From e7c54cd043322758df8c9146adac378495745ab1 Mon Sep 17 00:00:00 2001 From: glennc Date: Thu, 14 Nov 2019 15:42:08 -0800 Subject: [PATCH] running on a cluster. --- .gitignore | 1 + issuer.yaml | 12 +++++ .../BlazingComponents.csproj | 4 +- .../BlazingPizza.ComponentsLibrary.csproj | 4 +- src/BlazingPizza.Orders/OrdersService.cs | 1 - src/BlazingPizza.Web/Auth/UserController.cs | 3 +- src/BlazingPizza.Web/BlazingPizza.Web.csproj | 1 + src/BlazingPizza.Web/Program.cs | 4 ++ src/BlazingPizza.Web/Startup.cs | 21 +++++--- .../appsettings.Development.json | 4 +- src/BlazingPizza.Web/appsettings.json | 2 +- src/k8s/cert.yaml | 18 +++++++ src/k8s/ingress.yaml | 21 ++++++++ src/k8s/issuer.yaml | 19 ++++++++ src/k8s/menu.yaml | 38 +++++++++++++++ src/k8s/orders.yml | 47 ++++++++++++++++++ src/k8s/ordersdata.yaml | 38 +++++++++++++++ src/k8s/web.yaml | 48 +++++++++++++++++++ 18 files changed, 270 insertions(+), 16 deletions(-) create mode 100644 issuer.yaml create mode 100644 src/k8s/cert.yaml create mode 100644 src/k8s/ingress.yaml create mode 100644 src/k8s/issuer.yaml create mode 100644 src/k8s/menu.yaml create mode 100644 src/k8s/orders.yml create mode 100644 src/k8s/ordersdata.yaml create mode 100644 src/k8s/web.yaml diff --git a/.gitignore b/.gitignore index 701b69a..f11b09e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +/src/k8s/config/* ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. ## diff --git a/issuer.yaml b/issuer.yaml new file mode 100644 index 0000000..0a98fcc --- /dev/null +++ b/issuer.yaml @@ -0,0 +1,12 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: ClusterIssuer +metadata: + name: letsencrypt + namespace: ingress +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: glennc@microsoft.com + privateKeySecretRef: + name: letsencrypt + http01: {} \ No newline at end of file diff --git a/src/BlazingComponents/BlazingComponents.csproj b/src/BlazingComponents/BlazingComponents.csproj index 0c49049..d0965d5 100644 --- a/src/BlazingComponents/BlazingComponents.csproj +++ b/src/BlazingComponents/BlazingComponents.csproj @@ -7,8 +7,8 @@ - - + + diff --git a/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj b/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj index ea53b19..d22e4b5 100644 --- a/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj +++ b/src/BlazingPizza.ComponentsLibrary/BlazingPizza.ComponentsLibrary.csproj @@ -8,8 +8,8 @@ - - + + diff --git a/src/BlazingPizza.Orders/OrdersService.cs b/src/BlazingPizza.Orders/OrdersService.cs index b989c68..c52deb8 100644 --- a/src/BlazingPizza.Orders/OrdersService.cs +++ b/src/BlazingPizza.Orders/OrdersService.cs @@ -14,7 +14,6 @@ public class OrdersService public OrdersService(IConfiguration configuration) { - Console.WriteLine($"Conn: {_configuration["Data:Connection"]}"); _configuration = configuration; var client = new MongoClient(_configuration["Data:Connection"]); var database = client.GetDatabase(_configuration["Data:Database"]); diff --git a/src/BlazingPizza.Web/Auth/UserController.cs b/src/BlazingPizza.Web/Auth/UserController.cs index eb722f4..89a68a3 100644 --- a/src/BlazingPizza.Web/Auth/UserController.cs +++ b/src/BlazingPizza.Web/Auth/UserController.cs @@ -1,5 +1,6 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Authentication.MicrosoftAccount; using Microsoft.AspNetCore.Authentication.Twitter; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; @@ -30,7 +31,7 @@ public async Task SignIn(string redirectUri) } await HttpContext.ChallengeAsync( - TwitterDefaults.AuthenticationScheme, + MicrosoftAccountDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = redirectUri }); } diff --git a/src/BlazingPizza.Web/BlazingPizza.Web.csproj b/src/BlazingPizza.Web/BlazingPizza.Web.csproj index 25f3b21..a1471e8 100644 --- a/src/BlazingPizza.Web/BlazingPizza.Web.csproj +++ b/src/BlazingPizza.Web/BlazingPizza.Web.csproj @@ -14,6 +14,7 @@ + all diff --git a/src/BlazingPizza.Web/Program.cs b/src/BlazingPizza.Web/Program.cs index 08f547e..5c438e6 100644 --- a/src/BlazingPizza.Web/Program.cs +++ b/src/BlazingPizza.Web/Program.cs @@ -20,6 +20,10 @@ public static void Main(string[] args) public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) + .ConfigureAppConfiguration(config => + { + config.AddKeyPerFile("/config", true); + }) .ConfigureWebHostDefaults(webBuilder => { webBuilder.UseStartup(); diff --git a/src/BlazingPizza.Web/Startup.cs b/src/BlazingPizza.Web/Startup.cs index b586db4..31fdd7d 100644 --- a/src/BlazingPizza.Web/Startup.cs +++ b/src/BlazingPizza.Web/Startup.cs @@ -11,6 +11,7 @@ using Microsoft.AspNetCore.Components.Authorization; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.HttpsPolicy; using Microsoft.AspNetCore.ResponseCompression; using Microsoft.Extensions.Configuration; @@ -55,10 +56,10 @@ public void ConfigureServices(IServiceCollection services) options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie() - .AddTwitter(twitterOptions => + .AddMicrosoftAccount(options => { - twitterOptions.ConsumerKey = Configuration["Authentication:Twitter:ConsumerKey"]; - twitterOptions.ConsumerSecret = Configuration["Authentication:Twitter:ConsumerSecret"]; + options.ClientId = Configuration["Authentication:Twitter:ConsumerKey"]; + options.ClientSecret = Configuration["Authentication:Twitter:ConsumerSecret"]; }); services.AddServerSideBlazor(); @@ -75,20 +76,26 @@ public void ConfigureServices(IServiceCollection services) client.DefaultRequestVersion = HttpVersion.Version20; }); - services.AddHttpClient("auth", client => + services.AddGrpcClient(c => { - client.BaseAddress = new Uri(Configuration["Services:Auth"]); + c.Address = new Uri(Configuration["Services:Orders"]); }); - services.AddGrpcClient(c => + services.Configure(options => { - c.Address = new Uri(Configuration["Services:Orders"]); + options.ForwardedHeaders = + ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + //TODO: This should be configuration from the cluster telling the app what + //IP ranges are possible for proxies in the cluster. + options.KnownNetworks.Clear(); + options.KnownProxies.Clear(); }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { + app.UseForwardedHeaders(); app.UseResponseCompression(); if (env.IsDevelopment()) diff --git a/src/BlazingPizza.Web/appsettings.Development.json b/src/BlazingPizza.Web/appsettings.Development.json index 19b9938..90899ca 100644 --- a/src/BlazingPizza.Web/appsettings.Development.json +++ b/src/BlazingPizza.Web/appsettings.Development.json @@ -8,8 +8,8 @@ }, "Authentication": { "Twitter": { - "ConsumerKey": "U9DbAaVcDPYO3RVFlDo4w", - "ConsumerSecret": "l6HWZa8F5MJmbBkGSzL6gMjgZMererT5KROxAzws9o" + "ConsumerKey": "iITmb8albSxRJJy7LAeEa6emJ", + "ConsumerSecret": "FFW9blJ5XpyNs5ByUHkbKNZsMG0vNs8ZrlatV4OgI8KWTlmpxn" } }, "Services": { diff --git a/src/BlazingPizza.Web/appsettings.json b/src/BlazingPizza.Web/appsettings.json index 92a858e..73b19c6 100644 --- a/src/BlazingPizza.Web/appsettings.json +++ b/src/BlazingPizza.Web/appsettings.json @@ -7,7 +7,7 @@ } }, "Authentication": { - "Twitter": { + "Microsoft": { "ConsumerKey": "U9DbAaVcDPYO3RVFlDo4w", "ConsumerSecret": "l6HWZa8F5MJmbBkGSzL6gMjgZMererT5KROxAzws9o" } diff --git a/src/k8s/cert.yaml b/src/k8s/cert.yaml new file mode 100644 index 0000000..ea912e7 --- /dev/null +++ b/src/k8s/cert.yaml @@ -0,0 +1,18 @@ +apiVersion: certmanager.k8s.io/v1alpha2 +kind: Certificate +metadata: + name: blazing-web + namespace: default +spec: + secretName: blazingmicropizzas-tls-secret + dnsNames: + - blazingmicropizzas.westus2.cloudapp.azure.com + acme: + config: + - http01: + ingressClass: nginx + domains: + - blazingmicropizzas.westus2.cloudapp.azure.com + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer \ No newline at end of file diff --git a/src/k8s/ingress.yaml b/src/k8s/ingress.yaml new file mode 100644 index 0000000..242d361 --- /dev/null +++ b/src/k8s/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: blazing-web-ingress + namespace: micropizzas + annotations: + kubernetes.io/ingress.class: nginx + certmanager.k8s.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: + - blazingpizzas.westus2.cloudapp.azure.com + secretName: tls-secret + rules: + - host: blazingpizzas.westus2.cloudapp.azure.com + http: + paths: + - backend: + serviceName: web + servicePort: 80 + path: / \ No newline at end of file diff --git a/src/k8s/issuer.yaml b/src/k8s/issuer.yaml new file mode 100644 index 0000000..d7f20b9 --- /dev/null +++ b/src/k8s/issuer.yaml @@ -0,0 +1,19 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: glennc@microsoft.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + # Secret resource used to store the account's private key. + name: letsencrypt-prod-issuer-account-key + # Add a single challenge solver, HTTP01 using nginx + solvers: + - http01: + ingress: + class: nginx \ No newline at end of file diff --git a/src/k8s/menu.yaml b/src/k8s/menu.yaml new file mode 100644 index 0000000..551fe07 --- /dev/null +++ b/src/k8s/menu.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: menu +spec: + selector: + app: blazingpizza + tier: backend + role: menu + ports: + - protocol: TCP + port: 80 + targetPort: http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: menu +spec: + selector: + matchLabels: + app: blazingpizza + tier: backend + role: menu + replicas: 1 + template: + metadata: + labels: + app: blazingpizza + tier: backend + role: menu + spec: + containers: + - name: menu + image: "blazingreg.azurecr.io/blazingpizzamenu" + ports: + - name: http + containerPort: 80 \ No newline at end of file diff --git a/src/k8s/orders.yml b/src/k8s/orders.yml new file mode 100644 index 0000000..3669fa4 --- /dev/null +++ b/src/k8s/orders.yml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Service +metadata: + name: orders +spec: + selector: + app: blazingpizza + tier: backend + role: orders + ports: + - protocol: TCP + port: 5555 + targetPort: http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: orders +spec: + selector: + matchLabels: + app: blazingpizza + tier: backend + role: orders + replicas: 1 + template: + metadata: + labels: + app: blazingpizza + tier: backend + role: orders + spec: + containers: + - name: orders + image: "blazingreg.azurecr.io/blazingpizzaorders" + ports: + - name: http + containerPort: 5555 + imagePullPolicy: Always + volumeMounts: + - name: config-volume + mountPath: /config + volumes: + - name: config-volume + secret: + secretName: + orders-secrets \ No newline at end of file diff --git a/src/k8s/ordersdata.yaml b/src/k8s/ordersdata.yaml new file mode 100644 index 0000000..bcad682 --- /dev/null +++ b/src/k8s/ordersdata.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: orders-data +spec: + selector: + app: blazingpizza + tier: backend + role: orders-data + ports: + - protocol: TCP + port: 27017 + targetPort: mongo +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: menu +spec: + selector: + matchLabels: + app: blazingpizza + tier: backend + role: orders-data + replicas: 1 + template: + metadata: + labels: + app: blazingpizza + tier: backend + role: orders-data + spec: + containers: + - name: orders-data + image: "blazingreg.azurecr.io/mongo" + ports: + - name: http + containerPort: 27017 \ No newline at end of file diff --git a/src/k8s/web.yaml b/src/k8s/web.yaml new file mode 100644 index 0000000..bf345f0 --- /dev/null +++ b/src/k8s/web.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + name: web +spec: + type: ClusterIP + selector: + app: blazingpizza + tier: frontent + role: web + ports: + - protocol: TCP + port: 80 + targetPort: http +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web +spec: + selector: + matchLabels: + app: blazingpizza + tier: frontent + role: web + replicas: 1 + template: + metadata: + labels: + app: blazingpizza + tier: frontent + role: web + spec: + containers: + - name: web + image: "blazingreg.azurecr.io/blazingpizzaweb" + ports: + - name: http + containerPort: 80 + volumeMounts: + - name: twitter-auth-secrets + mountPath: /config + readOnly: true + volumes: + - name: twitter-auth-secrets + secret: + secretName: + blazing-twitter-secrets