Merge pull request #225 from abpframework/gterdem/v8_k8s_update

Update Kubernetes deployment to v8
abpframework · Jan 16, 2024 · 42655a2 · 42655a2
2 parents a8abe11 + c05333a
commit 42655a2
Show file tree

Hide file tree

Showing 58 changed files with 1,389 additions and 832 deletions.
diff --git a/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs b/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs
@@ -215,7 +215,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
                 {
                     // Intercept the redirection so the browser navigates to the right URL in your host
                     ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"].EnsureEndsWith('/') +
-                                                        "connect/authorize";
+                                                        "protocol/openid-connect/auth";
 
                     if (previousOnRedirectToIdentityProvider != null)
                     {
@@ -228,7 +228,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
                 {
                     // Intercept the redirection for signout so the browser navigates to the right URL in your host
                     ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"].EnsureEndsWith('/') +
-                                                        "connect/endsession";
+                                                        "protocol/openid-connect/logout";
 
                     if (previousOnRedirectToIdentityProviderForSignOut != null)
                     {

diff --git a/etc/README.md b/etc/README.md
@@ -73,7 +73,7 @@ mkcert -install
 
 Create certificate for the eshopOnAbp domains using the mkcert command below:
 ```powershell
-mkcert "eshop-st-web" "eshop-st-public-web" "eshop-st-authserver" "eshop-st-identity" "eshop-st-administration" "eshop-st-basket" "eshop-st-catalog" "eshop-st-ordering" "eshop-st-cmskit" "eshop-st-payment" "eshop-st-gateway-web" "eshop-st-gateway-web-public"
+mkcert "eshoponabp.dev" "*.eshoponabp.dev"
 ```
 
 At the end of the output you will see something like
@@ -84,5 +84,5 @@ Copy the cert name and key name below to create tls secret
 
 ```powershell
 kubectl create namespace eshop
-kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshop-st-web+10.pem  --key=./eshop-st-web+10-key.pem
+kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshoponabp.dev+1.pem  --key=./eshoponabp.dev+1-key.pem
 ```
diff --git a/etc/k8s/eshoponabp/README.md b/etc/k8s/eshoponabp/README.md
@@ -44,37 +44,38 @@ mkcert -install
 
 Create certificate for the eshopOnAbp domains using the mkcert command below:
 ```powershell
-mkcert "eshop-st-web" "eshop-st-public-web" "eshop-st-authserver" "eshop-st-identity" "eshop-st-administration" "eshop-st-basket" "eshop-st-catalog" "eshop-st-ordering" "eshop-st-cmskit" "eshop-st-payment" "eshop-st-gateway-web" "eshop-st-gateway-web-public"
+mkcert "eshoponabp.dev" "*.eshoponabp.dev"
 ```
 
 At the end of the output you will see something like
 
-The certificate is at "./eshop-st-web+10.pem" and the key at "./eshop-st-web+10-key.pem"
+The certificate is at "./eshoponabp.dev+1.pem" and the key at "./eshoponabp.dev+1-key.pem"
 
 Copy the cert name and key name below to create tls secret
 
 ```powershell
 kubectl create namespace eshop
-kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshop-st-web+10.pem --key=./eshop-st-web+10-key.pem
+kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshoponabp.dev+1.pem --key=./eshoponabp.dev+1-key.pem
 ```
 
 ## How to run?
 
 * Add entries to the hosts file (in Windows: `C:\Windows\System32\drivers\etc\hosts`, in linux and macos: `/etc/hosts` ):
 
   ````powershell
-  127.0.0.1 eshop-st-web
-  127.0.0.1 eshop-st-public-web
-  127.0.0.1 eshop-st-authserver
-  127.0.0.1 eshop-st-identity
-  127.0.0.1 eshop-st-administration
-  127.0.0.1 eshop-st-basket
-  127.0.0.1 eshop-st-catalog
-  127.0.0.1 eshop-st-ordering
-  127.0.0.1 eshop-st-cmskit
-  127.0.0.1 eshop-st-payment
-  127.0.0.1 eshop-st-gateway-web
-  127.0.0.1 eshop-st-gateway-web-public
+127.0.0.1 admin.eshoponabp.dev
+127.0.0.1 eshoponabp.dev
+127.0.0.1 account.eshoponabp.dev
+127.0.0.1 identity.eshoponabp.dev
+127.0.0.1 administration.eshoponabp.dev
+127.0.0.1 product.eshoponabp.dev
+127.0.0.1 basket.eshoponabp.dev
+127.0.0.1 catalog.eshoponabp.dev
+127.0.0.1 ordering.eshoponabp.dev
+127.0.0.1 cmskit.eshoponabp.dev
+127.0.0.1 payment.eshoponabp.dev
+127.0.0.1 gateway-web.eshoponabp.dev
+127.0.0.1 gateway-public.eshoponabp.dev
   ````
 
 * Run `helm upgrade --install eshop-st abp-charts/eshoponabp --namespace eshop --create-namespace`

diff --git a/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml b/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml
@@ -17,7 +17,7 @@ spec:
         name: {{ .Release.Name }}-{{ .Chart.Name }}
         ports:
         - name: http
-          containerPort: 80
+          containerPort: 8080
         - name: https
           containerPort: 443
         env:
@@ -29,10 +29,6 @@ spec:
           value: "{{ .Values.config.remoteServices.useCurrentToken }}" 
         - name: App__CorsOrigins
           value: "{{ .Values.config.corsOrigins }}"
-        - name: IdentityClients__Default__Authority
-          value: "{{ .Values.synchedCommunication.authority }}"
-        - name: IdentityClients__Default__RequireHttps
-          value: "{{ .Values.config.authServer.requireHttpsMetadata }}"
         - name: "ConnectionStrings__AdministrationService"
           value: "{{ .Values.config.connectionStrings.administrationService }}"
         - name: "DOTNET_ENVIRONMENT"
@@ -43,6 +39,8 @@ spec:
           value: "{{ .Values.config.authServer.authority }}"
         - name: "AuthServer__RequireHttpsMetadata"
           value: "{{ .Values.config.authServer.requireHttpsMetadata }}"
+        - name: "AuthServer__MetadataAddress"
+          value: "{{ .Values.config.authServer.metadataAddress }}"
         - name: "AuthServer__SwaggerClientId"
           value: "{{ .Values.config.authServer.swaggerClientId }}"
         - name: "AuthServer__SwaggerClientSecret"

diff --git a/etc/k8s/eshoponabp/charts/administration/templates/administration-service.yaml b/etc/k8s/eshoponabp/charts/administration/templates/administration-service.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   ports:
     - name: "80"
-      port: 80
+      port: 8080
     - name: "443"
       port: 443
   selector:

diff --git a/etc/k8s/eshoponabp/charts/administration/values.yaml b/etc/k8s/eshoponabp/charts/administration/values.yaml
@@ -4,10 +4,10 @@ config:
   connectionStrings:
     administrationService: #
   authServer:
-    authority: http://eshop-st-authserver
+    authority: http://eshop-st-keycloak:8080
     requireHttpsMetadata: "false"
+    metadataAddress: http://eshop-st-keycloak:8080
     swaggerClientId: WebGateway_Swagger
-    swaggerClientSecret: "1q2w3e*"
   remoteServices:
     abpIdentityBaseUrl: #
     useCurrentToken: "false"
@@ -25,7 +25,7 @@ synchedCommunication:
   scope: # "IdentityService"
 
 ingress:
-  host: eshop-st-administration
+  host: administration.eshoponabp.dev
   tlsSecret: eshop-wildcard-tls
 
 image:

diff --git a/etc/k8s/eshoponabp/charts/authserver/Chart.yaml b/etc/k8s/eshoponabp/charts/authserver/Chart.yaml
diff --git a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-deployment.yaml b/etc/k8s/eshoponabp/charts/authserver/templates/authserver-deployment.yaml
diff --git a/etc/k8s/eshoponabp/charts/authserver/values-st.yaml b/etc/k8s/eshoponabp/charts/authserver/values-st.yaml
diff --git a/etc/k8s/eshoponabp/charts/authserver/values.yaml b/etc/k8s/eshoponabp/charts/authserver/values.yaml
diff --git a/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml b/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml
@@ -17,7 +17,7 @@ spec:
         name: {{ .Release.Name }}-{{ .Chart.Name }}
         ports:
         - name: http
-          containerPort: 80
+          containerPort: 8080
         - name: https
           containerPort: 443
         env:
@@ -39,6 +39,8 @@ spec:
           value: "{{ .Values.config.authServer.authority }}"
         - name: "AuthServer__RequireHttpsMetadata"
           value: "{{ .Values.config.authServer.requireHttpsMetadata }}"
+        - name: "AuthServer__MetadataAddress"
+          value: "{{ .Values.config.authServer.metadataAddress }}"
         - name: "AuthServer__SwaggerClientId"
           value: "{{ .Values.config.swaggerClientId }}"
         - name: "AuthServer__SwaggerClientSecret"

diff --git a/etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml b/etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   ports:
     - name: "80"
-      port: 80
+      port: 8080
     - name: "443"
       port: 443
   selector:

diff --git a/etc/k8s/eshoponabp/charts/basket/values.yaml b/etc/k8s/eshoponabp/charts/basket/values.yaml
@@ -6,6 +6,7 @@ config:
   authServer:
     authority: http://eshop-st-authserver
     requireHttpsMetadata: "false"
+    metadataAddress: http://eshop-st-keycloak:8080
     swaggerClientId: "WebGateway_Swagger"
     swaggerClientSecret: "1q2w3e*"
   dotnetEnv: Staging

diff --git a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml
@@ -17,14 +17,14 @@ spec:
         name: {{ .Release.Name }}-{{ .Chart.Name }}
         ports:
         - name: http
-          containerPort: 80
+          containerPort: 8080
           protocol: TCP
         - name: grpc
           containerPort: 81
           protocol: TCP
         env:
         - name: "ASPNETCORE_URLS"
-          value: "http://+:80;http://+:81" 
+          value: "http://+:8080;http://+:81" 
         - name: "DOTNET_ENVIRONMENT"
           value: "{{ .Values.config.dotnetEnv }}"         
         - name: App__SelfUrl
@@ -45,6 +45,8 @@ spec:
           value: "{{ .Values.config.authServer.authority }}"
         - name: "AuthServer__RequireHttpsMetadata"
           value: "{{ .Values.config.authServer.requireHttpsMetadata }}"
+        - name: "AuthServer__MetadataAddress"
+          value: "{{ .Values.config.authServer.metadataAddress }}"
         - name: "AuthServer__SwaggerClientId"
           value: "{{ .Values.config.authServer.swaggerClientId }}"
         - name: "AuthServer__SwaggerClientSecret"

diff --git a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-service.yaml b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-service.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   ports:
     - name: "http"
-      port: 80
+      port: 8080
       targetPort: http
       protocol: TCP
     - name: grpc

diff --git a/etc/k8s/eshoponabp/charts/catalog/values.yaml b/etc/k8s/eshoponabp/charts/catalog/values.yaml
@@ -7,6 +7,7 @@ config:
   authServer:
     authority: http://eshop-st-authserver
     requireHttpsMetadata: "false"
+    metadataAddress: http://eshop-st-keycloak:8080
     swaggerClientId: WebGateway_Swagger
     swaggerClientSecret: "1q2w3e*"
   dotnetEnv: Staging
@@ -16,7 +17,7 @@ config:
   stringEncryptionDefaultPassPhrase: gsKnGZ041HLL4IM8
   grpcPort: 81
   kestrel:
-    httpUrl: http://eshop-st-catalog:80
+    httpUrl: http://eshop-st-catalog:8080
     httpProtocols: Http1AndHttp2
     grpcUrl: http://eshop-st-catalog:81
     grpcProtocols: Http2

diff --git a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml
@@ -17,7 +17,7 @@ spec:
         name: {{ .Release.Name }}-{{ .Chart.Name }}
         ports:
         - name: http
-          containerPort: 80
+          containerPort: 8080
         - name: https
           containerPort: 443
         env:
@@ -41,6 +41,8 @@ spec:
           value: "{{ .Values.config.authServer.authority }}"
         - name: "AuthServer__RequireHttpsMetadata"
           value: "{{ .Values.config.authServer.requireHttpsMetadata }}"
+        - name: "AuthServer__MetadataAddress"
+          value: "{{ .Values.config.authServer.metadataAddress }}"
         - name: "AuthServer__SwaggerClientId"
           value: "{{ .Values.config.authServer.swaggerClientId }}"
         - name: "AuthServer__SwaggerClientSecret"

diff --git a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
   ports:
     - name: "80"
-      port: 80
+      port: 8080
     - name: "443"
       port: 443
   selector:

diff --git a/etc/k8s/eshoponabp/charts/cmskit/values.yaml b/etc/k8s/eshoponabp/charts/cmskit/values.yaml
@@ -7,6 +7,7 @@ config:
   authServer:
     authority: http://eshop-st-authserver
     requireHttpsMetadata: "false"
+    metadataAddress: http://eshop-st-keycloak:8080
     swaggerClientId: WebGateway_Swagger
     swaggerClientSecret: "1q2w3e*"
   remoteServices: