents the number of log lines Traefik will keep in memory before writing + ## them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + ## Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + ## Fields + ## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: {} + ## Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: {} + ## Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + +metrics: + ## Prometheus is enabled by default. + ## It can be disabled by setting "prometheus: null" + prometheus: + ## Entry point used to expose metrics. + entryPoint: metrics + ## Enable metrics on entry points. Default=true + # addEntryPointsLabels: false + ## Enable metrics on routers. Default=false + # addRoutersLabels: true + ## Enable metrics on services. Default=true + # addServicesLabels: false + ## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0" + # buckets: "0.5,1.0,2.5" + ## When manualRouting is true, it disables the default internal router in + ## order to allow creating a custom router for prometheus@internal service. + # manualRouting: true +# datadog: +# ## Address instructs exporter to send metrics to datadog-agent at this address. +# address: "127.0.0.1:8125" +# ## The interval used by the exporter to push metrics to datadog-agent. Default=10s +# # pushInterval: 30s +# ## The prefix to use for metrics collection. Default="traefik" +# # prefix: traefik +# ## Enable metrics on entry points. Default=true +# # addEntryPointsLabels: false +# ## Enable metrics on routers. Default=false +# # addRoutersLabels: true +# ## Enable metrics on services. Default=true +# # addServicesLabels: false +# influxdb: +# ## Address instructs exporter to send metrics to influxdb at this address. +# address: localhost:8089 +# ## InfluxDB's address protocol (udp or http). Default="udp" +# protocol: udp +# ## InfluxDB database used when protocol is http. Default="" +# # database: "" +# ## InfluxDB retention policy used when protocol is http. Default="" +# # retentionPolicy: "" +# ## InfluxDB username (only with http). Default="" +# # username: "" +# ## InfluxDB password (only with http). Default="" +# # password: "" +# ## The interval used by the exporter to push metrics to influxdb. Default=10s +# # pushInterval: 30s +# ## Additional labels (influxdb tags) on all metrics. +# # additionalLabels: +# # env: production +# # foo: bar +# ## Enable metrics on entry points. Default=true +# # addEntryPointsLabels: false +# ## Enable metrics on routers. Default=false +# # addRoutersLabels: true +# ## Enable metrics on services. Default=true +# # addServicesLabels: false +# influxdb2: +# ## Address instructs exporter to send metrics to influxdb v2 at this address. +# address: localhost:8086 +# ## Token with which to connect to InfluxDB v2. +# token: xxx +# ## Organisation where metrics will be stored. +# org: "" +# ## Bucket where metrics will be stored. +# bucket: "" +# ## The interval used by the exporter to push metrics to influxdb. Default=10s +# # pushInterval: 30s +# ## Additional labels (influxdb tags) on all metrics. +# # additionalLabels: +# # env: production +# # foo: bar +# ## Enable metrics on entry points. Default=true +# # addEntryPointsLabels: false +# ## Enable metrics on routers. Default=false +# # addRoutersLabels: true +# ## Enable metrics on services. Default=true +# # addServicesLabels: false +# statsd: +# ## Address instructs exporter to send metrics to statsd at this address. +# address: localhost:8125 +# ## The interval used by the exporter to push metrics to influxdb. Default=10s +# # pushInterval: 30s +# ## The prefix to use for metrics collection. Default="traefik" +# # prefix: traefik +# ## Enable metrics on entry points. Default=true +# # addEntryPointsLabels: false +# ## Enable metrics on routers. Default=false +# # addRoutersLabels: true +# ## Enable metrics on services. Default=true +# # addServicesLabels: false +# openTelemetry: +# ## Address of the OpenTelemetry Collector to send metrics to. +# address: "localhost:4318" +# ## Enable metrics on entry points. +# addEntryPointsLabels: true +# ## Enable metrics on routers. +# addRoutersLabels: true +# ## Enable metrics on services. +# addServicesLabels: true +# ## Explicit boundaries for Histogram data points. +# explicitBoundaries: +# - "0.1" +# - "0.3" +# - "1.2" +# - "5.0" +# ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. +# headers: +# foo: bar +# test: test +# ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. +# insecure: true +# ## Interval at which metrics are sent to the OpenTelemetry Collector. +# pushInterval: 10s +# ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport. +# path: /foo/v1/traces +# ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. +# tls: +# ## The path to the certificate authority, it defaults to the system bundle. +# ca: path/to/ca.crt +# ## The path to the public certificate. When using this option, setting the key option is required. +# cert: path/to/foo.cert +# ## The path to the private key. When using this option, setting the cert option is required. +# key: path/to/key.key +# ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. +# insecureSkipVerify: true +# ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. +# grpc: true + +## +## enable optional CRDs for Prometheus Operator +## + ## Create a dedicated metrics service for use with ServiceMonitor + ## When hub.enabled is set to true, it's not needed: it will use hub service. + # service: + # enabled: false + # labels: {} + # annotations: {} + ## When set to true, it won't check if Prometheus Operator CRDs are deployed + # disableAPICheck: false + # serviceMonitor: + # metricRelabelings: [] + # - sourceLabels: [__name__] + # separator: ; + # regex: ^fluentd_output_status_buffer_(oldest|newest)_.+ + # replacement: $1 + # action: drop + # relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + # jobLabel: traefik + # interval: 30s + # honorLabels: true + # # (Optional) + # # scrapeTimeout: 5s + # # honorTimestamps: true + # # enableHttp2: true + # # followRedirects: true + # # additionalLabels: + # # foo: bar + # # namespace: "another-namespace" + # # namespaceSelector: {} + # prometheusRule: + # additionalLabels: {} + # namespace: "another-namespace" + # rules: + # - alert: TraefikDown + # expr: up{job="traefik"} == 0 + # for: 5m + # labels: + # context: traefik + # severity: warning + # annotations: + # summary: "Traefik Down" + # description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" + +tracing: {} + # instana: + # localAgentHost: 127.0.0.1 + # localAgentPort: 42699 + # logLevel: info + # enableAutoProfile: true + # datadog: + # localAgentHostPort: 127.0.0.1:8126 + # debug: false + # globalTag: "" + # prioritySampling: false + # jaeger: + # samplingServerURL: http://localhost:5778/sampling + # samplingType: const + # samplingParam: 1.0 + # localAgentHostPort: 127.0.0.1:6831 + # gen128Bit: false + # propagation: jaeger + # traceContextHeaderName: uber-trace-id + # disableAttemptReconnecting: true + # collector: + # endpoint: "" + # user: "" + # password: "" + # zipkin: + # httpEndpoint: http://localhost:9411/api/v2/spans + # sameSpan: false + # id128Bit: true + # sampleRate: 1.0 + # haystack: + # localAgentHost: 127.0.0.1 + # localAgentPort: 35000 + # globalTag: "" + # traceIDHeaderName: "" + # parentIDHeaderName: "" + # spanIDHeaderName: "" + # baggagePrefixHeaderName: "" + # elastic: + # serverURL: http://localhost:8200 + # secretToken: "" + # serviceEnvironment: "" + +globalArguments: + - "--global.checknewversion" + - "--global.sendanonymoususage" + +# +# Configure Traefik static configuration +# Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: [] +# - "--providers.kubernetesingress.ingressclass=traefik-internal" +# - "--log.level=DEBUG" + +# Environment variables to be passed to Traefik's binary +env: [] +# - name: SOME_VAR +# value: some-var-value +# - name: SOME_VAR_FROM_CONFIG_MAP +# valueFrom: +# configMapRef: +# name: configmap-name +# key: config-key +# - name: SOME_SECRET +# valueFrom: +# secretKeyRef: +# name: secret-name +# key: secret-key + +envFrom: [] +# - configMapRef: +# name: config-map-name +# - secretRef: +# name: secret-name + +# Configure ports +ports: + # The name of this one can't be changed as it is used for the readiness and + # liveness probes, but you can adjust its config to your liking + traefik: + port: 9000 + # Use hostPort if set. + # hostPort: 9000 + # + # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which + # means it's listening on all your interfaces and all your IPs. You may want + # to set this value if you need traefik to listen on specific interface + # only. + # hostIP: 192.168.100.10 + + # Override the liveness/readiness port. This is useful to integrate traefik + # with an external Load Balancer that performs healthchecks. + # Default: ports.traefik.port + # healthchecksPort: 9000 + + # Override the liveness/readiness scheme. Useful for getting ping to + # respond on websecure entryPoint. + # healthchecksScheme: HTTPS + + # Defines whether the port is exposed if service.type is LoadBalancer or + # NodePort. + # + # You SHOULD NOT expose the traefik port on production deployments. + # If you want to access it from outside of your cluster, + # use `kubectl port-forward` or create a secure ingress + expose: false + # The exposed port for this service + exposedPort: 9000 + # The port protocol (TCP/UDP) + protocol: TCP + web: + ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint. + # asDefault: true + port: 8000 + # hostPort: 8000 + expose: true + exposedPort: 80 + # The port protocol (TCP/UDP) + protocol: TCP + # Use nodeport if set. This is useful if you have configured Traefik in a + # LoadBalancer. + # nodePort: 32080 + # Port Redirections + # Added in 2.2, you can make permanent redirects via entrypoints. + # https://docs.traefik.io/routing/entrypoints/#redirection + # redirectTo: websecure + # + # Trust forwarded headers information (X-Forwarded-*). + # forwardedHeaders: + # trustedIPs: [] + # insecure: false + # + # Enable the Proxy Protocol header parsing for the entry point + # proxyProtocol: + # trustedIPs: [] + # insecure: false + websecure: + ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint. + # asDefault: true + port: 8443 + # hostPort: 8443 + expose: true + exposedPort: 443 + ## The port protocol (TCP/UDP) + protocol: TCP + # nodePort: 32443 + # + ## Enable HTTP/3 on the entrypoint + ## Enabling it will also enable http3 experimental feature + ## https://doc.traefik.io/traefik/routing/entrypoints/#http3 + ## There are known limitations when trying to listen on same ports for + ## TCP & UDP (Http3). There is a workaround in this chart using dual Service. + ## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741 + http3: + enabled: false + # advertisedPort: 4443 + # + ## Trust forwarded headers information (X-Forwarded-*). + #forwardedHeaders: + # trustedIPs: [] + # insecure: false + # + ## Enable the Proxy Protocol header parsing for the entry point + #proxyProtocol: + # trustedIPs: [] + # insecure: false + # + ## Set TLS at the entrypoint + ## https://doc.traefik.io/traefik/routing/entrypoints/#tls + tls: + enabled: true + # this is the name of a TLSOption definition + options: "" + certResolver: "" + domains: [] + # - main: example.com + # sans: + # - foo.example.com + # - bar.example.com + # + # One can apply Middlewares on an entrypoint + # https://doc.traefik.io/traefik/middlewares/overview/ + # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares + # /!\ It introduces here a link between your static configuration and your dynamic configuration /!\ + # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace + # middlewares: + # - namespace-name1@kubernetescrd + # - namespace-name2@kubernetescrd + middlewares: [] + metrics: + # When using hostNetwork, use another port to avoid conflict with node exporter: + # https://github.com/prometheus/prometheus/wiki/Default-port-allocations + port: 9100 + # hostPort: 9100 + # Defines whether the port is exposed if service.type is LoadBalancer or + # NodePort. + # + # You may not want to expose the metrics port on production deployments. + # If you want to access it from outside of your cluster, + # use `kubectl port-forward` or create a secure ingress + expose: false + # The exposed port for this service + exposedPort: 9100 + # The port protocol (TCP/UDP) + protocol: TCP + +# TLS Options are created as TLSOption CRDs +# https://doc.traefik.io/traefik/https/tls/#tls-options +# Example: +# tlsOptions: +# default: +# sniStrict: true +# preferServerCipherSuites: true +# foobar: +# curvePreferences: +# - CurveP521 +# - CurveP384 +tlsOptions: {} + +# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate +# https://doc.traefik.io/traefik/https/tls/#default-certificate +# Example: +# tlsStore: +# default: +# defaultCertificate: +# secretName: tls-cert +tlsStore: {} + +# Options for the main traefik service, where the entrypoints traffic comes +# from. +service: + enabled: true + ## Single service is using `MixedProtocolLBService` feature gate. + ## When set to false, it will create two Service, one for TCP and one for UDP. + single: true + type: LoadBalancer + # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) + annotations: {} + # Additional annotations for TCP service only + annotationsTCP: {} + # Additional annotations for UDP service only + annotationsUDP: {} + # Additional service labels (e.g. for filtering Service by custom labels) + labels: {} + # Additional entries here will be added to the service spec. + # Cannot contain type, selector or ports entries. + spec: {} + # externalTrafficPolicy: Cluster + # loadBalancerIP: "1.2.3.4" + # clusterIP: "2.3.4.5" + loadBalancerSourceRanges: [] + # - 192.168.0.1/32 + # - 172.16.0.0/16 + externalIPs: [] + # - 1.2.3.4 + ## One of SingleStack, PreferDualStack, or RequireDualStack. + # ipFamilyPolicy: SingleStack + ## List of IP families (e.g. IPv4 and/or IPv6). + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + # ipFamilies: + # - IPv4 + # - IPv6 + ## + ## An additionnal and optional internal Service. + ## Same parameters as external Service + # internal: + # type: ClusterIP + # # labels: {} + # # annotations: {} + # # spec: {} + # # loadBalancerSourceRanges: [] + # # externalIPs: [] + # # ipFamilies: [ "IPv4","IPv6" ] + +## Create HorizontalPodAutoscaler object. +## +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# target: +# type: Utilization +# averageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# target: +# type: Utilization +# averageUtilization: 60 +# behavior: +# scaleDown: +# stabilizationWindowSeconds: 300 +# policies: +# - type: Pods +# value: 1 +# periodSeconds: 60 + +# Enable persistence using Persistent Volume Claims +# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +# It can be used to store TLS certificates, see `storage` in certResolvers +persistence: + enabled: true + name: data +# existingClaim: "" + accessMode: ReadWriteOnce + size: 128Mi + # storageClass: "" + # volumeName: "" + path: /data + annotations: {} + # subPath: "" # only mount a subpath of the Volume into the pod + +certResolvers: {} +# letsencrypt: +# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/ +# email: email@example.com +# dnsChallenge: +# # also add the provider's required configuration under env +# # or expand then from secrets/configmaps with envfrom +# # cf. https://doc.traefik.io/traefik/https/acme/#providers +# provider: digitalocean +# # add futher options for the dns challenge as needed +# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge +# delayBeforeCheck: 30 +# resolvers: +# - 1.1.1.1 +# - 8.8.8.8 +# tlsChallenge: true +# httpChallenge: +# entryPoint: "web" +# # It has to match the path with a persistent volume +# storage: /data/acme.json + +# If hostNetwork is true, runs traefik in the host network namespace +# To prevent unschedulabel pods due to port collisions, if hostNetwork=true +# and replicas>1, a pod anti-affinity is recommended and will be set if the +# affinity is left as default. +hostNetwork: false + +# Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + enabled: true + # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces. + # If set to true, installs Role and RoleBinding. Providers will only watch target namespace. + namespaced: false + # Enable user-facing roles + # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + # aggregateTo: [ "admin" ] + +# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding +podSecurityPolicy: + enabled: false + +# The service account the pods will use to interact with the Kubernetes API +serviceAccount: + # If set, an existing service account is used + # If not set, a service account is created automatically using the fullname template + name: "" + +# Additional serviceAccount annotations (e.g. for oidc authentication) +serviceAccountAnnotations: {} + +resources: {} + # requests: + # cpu: "100m" + # memory: "50Mi" + # limits: + # cpu: "300m" + # memory: "150Mi" + +# This example pod anti-affinity forces the scheduler to put traefik pods +# on nodes where no other traefik pods are scheduled. +# It should be used when hostNetwork: true to prevent port conflicts +affinity: {} +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchLabels: +# app.kubernetes.io/name: '{{ template "traefik.name" . }}' +# app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}' +# topologyKey: kubernetes.io/hostname + +nodeSelector: {} +tolerations: [] +topologySpreadConstraints: [] +# # This example topologySpreadConstraints forces the scheduler to put traefik pods +# # on nodes where no other traefik pods are scheduled. +# - labelSelector: +# matchLabels: +# app: '{{ template "traefik.name" . }}' +# maxSkew: 1 +# topologyKey: kubernetes.io/hostname +# whenUnsatisfiable: DoNotSchedule + +# Pods can have priority. +# Priority indicates the importance of a Pod relative to other Pods. +priorityClassName: "" + +# Set the container security context +# To run the container with ports below 1024 this will need to be adjust to run as root +securityContext: + capabilities: + drop: [ALL] + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + +podSecurityContext: + fsGroup: 65532 + +# +# Extra objects to deploy (value evaluated as a template) +# +# In some cases, it can avoid the need for additional, extended or adhoc deployments. +# See #595 for more details and traefik/tests/values/extra.yaml for example. +extraObjects: [] + +# This will override the default Release Namespace for Helm. +# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules` +# namespaceOverride: traefik +# +## This will override the default app.kubernetes.io/instance label for all Objects. +# instanceLabelOverride: traefik + diff --git a/deployments/kubernetes/flight.yml b/deployments/kubernetes/flight.yml deleted file mode 100644 index 71595df..0000000 --- a/deployments/kubernetes/flight.yml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: flight-deployment - labels: - app: flight -spec: - replicas: 1 - selector: - matchLabels: - app: flight - template: - metadata: - labels: - app: flight - spec: - containers: - - image: meysamh66/booking-microservices-flight:v1.5.8 - name: flight - ports: - - containerPort: 80 - env: - - name: "ASPNETCORE_ENVIRONMENT" - value: "docker" - - name: ASPNETCORE_URLS - value: "http://+" - volumeMounts: - - name: appsettings-volume - mountPath: /app/Settings - volumes: - - name: appsettings-volume - configMap: - name: appsettings ---- -apiVersion: v1 -kind: Service -metadata: - name: flight-service -spec: - selector: - app: flight - ports: - - name: http - port: 80 - targetPort: 80 - type: ClusterIP \ No newline at end of file diff --git a/deployments/kubernetes/ingress.yml b/deployments/kubernetes/ingress.yml deleted file mode 100644 index b451634..0000000 --- a/deployments/kubernetes/ingress.yml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: booking-microservices - namespace: default - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-buffers: "4 256k" - nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k" - nginx.ingress.kubernetes.io/client-header-buffer-size: "64k" - nginx.ingress.kubernetes.io/http2-max-field-size: "16k" - nginx.ingress.kubernetes.io/http2-max-header-size: "128k" - nginx.ingress.kubernetes.io/large-client-header-buffers: "8 64k" -spec: - ingressClassName: nginx - tls: - - hosts: - - myidentityserver.com - - booking-microservices.com - secretName: nginx-tls-secret - rules: - - host: booking-microservices.com - http: - paths: - - path: /flight - pathType: Exact - backend: - service: - name: flight-service - port: - name: http - - path: /passenger - pathType: Exact - backend: - service: - name: passenger-service - port: - name: http - - path: /booking - pathType: Exact - backend: - service: - name: booking-service - port: - name: http - - host: myidentityserver.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: identity-service - port: - name: http - \ No newline at end of file diff --git a/src/BuildingBlocks/MassTransit/Extensions.cs b/src/BuildingBlocks/MassTransit/Extensions.cs index a0c89d2..3e72815 100644 --- a/src/BuildingBlocks/MassTransit/Extensions.cs +++ b/src/BuildingBlocks/MassTransit/Extensions.cs @@ -13,12 +13,6 @@ using Exception; public static class Extensions { - private static bool? _isRunningInContainer; - - private static bool IsRunningInContainer => _isRunningInContainer ??= - bool.TryParse(Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER"), out var inContainer) && - inContainer; - public static IServiceCollection AddCustomMassTransit(this IServiceCollection services, IWebHostEnvironment env, Assembly assembly) { @@ -48,9 +42,8 @@ public static class Extensions { var rabbitMqOptions = services.GetOptions(nameof(RabbitMqOptions)); - var host = IsRunningInContainer ? "rabbitmq" : rabbitMqOptions.HostName; - configurator.Host(host, rabbitMqOptions?.Port ?? 5672, "/", h => + configurator.Host(rabbitMqOptions?.HostName, rabbitMqOptions?.Port ?? 5672, "/", h => { h.Username(rabbitMqOptions?.UserName); h.Password(rabbitMqOptions?.Password); diff --git a/src/Services/Flight/src/Flight.Api/appsettings.docker.json b/src/Services/Flight/src/Flight.Api/appsettings.docker.json index 1a70dc4..68c8c9a 100644 --- a/src/Services/Flight/src/Flight.Api/appsettings.docker.json +++ b/src/Services/Flight/src/Flight.Api/appsettings.docker.json @@ -27,7 +27,7 @@ "Audience": "flight-api", "RequireHttpsMetadata": false }, - "RabbitMq": { + "RabbitMqOptions": { "HostName": "rabbitmq", "ExchangeName": "flight", "UserName": "guest", diff --git a/src/Services/Flight/src/Flight.Api/appsettings.json b/src/Services/Flight/src/Flight.Api/appsettings.json index 85e76f9..64d0cf2 100644 --- a/src/Services/Flight/src/Flight.Api/appsettings.json +++ b/src/Services/Flight/src/Flight.Api/appsettings.json @@ -31,7 +31,7 @@ "Jwt": { "Authority": "https://localhost:5005", "Audience": "flight-api", - "RequireHttpsMetadata": true + "RequireHttpsMetadata": false }, "RabbitMqOptions": { "HostName": "localhost", diff --git a/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs b/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs index 5c13489..0c0d7bf 100644 --- a/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs +++ b/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs @@ -1,8 +1,5 @@ using System; -using System.Collections.Generic; -using System.Reflection; using System.Threading.RateLimiting; -using BuildingBlocks.Caching; using BuildingBlocks.Core; using BuildingBlocks.EFCore; using BuildingBlocks.Exception; @@ -90,6 +87,8 @@ public static class InfrastructureExtensions builder.Services.AddEasyCaching(options => { options.UseInMemory(configuration, "mem"); }); + Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; + return builder; } diff --git a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs index 0ddedd2..6c01631 100644 --- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs +++ b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs @@ -1,6 +1,5 @@ using AutoBogus; using BuildingBlocks.IdsGenerator; -using Flight.Aircrafts.Features.CreateAircraft; using Flight.Aircrafts.Features.CreateAircraft.Commands.V1; namespace Integration.Test.Fakes; diff --git a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs index 54a9e49..d6a0544 100644 --- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs +++ b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs @@ -1,6 +1,5 @@ using AutoBogus; using BuildingBlocks.IdsGenerator; -using Flight.Airports.Features.CreateAirport; using Flight.Airports.Features.CreateAirport.Commands.V1; namespace Integration.Test.Fakes; diff --git a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs deleted file mode 100644 index 7efde6a..0000000 --- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs +++ /dev/null @@ -1,14 +0,0 @@ -using Flight.Flights.Features.CreateFlight.Commands.V1; - -namespace Integration.Test.Fakes; - -public static class FakeFlightCreated -{ - public static global::Flight.Flights.Models.Flight Generate(CreateFlightCommand command) - { - return global::Flight.Flights.Models.Flight.Create(command.Id, command.FlightNumber, - command.AircraftId, command.DepartureAirportId, command.DepartureDate, - command.ArriveDate, command.ArriveAirportId, command.DurationMinutes, - command.FlightDate, command.Status, command.Price); - } -} diff --git a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs deleted file mode 100644 index f546faa..0000000 --- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs +++ /dev/null @@ -1,14 +0,0 @@ -using Flight.Seats.Features.CreateSeat; -using Flight.Seats.Features.CreateSeat.Commands.V1; -using Flight.Seats.Models; - -namespace Integration.Test.Fakes; - -public static class FakeSeatCreated -{ - public static global::Flight.Seats.Models.Seat Generate(CreateSeatCommand command) - { - return global::Flight.Seats.Models.Seat.Create(command.Id, command.SeatNumber, command.Type, command.Class, command.FlightId); - } -} - diff --git a/src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json b/src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json new file mode 100644 index 0000000..747b5f7 --- /dev/null +++ b/src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json @@ -0,0 +1 @@ +{"Version":1,"Id":"DCE5098F8B9D1301447CC90AB1307BB1","Created":"2023-02-21T14:52:03.5423989Z","Algorithm":"RS256","IsX509Certificate":false,"Data":"CfDJ8Pno3caweVxDrMdMtoqjLU-zkq97hfMbqd_a71uRzwCkfuVDrGVJuTHsecFn6xm9QskMBE5i1dNJ4l-EBrrflUZ0_ZiqESp5NGi4Uw7SaU-kijgI8566Ll_A6uy2dYsA6plpZ_1L2KFJuaCwGdMs68NXgZj8-8shIngrOBjTkvNeH0j1BUmvj7iHu1dheRQHBamrlh4L-pdPNAx9lR-yeOWoyJCUSNCviC9P-hLsd9nJzfn77gU4Kc4i8pfDyPf-pN3_IFSMU1T-PiVUwBobxXxEDj8oS5hSUDRVi49n4u5oluz68chky3NhxWjYNyfmjOS8CD0-GsL7VPxApDP8z33pOW8hSwSF-PWsQczitlvFqSf45kGpYBCs8JmwU1yqAgeKKho6tICk1CK4Zad1-0WMok6HMUHixqaB9MfEBWUqdeLjQcwLZo-iJ5LGLzAhL5o7JgtufV_c1RgYPXH1umXdIKD2IK_vWtDUv3Y7GHOiSyYBIJCaBxhVrk9ruztu-BWno4E_U-Jej_t18P7QBwAT9FQsO2lryGOEtG6f-zf_JwwHeJE9CtFxofXzkIKtc5fqliCYTp8JAfgzZ_8MKxLfs-ZD_iZPiLX8clAbFokJ86fqsL2s3EmTGTVxcc2nP7xmYm_5D9R_7QqBZPM5az0vIayvAbkjGFII6P6WyfB1j2nl1BwamMb8EdCuM7FOvD_bnstXETFpYC8oYhJYQNruRhWjY_tv7F1cVPCWD-pX5IARvRgsJEbE_WdgvicWcwLpz0MWu89GrI4qP7WSoLGorlFmss_Ubf5feu7KYbpPrdGVLJbaaipYFTQgxaZ0GB9CjjMe8LPmU_9P-5wbkZ69LDyzIVIEpCuTF1fZr7SWr-C8NIVEvIyCTQoJmaFbvfdejVTxm2eOyolJLTGedHOkuaDg90hBFDtyQ78DVgzihZX3uZ0BwkCkkkiBB1boY3B0IWKDR3OWsG2lDqIn61FcLaAHgAqQF7JdMSmjEIGOVKUAEcnDf7NyVbWjZtPhpMLhmwu3OmPPrIqu-8_2e2RjlRuvXClhNpLyo-H4HipVztSUkP7ujukuZsRwJFj4p-VV2O7lyB7ogocAHF-AEMvw7ywmMPysYY_-_EU3U2vtRYIisKOV_VrsaMujNhMbrZUCq-ZIIsA-8GdLA2dqargOfd4f7jodpAtrBm6a5O8vWyAehdKfGj9i29tgfAQd2VnRqtN0eArruLGuIopP9FcEK_lNmHPjrpDaHZzA7AnfYBJsnOVKRehZSAmZGQUdlXV0rDzmLxgMZSN4P68eTLFCil8RwJFHzdExHk7VWd6xMo1m-EG_BioFcpazqEJYPjwCt9Rx_9_NMuvu1IiTiP_U2GO65dvZh2-iDPMGyTfeFJBuiIHW9fGg2BH5dw6Q9swMNXBmO174dGhQSA9BWTXnDFW3PsKEhFj5avEbV2Tkp4QQAiTkLaRbDSVfFH7NiKImy4Py4l1W52ftVBt5yPUDJi2GHHk-zxhgqBmY2k-duV9eeiNvXklDHySo0dOZShzUTqYmg0tUgdrthytN8TMp6BSAZtO0YFZgELPkeFKoE9Rz_BwazdwK1OphzQ8dvECEVO5nJRil8_6iwvu04aQ_s_fFMmwa2xrft3DY1uGXswukhOcw_he_nnwAfY7ExA__BbLiEc0NNgG8ZDd6hKdiR_RZeY-4FHMl0J59TwSgc2KNnWEqsUHLXN4Y6VC1TA4eVf9zcku4CPNQCMZPFAE7hgYdttLzrRyEPnsfGTWBYt_wVN7EszCbidkGLIvHr3ZNd0Oz49W7KNRZzVydOMila9AytE1tRegU3e3HSoFFqF9Gqr1mKAQ_B4N5UBxYB39ta5cPwVXGHTsvrak3XggzuHOIqsGyLxEYZka2-ykx0gKMCIWqf_w63Mu_IYkSOQT4HQ3yheBchqeUZPqAAZASp00SvWIt_Cirj1O1XKxQyNVWiv-Im_i6xy4V5dl1RQSwmxQYe_7oiPS6dqewVR1WJZsmnptq521SsJLZQffHK-CDtxT69fE218ZIaNOzkDERp6c422B8wqZK5rf1zn6lO1I4MwTjkETMY_jFtFZw3_Yo9zYMLmC2kIzkupXjhrzT1vCWIaU6UYegi72Ikbx9fvmDHV6g9Kiy_KPBR8ECe89Skqz8DklPIhm3tqy5eaQ5iqcyW8Gxyq1K2DN1BMoCAqIya5d-RddpLvRv-W_cTf-DfJOxmGpKlYCcp4d6pel32a2ykGlNQSWJ9_8hk5jcypkosDWN8M8OROkBxLo9qtP0FWLnITuw1aXC-c03ypfeGJeE2HN9vwT3Rxk4i_rlGUXgIDgSk9XfyQghfKXBTpuOvrbf1VoEcsS_E6qaNJmpGpz9Ok7Ks4UDb3DtnadbABdyhZQLGg49QAywXqj4qFdgLBnDmVTHLm8eyIDDeVC0SiD061DhZ7qtzI9U7wYbWpp1oRNTuPZDlypBaZpE","DataProtected":true} \ No newline at end of file diff --git a/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs b/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs index 6a79089..b95b896 100644 --- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs +++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs @@ -26,9 +26,6 @@ using Serilog; namespace Identity.Extensions.Infrastructure; -using Duende.IdentityServer.Extensions; -using Microsoft.AspNetCore.HttpOverrides; - public static class InfrastructureExtensions { public static WebApplicationBuilder AddInfrastructure(this WebApplicationBuilder builder) @@ -81,11 +78,13 @@ public static class InfrastructureExtensions //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2 //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466 - builder.Services.Configure(options => - { - options.ForwardedHeaders = - ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; - }); + // builder.Services.Configure(options => + // { + // options.ForwardedHeaders = + // ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + // }); + + Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; return builder; } @@ -98,7 +97,7 @@ public static class InfrastructureExtensions //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2 //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466 - app.UseForwardedHeaders(); + // app.UseForwardedHeaders(); app.UseProblemDetails(); app.UseSerilogRequestLogging(options => @@ -114,12 +113,12 @@ public static class InfrastructureExtensions app.MapMetrics(); app.MapGet("/", x => x.Response.WriteAsync(appOptions.Name)); - - app.Use((httpContext, next) => - { - httpContext.Request.Scheme = "https"; - return next(); - }); + // + // app.Use((httpContext, next) => + // { + // httpContext.Request.Scheme = "https"; + // return next(); + // }); if (env.IsDevelopment()) {