diff --git a/.github/actions/docker-build-publish/action.yml b/.github/actions/docker-build-publish/action.yml index d26d50d..0a2ac7b 100644 --- a/.github/actions/docker-build-publish/action.yml +++ b/.github/actions/docker-build-publish/action.yml @@ -43,11 +43,11 @@ runs: if: ${{ github.ref == 'refs/heads/main' && success() }} shell: bash run: | - docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.7 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" . + docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:${{ inputs.tag-name }} -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" . - name: Publish Docker Image if: ${{ github.ref == 'refs/heads/main' && success() }} shell: bash run: | - docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.7 + docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:${{ inputs.tag-name }} diff --git a/booking.k8s.rest b/booking.k8s.rest new file mode 100644 index 0000000..962b480 --- /dev/null +++ b/booking.k8s.rest @@ -0,0 +1,256 @@ +# https://github.com/Huachao/vscode-restclient + +@api-gateway=https://booking-microservices.com +@identity-api=https://booking-microservices.com/identity +@flight-api=https://booking-microservices.com/flight +@passenger-api=https://booking-microservices.com/passenger +@booking-api=https://booking-microservices.com/booking + +@contentType = application/json +@flightid = 1 +@passengerId = 1 + +################################# Identity API ################################# + +### +# @name ApiRoot_Identity +GET {{identity-api}} +### + + +### +# @name Authenticate +POST {{api-gateway}}/identity/connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=password +&client_id=client +&client_secret=secret +&username=samh +&password=Admin@123456 +&scope=flight-api +### + + + +### +# @name Register_New_User +POST {{api-gateway}}/identity/api/v1/identity/register-user +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "firstName": "John", + "lastName": "Do", + "username": "admin", + "passportNumber": "412900000000", + "email": "admin@admin.com", + "password": "Admin@12345", + "confirmPassword": "Admin@12345" +} +### + +################################# Flight API ################################# + +### +# @name ApiRoot_Flight +GET {{flight-api}} +### + +### +# @name Create_Seat +Post {{api-gateway}}/flight/api/v1/flight/seat +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "seatNumber": "1255", + "type": 1, + "class": 1, + "flightId": 1 +} +### + + +### +# @name Reserve_Seat +Post {{api-gateway}}/flight/api/v1/flight/reserve-seat +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "flightId": 1, + "seatNumber": "1255" +} +### + + +### +# @name Get_Available_Seats +GET {{api-gateway}}/flight/api/v1/flight/get-available-seats/{{flightid}} +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} +### + + +### +# @name Get_Flight_By_Id +GET {{api-gateway}}/flight/api/v1/flight/{{flightid}} +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} +### + + +### +# @name Get_Available_Flights +GET {{api-gateway}}/flight/api/v1/flight/get-available-flights +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} +### + + +### +# @name Create_Flights +POST {{api-gateway}}/flight/api/v1/flight +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "flightNumber": "12BB", + "aircraftId": 1, + "departureAirportId": 1, + "departureDate": "2022-03-01T14:55:41.255Z", + "arriveDate": "2022-03-01T14:55:41.255Z", + "arriveAirportId": 2, + "durationMinutes": 120, + "flightDate": "2022-03-01T14:55:41.255Z", + "status": 1, + "price": 8000 +} +### + + +### +# @name Update_Flights +PUT {{api-gateway}}/flight/api/v1/flight +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "id": 1, + "flightNumber": "BD467", + "aircraftId": 1, + "departureAirportId": 1, + "departureDate": "2022-04-23T12:17:45.140Z", + "arriveDate": "2022-04-23T12:17:45.140Z", + "arriveAirportId": 2, + "durationMinutes": 120, + "flightDate": "2022-04-23T12:17:45.140Z", + "status": 4, + "isDeleted": false, + "price": 99000 +} +### + + +### +# @name Delete_Flights +DELETE {{api-gateway}}/flight/api/v1/flight/{{flightid}} +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} +### + + +### +# @name Create_Airport +POST {{api-gateway}}/flight/api/v1/flight/airport +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "name": "mehrabad", + "address": "tehran", + "code": "12YD" +} +### + + + +### +# @name Create_Aircraft +POST {{api-gateway}}/flight/api/v1/flight/aircraft +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "name": "airbus2", + "model": "322", + "manufacturingYear": 2012 +} +### + + +################################# Passenger API ################################# + +### +# @name ApiRoot_Passenger +GET {{passenger-api}} +### + + +### +# @name Complete_Registration_Passenger +POST {{api-gateway}}/passenger/api/v1/passenger/complete-registration +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "passportNumber": "412900000000", + "passengerType": 1, + "age": 30 +} +### + + +### +# @name Get_Passenger_By_Id +GET {{api-gateway}}/passenger/api/v1/passenger/{{passengerId}} +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} +### + + +################################# Booking API ################################# + +### +# @name ApiRoot_Booking +GET {{booking-api}} +### + + +### +# @name Create_Booking +POST {{api-gateway}}/booking/api/v1/booking +accept: application/json +Content-Type: application/json +authorization: bearer {{Authenticate.response.body.access_token}} + +{ + "passengerId": 8765596234940416, + "flightId": 1, + "description": "I want to fly to iran" +} +### diff --git a/booking.rest b/booking.rest index 7f5728d..114b377 100644 --- a/booking.rest +++ b/booking.rest @@ -1,8 +1,5 @@ # https://github.com/Huachao/vscode-restclient -// for using kubernetes revers proxy uncomment this gateway -# @api-gateway=https://booking-microservices.com - @api-gateway=https://localhost:5000 @identity-api=http://localhost:6005 @flight-api=https://localhost:5003 diff --git a/deployments/k8s/booking.yml b/deployments/k8s/booking.yml index 6cadfd4..6043e6d 100644 --- a/deployments/k8s/booking.yml +++ b/deployments/k8s/booking.yml @@ -15,7 +15,7 @@ spec: app: booking spec: containers: - - image: meysamh66/booking-microservices-booking:v1.6.6 + - image: meysamh66/booking-microservices-booking:v1.6.7 name: booking ports: - containerPort: 80 diff --git a/deployments/k8s/certs/booking-cert/booking-secret.yml b/deployments/k8s/certs/booking-secret.yml similarity index 100% rename from deployments/k8s/certs/booking-cert/booking-secret.yml rename to deployments/k8s/certs/booking-secret.yml diff --git a/deployments/k8s/certificate.yml b/deployments/k8s/certs/certificate.yml similarity index 100% rename from deployments/k8s/certificate.yml rename to deployments/k8s/certs/certificate.yml diff --git a/deployments/k8s/certs/identity-cert/identity-secret.yml b/deployments/k8s/certs/identity-cert/identity-secret.yml deleted file mode 100644 index ca00e35..0000000 --- a/deployments/k8s/certs/identity-cert/identity-secret.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: identity-tls - namespace: default -type: kubernetes.io/tls -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGSHpDQ0F3ZWdBd0lCQWdJVWJ4K1lESEs0cFlrQkM5d2lsVEJBa05NMFNPVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3SHpFZE1Cc0dBMVVFQXd3VWJYbHBaR1Z1ZEdsMGVYTmxjblpsY2k1amIyMHdIaGNOTWpNd01qSXhNVEUxDQpPRFV3V2hjTk1qUXdNakl4TVRFMU9EVXdXakFmTVIwd0d3WURWUVFEREJSdGVXbGtaVzUwYVhSNWMyVnlkbVZ5DQpMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTHZDWGU2cy9waW50czc1DQpOcUJmeTFyUkZLREc4Ky9qSFZVaTh0VE1XNU1qbHh3SW9WQ004WXVVSk8vTFNjbVNueFZHdXNBTEk5TkJMeXFKDQo4U2dCY0VXQ1h4aDI0VmRpUmk2d05jSzF1TkNwY0t1VVA0bDZQYVhFaHZtU2YycnBScDgrWGxKeWZOTFBodXhUDQpOUy84MWl3UXRoelc0WGFPbEVGYzhxbFd2ODZjbjdoci9QbDhUNGZIVmp5UHNJdHVrOExTSTBPdmUrQUd5L3F3DQpkL1hQcE12dXVSbndRRFBuWHE1NE56djFHMTMyRDh4eitoWko4eTNlTEtUTXF0U2ZEQm9SdWpoQmVjNVp1ckxKDQplYVJEYmlWdU9LMy9oRm9TVGxkaFYxMTViVDFZcTU3QnNhQlNQeXdSUE1JbldOZ1p0QnhtRUgxVTR2aGJKZmtKDQo0TnAvMkFQYzY2WDFTelp1c0s3aEZ4WHBtVTRJYXZiNXAzcDhpVVZEekNPN0U1OURkT2Z6QzNCYXg1YzZPUXZSDQo5d0FkTXlVSmhCaFU0eW9KOXQ1WTljV1BRcU94U25WT3Z1NXFOVHI5UDBBVFdLcE9NVkZZWklib0VCQW9oWmlwDQpKT3FkYWxVSnFqcEp0TzRxeTVaL3orclZPMjRCdzUzMWJ4SkFoanBWYWQxU1NOZm5xdXI0TFZ4V0JyYXFqUU90DQpPT1VPaHEwd2Y0UUdEc3NIM2NOMkJaK2Z4OVJDY0dmOW1kTkdSTDFoK29IalVHYjVaS2dxcWlOZDNZVWlKWlpSDQpIN1VvQmV2eXlLcVFiYmE4NFVXSXRhVHJPT0kxN3JKSWJ3dlZsdjgrUENGWGZPNjdDMENYN243YWwxM040ZkNlDQoyaWYyT01uQ0pJOWI5VXJSZGZxTDkvbG9wZ0J4QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSRzRzTHh2QmxSDQprNmhveXVxdDg0MUE1TTlCVGpBZkJnTlZIU01FR0RBV2dCUkc0c0x4dkJsUms2aG95dXF0ODQxQTVNOUJUakFQDQpCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmVJb0xCaUMvNGxaNnhHYzJnDQpWNG5JM0lmQ2YyY3BWVFhaME5zTjFxL0o4TXZrRnBHNENkeUZlRStoZjdPbmpVVjlIQnlVR2JpRDFoZlJCSmJWDQpaNXAxS1BxQ0ltQXlZcm1KVnU4dllEVlJGcXY0bW5kSUN4ZzBRaGNEbWZTU3NCZXl6UXpDUExTd21HUzd2OVk5DQpTTjFTTUU0cE5jMWdBaU5OTWhKS1NBcnowWTV5TmRsWDNNcTRXTHZrd01iZXN0TjlDRFRaZ2VVTDVuRkxCdFFhDQpaZkY2Z0NBTVI1WktITmNaTEp3ejdZcU5ZT0tUN2s1OHRCSXJMV1FWNWFXWTlPSUVqQ1VNMEtneUVBbzE1dDA5DQpwQmorUWVrK25HOFdxNTRxbnNjSnVyeWxaaWVNdXBDOGdYdUhlL1BMb3ZSQksvUkp5VDF0YTZvb1VHWW00VWRzDQpnWWF4RUpWVVFqNUowZXF4U2JMVHg3UUxNR2xNNGc2V1dOUmVUWE9VOE41OG5SSzBtTVRISVBEQ0ZBeVRMNlpKDQo1ZG5aYjhZN3UySDJvNDRJQlRvdFBiQmYrT3h6dTV2dTl0TzluelN1ZWtWd0EvbDhWRkJibnY3SG9CU1oxMDFUDQpFU0ZUVDBmR0NvNGpkbnhhOC8wcElwelo1M0ZDSG5yZGdjUXd2amJrb2tybzV1L0o3dXdFRHNsaE9hM0FkdlIxDQpMTXhIVFRvR01QaDdCT0RTb2FybWRsR2hReVI3TU1lYWwxUzRHOWZHMmZUczZsYXBrcFJ2d3V0RzMxUWJiNXhrDQpKemNTSXIwTWlheGVGdTcyL2J5aWFDTFEwQ2c5SHQ4THlpZ2VMRFhQMFJjeXVRNXk1bUdVYXY1cnBWRTZiMkRGDQpoU1pUZmdOL3ZzUitJdExueU9EVkt0WWJ1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUXdJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTMHdnZ2twQWdFQUFvSUNBUUM3d2wzdXJQNllwN2JPDQorVGFnWDh0YTBSU2d4dlB2NHgxVkl2TFV6RnVUSTVjY0NLRlFqUEdMbENUdnkwbkprcDhWUnJyQUN5UFRRUzhxDQppZkVvQVhCRmdsOFlkdUZYWWtZdXNEWEN0YmpRcVhDcmxEK0plajJseEliNWtuOXE2VWFmUGw1U2NuelN6NGJzDQpVelV2L05Zc0VMWWMxdUYyanBSQlhQS3BWci9PbkorNGEvejVmRStIeDFZOGo3Q0xicFBDMGlORHIzdmdCc3Y2DQpzSGYxejZUTDdya1o4RUF6NTE2dWVEYzc5UnRkOWcvTWMvb1dTZk10M2l5a3pLclVud3dhRWJvNFFYbk9XYnF5DQp5WG1rUTI0bGJqaXQvNFJhRWs1WFlWZGRlVzA5V0t1ZXdiR2dVajhzRVR6Q0oxallHYlFjWmhCOVZPTDRXeVg1DQpDZURhZjlnRDNPdWw5VXMyYnJDdTRSY1Y2WmxPQ0dyMithZDZmSWxGUTh3anV4T2ZRM1RuOHd0d1dzZVhPamtMDQowZmNBSFRNbENZUVlWT01xQ2ZiZVdQWEZqMEtqc1VwMVRyN3VhalU2L1Q5QUUxaXFUakZSV0dTRzZCQVFLSVdZDQpxU1RxbldwVkNhbzZTYlR1S3N1V2Y4L3ExVHR1QWNPZDlXOFNRSVk2VlduZFVralg1NnJxK0MxY1ZnYTJxbzBEDQpyVGpsRG9hdE1IK0VCZzdMQjkzRGRnV2ZuOGZVUW5Cbi9ablRSa1M5WWZxQjQxQm0rV1NvS3FvalhkMkZJaVdXDQpVUisxS0FYcjhzaXFrRzIydk9GRmlMV2s2emppTmU2eVNHOEwxWmIvUGp3aFYzenV1d3RBbCs1KzJwZGR6ZUh3DQpudG9uOWpqSndpU1BXL1ZLMFhYNmkvZjVhS1lBY1FJREFRQUJBb0lDQUE1OE1FTDVsYXF4UmFreUVNVE9ueUdpDQpmN1RucEdvZFcyWDJERVhlZmpJYnpNeWMzZFVaQ29sNkpGOWJqNVc5ZWdocUxINGtYZDh1YURVZjd6cm00WUo3DQpURnJXMFF1c3lUMVEydFRxc0Jkbyt3aEJwNlV6aVE0QTIyamxwRzdiRUZlNHVBNGtSdno4aGF3MXZ5UzBuTkZKDQplTU5BMEtRVTI5c3ZFSWwvNTh4SXlRbXhTeEwwUkM1MWNuRzVwQ1Vkb3NpazdaT0xOa05TUXVwVU11MEQxL0xqDQp0K1FJWk91Y0xmSEgxSHNMcmREUjZ1WWJESEFyeEZjRmpPd3AzZ1FKUVNYQnVGd2VzUWI2WlN6bDNqeU45ekZzDQpEM05kQXhqdjBKdHRKeEJQRGQ1dHVNL0dvYTE4cXVMN2NYU0pGSkdYYWczRzBmN1pUYWxiWHRLWHNJRXEyNzlPDQpoWFNNVkcxODZVNU9GdThQQ1hITVRSSXp1ZGlnaHRvaExSTXE4ZDAvdTdHSWNzRVNiZGdCKzlhT0hBYU42SUtwDQo0REpYQWtzQ3E0NmVyaGlRWEdnaGpKZUd6YjlONzBJV1I0NVpGZGNpUlhlbnp0djRBOENXeUdyZk1lOWFBMjUyDQpWbmNHa1o2bDVrTFZ3aUVLZU1uK1RYV2ZPQUVnMVNZb3F6RTJYanVSOENvUmJ6aFBRQjVxRlVhZEZYMGwwWlpqDQo1YlcxOHNtcG5xM1h5WlpmSVNIOEFYeGZndzEraFEzVldodENlNU9qQkV0dlNoeDIrR1czTVNmRVQxNXVORTFXDQpQR3A1RFBGNjMzaXZXdDRBMUVUckpkbE5UcnVxbVh2b3hZWGlnUWNjdURRM2YvZnkvcmprRDY1eDRDaEpLc1F4DQpEcmZWMHF6MGV3TmxHbTc0U3dBQkFvSUJBUUQwTmFPdngvNFdNdXNLUFhNU1NycFRtVlMyd1ZROUpmbGw2Y0EwDQpKTG9HTk1hdVBIenJsVzIxamFCcXhXTGhlVkY5R1c3MU9lSmxtdjA2SWZwbUJlS0F4c3grR0lnWUZqRG50aVlFDQpUVjRQSkRFVFB2TDQxU3ZLT0NDUWx4eXVwY2tGbUoyLzJYd0Z2REVqdVBPeUJyZ0VrT3dlUXJxSEhnWXI3cWhzDQphM0U4bkliVWhPWVF1QnNpNHpXanFnTGI3eS9XeVhkbm9LbXNJRlp5bHc2OUxjQVAvaW9WQkIrS1h3aXZsTnpYDQpoaGZ0QkY2RXRsLzFkbFN3MmtmUTBIMmlYdkR5ZTEySEFJNlZYZXQ3dXJoSFRzeG5JaW5remx6d0lJcUJFOFduDQpnVXJJcXBhays1OVNGRkpvbjB0RkV5cmVhK2dMQmVpKzhGTitzZVFydytHNmYyVnhBb0lCQVFERTB3U2NqVUV3DQpjM20rUi9VcjhJOWRZZW1ER1Y4OXkwTmI1amd2TDBwc21GNmc4aDFNYWxlMFJiaXI3SVJ0TU9MUjhWV1EyQ281DQo1bGlBTlhPKzIrdHJhaFlDbkY1d0t6Q3dsM01qNVRYMlQ5MHE1Sk9XSVZldTIvZTE0Vkl3UDBITXV3KzZCdTIyDQpvbVdQcjd3cm5weUVISjlnTkcwbWRNL1JHK3ZvVXNWeHdOSThUVHdFNFZ2UzBYYzcrN3VNbEhEcnV6dlRkOThjDQpJTEdMOTVJUVppeWxUdnR0ZVgvT1pyTmNIeUg2Ym5SaXFIZWszSHdQMm1VZkg1ek9oOGwzdmVQSXVET2xaOE5ODQppbloyN1VrMmJxZW8vT3BCTWcwMVo0dE82RzBha2RaSjUraFlBS3hZWUdyWmZBbTZRTTJpTFd1bDliRzVwdG5MDQo0YW5RSEdTQkZzc0JBb0lCQVFESmhtSTNzdkJJM1dmOG9VME9jVUJsc0lpcDc4eFdVYm9Ia2VnY241b3JlTzNqDQo1dUtuZmo1MHJoVU5SeW9jS3dOR0d2RG55UWE5RmpPVi8yZ2xQUUgzaHhaRmtIVHVlNUdNQlZKR0JwcHlJRW1uDQpPakZEaXBhQ1grTHZydVBxYzhENXIwR3VpZ2pBcXRaYVJreEVReXNrQ1h2d1ZOeWNsL2c3MU15RCsvNE1LSmRUDQpWUUNPRjMrOVFJYUpNc2o5T2RyZWdvN1lvMHFoVW1aRVZjZkI4YmttK1hVOHRwUlltYWdQVE9jWnEveWVpUlorDQpxZ2x5QkY1TE96WThhWERqeHpsS3dPY2pleUF1dnJ5TzlEMFNDMEsrY1FEbFlpNXJzazdaeWJrNFM0ZXRKS2tBDQpLTzBHek9KY2wrZURieGZYU0hES2QrdmpkV3RSaC9kazdsYWVrbmJoQW9JQkFRQ2dMUEoxek9hZVhYdFlCUXRiDQpCTnhITEtWeVVUV1cvbElFK2VnRFRrTU0rVHNaVTYvUVBrSzlySGZMUWlITEVwdWtLdmh0ZGQxM1hTUHN3cE05DQpZWS9HeklDNUF6US9xSVpwVC9jZDRTejNGS3R5ZXE0NDRVMlFPZWJ2RnoxaGtqa2tPWjlrenJxcGhLT09PWCt6DQpKOU5NR0ZjRFhlYnVBdVlVME5vOUtROFJzYy9senh6bkE5ZE1TN2J6RTd2ZmZmWWZnVElBdUc3VFh5L2VMazJxDQpGdHlDY3pKZU55QnhnbGE0dzRWTlhwSk1yN2tlYTJoekpsSmc3OE1XdUo2V1dleURycFFwS2JaZzVpdmVRT0R4DQo4VDkwWU03cTI2YXdMV0hMaDQ4eXJqaHIwTlRldVQySWRuNitHeGwzZjhGWkdBbWc5Ny80eS9ZMjI2RHNnZzZ3DQpseklCQW9JQkFHNTdVSVpvL012VXRHelVQWnh0QTJmSmZ4RDhhOE92M25RVTN6akpMd0pYenIrOHp2eVpOUnhvDQp4eCs5ZGlMdWlYQ2hHT3VpU0NUOXVtci9KSWRzVmEwb200TCtQMHA3V01MK1QrYlBhVHFmWjJnY1Z1QitadFg3DQpKR1gzdForTHpkYWtRNkxTYTRaRlFlMmNTYzcxYWF2YnJZMTU0RGpYUmI4c25BQTlkczBENk10U0crTjlhQjZaDQpaRFZEc1MveUk1Z0VLV3FtN1B0RDR1VWhNazViUmFLbkdLS1ZVR0NOak9DN0NETEZVSU1OcDRRSDFhb1lMcTJuDQpCNy9GdHlQb09MNkxDTytCUk9FY2NSZXZYQWJyOTJ0dzhoQzNqaGJGS3dCTThJMUFWdWgxdS9qWFg1ZDgrRGVNDQpQQ0ZNNHlLZnNGb24zTW1sMDR4eXhKU3RqL2Zhc01jPQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K diff --git a/deployments/k8s/certs/identity-cert/tls.crt b/deployments/k8s/certs/identity-cert/tls.crt deleted file mode 100644 index 0765129..0000000 --- a/deployments/k8s/certs/identity-cert/tls.crt +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFHzCCAwegAwIBAgIUbx+YDHK4pYkBC9wilTBAkNM0SOUwDQYJKoZIhvcNAQEL -BQAwHzEdMBsGA1UEAwwUbXlpZGVudGl0eXNlcnZlci5jb20wHhcNMjMwMjIxMTE1 -ODUwWhcNMjQwMjIxMTE1ODUwWjAfMR0wGwYDVQQDDBRteWlkZW50aXR5c2VydmVy -LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALvCXe6s/pints75 -NqBfy1rRFKDG8+/jHVUi8tTMW5MjlxwIoVCM8YuUJO/LScmSnxVGusALI9NBLyqJ -8SgBcEWCXxh24VdiRi6wNcK1uNCpcKuUP4l6PaXEhvmSf2rpRp8+XlJyfNLPhuxT -NS/81iwQthzW4XaOlEFc8qlWv86cn7hr/Pl8T4fHVjyPsItuk8LSI0Ove+AGy/qw -d/XPpMvuuRnwQDPnXq54Nzv1G132D8xz+hZJ8y3eLKTMqtSfDBoRujhBec5ZurLJ -eaRDbiVuOK3/hFoSTldhV115bT1Yq57BsaBSPywRPMInWNgZtBxmEH1U4vhbJfkJ -4Np/2APc66X1SzZusK7hFxXpmU4Iavb5p3p8iUVDzCO7E59DdOfzC3Bax5c6OQvR -9wAdMyUJhBhU4yoJ9t5Y9cWPQqOxSnVOvu5qNTr9P0ATWKpOMVFYZIboEBAohZip -JOqdalUJqjpJtO4qy5Z/z+rVO24Bw531bxJAhjpVad1SSNfnqur4LVxWBraqjQOt -OOUOhq0wf4QGDssH3cN2BZ+fx9RCcGf9mdNGRL1h+oHjUGb5ZKgqqiNd3YUiJZZR -H7UoBevyyKqQbba84UWItaTrOOI17rJIbwvVlv8+PCFXfO67C0CX7n7al13N4fCe -2if2OMnCJI9b9UrRdfqL9/lopgBxAgMBAAGjUzBRMB0GA1UdDgQWBBRG4sLxvBlR -k6hoyuqt841A5M9BTjAfBgNVHSMEGDAWgBRG4sLxvBlRk6hoyuqt841A5M9BTjAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBeIoLBiC/4lZ6xGc2g -V4nI3IfCf2cpVTXZ0NsN1q/J8MvkFpG4CdyFeE+hf7OnjUV9HByUGbiD1hfRBJbV -Z5p1KPqCImAyYrmJVu8vYDVRFqv4mndICxg0QhcDmfSSsBeyzQzCPLSwmGS7v9Y9 -SN1SME4pNc1gAiNNMhJKSArz0Y5yNdlX3Mq4WLvkwMbestN9CDTZgeUL5nFLBtQa -ZfF6gCAMR5ZKHNcZLJwz7YqNYOKT7k58tBIrLWQV5aWY9OIEjCUM0KgyEAo15t09 -pBj+Qek+nG8Wq54qnscJurylZieMupC8gXuHe/PLovRBK/RJyT1ta6ooUGYm4Uds -gYaxEJVUQj5J0eqxSbLTx7QLMGlM4g6WWNReTXOU8N58nRK0mMTHIPDCFAyTL6ZJ -5dnZb8Y7u2H2o44IBTotPbBf+Oxzu5vu9tO9nzSuekVwA/l8VFBbnv7HoBSZ101T -ESFTT0fGCo4jdnxa8/0pIpzZ53FCHnrdgcQwvjbkokro5u/J7uwEDslhOa3AdvR1 -LMxHTToGMPh7BODSoarmdlGhQyR7MMeal1S4G9fG2fTs6lapkpRvwutG31Qbb5xk -JzcSIr0MiaxeFu72/byiaCLQ0Cg9Ht8LyigeLDXP0RcyuQ5y5mGUav5rpVE6b2DF -hSZTfgN/vsR+ItLnyODVKtYbuw== ------END CERTIFICATE----- diff --git a/deployments/k8s/certs/identity-cert/tls.key b/deployments/k8s/certs/identity-cert/tls.key deleted file mode 100644 index 21e904c..0000000 --- a/deployments/k8s/certs/identity-cert/tls.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7wl3urP6Yp7bO -+TagX8ta0RSgxvPv4x1VIvLUzFuTI5ccCKFQjPGLlCTvy0nJkp8VRrrACyPTQS8q -ifEoAXBFgl8YduFXYkYusDXCtbjQqXCrlD+Jej2lxIb5kn9q6UafPl5ScnzSz4bs -UzUv/NYsELYc1uF2jpRBXPKpVr/OnJ+4a/z5fE+Hx1Y8j7CLbpPC0iNDr3vgBsv6 -sHf1z6TL7rkZ8EAz516ueDc79Rtd9g/Mc/oWSfMt3iykzKrUnwwaEbo4QXnOWbqy -yXmkQ24lbjit/4RaEk5XYVddeW09WKuewbGgUj8sETzCJ1jYGbQcZhB9VOL4WyX5 -CeDaf9gD3Oul9Us2brCu4RcV6ZlOCGr2+ad6fIlFQ8wjuxOfQ3Tn8wtwWseXOjkL -0fcAHTMlCYQYVOMqCfbeWPXFj0KjsUp1Tr7uajU6/T9AE1iqTjFRWGSG6BAQKIWY -qSTqnWpVCao6SbTuKsuWf8/q1TtuAcOd9W8SQIY6VWndUkjX56rq+C1cVga2qo0D -rTjlDoatMH+EBg7LB93DdgWfn8fUQnBn/ZnTRkS9YfqB41Bm+WSoKqojXd2FIiWW -UR+1KAXr8siqkG22vOFFiLWk6zjiNe6ySG8L1Zb/PjwhV3zuuwtAl+5+2pddzeHw -nton9jjJwiSPW/VK0XX6i/f5aKYAcQIDAQABAoICAA58MEL5laqxRakyEMTOnyGi -f7TnpGodW2X2DEXefjIbzMyc3dUZCol6JF9bj5W9eghqLH4kXd8uaDUf7zrm4YJ7 -TFrW0QusyT1Q2tTqsBdo+whBp6UziQ4A22jlpG7bEFe4uA4kRvz8haw1vyS0nNFJ -eMNA0KQU29svEIl/58xIyQmxSxL0RC51cnG5pCUdosik7ZOLNkNSQupUMu0D1/Lj -t+QIZOucLfHH1HsLrdDR6uYbDHArxFcFjOwp3gQJQSXBuFwesQb6ZSzl3jyN9zFs -D3NdAxjv0JttJxBPDd5tuM/Goa18quL7cXSJFJGXag3G0f7ZTalbXtKXsIEq279O -hXSMVG186U5OFu8PCXHMTRIzudightohLRMq8d0/u7GIcsESbdgB+9aOHAaN6IKp -4DJXAksCq46erhiQXGghjJeGzb9N70IWR45ZFdciRXenztv4A8CWyGrfMe9aA252 -VncGkZ6l5kLVwiEKeMn+TXWfOAEg1SYoqzE2XjuR8CoRbzhPQB5qFUadFX0l0ZZj -5bW18smpnq3XyZZfISH8AXxfgw1+hQ3VWhtCe5OjBEtvShx2+GW3MSfET15uNE1W -PGp5DPF633ivWt4A1ETrJdlNTruqmXvoxYXigQccuDQ3f/fy/rjkD65x4ChJKsQx -DrfV0qz0ewNlGm74SwABAoIBAQD0NaOvx/4WMusKPXMSSrpTmVS2wVQ9Jfll6cA0 -JLoGNMauPHzrlW21jaBqxWLheVF9GW71OeJlmv06IfpmBeKAxsx+GIgYFjDntiYE -TV4PJDETPvL41SvKOCCQlxyupckFmJ2/2XwFvDEjuPOyBrgEkOweQrqHHgYr7qhs -a3E8nIbUhOYQuBsi4zWjqgLb7y/WyXdnoKmsIFZylw69LcAP/ioVBB+KXwivlNzX -hhftBF6Etl/1dlSw2kfQ0H2iXvDye12HAI6VXet7urhHTsxnIinkzlzwIIqBE8Wn -gUrIqpak+59SFFJon0tFEyrea+gLBei+8FN+seQrw+G6f2VxAoIBAQDE0wScjUEw -c3m+R/Ur8I9dYemDGV89y0Nb5jgvL0psmF6g8h1Male0Rbir7IRtMOLR8VWQ2Co5 -5liANXO+2+trahYCnF5wKzCwl3Mj5TX2T90q5JOWIVeu2/e14VIwP0HMuw+6Bu22 -omWPr7wrnpyEHJ9gNG0mdM/RG+voUsVxwNI8TTwE4VvS0Xc7+7uMlHDruzvTd98c -ILGL95IQZiylTvtteX/OZrNcHyH6bnRiqHek3HwP2mUfH5zOh8l3vePIuDOlZ8NN -inZ27Uk2bqeo/OpBMg01Z4tO6G0akdZJ5+hYAKxYYGrZfAm6QM2iLWul9bG5ptnL -4anQHGSBFssBAoIBAQDJhmI3svBI3Wf8oU0OcUBlsIip78xWUboHkegcn5oreO3j -5uKnfj50rhUNRyocKwNGGvDnyQa9FjOV/2glPQH3hxZFkHTue5GMBVJGBppyIEmn -OjFDipaCX+LvruPqc8D5r0GuigjAqtZaRkxEQyskCXvwVNycl/g71MyD+/4MKJdT -VQCOF3+9QIaJMsj9Odrego7Yo0qhUmZEVcfB8bkm+XU8tpRYmagPTOcZq/yeiRZ+ -qglyBF5LOzY8aXDjxzlKwOcjeyAuvryO9D0SC0K+cQDlYi5rsk7Zybk4S4etJKkA -KO0GzOJcl+eDbxfXSHDKd+vjdWtRh/dk7laeknbhAoIBAQCgLPJ1zOaeXXtYBQtb -BNxHLKVyUTWW/lIE+egDTkMM+TsZU6/QPkK9rHfLQiHLEpukKvhtdd13XSPswpM9 -YY/GzIC5AzQ/qIZpT/cd4Sz3FKtyeq444U2QOebvFz1hkjkkOZ9kzrqphKOOOX+z -J9NMGFcDXebuAuYU0No9KQ8Rsc/lzxznA9dMS7bzE7vfffYfgTIAuG7TXy/eLk2q -FtyCczJeNyBxgla4w4VNXpJMr7kea2hzJlJg78MWuJ6WWeyDrpQpKbZg5iveQODx -8T90YM7q26awLWHLh48yrjhr0NTeuT2Idn6+Gxl3f8FZGAmg97/4y/Y226Dsgg6w -lzIBAoIBAG57UIZo/MvUtGzUPZxtA2fJfxD8a8Ov3nQU3zjJLwJXzr+8zvyZNRxo -xx+9diLuiXChGOuiSCT9umr/JIdsVa0om4L+P0p7WML+T+bPaTqfZ2gcVuB+ZtX7 -JGX3tZ+LzdakQ6LSa4ZFQe2cSc71aavbrY154DjXRb8snAA9ds0D6MtSG+N9aB6Z -ZDVDsS/yI5gEKWqm7PtD4uUhMk5bRaKnGKKVUGCNjOC7CDLFUIMNp4QH1aoYLq2n -B7/FtyPoOL6LCO+BROEccRevXAbr92tw8hC3jhbFKwBM8I1AVuh1u/jXX5d8+DeM -PCFM4yKfsFon3Mml04xyxJStj/fasMc= ------END PRIVATE KEY----- diff --git a/deployments/k8s/issuer.yml b/deployments/k8s/certs/issuer.yml similarity index 73% rename from deployments/k8s/issuer.yml rename to deployments/k8s/certs/issuer.yml index 315c126..6c1ad2e 100644 --- a/deployments/k8s/issuer.yml +++ b/deployments/k8s/certs/issuer.yml @@ -5,4 +5,4 @@ metadata: namespace: default spec: ca: - secretName: booking-microservices-secret \ No newline at end of file + secretName: booking-tls \ No newline at end of file diff --git a/deployments/k8s/certs/booking-cert/tls.crt b/deployments/k8s/certs/tls.crt similarity index 100% rename from deployments/k8s/certs/booking-cert/tls.crt rename to deployments/k8s/certs/tls.crt diff --git a/deployments/k8s/certs/booking-cert/tls.key b/deployments/k8s/certs/tls.key similarity index 100% rename from deployments/k8s/certs/booking-cert/tls.key rename to deployments/k8s/certs/tls.key diff --git a/deployments/k8s/certs/tls.txt b/deployments/k8s/certs/tls.txt index e3d767e..6320e62 100644 --- a/deployments/k8s/certs/tls.txt +++ b/deployments/k8s/certs/tls.txt @@ -1,6 +1,2 @@ openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=booking-microservices.com" -days 365 kubectl create secret tls booking-tls --key tls.key --cert tls.crt - -openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=myidentityserver.com" -days 365 -kubectl create secret tls identity-tls --key tls.key --cert tls.crt - diff --git a/deployments/k8s/flight.yml b/deployments/k8s/flight.yml index 97332f1..c872a04 100644 --- a/deployments/k8s/flight.yml +++ b/deployments/k8s/flight.yml @@ -15,7 +15,7 @@ spec: app: flight spec: containers: - - image: meysamh66/booking-microservices-flight:v1.6.6 + - image: meysamh66/booking-microservices-flight:v1.6.7 name: flight ports: - containerPort: 80 diff --git a/deployments/k8s/identity.yml b/deployments/k8s/identity.yml index 2599ddb..488fed8 100644 --- a/deployments/k8s/identity.yml +++ b/deployments/k8s/identity.yml @@ -15,7 +15,7 @@ spec: app: identity spec: containers: - - image: meysamh66/booking-microservices-identity:v1.6.6 + - image: meysamh66/booking-microservices-identity:v1.6.7 name: identity ports: - containerPort: 80 diff --git a/deployments/k8s/ingress.yml b/deployments/k8s/ingress.yml index 010a13b..670d9e4 100644 --- a/deployments/k8s/ingress.yml +++ b/deployments/k8s/ingress.yml @@ -14,35 +14,29 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - myidentityserver.com - secretName: identity-tls - hosts: - booking-microservices.com secretName: booking-tls - rules: - - host: myidentityserver.com + rules: + - host: booking-microservices.com http: paths: - - path: / + - path: /identity pathType: Prefix backend: service: - name: identity + name: flight port: - number: 80 - - path: /(.+) + number: 80 + - path: /identity/(.+) pathType: Prefix backend: service: name: identity port: number: 80 - - - host: booking-microservices.com - http: - paths: + - path: /flight pathType: Prefix backend: diff --git a/deployments/k8s/ip-address-pool.yml b/deployments/k8s/ip-address-pool.yml deleted file mode 100644 index 09a34ad..0000000 --- a/deployments/k8s/ip-address-pool.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: first-pool - namespace: metallb-system -spec: - addresses: - - 192.168.49.220-192.168.49.230 - # renge ip address base on cluster ip \ No newline at end of file diff --git a/deployments/k8s/l2-advertisement.yml b/deployments/k8s/l2-advertisement.yml deleted file mode 100644 index b6f8c4d..0000000 --- a/deployments/k8s/l2-advertisement.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: example - namespace: metallb-system -spec: - ipAddressPools: - - first-pool \ No newline at end of file diff --git a/deployments/k8s/passenger.yml b/deployments/k8s/passenger.yml index 6bd912f..6db1d05 100644 --- a/deployments/k8s/passenger.yml +++ b/deployments/k8s/passenger.yml @@ -15,7 +15,7 @@ spec: app: passenger spec: containers: - - image: meysamh66/booking-microservices-passenger:v1.6.6 + - image: meysamh66/booking-microservices-passenger:v1.6.7 name: passenger ports: - containerPort: 80 diff --git a/deployments/k8s/traefik-values.yml b/deployments/k8s/traefik-values.yml deleted file mode 100644 index dbee695..0000000 --- a/deployments/k8s/traefik-values.yml +++ /dev/null @@ -1,872 +0,0 @@ -# Default values for Traefik -image: - repository: traefik - # defaults to appVersion - tag: "" - pullPolicy: IfNotPresent - -# -# Configure integration with Traefik Hub -# -hub: - ## Enabling Hub will: - # * enable Traefik Hub integration on Traefik - # * add `traefikhub-tunl` endpoint - # * enable Prometheus metrics with addRoutersLabels - # * enable allowExternalNameServices on KubernetesIngress provider - # * enable allowCrossNamespace on KubernetesCRD provider - # * add an internal (ClusterIP) Service, dedicated for Traefik Hub - enabled: false - ## Default port can be changed - # tunnelPort: 9901 - ## TLS is optional. Insecure is mutually exclusive with any other options - # tls: - # insecure: false - # ca: "/path/to/ca.pem" - # cert: "/path/to/cert.pem" - # key: "/path/to/key.pem" - -# -# Configure the deployment -# -deployment: - enabled: true - # Can be either Deployment or DaemonSet - kind: Deployment - # Number of pods of the deployment (only applies when kind == Deployment) - replicas: 1 - # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) - # revisionHistoryLimit: 1 - # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down - terminationGracePeriodSeconds: 60 - # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available - minReadySeconds: 0 - # Additional deployment annotations (e.g. for jaeger-operator sidecar injection) - annotations: {} - # Additional deployment labels (e.g. for filtering deployment by custom labels) - labels: {} - # Additional pod annotations (e.g. for mesh injection or prometheus scraping) - podAnnotations: {} - # Additional Pod labels (e.g. for filtering Pod by custom labels) - podLabels: {} - # Additional containers (e.g. for metric offloading sidecars) - additionalContainers: [] - # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host - # - name: socat-proxy - # image: alpine/socat:1.0.5 - # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"] - # volumeMounts: - # - name: dsdsocket - # mountPath: /socket - # Additional volumes available for use with initContainers and additionalContainers - additionalVolumes: [] - # - name: dsdsocket - # hostPath: - # path: /var/run/statsd-exporter - # Additional initContainers (e.g. for setting file permission as shown below) - initContainers: [] - # The "volume-permissions" init container is required if you run into permission issues. - # Related issue: https://github.com/traefik/traefik/issues/6825 - # - name: volume-permissions - # image: busybox:1.35 - # command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"] - # volumeMounts: - # - name: data - # mountPath: /data - # Use process namespace sharing - shareProcessNamespace: false - # Custom pod DNS policy. Apply if `hostNetwork: true` - # dnsPolicy: ClusterFirstWithHostNet - # Additional imagePullSecrets - imagePullSecrets: [] - # - name: myRegistryKeySecretName - # Pod lifecycle actions - lifecycle: {} - # preStop: - # exec: - # command: ["/bin/sh", "-c", "sleep 40"] - # postStart: - # httpGet: - # path: /ping - # port: 9000 - # host: localhost - # scheme: HTTP - -# Pod disruption budget -podDisruptionBudget: - enabled: false - # maxUnavailable: 1 - # maxUnavailable: 33% - # minAvailable: 0 - # minAvailable: 25% - -# Create a default IngressClass for Traefik -ingressClass: - enabled: true - isDefaultClass: true - -# Enable experimental features -experimental: - v3: - enabled: false - plugins: - enabled: false - kubernetesGateway: - enabled: false - gateway: - enabled: true - # certificate: - # group: "core" - # kind: "Secret" - # name: "mysecret" - # By default, Gateway would be created to the Namespace you are deploying Traefik to. - # You may create that Gateway in another namespace, setting its name below: - # namespace: default - # Additional gateway annotations (e.g. for cert-manager.io/issuer) - # annotations: - # cert-manager.io/issuer: letsencrypt - -# Create an IngressRoute for the dashboard -ingressRoute: - dashboard: - enabled: true - # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) - annotations: {} - # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) - labels: {} - # The router match rule used for the dashboard ingressRoute - matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`) - # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure). - # By default, it's using traefik entrypoint, which is not exposed. - # /!\ Do not expose your dashboard without any protection over the internet /!\ - entryPoints: ["traefik"] - # Additional ingressRoute middlewares (e.g. for authentication) - middlewares: [] - # TLS options (e.g. secret containing certificate) - tls: {} - -# Customize updateStrategy of traefik pods -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 - -# Customize liveness and readiness probe values. -readinessProbe: - failureThreshold: 1 - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - -livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - -# -# Configure providers -# -providers: - kubernetesCRD: - enabled: true - allowCrossNamespace: false - allowExternalNameServices: false - allowEmptyServices: false - # ingressClass: traefik-internal - # labelSelector: environment=production,method=traefik - namespaces: [] - # - "default" - - kubernetesIngress: - enabled: true - allowExternalNameServices: false - allowEmptyServices: false - # ingressClass: traefik-internal - # labelSelector: environment=production,method=traefik - namespaces: [] - # - "default" - # IP used for Kubernetes Ingress endpoints - publishedService: - enabled: false - # Published Kubernetes Service to copy status from. Format: namespace/servicename - # By default this Traefik service - # pathOverride: "" - -# -# Add volumes to the traefik pod. The volume name will be passed to tpl. -# This can be used to mount a cert pair or a configmap that holds a config.toml file. -# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: -# additionalArguments: -# - "--providers.file.filename=/config/dynamic.toml" -# - "--ping" -# - "--ping.entrypoint=web" -volumes: [] -# - name: public-cert -# mountPath: "/certs" -# type: secret -# - name: '{{ printf "%s-configs" .Release.Name }}' -# mountPath: "/config" -# type: configMap - -# Additional volumeMounts to add to the Traefik container -additionalVolumeMounts: [] - # For instance when using a logshipper for access logs - # - name: traefik-logs - # mountPath: /var/log/traefik - -## Logs -## https://docs.traefik.io/observability/logs/ -logs: - ## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). - general: - # By default, the logs use a text format (common), but you can - # also ask for the json format in the format option - # format: json - # By default, the level is set to ERROR. - # Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - level: ERROR - access: - # To enable access logs - enabled: false - ## By default, logs are written using the Common Log Format (CLF) on stdout. - ## To write logs in JSON, use json in the format option. - ## If the given format is unsupported, the default (CLF) is used instead. - # format: json - # filePath: "/var/log/traefik/access.log - ## To write the logs in an asynchronous fashion, specify a bufferingSize option. - ## This option represents the number of log lines Traefik will keep in memory before writing - ## them to the selected output. In some cases, this option can greatly help performances. - # bufferingSize: 100 - ## Filtering https://docs.traefik.io/observability/access-logs/#filtering - filters: {} - # statuscodes: "200,300-302" - # retryattempts: true - # minduration: 10ms - ## Fields - ## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers - fields: - general: - defaultmode: keep - names: {} - ## Examples: - # ClientUsername: drop - headers: - defaultmode: drop - names: {} - ## Examples: - # User-Agent: redact - # Authorization: drop - # Content-Type: keep - -metrics: - ## Prometheus is enabled by default. - ## It can be disabled by setting "prometheus: null" - prometheus: - ## Entry point used to expose metrics. - entryPoint: metrics - ## Enable metrics on entry points. Default=true - # addEntryPointsLabels: false - ## Enable metrics on routers. Default=false - # addRoutersLabels: true - ## Enable metrics on services. Default=true - # addServicesLabels: false - ## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0" - # buckets: "0.5,1.0,2.5" - ## When manualRouting is true, it disables the default internal router in - ## order to allow creating a custom router for prometheus@internal service. - # manualRouting: true -# datadog: -# ## Address instructs exporter to send metrics to datadog-agent at this address. -# address: "127.0.0.1:8125" -# ## The interval used by the exporter to push metrics to datadog-agent. Default=10s -# # pushInterval: 30s -# ## The prefix to use for metrics collection. Default="traefik" -# # prefix: traefik -# ## Enable metrics on entry points. Default=true -# # addEntryPointsLabels: false -# ## Enable metrics on routers. Default=false -# # addRoutersLabels: true -# ## Enable metrics on services. Default=true -# # addServicesLabels: false -# influxdb: -# ## Address instructs exporter to send metrics to influxdb at this address. -# address: localhost:8089 -# ## InfluxDB's address protocol (udp or http). Default="udp" -# protocol: udp -# ## InfluxDB database used when protocol is http. Default="" -# # database: "" -# ## InfluxDB retention policy used when protocol is http. Default="" -# # retentionPolicy: "" -# ## InfluxDB username (only with http). Default="" -# # username: "" -# ## InfluxDB password (only with http). Default="" -# # password: "" -# ## The interval used by the exporter to push metrics to influxdb. Default=10s -# # pushInterval: 30s -# ## Additional labels (influxdb tags) on all metrics. -# # additionalLabels: -# # env: production -# # foo: bar -# ## Enable metrics on entry points. Default=true -# # addEntryPointsLabels: false -# ## Enable metrics on routers. Default=false -# # addRoutersLabels: true -# ## Enable metrics on services. Default=true -# # addServicesLabels: false -# influxdb2: -# ## Address instructs exporter to send metrics to influxdb v2 at this address. -# address: localhost:8086 -# ## Token with which to connect to InfluxDB v2. -# token: xxx -# ## Organisation where metrics will be stored. -# org: "" -# ## Bucket where metrics will be stored. -# bucket: "" -# ## The interval used by the exporter to push metrics to influxdb. Default=10s -# # pushInterval: 30s -# ## Additional labels (influxdb tags) on all metrics. -# # additionalLabels: -# # env: production -# # foo: bar -# ## Enable metrics on entry points. Default=true -# # addEntryPointsLabels: false -# ## Enable metrics on routers. Default=false -# # addRoutersLabels: true -# ## Enable metrics on services. Default=true -# # addServicesLabels: false -# statsd: -# ## Address instructs exporter to send metrics to statsd at this address. -# address: localhost:8125 -# ## The interval used by the exporter to push metrics to influxdb. Default=10s -# # pushInterval: 30s -# ## The prefix to use for metrics collection. Default="traefik" -# # prefix: traefik -# ## Enable metrics on entry points. Default=true -# # addEntryPointsLabels: false -# ## Enable metrics on routers. Default=false -# # addRoutersLabels: true -# ## Enable metrics on services. Default=true -# # addServicesLabels: false -# openTelemetry: -# ## Address of the OpenTelemetry Collector to send metrics to. -# address: "localhost:4318" -# ## Enable metrics on entry points. -# addEntryPointsLabels: true -# ## Enable metrics on routers. -# addRoutersLabels: true -# ## Enable metrics on services. -# addServicesLabels: true -# ## Explicit boundaries for Histogram data points. -# explicitBoundaries: -# - "0.1" -# - "0.3" -# - "1.2" -# - "5.0" -# ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. -# headers: -# foo: bar -# test: test -# ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. -# insecure: true -# ## Interval at which metrics are sent to the OpenTelemetry Collector. -# pushInterval: 10s -# ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport. -# path: /foo/v1/traces -# ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. -# tls: -# ## The path to the certificate authority, it defaults to the system bundle. -# ca: path/to/ca.crt -# ## The path to the public certificate. When using this option, setting the key option is required. -# cert: path/to/foo.cert -# ## The path to the private key. When using this option, setting the cert option is required. -# key: path/to/key.key -# ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. -# insecureSkipVerify: true -# ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. -# grpc: true - -## -## enable optional CRDs for Prometheus Operator -## - ## Create a dedicated metrics service for use with ServiceMonitor - ## When hub.enabled is set to true, it's not needed: it will use hub service. - # service: - # enabled: false - # labels: {} - # annotations: {} - ## When set to true, it won't check if Prometheus Operator CRDs are deployed - # disableAPICheck: false - # serviceMonitor: - # metricRelabelings: [] - # - sourceLabels: [__name__] - # separator: ; - # regex: ^fluentd_output_status_buffer_(oldest|newest)_.+ - # replacement: $1 - # action: drop - # relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - # jobLabel: traefik - # interval: 30s - # honorLabels: true - # # (Optional) - # # scrapeTimeout: 5s - # # honorTimestamps: true - # # enableHttp2: true - # # followRedirects: true - # # additionalLabels: - # # foo: bar - # # namespace: "another-namespace" - # # namespaceSelector: {} - # prometheusRule: - # additionalLabels: {} - # namespace: "another-namespace" - # rules: - # - alert: TraefikDown - # expr: up{job="traefik"} == 0 - # for: 5m - # labels: - # context: traefik - # severity: warning - # annotations: - # summary: "Traefik Down" - # description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" - -tracing: {} - # instana: - # localAgentHost: 127.0.0.1 - # localAgentPort: 42699 - # logLevel: info - # enableAutoProfile: true - # datadog: - # localAgentHostPort: 127.0.0.1:8126 - # debug: false - # globalTag: "" - # prioritySampling: false - # jaeger: - # samplingServerURL: http://localhost:5778/sampling - # samplingType: const - # samplingParam: 1.0 - # localAgentHostPort: 127.0.0.1:6831 - # gen128Bit: false - # propagation: jaeger - # traceContextHeaderName: uber-trace-id - # disableAttemptReconnecting: true - # collector: - # endpoint: "" - # user: "" - # password: "" - # zipkin: - # httpEndpoint: http://localhost:9411/api/v2/spans - # sameSpan: false - # id128Bit: true - # sampleRate: 1.0 - # haystack: - # localAgentHost: 127.0.0.1 - # localAgentPort: 35000 - # globalTag: "" - # traceIDHeaderName: "" - # parentIDHeaderName: "" - # spanIDHeaderName: "" - # baggagePrefixHeaderName: "" - # elastic: - # serverURL: http://localhost:8200 - # secretToken: "" - # serviceEnvironment: "" - -globalArguments: - - "--global.checknewversion" - - "--global.sendanonymoususage" - -# -# Configure Traefik static configuration -# Additional arguments to be passed at Traefik's binary -# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ -## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` -additionalArguments: [] -# - "--providers.kubernetesingress.ingressclass=traefik-internal" -# - "--log.level=DEBUG" - -# Environment variables to be passed to Traefik's binary -env: [] -# - name: SOME_VAR -# value: some-var-value -# - name: SOME_VAR_FROM_CONFIG_MAP -# valueFrom: -# configMapRef: -# name: configmap-name -# key: config-key -# - name: SOME_SECRET -# valueFrom: -# secretKeyRef: -# name: secret-name -# key: secret-key - -envFrom: [] -# - configMapRef: -# name: config-map-name -# - secretRef: -# name: secret-name - -# Configure ports -ports: - # The name of this one can't be changed as it is used for the readiness and - # liveness probes, but you can adjust its config to your liking - traefik: - port: 9000 - # Use hostPort if set. - # hostPort: 9000 - # - # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which - # means it's listening on all your interfaces and all your IPs. You may want - # to set this value if you need traefik to listen on specific interface - # only. - # hostIP: 192.168.100.10 - - # Override the liveness/readiness port. This is useful to integrate traefik - # with an external Load Balancer that performs healthchecks. - # Default: ports.traefik.port - # healthchecksPort: 9000 - - # Override the liveness/readiness scheme. Useful for getting ping to - # respond on websecure entryPoint. - # healthchecksScheme: HTTPS - - # Defines whether the port is exposed if service.type is LoadBalancer or - # NodePort. - # - # You SHOULD NOT expose the traefik port on production deployments. - # If you want to access it from outside of your cluster, - # use `kubectl port-forward` or create a secure ingress - expose: false - # The exposed port for this service - exposedPort: 9000 - # The port protocol (TCP/UDP) - protocol: TCP - web: - ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint. - # asDefault: true - port: 8000 - # hostPort: 8000 - expose: true - exposedPort: 80 - # The port protocol (TCP/UDP) - protocol: TCP - # Use nodeport if set. This is useful if you have configured Traefik in a - # LoadBalancer. - # nodePort: 32080 - # Port Redirections - # Added in 2.2, you can make permanent redirects via entrypoints. - # https://docs.traefik.io/routing/entrypoints/#redirection - # redirectTo: websecure - # - # Trust forwarded headers information (X-Forwarded-*). - # forwardedHeaders: - # trustedIPs: [] - # insecure: false - # - # Enable the Proxy Protocol header parsing for the entry point - # proxyProtocol: - # trustedIPs: [] - # insecure: false - websecure: - ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint. - # asDefault: true - port: 8443 - # hostPort: 8443 - expose: true - exposedPort: 443 - ## The port protocol (TCP/UDP) - protocol: TCP - # nodePort: 32443 - # - ## Enable HTTP/3 on the entrypoint - ## Enabling it will also enable http3 experimental feature - ## https://doc.traefik.io/traefik/routing/entrypoints/#http3 - ## There are known limitations when trying to listen on same ports for - ## TCP & UDP (Http3). There is a workaround in this chart using dual Service. - ## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741 - http3: - enabled: false - # advertisedPort: 4443 - # - ## Trust forwarded headers information (X-Forwarded-*). - #forwardedHeaders: - # trustedIPs: [] - # insecure: false - # - ## Enable the Proxy Protocol header parsing for the entry point - #proxyProtocol: - # trustedIPs: [] - # insecure: false - # - ## Set TLS at the entrypoint - ## https://doc.traefik.io/traefik/routing/entrypoints/#tls - tls: - enabled: true - # this is the name of a TLSOption definition - options: "" - certResolver: "" - domains: [] - # - main: example.com - # sans: - # - foo.example.com - # - bar.example.com - # - # One can apply Middlewares on an entrypoint - # https://doc.traefik.io/traefik/middlewares/overview/ - # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares - # /!\ It introduces here a link between your static configuration and your dynamic configuration /!\ - # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace - # middlewares: - # - namespace-name1@kubernetescrd - # - namespace-name2@kubernetescrd - middlewares: [] - metrics: - # When using hostNetwork, use another port to avoid conflict with node exporter: - # https://github.com/prometheus/prometheus/wiki/Default-port-allocations - port: 9100 - # hostPort: 9100 - # Defines whether the port is exposed if service.type is LoadBalancer or - # NodePort. - # - # You may not want to expose the metrics port on production deployments. - # If you want to access it from outside of your cluster, - # use `kubectl port-forward` or create a secure ingress - expose: false - # The exposed port for this service - exposedPort: 9100 - # The port protocol (TCP/UDP) - protocol: TCP - -# TLS Options are created as TLSOption CRDs -# https://doc.traefik.io/traefik/https/tls/#tls-options -# Example: -# tlsOptions: -# default: -# sniStrict: true -# preferServerCipherSuites: true -# foobar: -# curvePreferences: -# - CurveP521 -# - CurveP384 -tlsOptions: {} - -# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate -# https://doc.traefik.io/traefik/https/tls/#default-certificate -# Example: -# tlsStore: -# default: -# defaultCertificate: -# secretName: tls-cert -tlsStore: {} - -# Options for the main traefik service, where the entrypoints traffic comes -# from. -service: - enabled: true - ## Single service is using `MixedProtocolLBService` feature gate. - ## When set to false, it will create two Service, one for TCP and one for UDP. - single: true - type: LoadBalancer - # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) - annotations: {} - # Additional annotations for TCP service only - annotationsTCP: {} - # Additional annotations for UDP service only - annotationsUDP: {} - # Additional service labels (e.g. for filtering Service by custom labels) - labels: {} - # Additional entries here will be added to the service spec. - # Cannot contain type, selector or ports entries. - spec: {} - # externalTrafficPolicy: Cluster - # loadBalancerIP: "1.2.3.4" - # clusterIP: "2.3.4.5" - loadBalancerSourceRanges: [] - # - 192.168.0.1/32 - # - 172.16.0.0/16 - externalIPs: [] - # - 1.2.3.4 - ## One of SingleStack, PreferDualStack, or RequireDualStack. - # ipFamilyPolicy: SingleStack - ## List of IP families (e.g. IPv4 and/or IPv6). - ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - # ipFamilies: - # - IPv4 - # - IPv6 - ## - ## An additionnal and optional internal Service. - ## Same parameters as external Service - # internal: - # type: ClusterIP - # # labels: {} - # # annotations: {} - # # spec: {} - # # loadBalancerSourceRanges: [] - # # externalIPs: [] - # # ipFamilies: [ "IPv4","IPv6" ] - -## Create HorizontalPodAutoscaler object. -## -autoscaling: - enabled: false -# minReplicas: 1 -# maxReplicas: 10 -# metrics: -# - type: Resource -# resource: -# name: cpu -# target: -# type: Utilization -# averageUtilization: 60 -# - type: Resource -# resource: -# name: memory -# target: -# type: Utilization -# averageUtilization: 60 -# behavior: -# scaleDown: -# stabilizationWindowSeconds: 300 -# policies: -# - type: Pods -# value: 1 -# periodSeconds: 60 - -# Enable persistence using Persistent Volume Claims -# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -# It can be used to store TLS certificates, see `storage` in certResolvers -persistence: - enabled: true - name: data -# existingClaim: "" - accessMode: ReadWriteOnce - size: 128Mi - # storageClass: "" - # volumeName: "" - path: /data - annotations: {} - # subPath: "" # only mount a subpath of the Volume into the pod - -certResolvers: {} -# letsencrypt: -# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/ -# email: email@example.com -# dnsChallenge: -# # also add the provider's required configuration under env -# # or expand then from secrets/configmaps with envfrom -# # cf. https://doc.traefik.io/traefik/https/acme/#providers -# provider: digitalocean -# # add futher options for the dns challenge as needed -# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge -# delayBeforeCheck: 30 -# resolvers: -# - 1.1.1.1 -# - 8.8.8.8 -# tlsChallenge: true -# httpChallenge: -# entryPoint: "web" -# # It has to match the path with a persistent volume -# storage: /data/acme.json - -# If hostNetwork is true, runs traefik in the host network namespace -# To prevent unschedulabel pods due to port collisions, if hostNetwork=true -# and replicas>1, a pod anti-affinity is recommended and will be set if the -# affinity is left as default. -hostNetwork: false - -# Whether Role Based Access Control objects like roles and rolebindings should be created -rbac: - enabled: true - # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces. - # If set to true, installs Role and RoleBinding. Providers will only watch target namespace. - namespaced: false - # Enable user-facing roles - # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - # aggregateTo: [ "admin" ] - -# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding -podSecurityPolicy: - enabled: false - -# The service account the pods will use to interact with the Kubernetes API -serviceAccount: - # If set, an existing service account is used - # If not set, a service account is created automatically using the fullname template - name: "" - -# Additional serviceAccount annotations (e.g. for oidc authentication) -serviceAccountAnnotations: {} - -resources: {} - # requests: - # cpu: "100m" - # memory: "50Mi" - # limits: - # cpu: "300m" - # memory: "150Mi" - -# This example pod anti-affinity forces the scheduler to put traefik pods -# on nodes where no other traefik pods are scheduled. -# It should be used when hostNetwork: true to prevent port conflicts -affinity: {} -# podAntiAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# - labelSelector: -# matchLabels: -# app.kubernetes.io/name: '{{ template "traefik.name" . }}' -# app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}' -# topologyKey: kubernetes.io/hostname - -nodeSelector: {} -tolerations: [] -topologySpreadConstraints: [] -# # This example topologySpreadConstraints forces the scheduler to put traefik pods -# # on nodes where no other traefik pods are scheduled. -# - labelSelector: -# matchLabels: -# app: '{{ template "traefik.name" . }}' -# maxSkew: 1 -# topologyKey: kubernetes.io/hostname -# whenUnsatisfiable: DoNotSchedule - -# Pods can have priority. -# Priority indicates the importance of a Pod relative to other Pods. -priorityClassName: "" - -# Set the container security context -# To run the container with ports below 1024 this will need to be adjust to run as root -securityContext: - capabilities: - drop: [ALL] - readOnlyRootFilesystem: true - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - -podSecurityContext: - fsGroup: 65532 - -# -# Extra objects to deploy (value evaluated as a template) -# -# In some cases, it can avoid the need for additional, extended or adhoc deployments. -# See #595 for more details and traefik/tests/values/extra.yaml for example. -extraObjects: [] - -# This will override the default Release Namespace for Helm. -# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules` -# namespaceOverride: traefik -# -## This will override the default app.kubernetes.io/instance label for all Objects. -# instanceLabelOverride: traefik -