feat: add multi-nodes docker-compose deployment example
Cadoles/bouncer/pipeline/head This commit looks good Details

This commit is contained in:
wpetit 2023-07-01 11:38:16 -06:00
parent 5a7062d53e
commit 15daddbe13
8 changed files with 170 additions and 4 deletions

View File

@ -3,16 +3,30 @@ FROM golang:1.20 AS BUILD
RUN apt-get update \
&& apt-get install -y make
ARG YQ_VERSION=4.34.1
RUN mkdir -p /usr/local/bin \
&& wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 \
&& chmod +x /usr/local/bin/yq
COPY . /src
WORKDIR /src
RUN make GORELEASER_ARGS='build --rm-dist --single-target --snapshot' goreleaser
FROM busybox:latest AS RUNTIME
# Patch config
RUN /src/dist/bouncer_linux_amd64_v1/bouncer -c '' config dump > /src/dist/bouncer_linux_amd64_v1/config.yml \
&& yq -i '.layers.queue.templateDir = "/usr/share/bouncer/layers/queue/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
&& yq -i '.admin.auth.privateKey = "/etc/bouncer/admin-key.json"' /src/dist/bouncer_linux_amd64_v1/config.yml \
&& yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml
FROM alpine:3.18 AS RUNTIME
ARG DUMB_INIT_VERSION=1.2.5
RUN apk add --no-cache ca-certificates
RUN mkdir -p /usr/local/bin \
&& wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64 \
&& chmod +x /usr/local/bin/dumb-init
@ -23,14 +37,13 @@ RUN mkdir -p /usr/local/bin /usr/share/bouncer/bin /etc/bouncer
COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/bouncer /usr/share/bouncer/bin/bouncer
COPY --from=BUILD /src/layers /usr/share/bouncer/
COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/config.yml /etc/bouncer/config.yml
RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer \
&& /usr/share/bouncer/bin/bouncer -c '' config dump > /etc/bouncer/config.yml
RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer
EXPOSE 8080
EXPOSE 8081
ENV BOUNCER_WORKDIR=/usr/share/bouncer
ENV BOUNCER_CONFIG=/etc/bouncer/config.yml
CMD ["bouncer"]

View File

@ -75,9 +75,11 @@ finish-release:
docker-build:
docker build -t $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) .
docker tag $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) $(DOCKER_IMAGE_NAME):latest
docker-release:
docker push $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)
docker push $(DOCKER_IMAGE_NAME):latest
gitea-release: tools/gitea-release/bin/gitea-release.sh goreleaser
mkdir -p .gitea-release

View File

@ -3,6 +3,9 @@
- [(FR) - Premiers pas](./fr/getting-started.md)
- [(FR) - Architecture générale](./fr/general-architecture.md)
## Exemples
- [(FR) - Exemple de déploiement multi-noeuds](../misc/docker-compose/README.md)
## Référence
- [(FR) - Layers](./fr/references/layers/README.md)

View File

@ -0,0 +1,37 @@
# Exemple de déploiement multi-noeuds avec Docker-Compose
Le répertoire `misc/docker-compose` contient un exemple de déploiement de Bouncer multi-noeuds avec:
- 3 instances du service `bouncer-proxy`;
- 1 instance du service `haproxy` en frontal en charge du load-balancing;
- 1 instance du service `bouncer-admin`;
- 1 serveur Redis.
## Prérequis
- [Docker Compose](https://docs.docker.com/compose/)
## Étapes
1. Se positionner dans le répertoire puis lancer l'environnement avec la commande `docker-compose`:
```bash
cd misc/docker-compose
docker-compose up
```
2. Entrer dans le conteneur `bouncer-admin` puis créer un jeton d'accès:
```bash
docker-compose exec bouncer-admin /bin/sh
bouncer auth create-token --role writer > .bouncer-token
```
3. Créer un proxy via le CLI:
```bash
bouncer admin proxy create --proxy-name myproxy --proxy-to "https://www.cadoles.com/"
bouncer admin proxy update --proxy-name myproxy --proxy-enabled=true
```
4. Via votre navigateur, accéder à l'URL http://127.0.0.1:8080. La page du site Cadoles devrait s'afficher. Dans le log de la commande `docker-compose up` vous devriez voir que les requêtes sont routées à tour de rôle sur les 3 instances de Bouncer en exécution.

View File

@ -0,0 +1 @@
{"d":"JuBw5OsGv3rPgVczxUgtJ6iUQ41LQu4Xpu-t8IKI_z8r-BZBlbndxidPmRlGZASLGL3rhY4qw6_ScFxakrMpCreO1RMU0kqtz--N48BXFnW5tEgr1voyyKP__bPssQNn6PgkoyAd11es7MEKlBff_DtGrcSkVRgU0zDZB-vIU0aNEIZPNw0icbYqc1u_QQNPpBU9cw6P33WHhzvfCVAkZKRszwznhiPM08n1vjpiA7e1kQ8a6OC4IFZBvohkmpmyOq1g1OLRABQ83YPCjGjCAejO-jEWkbLksp6rAl_YYpCvfBAjFV76JuZq4eh5IU82LsSfi3PGYBkhxWuLY779XQ","dp":"gljHOQowGK7fVn2DJizWtgRIDJuKpKnoX2PWNJUbm2WZwcEPZalAkxn7Y-w_reLVJZuRpfKEUMS-Tn3-CwI1ZjCHPqMPTXcoG0Pe2E-Z88jOs9lW4XSOASiiM980VIvkV1xCxDJkN3NsDFQ9j9kRGnKuMnsucCW3AKaU917hXNU","dq":"mqY19JcEBDnzS70_XkAsOKqPzemOScax66b-4N6zrsgeLVlRjHffY9uCAgBWzlxOidRdQN8q23ZJB4fqsKB2w00Iw7Jxx94IoAKGjKDT5iB48Y_kdKLAwSHRTXsqA9GG3po_H_JpP_EqX4TDBYtqQZuBD_tACP9HbLYMi_V2YU8","e":"AQAB","kty":"RSA","n":"sam0X0BGcuFwX8z3Wde8cv2o_zl6A9ghpkT0tCjw8qH3GNWrbAqzncSWdHBzoChBgAbuTOVs-ixYC0KeUhwFdc8Ul-jmKJWFaS8kIr3y4EH62-vLgMuIKfaxbsyUG6KMkJfnftge1jPO4ccddNej9msxcqTxu37dcgstutwtd6QkS9p5RrNbDBc8-Z7SQ4TuxJfP8msXRnCPJ-I44yszGdQF1Np2DXakJHVn8PBrDh3iSFwORw8jxNS4oS0OlBl5aSc0t5XkkaNcSU2a50SKts290w54fl6MPJ1sLnnznLy4uu37-nrfEUvqRLDZL9B1F82RM1dtLIIiN4gnSrMlpQ","p":"wOmFPhAT_wXWzMuwtEdYIer3-CiOWxFKpFL09eEJkJ29MIUchEaoiJaUAghqPxM48llfOVaUaLbFVxmo5U3fyjNMaP-nHMUBwojutykMK-gC2R3J4bQgFWfKbGSL7M7UsextAvpq9iiOuR0LNE-xTfCgPIxHVdPZskO3yx0DkjM","q":"68OGRb0tLRjb_PpkGctcSjEz_vvcyjzxGL-fn4_h4GCw98Xrj6Y4rZ4lfWWRSeDohSvdd-ICSlxvxkQOIOcA0H7jyJcBC0KDs4hX5BRGJNDri3QX0ry4_F1ptAdbfiFgQGqCfMRCr7L60Tfd_6tLczvny7eEBKQNGdj6dLfhgMc","qi":"DFwixyxUDf0REPLLa8hOKieRL95_AH9rbYWzStBOdSjKWra5l0reD6a4bbvAYvl0e8qCcRI6S8Nzpz0BYm4sJL7poVOnjxqvBY3Q9Ppf4Mq8lW39pOCJcqOHIvvYHsMjTC5uwp7Yg2p0GvxuUibbyNL1PXf6WZ_szVP_oSMrCXA"}

View File

@ -0,0 +1,47 @@
admin:
http:
host: 127.0.0.1
port: 8081
cors:
allowedOrigins:
- http://localhost:3001
allowCredentials: true
allowMethods:
- POST
- GET
- PUT
- DELETE
allowedHeaders:
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
debug: false
auth:
issuer: http://127.0.0.1:8081
privateKey: /etc/bouncer/admin-key.json
metrics:
enabled: true
endpoint: /.bouncer/metrics
basicAuth: null
proxy:
http:
host: 0.0.0.0
port: 8080
metrics:
enabled: true
endpoint: /.bouncer/metrics
basicAuth: null
redis:
addresses:
- redis:6379
master: ""
logger:
level: 1
format: human
layers:
queue:
templateDir: /usr/share/bouncer/layers/queue/templates
defaultKeepAlive: 1m0s

View File

@ -0,0 +1,42 @@
version: "2"
services:
haproxy:
image: reg.cadoles.com/proxy_cache/library/haproxy:2.7-alpine
ports:
- 8080:8080
links:
- bouncer-proxy-1
- bouncer-proxy-2
- bouncer-proxy-3
volumes:
- ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
bouncer-admin:
image: reg.cadoles.com/cadoles/bouncer:latest
command: bouncer -c /etc/bouncer/config.yml server admin run
links:
- redis
volumes:
- ./bouncer/config.yml:/etc/bouncer/config.yml
- ./bouncer/admin-key.json:/etc/bouncer/admin-key.json
bouncer-proxy-1: &bouncer-proxy
image: reg.cadoles.com/cadoles/bouncer:latest
command: bouncer -c /etc/bouncer/config.yml server proxy run
links:
- redis
volumes:
- ./bouncer/config.yml:/etc/bouncer/config.yml
- ./bouncer/admin-key.json:/etc/bouncer/admin-key.json
bouncer-proxy-2: *bouncer-proxy
bouncer-proxy-3: *bouncer-proxy
redis:
image: reg.cadoles.com/proxy_cache/library/redis:7-alpine
command: redis-server --save 60 1 --loglevel verbose
volumes:
- redis-data:/data
volumes:
redis-data:

View File

@ -0,0 +1,21 @@
global
maxconn 100
log stdout format raw local0 info
defaults
mode http
timeout client 30s
timeout server 30s
timeout connect 30s
log global
option httplog
frontend proxy
bind *:8080
default_backend bouncer-proxy
backend bouncer-proxy
mode http
server bouncer-proxy-1 bouncer-proxy-1:8080 check
server bouncer-proxy-2 bouncer-proxy-2:8080 check
server bouncer-proxy-3 bouncer-proxy-3:8080 check