diff --git a/.gitignore b/.gitignore
index 701b69a..f11b09e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+/src/k8s/config/*
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
diff --git a/issuer.yaml b/issuer.yaml
new file mode 100644
index 0000000..0a98fcc
--- /dev/null
+++ b/issuer.yaml
@@ -0,0 +1,12 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+ namespace: ingress
+spec:
+ acme:
+ server: https://acme-v02.api.letsencrypt.org/directory
+ email: glennc@microsoft.com
+ privateKeySecretRef:
+ name: letsencrypt
+ http01: {}
\ No newline at end of file
diff --git a/src/BlazingComponents/BlazingComponents.csproj b/src/BlazingComponents/BlazingComponents.csproj
index 0c49049..d0965d5 100644
--- a/src/BlazingComponents/BlazingComponents.csproj
+++ b/src/BlazingComponents/BlazingComponents.csproj
@@ -7,8 +7,8 @@
-
-
+
+
diff --git a/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj b/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj
index ea53b19..d22e4b5 100644
--- a/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj
+++ b/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj
@@ -8,8 +8,8 @@
-
-
+
+
diff --git a/src/BlazingPizza.Orders/OrdersService.cs b/src/BlazingPizza.Orders/OrdersService.cs
index b989c68..c52deb8 100644
--- a/src/BlazingPizza.Orders/OrdersService.cs
+++ b/src/BlazingPizza.Orders/OrdersService.cs
@@ -14,7 +14,6 @@ public class OrdersService
public OrdersService(IConfiguration configuration)
{
- Console.WriteLine($"Conn: {_configuration["Data:Connection"]}");
_configuration = configuration;
var client = new MongoClient(_configuration["Data:Connection"]);
var database = client.GetDatabase(_configuration["Data:Database"]);
diff --git a/src/BlazingPizza.Web/Auth/UserController.cs b/src/BlazingPizza.Web/Auth/UserController.cs
index eb722f4..89a68a3 100644
--- a/src/BlazingPizza.Web/Auth/UserController.cs
+++ b/src/BlazingPizza.Web/Auth/UserController.cs
@@ -1,5 +1,6 @@
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
using Microsoft.AspNetCore.Authentication.Twitter;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
@@ -30,7 +31,7 @@ public async Task SignIn(string redirectUri)
}
await HttpContext.ChallengeAsync(
- TwitterDefaults.AuthenticationScheme,
+ MicrosoftAccountDefaults.AuthenticationScheme,
new AuthenticationProperties { RedirectUri = redirectUri });
}
diff --git a/src/BlazingPizza.Web/BlazingPizza.Web.csproj b/src/BlazingPizza.Web/BlazingPizza.Web.csproj
index 25f3b21..a1471e8 100644
--- a/src/BlazingPizza.Web/BlazingPizza.Web.csproj
+++ b/src/BlazingPizza.Web/BlazingPizza.Web.csproj
@@ -14,6 +14,7 @@
+
all
diff --git a/src/BlazingPizza.Web/Program.cs b/src/BlazingPizza.Web/Program.cs
index 08f547e..5c438e6 100644
--- a/src/BlazingPizza.Web/Program.cs
+++ b/src/BlazingPizza.Web/Program.cs
@@ -20,6 +20,10 @@ public static void Main(string[] args)
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
+ .ConfigureAppConfiguration(config =>
+ {
+ config.AddKeyPerFile("/config", true);
+ })
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup();
diff --git a/src/BlazingPizza.Web/Startup.cs b/src/BlazingPizza.Web/Startup.cs
index b586db4..31fdd7d 100644
--- a/src/BlazingPizza.Web/Startup.cs
+++ b/src/BlazingPizza.Web/Startup.cs
@@ -11,6 +11,7 @@
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.Extensions.Configuration;
@@ -55,10 +56,10 @@ public void ConfigureServices(IServiceCollection services)
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
- .AddTwitter(twitterOptions =>
+ .AddMicrosoftAccount(options =>
{
- twitterOptions.ConsumerKey = Configuration["Authentication:Twitter:ConsumerKey"];
- twitterOptions.ConsumerSecret = Configuration["Authentication:Twitter:ConsumerSecret"];
+ options.ClientId = Configuration["Authentication:Twitter:ConsumerKey"];
+ options.ClientSecret = Configuration["Authentication:Twitter:ConsumerSecret"];
});
services.AddServerSideBlazor();
@@ -75,20 +76,26 @@ public void ConfigureServices(IServiceCollection services)
client.DefaultRequestVersion = HttpVersion.Version20;
});
- services.AddHttpClient("auth", client =>
+ services.AddGrpcClient(c =>
{
- client.BaseAddress = new Uri(Configuration["Services:Auth"]);
+ c.Address = new Uri(Configuration["Services:Orders"]);
});
- services.AddGrpcClient(c =>
+ services.Configure(options =>
{
- c.Address = new Uri(Configuration["Services:Orders"]);
+ options.ForwardedHeaders =
+ ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+ //TODO: This should be configuration from the cluster telling the app what
+ //IP ranges are possible for proxies in the cluster.
+ options.KnownNetworks.Clear();
+ options.KnownProxies.Clear();
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
+ app.UseForwardedHeaders();
app.UseResponseCompression();
if (env.IsDevelopment())
diff --git a/src/BlazingPizza.Web/appsettings.Development.json b/src/BlazingPizza.Web/appsettings.Development.json
index 19b9938..90899ca 100644
--- a/src/BlazingPizza.Web/appsettings.Development.json
+++ b/src/BlazingPizza.Web/appsettings.Development.json
@@ -8,8 +8,8 @@
},
"Authentication": {
"Twitter": {
- "ConsumerKey": "U9DbAaVcDPYO3RVFlDo4w",
- "ConsumerSecret": "l6HWZa8F5MJmbBkGSzL6gMjgZMererT5KROxAzws9o"
+ "ConsumerKey": "iITmb8albSxRJJy7LAeEa6emJ",
+ "ConsumerSecret": "FFW9blJ5XpyNs5ByUHkbKNZsMG0vNs8ZrlatV4OgI8KWTlmpxn"
}
},
"Services": {
diff --git a/src/BlazingPizza.Web/appsettings.json b/src/BlazingPizza.Web/appsettings.json
index 92a858e..73b19c6 100644
--- a/src/BlazingPizza.Web/appsettings.json
+++ b/src/BlazingPizza.Web/appsettings.json
@@ -7,7 +7,7 @@
}
},
"Authentication": {
- "Twitter": {
+ "Microsoft": {
"ConsumerKey": "U9DbAaVcDPYO3RVFlDo4w",
"ConsumerSecret": "l6HWZa8F5MJmbBkGSzL6gMjgZMererT5KROxAzws9o"
}
diff --git a/src/k8s/cert.yaml b/src/k8s/cert.yaml
new file mode 100644
index 0000000..ea912e7
--- /dev/null
+++ b/src/k8s/cert.yaml
@@ -0,0 +1,18 @@
+apiVersion: certmanager.k8s.io/v1alpha2
+kind: Certificate
+metadata:
+ name: blazing-web
+ namespace: default
+spec:
+ secretName: blazingmicropizzas-tls-secret
+ dnsNames:
+ - blazingmicropizzas.westus2.cloudapp.azure.com
+ acme:
+ config:
+ - http01:
+ ingressClass: nginx
+ domains:
+ - blazingmicropizzas.westus2.cloudapp.azure.com
+ issuerRef:
+ name: letsencrypt-staging
+ kind: ClusterIssuer
\ No newline at end of file
diff --git a/src/k8s/ingress.yaml b/src/k8s/ingress.yaml
new file mode 100644
index 0000000..242d361
--- /dev/null
+++ b/src/k8s/ingress.yaml
@@ -0,0 +1,21 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: blazing-web-ingress
+ namespace: micropizzas
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ certmanager.k8s.io/cluster-issuer: letsencrypt
+spec:
+ tls:
+ - hosts:
+ - blazingpizzas.westus2.cloudapp.azure.com
+ secretName: tls-secret
+ rules:
+ - host: blazingpizzas.westus2.cloudapp.azure.com
+ http:
+ paths:
+ - backend:
+ serviceName: web
+ servicePort: 80
+ path: /
\ No newline at end of file
diff --git a/src/k8s/issuer.yaml b/src/k8s/issuer.yaml
new file mode 100644
index 0000000..d7f20b9
--- /dev/null
+++ b/src/k8s/issuer.yaml
@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+spec:
+ acme:
+ # You must replace this email address with your own.
+ # Let's Encrypt will use this to contact you about expiring
+ # certificates, and issues related to your account.
+ email: glennc@microsoft.com
+ server: https://acme-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ # Secret resource used to store the account's private key.
+ name: letsencrypt-prod-issuer-account-key
+ # Add a single challenge solver, HTTP01 using nginx
+ solvers:
+ - http01:
+ ingress:
+ class: nginx
\ No newline at end of file
diff --git a/src/k8s/menu.yaml b/src/k8s/menu.yaml
new file mode 100644
index 0000000..551fe07
--- /dev/null
+++ b/src/k8s/menu.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: menu
+spec:
+ selector:
+ app: blazingpizza
+ tier: backend
+ role: menu
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: menu
+spec:
+ selector:
+ matchLabels:
+ app: blazingpizza
+ tier: backend
+ role: menu
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: blazingpizza
+ tier: backend
+ role: menu
+ spec:
+ containers:
+ - name: menu
+ image: "blazingreg.azurecr.io/blazingpizzamenu"
+ ports:
+ - name: http
+ containerPort: 80
\ No newline at end of file
diff --git a/src/k8s/orders.yml b/src/k8s/orders.yml
new file mode 100644
index 0000000..3669fa4
--- /dev/null
+++ b/src/k8s/orders.yml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: orders
+spec:
+ selector:
+ app: blazingpizza
+ tier: backend
+ role: orders
+ ports:
+ - protocol: TCP
+ port: 5555
+ targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: orders
+spec:
+ selector:
+ matchLabels:
+ app: blazingpizza
+ tier: backend
+ role: orders
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: blazingpizza
+ tier: backend
+ role: orders
+ spec:
+ containers:
+ - name: orders
+ image: "blazingreg.azurecr.io/blazingpizzaorders"
+ ports:
+ - name: http
+ containerPort: 5555
+ imagePullPolicy: Always
+ volumeMounts:
+ - name: config-volume
+ mountPath: /config
+ volumes:
+ - name: config-volume
+ secret:
+ secretName:
+ orders-secrets
\ No newline at end of file
diff --git a/src/k8s/ordersdata.yaml b/src/k8s/ordersdata.yaml
new file mode 100644
index 0000000..bcad682
--- /dev/null
+++ b/src/k8s/ordersdata.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: orders-data
+spec:
+ selector:
+ app: blazingpizza
+ tier: backend
+ role: orders-data
+ ports:
+ - protocol: TCP
+ port: 27017
+ targetPort: mongo
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: menu
+spec:
+ selector:
+ matchLabels:
+ app: blazingpizza
+ tier: backend
+ role: orders-data
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: blazingpizza
+ tier: backend
+ role: orders-data
+ spec:
+ containers:
+ - name: orders-data
+ image: "blazingreg.azurecr.io/mongo"
+ ports:
+ - name: http
+ containerPort: 27017
\ No newline at end of file
diff --git a/src/k8s/web.yaml b/src/k8s/web.yaml
new file mode 100644
index 0000000..bf345f0
--- /dev/null
+++ b/src/k8s/web.yaml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: web
+spec:
+ type: ClusterIP
+ selector:
+ app: blazingpizza
+ tier: frontent
+ role: web
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: http
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: web
+spec:
+ selector:
+ matchLabels:
+ app: blazingpizza
+ tier: frontent
+ role: web
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: blazingpizza
+ tier: frontent
+ role: web
+ spec:
+ containers:
+ - name: web
+ image: "blazingreg.azurecr.io/blazingpizzaweb"
+ ports:
+ - name: http
+ containerPort: 80
+ volumeMounts:
+ - name: twitter-auth-secrets
+ mountPath: /config
+ readOnly: true
+ volumes:
+ - name: twitter-auth-secrets
+ secret:
+ secretName:
+ blazing-twitter-secrets