Compare commits
14 Commits
30b3fc555a
...
e1d9acb980
Author | SHA1 | Date |
---|---|---|
vfebvre | e1d9acb980 | |
vfebvre | f8be2c08d6 | |
wpetit | bc7422a50c | |
wpetit | 9d32551ec5 | |
wpetit | ded6d179c1 | |
Philippe Caseiro | 6f4ee0ebd1 | |
Philippe Caseiro | 1375c9b317 | |
Philippe Caseiro | 53a0d26a47 | |
Philippe Caseiro | 87354ef0d4 | |
Philippe Caseiro | 8560041598 | |
Philippe Caseiro | 0611cc9f70 | |
wpetit | 734ed64e8e | |
wpetit | c8fc143efa | |
wpetit | f91c14e5d4 |
|
@ -8,3 +8,4 @@
|
||||||
/.bouncer-token
|
/.bouncer-token
|
||||||
/data
|
/data
|
||||||
/out
|
/out
|
||||||
|
.dockerconfigjson
|
||||||
|
|
|
@ -4,7 +4,7 @@ before:
|
||||||
- go mod tidy
|
- go mod tidy
|
||||||
- go generate ./...
|
- go generate ./...
|
||||||
builds:
|
builds:
|
||||||
- id: bouncer
|
- id: bouncer
|
||||||
env:
|
env:
|
||||||
- CGO_ENABLED=0
|
- CGO_ENABLED=0
|
||||||
ldflags:
|
ldflags:
|
||||||
|
@ -26,7 +26,7 @@ builds:
|
||||||
- "386"
|
- "386"
|
||||||
main: ./cmd/bouncer
|
main: ./cmd/bouncer
|
||||||
archives:
|
archives:
|
||||||
- id: bouncer
|
- id: bouncer
|
||||||
builds: ["bouncer"]
|
builds: ["bouncer"]
|
||||||
name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
|
name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
|
||||||
files:
|
files:
|
||||||
|
@ -43,7 +43,7 @@ changelog:
|
||||||
- '^docs:'
|
- '^docs:'
|
||||||
- '^test:'
|
- '^test:'
|
||||||
nfpms:
|
nfpms:
|
||||||
- id: bouncer-bin
|
- id: bouncer-bin
|
||||||
builds:
|
builds:
|
||||||
- "bouncer"
|
- "bouncer"
|
||||||
package_name: bouncer-bin
|
package_name: bouncer-bin
|
||||||
|
@ -56,6 +56,7 @@ nfpms:
|
||||||
- apk
|
- apk
|
||||||
- deb
|
- deb
|
||||||
- rpm
|
- rpm
|
||||||
|
- archlinux
|
||||||
contents:
|
contents:
|
||||||
- src: misc/packaging/common/config.yml
|
- src: misc/packaging/common/config.yml
|
||||||
dst: /etc/bouncer/config.yml
|
dst: /etc/bouncer/config.yml
|
||||||
|
@ -63,7 +64,7 @@ nfpms:
|
||||||
- src: layers
|
- src: layers
|
||||||
dst: /etc/bouncer/layers
|
dst: /etc/bouncer/layers
|
||||||
type: config
|
type: config
|
||||||
- id: bouncer-admin
|
- id: bouncer-admin
|
||||||
meta: true
|
meta: true
|
||||||
package_name: bouncer-admin
|
package_name: bouncer-admin
|
||||||
homepage: https://forge.cadoles.com/Cadoles/bouncer
|
homepage: https://forge.cadoles.com/Cadoles/bouncer
|
||||||
|
@ -77,6 +78,7 @@ nfpms:
|
||||||
- apk
|
- apk
|
||||||
- deb
|
- deb
|
||||||
- rpm
|
- rpm
|
||||||
|
- archlinux
|
||||||
contents:
|
contents:
|
||||||
- src: misc/packaging/systemd/bouncer-admin.systemd.service
|
- src: misc/packaging/systemd/bouncer-admin.systemd.service
|
||||||
dst: /usr/lib/systemd/system/bouncer-admin.service
|
dst: /usr/lib/systemd/system/bouncer-admin.service
|
||||||
|
@ -84,6 +86,9 @@ nfpms:
|
||||||
- src: misc/packaging/systemd/bouncer-admin.systemd.service
|
- src: misc/packaging/systemd/bouncer-admin.systemd.service
|
||||||
dst: /usr/lib/systemd/system/bouncer-admin.service
|
dst: /usr/lib/systemd/system/bouncer-admin.service
|
||||||
packager: rpm
|
packager: rpm
|
||||||
|
- src: misc/packaging/systemd/bouncer-admin.systemd.service
|
||||||
|
dst: /usr/lib/systemd/system/bouncer-admin.service
|
||||||
|
packager: archlinux
|
||||||
- src: misc/packaging/openrc/bouncer-admin.openrc.sh
|
- src: misc/packaging/openrc/bouncer-admin.openrc.sh
|
||||||
dst: /etc/init.d/bouncer-admin
|
dst: /etc/init.d/bouncer-admin
|
||||||
file_info:
|
file_info:
|
||||||
|
@ -100,7 +105,7 @@ nfpms:
|
||||||
packager: apk
|
packager: apk
|
||||||
scripts:
|
scripts:
|
||||||
postinstall: "misc/packaging/common/postinstall-bouncer-admin.sh"
|
postinstall: "misc/packaging/common/postinstall-bouncer-admin.sh"
|
||||||
- id: bouncer-proxy
|
- id: bouncer-proxy
|
||||||
meta: true
|
meta: true
|
||||||
dependencies:
|
dependencies:
|
||||||
- bouncer-bin
|
- bouncer-bin
|
||||||
|
@ -114,6 +119,7 @@ nfpms:
|
||||||
- apk
|
- apk
|
||||||
- deb
|
- deb
|
||||||
- rpm
|
- rpm
|
||||||
|
- archlinux
|
||||||
contents:
|
contents:
|
||||||
- src: misc/packaging/systemd/bouncer-proxy.systemd.service
|
- src: misc/packaging/systemd/bouncer-proxy.systemd.service
|
||||||
dst: /usr/lib/systemd/system/bouncer-proxy.service
|
dst: /usr/lib/systemd/system/bouncer-proxy.service
|
||||||
|
@ -121,6 +127,9 @@ nfpms:
|
||||||
- src: misc/packaging/systemd/bouncer-proxy.systemd.service
|
- src: misc/packaging/systemd/bouncer-proxy.systemd.service
|
||||||
dst: /usr/lib/systemd/system/bouncer-proxy.service
|
dst: /usr/lib/systemd/system/bouncer-proxy.service
|
||||||
packager: rpm
|
packager: rpm
|
||||||
|
- src: misc/packaging/systemd/bouncer-proxy.systemd.service
|
||||||
|
dst: /usr/lib/systemd/system/bouncer-proxy.service
|
||||||
|
packager: archlinux
|
||||||
- src: misc/packaging/openrc/bouncer-proxy.openrc.sh
|
- src: misc/packaging/openrc/bouncer-proxy.openrc.sh
|
||||||
dst: /etc/init.d/bouncer-proxy
|
dst: /etc/init.d/bouncer-proxy
|
||||||
file_info:
|
file_info:
|
||||||
|
|
8
Makefile
8
Makefile
|
@ -16,6 +16,9 @@ GOTEST_ARGS ?= -short
|
||||||
|
|
||||||
OPENWRT_DEVICE ?= 192.168.1.1
|
OPENWRT_DEVICE ?= 192.168.1.1
|
||||||
|
|
||||||
|
SIEGE_URLS_FILE ?= misc/siege/urls.txt
|
||||||
|
SIEGE_CONCURRENCY ?= 100
|
||||||
|
|
||||||
watch: tools/modd/bin/modd deps ## Watching updated files - live reload
|
watch: tools/modd/bin/modd deps ## Watching updated files - live reload
|
||||||
( set -o allexport && source .env && set +o allexport && tools/modd/bin/modd )
|
( set -o allexport && source .env && set +o allexport && tools/modd/bin/modd )
|
||||||
|
|
||||||
|
@ -105,7 +108,10 @@ grafterm: tools/grafterm/bin/grafterm
|
||||||
tools/grafterm/bin/grafterm -c ./misc/grafterm/dashboard.json -v job=bouncer-proxy -r 5s
|
tools/grafterm/bin/grafterm -c ./misc/grafterm/dashboard.json -v job=bouncer-proxy -r 5s
|
||||||
|
|
||||||
siege:
|
siege:
|
||||||
siege -i -c 100 -f ./misc/siege/urls.txt
|
$(eval TMP := $(shell mktemp))
|
||||||
|
cat $(SIEGE_URLS_FILE) | envsubst > $(TMP)
|
||||||
|
siege -i -b -c $(SIEGE_CONCURRENCY) -f $(TMP)
|
||||||
|
rm -rf $(TMP)
|
||||||
|
|
||||||
tools/gitea-release/bin/gitea-release.sh:
|
tools/gitea-release/bin/gitea-release.sh:
|
||||||
mkdir -p tools/gitea-release/bin
|
mkdir -p tools/gitea-release/bin
|
||||||
|
|
|
@ -6,9 +6,11 @@
|
||||||
## Exemples
|
## Exemples
|
||||||
|
|
||||||
- [(FR) - Exemple de déploiement multi-noeuds](../misc/docker-compose/README.md)
|
- [(FR) - Exemple de déploiement multi-noeuds](../misc/docker-compose/README.md)
|
||||||
|
|
||||||
## Référence
|
## Référence
|
||||||
|
|
||||||
- [(FR) - Layers](./fr/references/layers/README.md)
|
- [(FR) - Layers](./fr/references/layers/README.md)
|
||||||
|
- [(FR) - Métriques](./fr/references/metrics.md)
|
||||||
- [(FR) - Fichier de configuration](../misc/packaging/common/config.yml)
|
- [(FR) - Fichier de configuration](../misc/packaging/common/config.yml)
|
||||||
- [(FR) - API d'administration](./fr/references/admin_api.md)
|
- [(FR) - API d'administration](./fr/references/admin_api.md)
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@
|
||||||
5. Tester que le CLI est en capacité d'interroger l'API d'administration
|
5. Tester que le CLI est en capacité d'interroger l'API d'administration
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
bouncer admin query proxy
|
bouncer admin proxy query
|
||||||
```
|
```
|
||||||
|
|
||||||
Un message équivalent à celui ci devrait s'afficher:
|
Un message équivalent à celui ci devrait s'afficher:
|
||||||
|
|
|
@ -32,6 +32,10 @@ Ce layer permet de bloquer l'accès à un site (ou une section de celui ci) cibl
|
||||||
|
|
||||||
Voir le [fichier de configuration de référence](../../../../misc/packaging/common/config.yml), section `layers.circuitbreaker` pour voir les options permettant de personnaliser le chemin du répertoire contenant les templates.
|
Voir le [fichier de configuration de référence](../../../../misc/packaging/common/config.yml), section `layers.circuitbreaker` pour voir les options permettant de personnaliser le chemin du répertoire contenant les templates.
|
||||||
|
|
||||||
### Schéma
|
## Schéma
|
||||||
|
|
||||||
Voir le [schéma JSON](../../../../internal/proxy/director/layer/circuitbreaker/layer-options.json).
|
Voir le [schéma JSON](../../../../internal/proxy/director/layer/circuitbreaker/layer-options.json).
|
||||||
|
|
||||||
|
## Métriques
|
||||||
|
|
||||||
|
_Aucune [métrique Prometheus](../metrics.md) n'est exportée par ce layer._
|
|
@ -30,6 +30,34 @@ Ce layer permet d'ajouter un mécanisme de file d'attente dynamique au proxy ass
|
||||||
|
|
||||||
Par exemple, si vous souhaitez limiter votre file à l'ensemble d'une section "`/blog`" d'un site, vous pouvez déclarer la valeur `["*/blog*"]`. Les autres URLs du site ne seront pas affectées par cette file d'attente.
|
Par exemple, si vous souhaitez limiter votre file à l'ensemble d'une section "`/blog`" d'un site, vous pouvez déclarer la valeur `["*/blog*"]`. Les autres URLs du site ne seront pas affectées par cette file d'attente.
|
||||||
|
|
||||||
### Schéma
|
## Schéma
|
||||||
|
|
||||||
Voir le [schéma JSON](../../../../internal/proxy/director/layer/queue/schema/layer-options.json).
|
Voir le [schéma JSON](../../../../internal/proxy/director/layer/queue/schema/layer-options.json).
|
||||||
|
|
||||||
|
## Métriques
|
||||||
|
|
||||||
|
Les [métriques Prometheus](../metrics.md) suivantes sont exposées par ce layer.
|
||||||
|
|
||||||
|
### `bouncer_layer_queue_capacity{layer=<layerName>,proxy=<proxyName>}`
|
||||||
|
|
||||||
|
- **Type:** `gauge`
|
||||||
|
- **Description**: Capacité maximale de la queue
|
||||||
|
- **Exemple**
|
||||||
|
|
||||||
|
```
|
||||||
|
# HELP bouncer_layer_queue_capacity Bouncer's queue layer capacity
|
||||||
|
# TYPE bouncer_layer_queue_capacity gauge
|
||||||
|
bouncer_layer_queue_capacity{layer="queue",proxy="cadoles"} 2
|
||||||
|
```
|
||||||
|
|
||||||
|
### `bouncer_layer_queue_sessions{layer=<layerName>,proxy=<proxyName>}`
|
||||||
|
|
||||||
|
- **Type:** `gauge`
|
||||||
|
- **Description**: Nombre courant de sessions ouvertes
|
||||||
|
- **Exemple**
|
||||||
|
|
||||||
|
```
|
||||||
|
# HELP bouncer_layer_queue_sessions Bouncer's queue layer current sessions
|
||||||
|
# TYPE bouncer_layer_queue_sessions gauge
|
||||||
|
bouncer_layer_queue_sessions{layer="queue",proxy="cadoles"} 3
|
||||||
|
```
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Métriques
|
||||||
|
|
||||||
|
Bouncer expose un certain nombre de métriques Prometheus sur le serveur proxy ainsi que sur le serveur d'administration. Ces métriques sont par défaut accessibles sur `/.bouncer/metrics`.
|
||||||
|
|
||||||
|
Il est possible de configurer le point d'entrée de ces métriques ainsi que d'ajouter une authentification de type `Basic Auth` [via la configuration](../../../misc/packaging/common/config.yml) (voir les clés `admin.metrics` et `proxy.metrics`).
|
||||||
|
|
||||||
|
Outre les métriques par défaut fournies par la librairie [Prometheus](https://prometheus.io/docs/guides/go-application/#instrumenting-a-go-application-for-prometheus), les serveurs Bouncer exposent également des métriques propres.
|
||||||
|
|
||||||
|
Chaque layer associé à un proxy peut également ses propres métriques spécifiques. [Voir la page de documentation](./layers/README.md) de chaque layer pour plus d'informations.
|
||||||
|
|
||||||
|
## Métriques spécifiques
|
||||||
|
|
||||||
|
### Serveur proxy
|
||||||
|
|
||||||
|
#### `bouncer_proxy_director_proxy_requests_total{proxy=<proxyName>}`
|
||||||
|
|
||||||
|
- **Type:** `counter`
|
||||||
|
- **Description**: Nombre total de requêtes ayant transité par le proxy
|
||||||
|
- **Exemple**
|
||||||
|
|
||||||
|
```
|
||||||
|
# HELP bouncer_proxy_director_proxy_requests_total Bouncer proxy total requests
|
||||||
|
# TYPE bouncer_proxy_director_proxy_requests_total counter
|
||||||
|
bouncer_proxy_director_proxy_requests_total{proxy="cadoles"} 64
|
||||||
|
```
|
||||||
|
|
||||||
|
### Serveur d'administration
|
||||||
|
|
||||||
|
_Pas de métrique supplémentaire._
|
|
@ -5,15 +5,28 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/admin"
|
"forge.cadoles.com/cadoles/bouncer/internal/admin"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/auth/jwt"
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/command/common"
|
"forge.cadoles.com/cadoles/bouncer/internal/command/common"
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/jwk"
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/setup"
|
"forge.cadoles.com/cadoles/bouncer/internal/setup"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
"gitlab.com/wpetit/goweb/logger"
|
"gitlab.com/wpetit/goweb/logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
flagPrintDefaultToken = "print-default-token"
|
||||||
|
)
|
||||||
|
|
||||||
func RunCommand() *cli.Command {
|
func RunCommand() *cli.Command {
|
||||||
flags := common.Flags()
|
flags := append(
|
||||||
|
common.Flags(),
|
||||||
|
&cli.BoolFlag{
|
||||||
|
Name: flagPrintDefaultToken,
|
||||||
|
Usage: "Generate and print a default writer token in console at startup",
|
||||||
|
Value: true,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
return &cli.Command{
|
return &cli.Command{
|
||||||
Name: "run",
|
Name: "run",
|
||||||
|
@ -36,6 +49,22 @@ func RunCommand() *cli.Command {
|
||||||
|
|
||||||
defer flushSentry()
|
defer flushSentry()
|
||||||
|
|
||||||
|
if printDefaultToken := ctx.Bool(flagPrintDefaultToken); printDefaultToken {
|
||||||
|
key, err := jwk.Generate(jwk.DefaultKeySize)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "could not generate default key")
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := jwt.GenerateToken(ctx.Context, key, string(conf.Admin.Auth.Issuer), "default-admin", jwt.Role(jwt.RoleWriter))
|
||||||
|
if err != nil {
|
||||||
|
return errors.WithStack(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
logger.SetLevel(logger.LevelInfo)
|
||||||
|
logger.Info(ctx.Context, "default writer token", logger.F("token", token))
|
||||||
|
logger.SetLevel(logger.Level(conf.Logger.Level))
|
||||||
|
}
|
||||||
|
|
||||||
srv := admin.NewServer(
|
srv := admin.NewServer(
|
||||||
admin.WithServerConfig(conf.Admin),
|
admin.WithServerConfig(conf.Admin),
|
||||||
admin.WithRedisConfig(conf.Redis),
|
admin.WithRedisConfig(conf.Redis),
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
package config
|
package config
|
||||||
|
|
||||||
|
import "time"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
RedisModeSimple = "simple"
|
RedisModeSimple = "simple"
|
||||||
RedisModeSentinel = "sentinel"
|
RedisModeSentinel = "sentinel"
|
||||||
|
@ -9,11 +11,17 @@ const (
|
||||||
type RedisConfig struct {
|
type RedisConfig struct {
|
||||||
Adresses InterpolatedStringSlice `yaml:"addresses"`
|
Adresses InterpolatedStringSlice `yaml:"addresses"`
|
||||||
Master InterpolatedString `yaml:"master"`
|
Master InterpolatedString `yaml:"master"`
|
||||||
|
ReadTimeout InterpolatedDuration `yaml:"readTimeout"`
|
||||||
|
WriteTimeout InterpolatedDuration `yaml:"writeTimeout"`
|
||||||
|
DialTimeout InterpolatedDuration `yaml:"dialTimeout"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewDefaultRedisConfig() RedisConfig {
|
func NewDefaultRedisConfig() RedisConfig {
|
||||||
return RedisConfig{
|
return RedisConfig{
|
||||||
Adresses: InterpolatedStringSlice{"localhost:6379"},
|
Adresses: InterpolatedStringSlice{"localhost:6379"},
|
||||||
Master: "",
|
Master: "",
|
||||||
|
ReadTimeout: InterpolatedDuration(30 * time.Second),
|
||||||
|
WriteTimeout: InterpolatedDuration(30 * time.Second),
|
||||||
|
DialTimeout: InterpolatedDuration(30 * time.Second),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/btcsuite/btcd/btcutil/base58"
|
"github.com/btcsuite/btcd/btcutil/base58"
|
||||||
|
@ -56,7 +55,7 @@ func PublicKeySet(keys ...jwk.Key) (jwk.Set, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func LoadOrGenerate(path string, size int) (jwk.Key, error) {
|
func LoadOrGenerate(path string, size int) (jwk.Key, error) {
|
||||||
data, err := ioutil.ReadFile(path)
|
data, err := os.ReadFile(path)
|
||||||
if err != nil && !errors.Is(err, os.ErrNotExist) {
|
if err != nil && !errors.Is(err, os.ErrNotExist) {
|
||||||
return nil, errors.WithStack(err)
|
return nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
@ -72,7 +71,7 @@ func LoadOrGenerate(path string, size int) (jwk.Key, error) {
|
||||||
return nil, errors.WithStack(err)
|
return nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := ioutil.WriteFile(path, data, 0o640); err != nil {
|
if err := os.WriteFile(path, data, 0o640); err != nil {
|
||||||
return nil, errors.WithStack(err)
|
return nil, errors.WithStack(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,11 +10,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func NewProxyRepository(ctx context.Context, conf config.RedisConfig) (store.ProxyRepository, error) {
|
func NewProxyRepository(ctx context.Context, conf config.RedisConfig) (store.ProxyRepository, error) {
|
||||||
rdb := redis.NewUniversalClient(&redis.UniversalOptions{
|
rdb := newRedisClient(conf)
|
||||||
Addrs: conf.Adresses,
|
|
||||||
MasterName: string(conf.Master),
|
|
||||||
})
|
|
||||||
|
|
||||||
return redisStore.NewProxyRepository(rdb), nil
|
return redisStore.NewProxyRepository(rdb), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue"
|
"forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue"
|
||||||
queueRedis "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue/redis"
|
queueRedis "forge.cadoles.com/cadoles/bouncer/internal/proxy/director/layer/queue/redis"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/redis/go-redis/v9"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -36,10 +35,6 @@ func setupQueueLayer(conf *config.Config) (director.Layer, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func newQueueAdapter(redisConf config.RedisConfig) (queue.Adapter, error) {
|
func newQueueAdapter(redisConf config.RedisConfig) (queue.Adapter, error) {
|
||||||
rdb := redis.NewUniversalClient(&redis.UniversalOptions{
|
rdb := newRedisClient(redisConf)
|
||||||
Addrs: redisConf.Adresses,
|
|
||||||
MasterName: string(redisConf.Master),
|
|
||||||
})
|
|
||||||
|
|
||||||
return queueRedis.NewAdapter(rdb, 2), nil
|
return queueRedis.NewAdapter(rdb, 2), nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
package setup
|
||||||
|
|
||||||
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"forge.cadoles.com/cadoles/bouncer/internal/config"
|
||||||
|
"github.com/redis/go-redis/v9"
|
||||||
|
)
|
||||||
|
|
||||||
|
func newRedisClient(conf config.RedisConfig) redis.UniversalClient {
|
||||||
|
return redis.NewUniversalClient(&redis.UniversalOptions{
|
||||||
|
Addrs: conf.Adresses,
|
||||||
|
MasterName: string(conf.Master),
|
||||||
|
ReadTimeout: time.Duration(conf.ReadTimeout),
|
||||||
|
WriteTimeout: time.Duration(conf.WriteTimeout),
|
||||||
|
DialTimeout: time.Duration(conf.DialTimeout),
|
||||||
|
RouteByLatency: true,
|
||||||
|
ContextTimeoutEnabled: true,
|
||||||
|
})
|
||||||
|
}
|
|
@ -0,0 +1,49 @@
|
||||||
|
FROM golang:1.20 AS BUILD
|
||||||
|
|
||||||
|
RUN apt-get update \
|
||||||
|
&& apt-get install -y make
|
||||||
|
|
||||||
|
ARG YQ_VERSION=4.34.1
|
||||||
|
|
||||||
|
RUN mkdir -p /usr/local/bin \
|
||||||
|
&& wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 \
|
||||||
|
&& chmod +x /usr/local/bin/yq
|
||||||
|
|
||||||
|
COPY . /src
|
||||||
|
|
||||||
|
WORKDIR /src
|
||||||
|
|
||||||
|
RUN make GORELEASER_ARGS='build --rm-dist --single-target --snapshot' goreleaser
|
||||||
|
|
||||||
|
# Patch config
|
||||||
|
RUN /src/dist/bouncer_linux_amd64_v1/bouncer -c '' config dump > /src/dist/bouncer_linux_amd64_v1/config.yml \
|
||||||
|
&& yq -i '.layers.queue.templateDir = "/usr/share/bouncer/layers/queue/templates"' /src/dist/bouncer_linux_amd64_v1/config.yml \
|
||||||
|
&& yq -i '.admin.auth.privateKey = "/etc/bouncer/admin-key.json"' /src/dist/bouncer_linux_amd64_v1/config.yml \
|
||||||
|
&& yq -i '.redis.adresses = ["redis:6379"]' /src/dist/bouncer_linux_amd64_v1/config.yml
|
||||||
|
|
||||||
|
FROM alpine:3.18 AS RUNTIME
|
||||||
|
|
||||||
|
ARG DUMB_INIT_VERSION=1.2.5
|
||||||
|
|
||||||
|
RUN apk add --no-cache ca-certificates
|
||||||
|
|
||||||
|
RUN mkdir -p /usr/local/bin \
|
||||||
|
&& wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64 \
|
||||||
|
&& chmod +x /usr/local/bin/dumb-init
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
|
||||||
|
|
||||||
|
RUN mkdir -p /usr/local/bin /usr/share/bouncer/bin /etc/bouncer
|
||||||
|
|
||||||
|
COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/bouncer /usr/share/bouncer/bin/bouncer
|
||||||
|
COPY --from=BUILD /src/layers /usr/share/bouncer/layers
|
||||||
|
COPY --from=BUILD /src/dist/bouncer_linux_amd64_v1/config.yml /etc/bouncer/config.yml
|
||||||
|
|
||||||
|
RUN ln -s /usr/share/bouncer/bin/bouncer /usr/local/bin/bouncer
|
||||||
|
|
||||||
|
EXPOSE 8080
|
||||||
|
EXPOSE 8081
|
||||||
|
|
||||||
|
ENV BOUNCER_CONFIG=/etc/bouncer/config.yml
|
||||||
|
|
||||||
|
CMD ["bouncer"]
|
|
@ -0,0 +1,9 @@
|
||||||
|
# K6 - Load Test
|
||||||
|
|
||||||
|
Very basic load testing script for [k6](https://k6.io/).
|
||||||
|
|
||||||
|
## How to run
|
||||||
|
|
||||||
|
```shell
|
||||||
|
k6 run cadoles-loadtest.js
|
||||||
|
```
|
|
@ -0,0 +1,29 @@
|
||||||
|
import { check } from 'k6';
|
||||||
|
import { browser } from 'k6/experimental/browser';
|
||||||
|
|
||||||
|
export const options = {
|
||||||
|
scenarios: {
|
||||||
|
browser: {
|
||||||
|
vus: 10,
|
||||||
|
iterations: 100,
|
||||||
|
executor: 'shared-iterations',
|
||||||
|
options: {
|
||||||
|
browser: {
|
||||||
|
type: 'chromium',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
export default async function () {
|
||||||
|
const page = browser.newPage();
|
||||||
|
try {
|
||||||
|
await page.goto('https://www.cadoles.com');
|
||||||
|
check(page, {
|
||||||
|
'Homepage loaded': p => p.locator('h1').textContent().trim() == 'La liberté est un choix',
|
||||||
|
});
|
||||||
|
} finally {
|
||||||
|
page.close();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,66 @@
|
||||||
|
# Kubernetes
|
||||||
|
|
||||||
|
## Initialize your project
|
||||||
|
|
||||||
|
1. Generate the Docker configuration to enable image builds with Kaniko and communicate with reg.cadoles.com
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker login reg.cadoles.com
|
||||||
|
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
|
||||||
|
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
|
||||||
|
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
|
||||||
|
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
|
||||||
|
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
|
||||||
|
```
|
||||||
|
|
||||||
|
## Getting started with Kind
|
||||||
|
|
||||||
|
1. Create your [Kind](https://kind.sigs.k8s.io/) cluster
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kind create cluster --config misc/k8s/kind/bouncer-cluster.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Deploy required operators
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl apply -k misc/k8s/kind/cluster --server-side
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Deploy your Bouncer development environment
|
||||||
|
|
||||||
|
```shell
|
||||||
|
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/<YOUR_PERSONNAL_USER_NAME>
|
||||||
|
```
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
1. Open shell in bouncer-admin pod
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl exec -it -n bouncer-dev bouncer-admin-<suffix> -- /bin/sh
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Create an authentication token
|
||||||
|
|
||||||
|
```shell
|
||||||
|
bouncer --config /etc/bouncer/config.yml auth create-token --role writer --subject $(whoami) > .bouncer-token
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Create a proxy and enable it
|
||||||
|
|
||||||
|
```shell
|
||||||
|
bouncer admin proxy create --proxy-to https://www.cadoles.com --proxy-name cadoles
|
||||||
|
bouncer admin proxy update --proxy-name cadoles --proxy-enabled=true
|
||||||
|
```
|
||||||
|
|
||||||
|
4. With you host web browser, open http://localhost:9000, you should see the Cadoles website.
|
||||||
|
|
||||||
|
## Benchmarking
|
||||||
|
|
||||||
|
You can use [`siege`](https://github.com/JoeDog/siege) to benchmark your instance with the Cadoles proxy.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
BASE_URL=http://localhost:9000 make siege
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
kind: Cluster
|
||||||
|
apiVersion: kind.x-k8s.io/v1alpha4
|
||||||
|
name: bouncer-dev
|
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
|
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: bouncer
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/namespace.yaml
|
||||||
|
- ./resources/bouncer-server
|
||||||
|
- ./resources/bouncer-admin
|
||||||
|
- ./resources/redis
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
{"d":"JuBw5OsGv3rPgVczxUgtJ6iUQ41LQu4Xpu-t8IKI_z8r-BZBlbndxidPmRlGZASLGL3rhY4qw6_ScFxakrMpCreO1RMU0kqtz--N48BXFnW5tEgr1voyyKP__bPssQNn6PgkoyAd11es7MEKlBff_DtGrcSkVRgU0zDZB-vIU0aNEIZPNw0icbYqc1u_QQNPpBU9cw6P33WHhzvfCVAkZKRszwznhiPM08n1vjpiA7e1kQ8a6OC4IFZBvohkmpmyOq1g1OLRABQ83YPCjGjCAejO-jEWkbLksp6rAl_YYpCvfBAjFV76JuZq4eh5IU82LsSfi3PGYBkhxWuLY779XQ","dp":"gljHOQowGK7fVn2DJizWtgRIDJuKpKnoX2PWNJUbm2WZwcEPZalAkxn7Y-w_reLVJZuRpfKEUMS-Tn3-CwI1ZjCHPqMPTXcoG0Pe2E-Z88jOs9lW4XSOASiiM980VIvkV1xCxDJkN3NsDFQ9j9kRGnKuMnsucCW3AKaU917hXNU","dq":"mqY19JcEBDnzS70_XkAsOKqPzemOScax66b-4N6zrsgeLVlRjHffY9uCAgBWzlxOidRdQN8q23ZJB4fqsKB2w00Iw7Jxx94IoAKGjKDT5iB48Y_kdKLAwSHRTXsqA9GG3po_H_JpP_EqX4TDBYtqQZuBD_tACP9HbLYMi_V2YU8","e":"AQAB","kty":"RSA","n":"sam0X0BGcuFwX8z3Wde8cv2o_zl6A9ghpkT0tCjw8qH3GNWrbAqzncSWdHBzoChBgAbuTOVs-ixYC0KeUhwFdc8Ul-jmKJWFaS8kIr3y4EH62-vLgMuIKfaxbsyUG6KMkJfnftge1jPO4ccddNej9msxcqTxu37dcgstutwtd6QkS9p5RrNbDBc8-Z7SQ4TuxJfP8msXRnCPJ-I44yszGdQF1Np2DXakJHVn8PBrDh3iSFwORw8jxNS4oS0OlBl5aSc0t5XkkaNcSU2a50SKts290w54fl6MPJ1sLnnznLy4uu37-nrfEUvqRLDZL9B1F82RM1dtLIIiN4gnSrMlpQ","p":"wOmFPhAT_wXWzMuwtEdYIer3-CiOWxFKpFL09eEJkJ29MIUchEaoiJaUAghqPxM48llfOVaUaLbFVxmo5U3fyjNMaP-nHMUBwojutykMK-gC2R3J4bQgFWfKbGSL7M7UsextAvpq9iiOuR0LNE-xTfCgPIxHVdPZskO3yx0DkjM","q":"68OGRb0tLRjb_PpkGctcSjEz_vvcyjzxGL-fn4_h4GCw98Xrj6Y4rZ4lfWWRSeDohSvdd-ICSlxvxkQOIOcA0H7jyJcBC0KDs4hX5BRGJNDri3QX0ry4_F1ptAdbfiFgQGqCfMRCr7L60Tfd_6tLczvny7eEBKQNGdj6dLfhgMc","qi":"DFwixyxUDf0REPLLa8hOKieRL95_AH9rbYWzStBOdSjKWra5l0reD6a4bbvAYvl0e8qCcRI6S8Nzpz0BYm4sJL7poVOnjxqvBY3Q9Ppf4Mq8lW39pOCJcqOHIvvYHsMjTC5uwp7Yg2p0GvxuUibbyNL1PXf6WZ_szVP_oSMrCXA"}
|
|
@ -0,0 +1,36 @@
|
||||||
|
admin:
|
||||||
|
http:
|
||||||
|
host: 127.0.0.1
|
||||||
|
port: 8081
|
||||||
|
cors:
|
||||||
|
allowedOrigins:
|
||||||
|
- http://localhost:3001
|
||||||
|
allowCredentials: true
|
||||||
|
allowMethods:
|
||||||
|
- POST
|
||||||
|
- GET
|
||||||
|
- PUT
|
||||||
|
- DELETE
|
||||||
|
allowedHeaders:
|
||||||
|
- Origin
|
||||||
|
- Accept
|
||||||
|
- Content-Type
|
||||||
|
- Authorization
|
||||||
|
- Sentry-Trace
|
||||||
|
debug: false
|
||||||
|
auth:
|
||||||
|
issuer: http://127.0.0.1:8081
|
||||||
|
privateKey: /etc/bouncer/admin-key.json
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
endpoint: /.bouncer/metrics
|
||||||
|
basicAuth: null
|
||||||
|
|
||||||
|
redis:
|
||||||
|
addresses:
|
||||||
|
- rfs-bouncer-redis:${RFS_BOUNCER_REDIS_SERVICE_PORT}
|
||||||
|
master: mymaster
|
||||||
|
|
||||||
|
logger:
|
||||||
|
level: 2
|
||||||
|
format: human
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/service.yaml
|
||||||
|
- ./resources/deployment.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: bouncer-admin-config
|
||||||
|
files:
|
||||||
|
- ./files/config.yml
|
||||||
|
- ./files/admin-key.json
|
|
@ -0,0 +1,34 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: bouncer-admin
|
||||||
|
labels:
|
||||||
|
app: bouncer-admin
|
||||||
|
io.kompose.service: bouncer-admin
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: bouncer-admin
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: bouncer-admin
|
||||||
|
io.kompose.service: bouncer-admin
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: bouncer-admin
|
||||||
|
image: reg.cadoles.com/cadoles/bouncer:v2024.2.5-1602626
|
||||||
|
command: ["bouncer", "--debug", "-c", "/etc/bouncer/config.yml", "server", "admin", "run"]
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources: {}
|
||||||
|
ports:
|
||||||
|
- name: bouncer-admin
|
||||||
|
containerPort: 8081
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/bouncer/
|
||||||
|
name: bouncer-admin-config
|
||||||
|
volumes:
|
||||||
|
- name: bouncer-admin-config
|
||||||
|
configMap:
|
||||||
|
name: bouncer-admin-config
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: bouncer-admin
|
||||||
|
name: bouncer-admin
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: bouncer-admin
|
||||||
|
port: 8081
|
||||||
|
targetPort: bouncer-admin
|
||||||
|
selector:
|
||||||
|
io.kompose.service: bouncer-admin
|
|
@ -0,0 +1,22 @@
|
||||||
|
proxy:
|
||||||
|
http:
|
||||||
|
host: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
endpoint: /.bouncer/metrics
|
||||||
|
basicAuth: null
|
||||||
|
|
||||||
|
layers:
|
||||||
|
queue:
|
||||||
|
templateDir: /usr/share/bouncer/layers/queue/templates
|
||||||
|
defaultKeepAlive: 1m0s
|
||||||
|
|
||||||
|
redis:
|
||||||
|
addresses:
|
||||||
|
- rfs-bouncer-redis:${RFS_BOUNCER_REDIS_SERVICE_PORT}
|
||||||
|
master: mymaster
|
||||||
|
|
||||||
|
logger:
|
||||||
|
level: 2
|
||||||
|
format: human
|
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/service.yaml
|
||||||
|
- ./resources/deployment.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: bouncer-server-config
|
||||||
|
files:
|
||||||
|
- ./files/config.yml
|
|
@ -0,0 +1,34 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: bouncer-server
|
||||||
|
labels:
|
||||||
|
app: bouncer-server
|
||||||
|
io.kompose.service: bouncer-server
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: bouncer-server
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: bouncer-server
|
||||||
|
io.kompose.service: bouncer-server
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: bouncer-server
|
||||||
|
image: reg.cadoles.com/cadoles/bouncer:v2024.2.5-1602626
|
||||||
|
command: ["bouncer", "-c", "/etc/bouncer/config.yml", "server", "proxy", "run"]
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources: {}
|
||||||
|
ports:
|
||||||
|
- name: bouncer-server
|
||||||
|
containerPort: 8080
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/bouncer/
|
||||||
|
name: bouncer-server-config
|
||||||
|
volumes:
|
||||||
|
- name: bouncer-server-config
|
||||||
|
configMap:
|
||||||
|
name: bouncer-server-config
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
io.kompose.service: bouncer-server
|
||||||
|
name: bouncer-server
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- name: bouncer-server
|
||||||
|
port: 8080
|
||||||
|
targetPort: bouncer-server
|
||||||
|
selector:
|
||||||
|
io.kompose.service: bouncer-server
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: bouncer
|
|
@ -0,0 +1,15 @@
|
||||||
|
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/redis-cluster.yaml
|
||||||
|
|
||||||
|
vars:
|
||||||
|
- name: REDIS_SERVICE_NAME
|
||||||
|
objref:
|
||||||
|
name: bouncer-redis
|
||||||
|
apiVersion: databases.spotahome.com/v1
|
||||||
|
kind: RedisFailover
|
||||||
|
fieldref:
|
||||||
|
fieldpath: metadata.name
|
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: databases.spotahome.com/v1
|
||||||
|
kind: RedisFailover
|
||||||
|
metadata:
|
||||||
|
name: bouncer-redis
|
||||||
|
spec:
|
||||||
|
sentinel:
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
limits:
|
||||||
|
memory: 100Mi
|
||||||
|
redis:
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 100Mi
|
||||||
|
limits:
|
||||||
|
cpu: 400m
|
||||||
|
memory: 500Mi
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: bouncer-dev
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../base
|
||||||
|
|
||||||
|
secretGenerator:
|
||||||
|
- files:
|
||||||
|
- secrets/dockerconfig/.dockerconfigjson
|
||||||
|
name: regcred-dev
|
||||||
|
type: kubernetes.io/dockerconfigjson
|
||||||
|
|
||||||
|
patches:
|
||||||
|
- path: patches/add-registry-pull-secret.patch.yaml
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
version: v1
|
|
@ -0,0 +1,4 @@
|
||||||
|
- op: add
|
||||||
|
path: "/spec/template/spec/imagePullSecrets"
|
||||||
|
value:
|
||||||
|
- name: regcred-dev
|
|
@ -141,12 +141,15 @@ proxy:
|
||||||
#
|
#
|
||||||
# Les modes "standalone", "sentinel" et "cluster" de Redis sont supportés:
|
# Les modes "standalone", "sentinel" et "cluster" de Redis sont supportés:
|
||||||
# - Mode "standalone": renseigner une seule entrée dans redis.addresses;
|
# - Mode "standalone": renseigner une seule entrée dans redis.addresses;
|
||||||
# - Mode "sentinel": renseigner une adresse dans redis.master et une ou plusieurs adresses dans redis.addresses;
|
# - Mode "sentinel": renseigner le nom du master sentinel dans redis.master et une ou plusieurs adresses dans redis.addresses;
|
||||||
# - Mode "cluster": renseigner plusieurs adresses dans redis.addresses et laisser redis.master vide.
|
# - Mode "cluster": renseigner plusieurs adresses dans redis.addresses et laisser redis.master vide.
|
||||||
redis:
|
redis:
|
||||||
addresses:
|
addresses:
|
||||||
- localhost:6379
|
- localhost:6379
|
||||||
master: ""
|
master: ""
|
||||||
|
writeTimeout: 30s
|
||||||
|
readTimeout: 30s
|
||||||
|
dialTimeout: 30s
|
||||||
|
|
||||||
# Configuration des logs
|
# Configuration des logs
|
||||||
logger:
|
logger:
|
||||||
|
@ -156,7 +159,7 @@ logger:
|
||||||
# 2 - WARNING
|
# 2 - WARNING
|
||||||
# 3 - ERROR
|
# 3 - ERROR
|
||||||
# 4 - FATAL
|
# 4 - FATAL
|
||||||
level: 1
|
level: 2
|
||||||
# Format des logs, "human" ou "json"
|
# Format des logs, "human" ou "json"
|
||||||
format: human
|
format: human
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
http://localhost:8080/blog/
|
${BASE_URL}/blog/
|
||||||
http://localhost:8080/services/
|
${BASE_URL}/services/
|
||||||
http://localhost:8080/
|
${BASE_URL}
|
||||||
http://localhost:8080/recrutement/
|
${BASE_URL}/recrutement/
|
||||||
http://localhost:8080/faq/
|
${BASE_URL}/faq/
|
||||||
http://localhost:8080/societe/histoire/
|
${BASE_URL}/societe/histoire/
|
|
@ -0,0 +1,53 @@
|
||||||
|
apiVersion: skaffold/v3
|
||||||
|
kind: Config
|
||||||
|
|
||||||
|
metadata:
|
||||||
|
name: bouncer
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
kustomize:
|
||||||
|
paths:
|
||||||
|
- misc/k8s/kustomization/base
|
||||||
|
|
||||||
|
profiles:
|
||||||
|
- name: dev
|
||||||
|
manifests:
|
||||||
|
kustomize:
|
||||||
|
paths:
|
||||||
|
- misc/k8s/kustomization/overlays/dev
|
||||||
|
activation:
|
||||||
|
- command: dev
|
||||||
|
|
||||||
|
build:
|
||||||
|
local:
|
||||||
|
push: true
|
||||||
|
|
||||||
|
tagPolicy:
|
||||||
|
sha256: {}
|
||||||
|
|
||||||
|
artifacts:
|
||||||
|
- image: reg.cadoles.com/cadoles/bouncer
|
||||||
|
context: .
|
||||||
|
sync:
|
||||||
|
infer:
|
||||||
|
- cmd/**
|
||||||
|
- internal/**
|
||||||
|
- layers/**
|
||||||
|
- misc/**
|
||||||
|
docker:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
statusCheckDeadlineSeconds: 600
|
||||||
|
|
||||||
|
portForward:
|
||||||
|
- resourceType: service
|
||||||
|
resourceName: bouncer-admin
|
||||||
|
namespace: bouncer-dev
|
||||||
|
port: 8081
|
||||||
|
localPort: 9999
|
||||||
|
- resourceType: service
|
||||||
|
resourceName: bouncer-server
|
||||||
|
namespace: bouncer-dev
|
||||||
|
port: 8080
|
||||||
|
localPort: 9000 # *Optional*
|
Loading…
Reference in New Issue