Cadoles/bouncer
10
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 5 Wiki Activity

feat: proxy bootstrapping from configuration
All checks were successful
Cadoles/bouncer/pipeline/pr-develop This commit looks good
Details

Browse Source
This commit is contained in:
wpetit
2024-03-26 17:28:38 +01:00
parent 441d3a623e
commit d12ebfc642
27 changed files with 725 additions and 312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
misc/k8s/README.md
View File

@ -4,63 +4,65 @@
1. Generate the Docker configuration to enable image builds with Kaniko and communicate with reg.cadoles.com
```shell
docker login reg.cadoles.com
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
```
```shell
docker login reg.cadoles.com
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
```
## Getting started with Kind
1. Create your [Kind](https://kind.sigs.k8s.io/) cluster
```shell
kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml
```
```shell
kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml
```
2. Deploy required operators
```shell
kubectl apply -k misc/k8s/kind/cluster --server-side
```
```shell
kubectl apply -k misc/k8s/kind/cluster --server-side
```
3. Deploy your Bouncer development environment
```shell
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>
```
```shell
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>
```
## Testing
Bouncer will automatically create proxies based on the files present in the `misc/k8s/kustomization/overlays/dev/files/bouncer/bootstrap.d` folder.
By default, with you host web browser, open http://localhost:9000, you should see the Cadoles website.
### Using the admin API
1. Open shell in bouncer-admin pod
```shell
kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh
```
```shell
kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh
```
2. Create an authentication token
```shell
bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
```
```shell
bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
```
3. Create a proxy and enable it
```shell
bouncer admin proxy create --proxy-to https://www.cadoles.com --proxy-name cadoles
bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true
```
4. With you host web browser, open http://localhost:9000, you should see the Cadoles website.
```shell
bouncer admin proxy query
```
## Benchmarking
You can use [`siege`](https://github.com/JoeDog/siege) to benchmark your instance with the Cadoles proxy.
```shell
BASE_URL=http://localhost:9000 make siege
BASE_URL=http://localhost:9000 make siege
```

28
misc/k8s/kustomization/base/resources/bouncer-admin/files/config.yml
View File

@ -4,19 +4,19 @@ admin:
port: 8081
cors:
allowedOrigins:
- http://localhost:3001
- http://localhost:3001
allowCredentials: true
allowMethods:
- POST
- GET
- PUT
- DELETE
- POST
- GET
- PUT
- DELETE
allowedHeaders:
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
debug: false
auth:
issuer: http://127.0.0.1:8081
@ -28,9 +28,13 @@ admin:
redis:
addresses:
- rfs-bouncer-redis:${RFS_BOUNCER_REDIS_SERVICE_PORT}
- rfs-bouncer-redis:${RFS_BOUNCER_REDIS_SERVICE_PORT}
master: mymaster
logger:
level: 2
level: ${BOUNCER_LOG_LEVEL}
format: human
bootstrap:
dir: /etc/bouncer/bootstrap.d
lockTimeout: 30s

16
misc/k8s/kustomization/base/resources/bouncer-admin/kustomization.yaml
View File

@ -2,11 +2,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./resources/service.yaml
- ./resources/deployment.yaml
- ./resources/service.yaml
- ./resources/deployment.yaml
configMapGenerator:
- name: bouncer-admin-config
files:
- ./files/config.yml
- ./files/admin-key.json
- name: bouncer-admin-config
files:
- ./files/config.yml
- ./files/admin-key.json
- name: bouncer-admin-bootstrap
- name: bouncer-admin-env
literals:
- BOUNCER_LOG_LEVEL=2

43
misc/k8s/kustomization/base/resources/bouncer-admin/resources/deployment.yaml
View File

@ -17,18 +17,35 @@ spec:
io.kompose.service: bouncer-admin
spec:
containers:
- name: bouncer-admin
image: reg.cadoles.com/cadoles/bouncer:v2024.2.5-1602626
command: ["bouncer", "--debug", "-c", "/etc/bouncer/config.yml", "server", "admin", "run"]
imagePullPolicy: Always
resources: {}
ports:
- name: bouncer-admin
containerPort: 8081
volumeMounts:
- mountPath: /etc/bouncer/
name: bouncer-admin-config
image: bouncer
command:
[
"bouncer",
"--debug",
"-c",
"/etc/bouncer/config.yml",
"server",
"admin",
"run",
]
imagePullPolicy: Always
resources: {}
ports:
- name: bouncer-admin
containerPort: 8081
envFrom:
- configMapRef:
name: bouncer-admin-env
volumeMounts:
- mountPath: /etc/bouncer/
name: bouncer-admin-config
- mountPath: /etc/bouncer/bootstrap.d
name: bouncer-admin-bootstrap
volumes:
- name: bouncer-admin-config
configMap:
name: bouncer-admin-config
- name: bouncer-admin-config
configMap:
name: bouncer-admin-config
- name: bouncer-admin-bootstrap
configMap:
name: bouncer-admin-bootstrap

4
misc/k8s/kustomization/base/resources/bouncer-server/files/config.yml
View File

@ -14,9 +14,9 @@ layers:
redis:
addresses:
- rfs-bouncer-redis:${RFS_BOUNCER_REDIS_SERVICE_PORT}
- rfs-bouncer-redis:${RFS_BOUNCER_REDIS_SERVICE_PORT}
master: mymaster
logger:
level: 2
level: ${BOUNCER_LOG_LEVEL}
format: human

13
misc/k8s/kustomization/base/resources/bouncer-server/kustomization.yaml
View File

@ -2,10 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./resources/service.yaml
- ./resources/deployment.yaml
- ./resources/service.yaml
- ./resources/deployment.yaml
configMapGenerator:
- name: bouncer-server-config
files:
- ./files/config.yml
- name: bouncer-server-config
files:
- ./files/config.yml
- name: bouncer-server-env
literals:
- BOUNCER_LOG_LEVEL=2

37
misc/k8s/kustomization/base/resources/bouncer-server/resources/deployment.yaml
View File

@ -17,18 +17,29 @@ spec:
io.kompose.service: bouncer-server
spec:
containers:
- name: bouncer-server
image: reg.cadoles.com/cadoles/bouncer:v2024.2.5-1602626
command: ["bouncer", "-c", "/etc/bouncer/config.yml", "server", "proxy", "run"]
imagePullPolicy: Always
resources: {}
ports:
- name: bouncer-server
containerPort: 8080
volumeMounts:
- mountPath: /etc/bouncer/
name: bouncer-server-config
image: bouncer
command:
[
"bouncer",
"-c",
"/etc/bouncer/config.yml",
"server",
"proxy",
"run",
]
imagePullPolicy: Always
envFrom:
- configMapRef:
name: bouncer-server-env
resources: {}
ports:
- name: bouncer-server
containerPort: 8080
volumeMounts:
- mountPath: /etc/bouncer/
name: bouncer-server-config
volumes:
- name: bouncer-server-config
configMap:
name: bouncer-server-config
- name: bouncer-server-config
configMap:
name: bouncer-server-config

11
misc/k8s/kustomization/overlays/dev/files/bouncer/bootstrap.d/cadoles.yml Normal file
View File

@ -0,0 +1,11 @@
from: ["*"]
to: https://www.cadoles.com
enabled: true
weight: 0
layers:
my-queue:
type: queue
enabled: true
weight: 0
options:
capacity: 10

32
misc/k8s/kustomization/overlays/dev/kustomization.yaml
View File

@ -3,16 +3,30 @@ kind: Kustomization
namespace: bouncer-dev
resources:
- ../../base
- ../../base
secretGenerator:
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson
patches:
- path: patches/add-registry-pull-secret.patch.yaml
target:
kind: Deployment
version: v1
- path: patches/add-registry-pull-secret.patch.yaml
target:
kind: Deployment
version: v1
configMapGenerator:
- name: bouncer-admin-bootstrap
behavior: merge
files:
- ./files/bouncer/bootstrap.d/cadoles.yml
- name: bouncer-admin-env
behavior: merge
literals:
- BOUNCER_LOG_LEVEL=0
- name: bouncer-server-env
behavior: merge
literals:
- BOUNCER_LOG_LEVEL=0

59
misc/packaging/common/config.yml
View File

@ -1,7 +1,7 @@
# Configuration du service "admin"
admin:
http:
# Hôte d'écoute du service,
# Hôte d'écoute du service,
# 0.0.0.0 pour écouter sur toutes les interfaces
host: 127.0.0.1
# Port d'écoute du service
@ -15,19 +15,19 @@ admin:
# est branché sur l'API d'administration.
cors:
allowedOrigins:
- http://localhost:8081
- http://localhost:8081
allowCredentials: true
allowMethods:
- POST
- GET
- PUT
- DELETE
- POST
- GET
- PUT
- DELETE
allowedHeaders:
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
- Origin
- Accept
- Content-Type
- Authorization
- Sentry-Trace
debug: false
# Authentification JWT
@ -71,7 +71,7 @@ admin:
# Configuration du service "proxy"
proxy:
http:
# Hôte d'écoute du service,
# Hôte d'écoute du service,
# 0.0.0.0 pour écouter sur toutes les interfaces
host: 0.0.0.0
# Port d'écoute du service
@ -145,7 +145,7 @@ proxy:
# - Mode "cluster": renseigner plusieurs adresses dans redis.addresses et laisser redis.master vide.
redis:
addresses:
- localhost:6379
- localhost:6379
master: ""
writeTimeout: 30s
readTimeout: 30s
@ -177,3 +177,36 @@ layers:
# Répertoire contenant les templates
templateDir: "/etc/bouncer/layers/circuitbreaker/templates"
# Configuration d'une série de proxy/layers
# à créer par défaut par le serveur d'administration
bootstrap:
# Répertoire contenant les définitions de proxy à créer
# par défaut. Les fichiers seront récupérés si ils
# correspondent au patron de nommage suivant:
#
# <bootstrap_dir>/<proxy_name>.yml
#
# Si l'attribut est vide ou absent le chargement des fichiers
# est désactivé.
dir: /etc/bouncer/bootstrap.d
# Délai d'expiration du verrou distribué utilisé lors du chargement
# des définitions de proxy par défaut.
lockTimeout: 30s
# Tableau associatif de définition de proxies à créer par
# défaut par le serveur d'administration.
# Si `proxies` et `dir` sont tous les deux définis, les fichiers
# présents dans le répertoire `dir` surchargeront les valeurs définies
# dans `proxies`.
# Par défault non défini
proxies:
# my-proxy:
# enabled: true
# from: ["*"]
# to: "https://example.net"
# weight: 0
# layers:
# my-layer:
# type: queue
# enabled: false
# weight: 0
# options: {"capacity": 100}