running on a cluster.

.gitignore

@@ -1,3 +1,4 @@
+/src/k8s/config/*
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 ##

issuer.yaml

@@ -0,0 +1,12 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+  namespace: ingress
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: [email protected]
+    privateKeySecretRef:
+      name: letsencrypt
+    http01: {}

src/BlazingComponents/BlazingComponents.csproj

@@ -7,8 +7,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Components" Version="3.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="3.0.0" />
   </ItemGroup>
 
 </Project>

src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj

@@ -8,8 +8,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components" Version="$(AspNetCoreVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="$(AspNetCoreVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Components" Version="3.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="3.0.0" />
   </ItemGroup>
 
 </Project>

src/BlazingPizza.Orders/OrdersService.cs

@@ -14,7 +14,6 @@ public class OrdersService
 
         public OrdersService(IConfiguration configuration)
         {
-            Console.WriteLine($"Conn: {_configuration["Data:Connection"]}");
             _configuration = configuration;
             var client = new MongoClient(_configuration["Data:Connection"]);
             var database = client.GetDatabase(_configuration["Data:Database"]);

src/BlazingPizza.Web/Auth/UserController.cs

@@ -1,5 +1,6 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
 using Microsoft.AspNetCore.Authentication.Twitter;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -30,7 +31,7 @@ public async Task SignIn(string redirectUri)
             }
 
             await HttpContext.ChallengeAsync(
-                TwitterDefaults.AuthenticationScheme,
+                MicrosoftAccountDefaults.AuthenticationScheme,
                 new AuthenticationProperties { RedirectUri = redirectUri });
         }
 

src/BlazingPizza.Web/BlazingPizza.Web.csproj

@@ -14,6 +14,7 @@
     </PackageReference>
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Twitter" Version="3.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="3.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="3.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="3.0.0">
       <PrivateAssets>all</PrivateAssets>

src/BlazingPizza.Web/Program.cs

@@ -20,6 +20,10 @@ public static void Main(string[] args)
 
         public static IHostBuilder CreateHostBuilder(string[] args) =>
             Host.CreateDefaultBuilder(args)
+                .ConfigureAppConfiguration(config =>
+                {
+                    config.AddKeyPerFile("/config", true);
+                })
                 .ConfigureWebHostDefaults(webBuilder =>
                 {
                     webBuilder.UseStartup<Startup>();

src/BlazingPizza.Web/Startup.cs

@@ -11,6 +11,7 @@
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.HttpsPolicy;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.Extensions.Configuration;
@@ -55,10 +56,10 @@ public void ConfigureServices(IServiceCollection services)
                       options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                   })
                   .AddCookie()
-                  .AddTwitter(twitterOptions =>
+                  .AddMicrosoftAccount(options =>
                   {
-                      twitterOptions.ConsumerKey = Configuration["Authentication:Twitter:ConsumerKey"];
-                      twitterOptions.ConsumerSecret = Configuration["Authentication:Twitter:ConsumerSecret"];
+                      options.ClientId = Configuration["Authentication:Twitter:ConsumerKey"];
+                      options.ClientSecret = Configuration["Authentication:Twitter:ConsumerSecret"];
                   });
 
             services.AddServerSideBlazor();
@@ -75,20 +76,26 @@ public void ConfigureServices(IServiceCollection services)
                 client.DefaultRequestVersion = HttpVersion.Version20;
             });
 
-            services.AddHttpClient("auth", client =>
+            services.AddGrpcClient<OrderStatusClient>(c =>
             {
-                client.BaseAddress = new Uri(Configuration["Services:Auth"]);
+                c.Address = new Uri(Configuration["Services:Orders"]);
             });
 
-            services.AddGrpcClient<OrderStatusClient>(c =>
+            services.Configure<ForwardedHeadersOptions>(options =>
             {
-                c.Address = new Uri(Configuration["Services:Orders"]);
+                options.ForwardedHeaders =
+                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+                //TODO: This should be configuration from the cluster telling the app what
+                //IP ranges are possible for proxies in the cluster.
+                options.KnownNetworks.Clear();
+                options.KnownProxies.Clear();
             });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
+            app.UseForwardedHeaders();
             app.UseResponseCompression();
 
             if (env.IsDevelopment())

src/BlazingPizza.Web/appsettings.Development.json

@@ -8,8 +8,8 @@
   },
   "Authentication": {
     "Twitter": {
-      "ConsumerKey": "U9DbAaVcDPYO3RVFlDo4w",
-      "ConsumerSecret": "l6HWZa8F5MJmbBkGSzL6gMjgZMererT5KROxAzws9o"
+      "ConsumerKey": "iITmb8albSxRJJy7LAeEa6emJ",
+      "ConsumerSecret": "FFW9blJ5XpyNs5ByUHkbKNZsMG0vNs8ZrlatV4OgI8KWTlmpxn"
     }
   },
   "Services": {

src/BlazingPizza.Web/appsettings.json

@@ -7,7 +7,7 @@
     }
   },
   "Authentication": {
-    "Twitter": {
+    "Microsoft": {
       "ConsumerKey": "U9DbAaVcDPYO3RVFlDo4w",
       "ConsumerSecret": "l6HWZa8F5MJmbBkGSzL6gMjgZMererT5KROxAzws9o"
     }

src/k8s/cert.yaml

@@ -0,0 +1,18 @@
+apiVersion: certmanager.k8s.io/v1alpha2
+kind: Certificate
+metadata:
+  name: blazing-web
+  namespace: default
+spec:
+  secretName: blazingmicropizzas-tls-secret
+  dnsNames:
+  - blazingmicropizzas.westus2.cloudapp.azure.com
+  acme:
+    config:
+    - http01:
+        ingressClass: nginx
+      domains:
+      - blazingmicropizzas.westus2.cloudapp.azure.com
+  issuerRef:
+    name: letsencrypt-staging
+    kind: ClusterIssuer

src/k8s/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: blazing-web-ingress
+  namespace: micropizzas
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    certmanager.k8s.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+  - hosts:
+    - blazingpizzas.westus2.cloudapp.azure.com
+    secretName: tls-secret
+  rules:
+  - host: blazingpizzas.westus2.cloudapp.azure.com
+    http:
+      paths:
+      - backend:
+          serviceName: web
+          servicePort: 80
+        path: /

src/k8s/issuer.yaml

@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: [email protected]
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: letsencrypt-prod-issuer-account-key
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

src/k8s/menu.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: menu
+spec:
+  selector:
+    app: blazingpizza
+    tier: backend
+    role: menu
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: menu
+spec:
+  selector:
+    matchLabels:
+      app: blazingpizza
+      tier: backend
+      role: menu
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: blazingpizza
+        tier: backend
+        role: menu
+    spec:
+      containers:
+        - name: menu
+          image: "blazingreg.azurecr.io/blazingpizzamenu"
+          ports:
+            - name: http
+              containerPort: 80

src/k8s/orders.yml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: orders
+spec:
+  selector:
+    app: blazingpizza
+    tier: backend
+    role: orders
+  ports:
+  - protocol: TCP
+    port: 5555
+    targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: orders
+spec:
+  selector:
+    matchLabels:
+      app: blazingpizza
+      tier: backend
+      role: orders
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: blazingpizza
+        tier: backend
+        role: orders
+    spec:
+      containers:
+        - name: orders
+          image: "blazingreg.azurecr.io/blazingpizzaorders"
+          ports:
+            - name: http
+              containerPort: 5555
+          imagePullPolicy: Always
+          volumeMounts:
+          - name: config-volume
+            mountPath: /config
+      volumes:
+      - name: config-volume
+        secret:
+          secretName:
+            orders-secrets

src/k8s/ordersdata.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: orders-data
+spec:
+  selector:
+    app: blazingpizza
+    tier: backend
+    role: orders-data
+  ports:
+  - protocol: TCP
+    port: 27017
+    targetPort: mongo
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: menu
+spec:
+  selector:
+    matchLabels:
+      app: blazingpizza
+      tier: backend
+      role: orders-data
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: blazingpizza
+        tier: backend
+        role: orders-data
+    spec:
+      containers:
+        - name: orders-data
+          image: "blazingreg.azurecr.io/mongo"
+          ports:
+            - name: http
+              containerPort: 27017

src/k8s/web.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: web
+spec:
+  type: ClusterIP
+  selector:
+    app: blazingpizza
+    tier: frontent
+    role: web
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+spec:
+  selector:
+    matchLabels:
+      app: blazingpizza
+      tier: frontent
+      role: web
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: blazingpizza
+        tier: frontent
+        role: web
+    spec:
+      containers:
+        - name: web
+          image: "blazingreg.azurecr.io/blazingpizzaweb"
+          ports:
+            - name: http
+              containerPort: 80
+          volumeMounts:
+          - name: twitter-auth-secrets
+            mountPath: /config
+            readOnly: true
+      volumes:
+      - name: twitter-auth-secrets
+        secret:
+          secretName:
+            blazing-twitter-secrets