From a22dc565b4a442ab6b94eeb187483a89c38f3905 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 13:24:43 -0500 Subject: [PATCH 01/20] Added keycloak helm chart --- etc/k8s/eshoponabp/README.md | 6 +- etc/k8s/eshoponabp/charts/keycloak/Chart.yaml | 6 ++ .../templates/keycloak-deployment.yaml | 44 ++++++++++++++ .../keycloak/templates/keycloak-ingress.yaml | 32 ++++++++++ .../keycloak/templates/keycloak-service.yaml | 16 +++++ .../eshoponabp/charts/keycloak/values.yaml | 29 +++++++++ etc/k8s/eshoponabp/values.yaml | 60 +++++++++---------- 7 files changed, 157 insertions(+), 36 deletions(-) create mode 100644 etc/k8s/eshoponabp/charts/keycloak/Chart.yaml create mode 100644 etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml create mode 100644 etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-ingress.yaml create mode 100644 etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml create mode 100644 etc/k8s/eshoponabp/charts/keycloak/values.yaml diff --git a/etc/k8s/eshoponabp/README.md b/etc/k8s/eshoponabp/README.md index 32eb6c39..f04379fb 100644 --- a/etc/k8s/eshoponabp/README.md +++ b/etc/k8s/eshoponabp/README.md @@ -44,18 +44,18 @@ mkcert -install Create certificate for the eshopOnAbp domains using the mkcert command below: ```powershell -mkcert "eshop-st-web" "eshop-st-public-web" "eshop-st-authserver" "eshop-st-identity" "eshop-st-administration" "eshop-st-basket" "eshop-st-catalog" "eshop-st-ordering" "eshop-st-cmskit" "eshop-st-payment" "eshop-st-gateway-web" "eshop-st-gateway-web-public" +mkcert "eshoponabp.dev" "*.eshoponabp.dev" ``` At the end of the output you will see something like -The certificate is at "./eshop-st-web+10.pem" and the key at "./eshop-st-web+10-key.pem" +The certificate is at "./eshoponabp.dev+1.pem" and the key at "./eshoponabp.dev+1-key.pem" Copy the cert name and key name below to create tls secret ```powershell kubectl create namespace eshop -kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshop-st-web+10.pem --key=./eshop-st-web+10-key.pem +kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshoponabp.dev+1.pem --key=./eshoponabp.dev+1-key.pem ``` ## How to run? diff --git a/etc/k8s/eshoponabp/charts/keycloak/Chart.yaml b/etc/k8s/eshoponabp/charts/keycloak/Chart.yaml new file mode 100644 index 00000000..ac04385d --- /dev/null +++ b/etc/k8s/eshoponabp/charts/keycloak/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: keycloak +appVersion: "1.0" +description: Keycloak openid-provider instance +version: 1.0.0 +type: application diff --git a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml new file mode 100644 index 00000000..8dc63177 --- /dev/null +++ b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-{{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ .Chart.Name }} + spec: + containers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/opt/keycloak/bin/kc.sh", "start", "--optimized", "--http-enabled=true", "--http-port=8080", "--hostname-strict=false", "--hostname-strict-https=false"] + name: {{ .Release.Name }}-{{ .Chart.Name }} + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + env: + - name: DB_VENDOR + value: "{{ .Values.config.dbVendor }}" + - name: DB_ADDR + value: "{{ .Values.config.dbAddr }}" + - name: DB_DATABASE + value: "{{ .Values.config.dbDatabase }}" + - name: "DB_USER" + value: "{{ .Values.config.dbUser }}" + - name: "DB_PASSWORD" + value: "{{ .Values.config.dbPassword }}" + - name: "KEYCLOAK_ADMIN" + value: "{{ .Values.config.keycloakAdmin }}" + - name: "KEYCLOAK_ADMIN_PASSWORD" + value: "{{ .Values.config.keycloakAdminPassword }}" + - name: "KC_HEALTH_ENABLED" + value: "{{ .Values.config.kcHealthEnabled }}" + {{- if .Values.env }} +{{ toYaml .Values.env | indent 8 }} + {{- end }} + \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-ingress.yaml b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-ingress.yaml new file mode 100644 index 00000000..ab2b6312 --- /dev/null +++ b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-ingress.yaml @@ -0,0 +1,32 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 32k + nginx.ingress.kubernetes.io/proxy-buffers-number: "8" + cert-manager.io/cluster-issuer: letsencrypt +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.ingress.host }} +{{- if eq .Release.Name "eshop-az" }} + secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls +{{- else }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} + rules: + - host: "{{ .Values.ingress.host }}" + http: + paths: + - path: / + + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-{{ .Chart.Name }} + port: + number: 80 \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml new file mode 100644 index 00000000..9766e240 --- /dev/null +++ b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + name: {{ .Release.Name }}-{{ .Chart.Name }} + name: {{ .Release.Name }}-{{ .Chart.Name }} +spec: + type: ClusterIP + ports: + - name: "80" + port: 8080 + - name: "443" + port: 443 + selector: + app: {{ .Release.Name }}-{{ .Chart.Name }} + diff --git a/etc/k8s/eshoponabp/charts/keycloak/values.yaml b/etc/k8s/eshoponabp/charts/keycloak/values.yaml new file mode 100644 index 00000000..ba735123 --- /dev/null +++ b/etc/k8s/eshoponabp/charts/keycloak/values.yaml @@ -0,0 +1,29 @@ +config: + dbVendor: postgres + dbAddr: eshop-st-postgresdb + dbDatabase: keycloak + dbUser: postgres + dbPassword: myPassw0rd + keycloakAdmin: admin + keycloakAdminPassword: 1q2w3E* + kcHealthEnabled: true + +ingress: + host: account.eshoponabp.dev + tlsSecret: eshop-wildcard-tls + +image: + repository: quay.io/keycloak/keycloak + tag: 19.0.2 + pullPolicy: IfNotPresent + +# command: +# - "/opt/keycloak/bin/kc.sh" +# - "start" +# - "--auto-build" +# - "--http-enabled=true" +# - "--http-port=8080" +# - "--hostname-strict=false" +# - "--hostname-strict-https=false" + +env: {} \ No newline at end of file diff --git a/etc/k8s/eshoponabp/values.yaml b/etc/k8s/eshoponabp/values.yaml index bf54e3b2..71b4bc9a 100644 --- a/etc/k8s/eshoponabp/values.yaml +++ b/etc/k8s/eshoponabp/values.yaml @@ -1,27 +1,21 @@ # auth-server sub-chart override -authserver: +keycloak: config: - selfUrl: https://eshop-st-authserver - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public,https://eshop-st-identity,https://eshop-st-administration,https://eshop-st-basket,https://eshop-st-catalog,https://eshop-st-ordering,https://eshop-st-cmskit,https://eshop-st-payment,https://eshop-st-web,https://eshop-st-public-web - allowedRedirectUrls: https://eshop-st-web - authServer: - authority: http://eshop-st-authserver - requireHttpsMetadata: "false" - swaggerClientId: WebGateway_Swagger - swaggerClientSecret: "1q2w3e*" - connectionStrings: - administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" - identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" - dotnetEnv: Staging - redisHost: eshop-st-redis - rabbitmqHost: eshop-st-rabbitmq - elasticsearchHost: eshop-st-elasticsearch + dbVendor: postgres + dbAddr: eshop-st-postgresdb + dbDatabase: keycloak + dbUser: postgres + dbPassword: myPassw0rd + keycloakAdmin: admin + keycloakAdminPassword: 1q2w3E* + kcHealthEnabled: true ingress: - host: eshop-st-authserver + host: eshop-st-keycloak tlsSecret: eshop-wildcard-tls image: - repository: "ghcr.io/volosoft/eshoponabp/app-authserver" - tag: latest + repository: quay.io/keycloak/keycloak + tag: 19.0.2 + pullPolicy: IfNotPresent # web sub-chart override web: @@ -29,7 +23,7 @@ web: selfUrl: https://eshop-st-web gatewayUrl: https://eshop-st-gateway-web authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: false responseType: "code" strictDiscoveryDocumentValidation: false @@ -47,10 +41,10 @@ public-web: selfUrl: https://eshop-st-public-web gatewayUrl: http://eshop-st-gateway-web-public/ authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" isOnProd: "false" - metaAddress: http://eshop-st-authserver + metaAddress: http://eshop-st-keycloak dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq @@ -71,7 +65,7 @@ identity: identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -107,7 +101,7 @@ administration: connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -134,7 +128,7 @@ gateway-web: corsOrigins: https://eshop-st-web globalConfigurationBaseUrl: http://eshop-st-gateway-public authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -150,7 +144,7 @@ gateway-web: tag: 1.0.0 reRoutes: accountService: - url: http://eshop-st-authserver + url: http://eshop-st-keycloak identityService: url: http://eshop-st-identity administrationService: @@ -167,7 +161,7 @@ gateway-web-public: config: selfUrl: https://eshop-st-gateway-web-public authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -183,7 +177,7 @@ gateway-web-public: tag: 1.0.0 reRoutes: accountService: - url: http://eshop-st-authserver + url: http://eshop-st-keycloak identityService: url: http://eshop-st-identity administrationService: @@ -207,7 +201,7 @@ basket: connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -234,7 +228,7 @@ catalog: catalogService: "mongodb://eshop-st-mongodb/EShopOnAbp_Catalog" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -263,7 +257,7 @@ ordering: orderingService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Ordering;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -287,7 +281,7 @@ cmskit: cmskitService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -315,7 +309,7 @@ payment: paymentService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Payment;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" From 884fbc5ec09fe5399ae212bf037ce15a5c222251 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 19:25:31 -0500 Subject: [PATCH 02/20] removed authserver chart --- .../eshoponabp/charts/authserver/Chart.yaml | 6 -- .../templates/authserver-deployment.yaml | 55 ------------------- .../templates/authserver-ingress.yaml | 32 ----------- .../templates/authserver-service.yaml | 14 ----- etc/k8s/eshoponabp/templates/NOTES.txt | 2 +- 5 files changed, 1 insertion(+), 108 deletions(-) delete mode 100644 etc/k8s/eshoponabp/charts/authserver/Chart.yaml delete mode 100644 etc/k8s/eshoponabp/charts/authserver/templates/authserver-deployment.yaml delete mode 100644 etc/k8s/eshoponabp/charts/authserver/templates/authserver-ingress.yaml delete mode 100644 etc/k8s/eshoponabp/charts/authserver/templates/authserver-service.yaml diff --git a/etc/k8s/eshoponabp/charts/authserver/Chart.yaml b/etc/k8s/eshoponabp/charts/authserver/Chart.yaml deleted file mode 100644 index 2308e945..00000000 --- a/etc/k8s/eshoponabp/charts/authserver/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: authserver -appVersion: "1.0" -description: eShopOnAbp AuthServer Application -version: 1.0.0 -type: application \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-deployment.yaml b/etc/k8s/eshoponabp/charts/authserver/templates/authserver-deployment.yaml deleted file mode 100644 index 7db227d3..00000000 --- a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-deployment.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Chart.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Chart.Name }} - spec: - containers: - - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - name: {{ .Release.Name }}-{{ .Chart.Name }} - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - env: - - name: App__SelfUrl - value: "{{ .Values.config.selfUrl }}" - - name: App__CorsOrigins - value: "{{ .Values.config.corsOrigins }}" - - name: App__RedirectAllowedUrls - value: "{{ .Values.config.allowedRedirectUrls }}" - - name: "ConnectionStrings__IdentityService" - value: "{{ .Values.config.connectionStrings.identityService }}" - - name: "ConnectionStrings__AdministrationService" - value: "{{ .Values.config.connectionStrings.administrationService }}" - - name: "AuthServer__Authority" - value: "{{ .Values.config.authServer.authority }}" - - name: "AuthServer__RequireHttpsMetadata" - value: "{{ .Values.config.authServer.requireHttpsMetadata }}" - - name: "AuthServer__SwaggerClientId" - value: "{{ .Values.config.authServer.swaggerClientId }}" - - name: "AuthServer__SwaggerClientSecret" - value: "{{ .Values.config.authServer.swaggerClientSecret }}" - - name: "DOTNET_ENVIRONMENT" - value: "{{ .Values.config.dotnetEnv }}" - - name: "Redis__Configuration" - value: "{{ .Values.config.redisHost }}" - - name: "StringEncryption__DefaultPassPhrase" - value: "{{ .Values.config.stringEncryptionDefaultPassPhrase }}" - - name: "RabbitMQ__Connections__Default__HostName" - value: "{{ .Values.config.rabbitmqHost }}" - - name: "ElasticSearch__Url" - value: "{{ .Values.config.elasticsearchHost }}" - {{- if .Values.env }} -{{ toYaml .Values.env | indent 8 }} - {{- end }} - \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-ingress.yaml b/etc/k8s/eshoponabp/charts/authserver/templates/authserver-ingress.yaml deleted file mode 100644 index ab2b6312..00000000 --- a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-buffer-size: 32k - nginx.ingress.kubernetes.io/proxy-buffers-number: "8" - cert-manager.io/cluster-issuer: letsencrypt -spec: - ingressClassName: nginx - tls: - - hosts: - - {{ .Values.ingress.host }} -{{- if eq .Release.Name "eshop-az" }} - secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls -{{- else }} - secretName: {{ .Values.ingress.tlsSecret }} -{{- end }} - rules: - - host: "{{ .Values.ingress.host }}" - http: - paths: - - path: / - - pathType: Prefix - backend: - service: - name: {{ .Release.Name }}-{{ .Chart.Name }} - port: - number: 80 \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-service.yaml b/etc/k8s/eshoponabp/charts/authserver/templates/authserver-service.yaml deleted file mode 100644 index ee157c01..00000000 --- a/etc/k8s/eshoponabp/charts/authserver/templates/authserver-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - name: {{ .Release.Name }}-{{ .Chart.Name }} - name: {{ .Release.Name }}-{{ .Chart.Name }} -spec: - ports: - - name: "80" - port: 80 - - name: "443" - port: 443 - selector: - app: {{ .Release.Name }}-{{ .Chart.Name }} diff --git a/etc/k8s/eshoponabp/templates/NOTES.txt b/etc/k8s/eshoponabp/templates/NOTES.txt index 044f1a72..dec276e9 100644 --- a/etc/k8s/eshoponabp/templates/NOTES.txt +++ b/etc/k8s/eshoponabp/templates/NOTES.txt @@ -1,6 +1,6 @@ 1. Web (Back Office) angular application URL:{{- if .Values.web.config.selfUrl }} {{ .Values.web.config.selfUrl }} {{- end }} 2. Public Web mvc application URL:{{- if index .Values "public-web" "config" "selfUrl" }} {{ index .Values "public-web" "config" "selfUrl" }} {{- end }} -3. Authentication Server URL:{{- if .Values.authserver.config.selfUrl }} {{ .Values.authserver.config.selfUrl }} +3. Authentication Server URL:{{- if .Values.keycloak.ingress.host }} {{ .Values.keycloak.ingress.host }} For RabbitMq Administration use: "kubectl port-forward services/{{ .Release.Name }}-rabbitmq 15672:15672 -n {{ .Release.Namespace }}" From c79922280a23ade23fd564f365a66c58b04275c8 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 19:49:20 -0500 Subject: [PATCH 03/20] .Net 8 breaking change - default port fix --- .../charts/administration/templates/administration-service.yaml | 2 +- etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml | 2 +- .../eshoponabp/charts/catalog/templates/catalog-service.yaml | 2 +- etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml | 2 +- .../templates/gateway-web-public-service.yaml | 2 +- .../charts/gateway-web/templates/gateway-web-service.yaml | 2 +- .../eshoponabp/charts/identity/templates/identity-service.yaml | 2 +- .../eshoponabp/charts/ordering/templates/ordering-service.yaml | 2 +- .../eshoponabp/charts/payment/templates/payment-service.yaml | 2 +- .../charts/public-web/templates/public-web-service.yaml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/administration/templates/administration-service.yaml b/etc/k8s/eshoponabp/charts/administration/templates/administration-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/administration/templates/administration-service.yaml +++ b/etc/k8s/eshoponabp/charts/administration/templates/administration-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml b/etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml +++ b/etc/k8s/eshoponabp/charts/basket/templates/basket-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-service.yaml b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-service.yaml index eae17053..3fff7172 100644 --- a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-service.yaml +++ b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "http" - port: 80 + port: 8080 targetPort: http protocol: TCP - name: grpc diff --git a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml +++ b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-service.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-service.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-service.yaml b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-service.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/identity/templates/identity-service.yaml b/etc/k8s/eshoponabp/charts/identity/templates/identity-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/identity/templates/identity-service.yaml +++ b/etc/k8s/eshoponabp/charts/identity/templates/identity-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-service.yaml b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-service.yaml +++ b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/payment/templates/payment-service.yaml b/etc/k8s/eshoponabp/charts/payment/templates/payment-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/payment/templates/payment-service.yaml +++ b/etc/k8s/eshoponabp/charts/payment/templates/payment-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: diff --git a/etc/k8s/eshoponabp/charts/public-web/templates/public-web-service.yaml b/etc/k8s/eshoponabp/charts/public-web/templates/public-web-service.yaml index ee157c01..3ae2f364 100644 --- a/etc/k8s/eshoponabp/charts/public-web/templates/public-web-service.yaml +++ b/etc/k8s/eshoponabp/charts/public-web/templates/public-web-service.yaml @@ -7,7 +7,7 @@ metadata: spec: ports: - name: "80" - port: 80 + port: 8080 - name: "443" port: 443 selector: From f8f3014b33865216e51d23849e3510cfe2a1b9c7 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 19:50:39 -0500 Subject: [PATCH 04/20] removed authserver valuee files --- .../charts/authserver/values-st.yaml | 20 ------------- .../eshoponabp/charts/authserver/values.yaml | 28 ------------------- 2 files changed, 48 deletions(-) delete mode 100644 etc/k8s/eshoponabp/charts/authserver/values-st.yaml delete mode 100644 etc/k8s/eshoponabp/charts/authserver/values.yaml diff --git a/etc/k8s/eshoponabp/charts/authserver/values-st.yaml b/etc/k8s/eshoponabp/charts/authserver/values-st.yaml deleted file mode 100644 index 785c7c41..00000000 --- a/etc/k8s/eshoponabp/charts/authserver/values-st.yaml +++ /dev/null @@ -1,20 +0,0 @@ -config: - selfUrl: https://demomicro-st-authserver.eshoponabp.com - corsOrigins: https://demomicro-st-gateway.eshoponabp.com,https://demomicro-st-gateway-public.eshoponabp.com,https://demomicro-st-identity.eshoponabp.com,https://demomicro-st-administration.eshoponabp.com,https://demomicro-st-basket.eshoponabp.com,https://demomicro-st-catalog.eshoponabp.com,https://demomicro-st-order.eshoponabp.com,https://demomicro-st-cmskit.eshoponabp.com,https://demomicro-st-payment.eshoponabp.com,https://demomicro-st-admin.eshoponabp.com,https://demomicro-st-eshoponabp.com - allowedRedirectUrls: https://demomicro-st-admin.eshoponabp.com - authServer: - authority: https://demomicro-st-authserver.eshoponabp.com - requireHttpsMetadata: "false" - connectionStrings: - administrationService: "Host=postgresdb-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" - identityService: "Host=postgresdb-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" - dotnetEnv: Production - redisHost: redis-redis - rabbitmqHost: rabbitmq-rabbitmq - elasticsearchHost: elasticsearch-elasticsearch -ingress: - host: demomicro-st-authserver.eshoponabp.com - tlsSecret: eshop-wildcard-tls -image: - repository: "volocr.azurecr.io/demomicro/app-authserver" - tag: 1.0.1 \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/authserver/values.yaml b/etc/k8s/eshoponabp/charts/authserver/values.yaml deleted file mode 100644 index c498a1ea..00000000 --- a/etc/k8s/eshoponabp/charts/authserver/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -config: - selfUrl: # https://eshop-st-authserver - corsOrigins: # https://eshop-st-identity,https://eshop-st-administration - allowedRedirectUrls: https://eshop-st-web - connectionStrings: - administrationService: # - identityService: # - authServer: - authority: http://eshop-st-authserver - requireHttpsMetadata: "false" - swaggerClientId: WebGateway_Swagger - swaggerClientSecret: "1q2w3e*" - dotnetEnv: # - redisHost: # - rabbitmqHost: # - elasticsearchHost: # - stringEncryptionDefaultPassPhrase: gsKnGZ041HLL4IM8 - -ingress: - host: eshop-st-authserver - tlsSecret: eshop-wildcard-tls - -image: - repository: eshoponabp/app-authserver - tag: latest - pullPolicy: IfNotPresent - -env: {} \ No newline at end of file From aaaab9c981dcea80ddbe75f1271eb11096ead84e Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 19:50:59 -0500 Subject: [PATCH 05/20] staging value updates --- etc/README.md | 4 +- .../templates/administration-deployment.yaml | 2 +- .../charts/administration/values.yaml | 2 +- .../gateway-web-public-configmap.yaml | 141 +++++++++---- .../charts/gateway-web-public/values.yaml | 2 - etc/k8s/eshoponabp/values.st.yaml | 190 +++++++++--------- 6 files changed, 198 insertions(+), 143 deletions(-) diff --git a/etc/README.md b/etc/README.md index 7c3e8563..bdc493da 100644 --- a/etc/README.md +++ b/etc/README.md @@ -73,7 +73,7 @@ mkcert -install Create certificate for the eshopOnAbp domains using the mkcert command below: ```powershell -mkcert "eshop-st-web" "eshop-st-public-web" "eshop-st-authserver" "eshop-st-identity" "eshop-st-administration" "eshop-st-basket" "eshop-st-catalog" "eshop-st-ordering" "eshop-st-cmskit" "eshop-st-payment" "eshop-st-gateway-web" "eshop-st-gateway-web-public" +mkcert "eshoponabp.dev" "*.eshoponabp.dev" ``` At the end of the output you will see something like @@ -84,5 +84,5 @@ Copy the cert name and key name below to create tls secret ```powershell kubectl create namespace eshop -kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshop-st-web+10.pem --key=./eshop-st-web+10-key.pem +kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshoponabp.dev+1.pem --key=./eshoponabp.dev+1-key.pem ``` diff --git a/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml b/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml index 664f5cae..889f6e8a 100644 --- a/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/charts/administration/values.yaml b/etc/k8s/eshoponabp/charts/administration/values.yaml index 139309ab..ce4c296b 100644 --- a/etc/k8s/eshoponabp/charts/administration/values.yaml +++ b/etc/k8s/eshoponabp/charts/administration/values.yaml @@ -25,7 +25,7 @@ synchedCommunication: scope: # "IdentityService" ingress: - host: eshop-st-administration + host: administration.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml index af82d679..6c210700 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml @@ -7,107 +7,172 @@ data: { "ReverseProxy": { "Routes": { - "Account Service": { - "ClusterId": "account-cluster", + "AbpApi": { + "ClusterId": "administrationCluster", "Match": { - "Path": "/api/account/{**everything}" + "Path": "/api/abp/{**catch-all}" } }, - "Administration Service": { - "ClusterId": "administration-cluster", + "IdentityService": { + "ClusterId": "identityCluster", "Match": { - "Path": "/api/abp/{**everything}" + "Path": "/api/identity/{**everything}" } }, - "Catalog Service": { - "ClusterId": "catalog-cluster", + "IdentityServiceSwagger": { + "ClusterId": "identityCluster", + "Match": { + "Path": "/swagger-json/Identity/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Identity" } + ] + }, + "FeatureManagement": { + "ClusterId": "administrationCluster", + "Match": { + "Path": "/api/feature-management/{**everything}" + } + }, + "PermissionManagement": { + "ClusterId": "administrationCluster", + "Match": { + "Path": "/api/permission-management/{**everything}" + } + }, + "SettingManagement": { + "ClusterId": "administrationCluster", + "Match": { + "Path": "/api/setting-management/{**everything}" + } + }, + "AdministrationServiceSwagger": { + "ClusterId": "administrationCluster", + "Match": { + "Path": "/swagger-json/Administration/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Administration" } + ] + }, + "CatalogService": { + "ClusterId": "catalogCluster", "Match": { "Path": "/api/catalog/{**everything}" } - }, - "Basket Service": { - "ClusterId": "basket-cluster", + }, + "CatalogServiceSwagger": { + "ClusterId": "catalogCluster", + "Match": { + "Path": "/swagger-json/Catalog/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Catalog" } + ] + }, + "product-picture-route": { + "ClusterId": "catalogCluster", + "Match": { + "Path": "/product-images/{**everything}", + "Methods": [ "GET" ] + } + }, + "BasketService": { + "ClusterId": "basketCluster", "Match": { "Path": "/api/basket/{**everything}" } }, - "Ordering Service": { - "ClusterId": "ordering-cluster", + "OrderingService": { + "ClusterId": "orderingCluster", "Match": { "Path": "/api/ordering/{**everything}" } }, - "Cmskit Service": { - "ClusterId": "cmskit-cluster", + "OrderingServiceSwagger": { + "ClusterId": "orderingCluster", + "Match": { + "Path": "/swagger-json/Ordering/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Ordering" } + ] + }, + "CmskitService": { + "ClusterId": "cmskitCluster", "Match": { "Path": "/api/cmskit/{**everything}" } }, - "Payment Service": { - "ClusterId": "payment-cluster", + "CmskitServiceSwagger": { + "ClusterId": "cmskitCluster", + "Match": { + "Path": "/swagger-json/Cmskit/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Cmskit" } + ] + }, + "PaymentService": { + "ClusterId": "paymentCluster", "Match": { "Path": "/api/payment/{**everything}" } }, - "product-picture-route": { - "ClusterId": "product-picture-cluster", + "PaymentServiceSwagger": { + "ClusterId": "paymentCluster", "Match": { - "Path": "/product-images/{**everything}", - "Methods" : [ "GET" ] - } - } + "Path": "/swagger-json/payment/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/payment" } + ] + }, }, "Clusters": { - "account-cluster": { + "identityCluster": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.accountService.url }}" + "Address": "{{ .Values.reRoutes.identityService.url }}" } } }, - "administration-cluster": { + "administrationCluster": { "Destinations": { "destination1": { "Address": "{{ .Values.reRoutes.administrationService.url }}" } } }, - "catalog-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.catalogService.url }}" - } - } - }, - "product-picture-cluster": { + "catalogCluster": { "Destinations": { "destination1": { "Address": "{{ .Values.reRoutes.catalogService.url }}" } } }, - "basket-cluster": { + "basketCluster": { "Destinations": { "destination1": { "Address": "{{ .Values.reRoutes.basketService.url }}" } } }, - "ordering-cluster": { + "orderingCluster": { "Destinations": { "destination1": { "Address": "{{ .Values.reRoutes.orderingService.url }}" } } }, - "cmskit-cluster": { + "cmskitCluster": { "Destinations": { "destination1": { "Address": "{{ .Values.reRoutes.cmskitService.url }}" } } }, - "payment-cluster": { + "paymentCluster": { "Destinations": { "destination1": { "Address": "{{ .Values.reRoutes.paymentService.url }}" diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml index 3dcb4ed8..7e2e38cb 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml @@ -11,8 +11,6 @@ config: elasticsearchHost: eshop-st-elasticsearch reRoutes: - accountService: - url: https://eshop-st-authserver identityService: url: https://eshop-st-identity administrationService: diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 06f2de12..f7c827f8 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -1,41 +1,35 @@ # auth-server sub-chart override -authserver: +keycloak: config: - selfUrl: https://eshop-st-authserver - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public,https://eshop-st-identity,https://eshop-st-administration,https://eshop-st-basket,https://eshop-st-catalog,https://eshop-st-ordering,https://eshop-st-cmskit,https://eshop-st-payment,https://eshop-st-web,https://eshop-st-public-web - allowedRedirectUrls: https://eshop-st-web - authServer: - authority: http://eshop-st-authserver - requireHttpsMetadata: "false" - swaggerClientId: WebGateway_Swagger - swaggerClientSecret: "1q2w3e*" - connectionStrings: - administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" - identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" - dotnetEnv: Staging - redisHost: eshop-st-redis - rabbitmqHost: eshop-st-rabbitmq - elasticsearchHost: eshop-st-elasticsearch + dbVendor: postgres + dbAddr: eshop-st-postgresdb + dbDatabase: keycloak + dbUser: postgres + dbPassword: myPassw0rd + keycloakAdmin: admin + keycloakAdminPassword: 1q2w3E* + kcHealthEnabled: true ingress: - host: eshop-st-authserver + host: account.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: - repository: "eshoponabp/app-authserver" - tag: 1.0.0 + repository: quay.io/keycloak/keycloak + tag: 19.0.2 + pullPolicy: IfNotPresent # web sub-chart override web: config: - selfUrl: https://eshop-st-web - gatewayUrl: https://eshop-st-gateway-web + selfUrl: https://admin.eshoponabp.dev + gatewayUrl: https://gateway-web.eshoponabp.dev authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: false responseType: "code" strictDiscoveryDocumentValidation: false skipIssuerCheck: true ingress: - host: eshop-st-web + host: admin.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/app-web" @@ -44,19 +38,19 @@ web: # public-web sub-chart override public-web: config: - selfUrl: https://eshop-st-public-web - gatewayUrl: http://eshop-st-gateway-web-public/ + selfUrl: https://eshoponabp.dev + gatewayUrl: http://gateway-public.eshoponabp.dev/ authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" isOnProd: "false" - metaAddress: http://eshop-st-authserver + metaAddress: http://account.eshoponabp.dev dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-public-web + host: eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/app-publicweb" @@ -65,13 +59,13 @@ public-web: # identity-service sub-chart override identity: config: - selfUrl: https://eshop-st-identity - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://identity.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -80,20 +74,20 @@ identity: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch identityServerClients: # Seeded Clients - webRootUrl: https://eshop-st-web/ - publicWebRootUrl: https://eshop-st-public-web/ - webGatewayRootUrl: https://eshop-st-gateway-web/ - publicWebGatewayRootUrl: https://eshop-st-gateway-web-public/ - identityServiceRootUrl: https://eshop-st-identity/ - administrationServiceRootUrl: https://eshop-st-administration/ - accountServiceRootUrl: https://eshop-st-authserver/ - basketServiceRootUrl: https://eshop-st-basket/ - catalogServiceRootUrl: https://eshop-st-catalog/ - orderingServiceRootUrl: https://eshop-st-ordering/ - cmskitServiceRootUrl: https://eshop-st-cmskit/ - paymentServiceRootUrl: https://eshop-st-payment/ + webRootUrl: https://admin.eshoponabp.dev/ + publicWebRootUrl: https://eshoponabp.dev/ + webGatewayRootUrl: https://gateway-web.eshoponabp.dev/ + publicWebGatewayRootUrl: https://gateway-public.eshoponabp.dev/ + identityServiceRootUrl: https://identity.eshoponabp.dev/ + administrationServiceRootUrl: https://administration.eshoponabp.dev/ + accountServiceRootUrl: https://account.eshoponabp.dev/ + basketServiceRootUrl: https://basket.eshoponabp.dev/ + catalogServiceRootUrl: https://catalog.eshoponabp.dev/ + orderingServiceRootUrl: https://ordering.eshoponabp.dev/ + cmskitServiceRootUrl: https://cmskit.eshoponabp.dev/ + paymentServiceRootUrl: https://payment.eshoponabp.dev/ ingress: - host: eshop-st-identity + host: identity.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-identity" @@ -102,26 +96,26 @@ identity: # administration sub-chart override administration: config: - selfUrl: https://eshop-st-administration - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://administration.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: - abpIdentityBaseUrl: http://eshop-st-identity + abpIdentityBaseUrl: http://identity.eshoponabp.dev useCurrentToken: "false" dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch synchedCommunication: # Used for server-to-server (client-credentials) communication with identityService for user permissions - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev ingress: - host: eshop-st-administration + host: administration.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-administration" @@ -130,11 +124,11 @@ administration: # gateway-web sub-chart override gateway-web: config: - selfUrl: https://eshop-st-gateway-web - corsOrigins: https://eshop-st-web + selfUrl: https://gateway-web.eshoponabp.dev + corsOrigins: https://admin.eshoponabp.dev globalConfigurationBaseUrl: http://eshop-st-gateway-public authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -143,31 +137,31 @@ gateway-web: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-gateway-web + host: gateway-web.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/gateway-web" tag: 1.0.0 reRoutes: accountService: - url: http://eshop-st-authserver + url: http://account.eshoponabp.dev identityService: - url: http://eshop-st-identity + url: http://identity.eshoponabp.dev administrationService: - url: http://eshop-st-administration + url: http://administration.eshoponabp.dev catalogService: - url: http://eshop-st-catalog + url: http://catalog.eshoponabp.dev orderingService: - url: http://eshop-st-ordering + url: http://ordering.eshoponabp.dev cmskitService: - url: http://eshop-st-cmskit + url: http://cmskit.eshoponabp.dev # gateway-web-public sub-chart override gateway-web-public: config: - selfUrl: https://eshop-st-gateway-web-public + selfUrl: https://gateway-public.eshoponabp.dev authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -176,38 +170,36 @@ gateway-web-public: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-gateway-web-public + host: gateway-public.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/gateway-web-public" tag: 1.0.0 reRoutes: - accountService: - url: http://eshop-st-authserver identityService: - url: http://eshop-st-identity + url: https://identity.eshoponabp.dev administrationService: - url: http://eshop-st-administration + url: https://administration.eshoponabp.dev catalogService: - url: http://eshop-st-catalog + url: https://catalog.eshoponabp.dev basketService: - url: http://eshop-st-basket + url: https://basket.eshoponabp.dev orderingService: - url: http://eshop-st-ordering + url: https://ordering.eshoponabp.dev cmskitService: - url: http://eshop-st-cmskit + url: https://cmskit.eshoponabp.dev paymentService: - url: http://eshop-st-payment + url: https://payment.eshoponabp.dev # basket-service sub-chart override basket: config: - selfUrl: https://eshop-st-basket - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public,https://eshop-st-public-web + selfUrl: https://basket.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://eshoponabp.dev connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -216,10 +208,10 @@ basket: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch remoteServices: - catalogBaseUrl: http://eshop-st-catalog:80 - catalogGrpcUrl: http://eshop-st-catalog:81 + catalogBaseUrl: http://catalog.eshoponabp.dev:80 + catalogGrpcUrl: http://catalog.eshoponabp.dev:81 ingress: - host: eshop-st-basket + host: basket.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-basket" @@ -228,13 +220,13 @@ basket: # catalog-service sub-chart override catalog: config: - selfUrl: https://eshop-st-catalog - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public,https://eshop-st-public-web,https://eshop-st-web + selfUrl: https://catalog.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: catalogService: "mongodb://eshop-st-mongodb/EShopOnAbp_Catalog" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -243,12 +235,12 @@ catalog: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch kestrel: - httpUrl: http://eshop-st-catalog:80 + httpUrl: http://catalog.eshoponabp.dev:80 httpProtocols: Http1AndHttp2 - grpcUrl: http://eshop-st-catalog:81 + grpcUrl: http://catalog.eshoponabp.dev:81 grpcProtocols: Http2 ingress: - host: eshop-st-catalog + host: catalog.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-catalog" @@ -257,13 +249,13 @@ catalog: # ordering-service sub-chart override ordering: config: - selfUrl: https://eshop-st-ordering - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://ordering.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: orderingService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Ordering;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" @@ -272,7 +264,7 @@ ordering: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-ordering + host: ordering.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-ordering" @@ -281,26 +273,26 @@ ordering: # cmskit-service sub-chart override cmskit: config: - selfUrl: https://eshop-st-cmskit - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://cmskit.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: cmskitervice: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: - abpIdentityBaseUrl: https://eshop-st-identity + abpIdentityBaseUrl: https://identity.eshoponabp.dev dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch synchedCommunication: # Used for server-to-server (client-credentials) communication with identityService for user permissions - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev ingress: - host: eshop-st-cmskit + host: cmskit.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-cmskit" @@ -309,24 +301,24 @@ cmskit: # payment-service sub-chart override payment: config: - selfUrl: https://eshop-st-payment - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://payment.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: paymentService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Payment;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://eshop-st-authserver + authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: - abpIdentityBaseUrl: https://eshop-st-identity + abpIdentityBaseUrl: https://identity.eshoponabp.dev dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-payment + host: payment.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-payment" From e365599ebe1f93dd57e98246fe6ed16c611f715c Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 21:48:33 -0500 Subject: [PATCH 06/20] updated public-web-gateway yarp configuration --- .../gateway-web-public-configmap.yaml | 339 +++++++++--------- 1 file changed, 174 insertions(+), 165 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml index 6c210700..ecf5b1c4 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml @@ -5,180 +5,189 @@ metadata: data: yarp.json: |- { - "ReverseProxy": { - "Routes": { - "AbpApi": { - "ClusterId": "administrationCluster", - "Match": { - "Path": "/api/abp/{**catch-all}" - } - }, - "IdentityService": { - "ClusterId": "identityCluster", - "Match": { - "Path": "/api/identity/{**everything}" - } - }, - "IdentityServiceSwagger": { - "ClusterId": "identityCluster", - "Match": { - "Path": "/swagger-json/Identity/swagger/v1/swagger.json" - }, - "Transforms": [ - { "PathRemovePrefix": "/swagger-json/Identity" } - ] - }, - "FeatureManagement": { - "ClusterId": "administrationCluster", - "Match": { - "Path": "/api/feature-management/{**everything}" - } - }, - "PermissionManagement": { - "ClusterId": "administrationCluster", - "Match": { - "Path": "/api/permission-management/{**everything}" - } - }, - "SettingManagement": { - "ClusterId": "administrationCluster", - "Match": { - "Path": "/api/setting-management/{**everything}" - } - }, - "AdministrationServiceSwagger": { - "ClusterId": "administrationCluster", - "Match": { - "Path": "/swagger-json/Administration/swagger/v1/swagger.json" - }, - "Transforms": [ - { "PathRemovePrefix": "/swagger-json/Administration" } - ] - }, - "CatalogService": { - "ClusterId": "catalogCluster", - "Match": { - "Path": "/api/catalog/{**everything}" - } - }, - "CatalogServiceSwagger": { - "ClusterId": "catalogCluster", - "Match": { - "Path": "/swagger-json/Catalog/swagger/v1/swagger.json" - }, - "Transforms": [ - { "PathRemovePrefix": "/swagger-json/Catalog" } - ] - }, - "product-picture-route": { - "ClusterId": "catalogCluster", - "Match": { - "Path": "/product-images/{**everything}", - "Methods": [ "GET" ] - } - }, - "BasketService": { - "ClusterId": "basketCluster", - "Match": { - "Path": "/api/basket/{**everything}" - } - }, - "OrderingService": { - "ClusterId": "orderingCluster", - "Match": { - "Path": "/api/ordering/{**everything}" - } - }, - "OrderingServiceSwagger": { - "ClusterId": "orderingCluster", - "Match": { - "Path": "/swagger-json/Ordering/swagger/v1/swagger.json" - }, - "Transforms": [ - { "PathRemovePrefix": "/swagger-json/Ordering" } - ] - }, - "CmskitService": { - "ClusterId": "cmskitCluster", - "Match": { - "Path": "/api/cmskit/{**everything}" - } - }, - "CmskitServiceSwagger": { - "ClusterId": "cmskitCluster", - "Match": { - "Path": "/swagger-json/Cmskit/swagger/v1/swagger.json" - }, - "Transforms": [ - { "PathRemovePrefix": "/swagger-json/Cmskit" } - ] - }, - "PaymentService": { - "ClusterId": "paymentCluster", - "Match": { - "Path": "/api/payment/{**everything}" - } - }, - "PaymentServiceSwagger": { - "ClusterId": "paymentCluster", - "Match": { - "Path": "/swagger-json/payment/swagger/v1/swagger.json" - }, - "Transforms": [ - { "PathRemovePrefix": "/swagger-json/payment" } - ] - }, - }, - "Clusters": { - "identityCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.identityService.url }}" + "ReverseProxy": { + "Routes": { + "AbpApi": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/abp/{**catch-all}" } - } - }, - "administrationCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + }, + "Identity Service": { + "ClusterId": "Identity", + "Match": { + "Path": "/api/identity/{**everything}" } - } - }, - "catalogCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.catalogService.url }}" + }, + "Identity Service Swagger": { + "ClusterId": "Identity", + "Match": { + "Path": "/swagger-json/Identity/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Identity" } + ] + }, + "FeatureManagement": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/feature-management/{**everything}" } - } - }, - "basketCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.basketService.url }}" + }, + "PermissionManagement": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/permission-management/{**everything}" } - } - }, - "orderingCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.orderingService.url }}" + }, + "SettingManagement": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/setting-management/{**everything}" } - } - }, - "cmskitCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.cmskitService.url }}" + }, + "Administration ServiceSwagger": { + "ClusterId": "Administration", + "Match": { + "Path": "/swagger-json/Administration/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Administration" } + ] + }, + "Catalog Service": { + "ClusterId": "Catalog", + "Match": { + "Path": "/api/catalog/{**everything}" } - } + }, + "Catalog Service Swagger": { + "ClusterId": "Catalog", + "Match": { + "Path": "/swagger-json/Catalog/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Catalog" } + ] + }, + "ProductPictures": { + "ClusterId": "Catalog", + "Match": { + "Path": "/product-images/{**everything}", + "Methods": [ "GET" ] + } + }, + "Basket Service": { + "ClusterId": "Basket", + "Match": { + "Path": "/api/basket/{**everything}" + } + }, + "Basket Service Swagger": { + "ClusterId": "Basket", + "Match": { + "Path": "/swagger-json/Basket/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Basket" } + ] + }, + "Ordering Service": { + "ClusterId": "Ordering", + "Match": { + "Path": "/api/ordering/{**everything}" + } + }, + "Ordering Service Swagger": { + "ClusterId": "Ordering", + "Match": { + "Path": "/swagger-json/Ordering/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Ordering" } + ] + }, + "Cmskit Service": { + "ClusterId": "CmsKit", + "Match": { + "Path": "/api/cmskit/{**everything}" + } + }, + "Cmskit Service Swagger": { + "ClusterId": "CmsKit", + "Match": { + "Path": "/swagger-json/Cmskit/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Cmskit" } + ] + }, + "Payment Service": { + "ClusterId": "Payment", + "Match": { + "Path": "/api/payment/{**everything}" + } + }, + "Payment Service Swagger": { + "ClusterId": "Payment", + "Match": { + "Path": "/swagger-json/payment/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/payment" } + ] + }, }, - "paymentCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.paymentService.url }}" + "Clusters": { + "Identity": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.identityService.url }}" + } + } + }, + "Administration": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.administrationService.url }}" + } + } + }, + "Catalog": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.catalogService.url }}" + } + } + }, + "Basket": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.basketService.url }}" + } + } + }, + "Ordering": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.orderingService.url }}" + } + } + }, + "CmsKit": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.cmskitService.url }}" + } + } + }, + "Payment": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.paymentService.url }}" + } } } } } - } } \ No newline at end of file From 6a39f59b0368ee8412e5da250849b8b9f38ee351 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Tue, 9 Jan 2024 21:53:45 -0500 Subject: [PATCH 07/20] Renamed services and clusters --- .../src/EShopOnAbp.WebPublicGateway/yarp.json | 49 +++++++++---------- 1 file changed, 23 insertions(+), 26 deletions(-) diff --git a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json index 44835f94..b0bac38e 100644 --- a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json +++ b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json @@ -23,19 +23,19 @@ ] }, "FeatureManagement": { - "ClusterId": "feature-management-cluster", + "ClusterId": "administrationCluster", "Match": { "Path": "/api/feature-management/{**everything}" } }, "PermissionManagement": { - "ClusterId": "permission-management-cluster", + "ClusterId": "administrationCluster", "Match": { "Path": "/api/permission-management/{**everything}" } }, "SettingManagement": { - "ClusterId": "setting-management-cluster", + "ClusterId": "administrationCluster", "Match": { "Path": "/api/setting-management/{**everything}" } @@ -64,8 +64,8 @@ { "PathRemovePrefix": "/swagger-json/Catalog" } ] }, - "product-picture-route": { - "ClusterId": "productPictureCluster", + "ProductPictures": { + "ClusterId": "catalogCluster", "Match": { "Path": "/product-images/{**everything}", "Methods": [ "GET" ] @@ -77,6 +77,15 @@ "Path": "/api/basket/{**everything}" } }, + "Basket Service Swagger": { + "ClusterId": "basketCluster", + "Match": { + "Path": "/swagger-json/Basket/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Basket" } + ] + }, "Ordering Service": { "ClusterId": "orderingCluster", "Match": { @@ -112,6 +121,15 @@ "Match": { "Path": "/api/payment/{**everything}" } + }, + "Payment Service Swagger": { + "ClusterId": "paymentCluster", + "Match": { + "Path": "/swagger-json/Payment/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Payment" } + ] } }, "Clusters": { @@ -129,20 +147,6 @@ } } }, - "permission-management-cluster": { - "Destinations": { - "destination1": { - "Address": "https://localhost:44353" - } - } - }, - "setting-management-cluster": { - "Destinations": { - "destination1": { - "Address": "https://localhost:44353" - } - } - }, "catalogCluster": { "Destinations": { "destination1": { @@ -171,13 +175,6 @@ } } }, - "productPictureCluster": { - "Destinations": { - "destination1": { - "Address": "https://localhost:44354" - } - } - }, "paymentCluster": { "Destinations": { "destination1": { From 36ff7b23a7379c6570f87dd8b17ff196e22bb736 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Wed, 10 Jan 2024 21:26:14 -0500 Subject: [PATCH 08/20] removed staging environment appsettings --- .../appsettings.Staging.json | 113 ------------------ 1 file changed, 113 deletions(-) delete mode 100644 gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.Staging.json diff --git a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.Staging.json b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.Staging.json deleted file mode 100644 index 4aa66c8b..00000000 --- a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.Staging.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "ReverseProxy": { - "Routes": { - "Account Service": { - "ClusterId": "accountCluster", - "Match": { - "Path": "/api/account/{**everything}" - } - }, - "Administration Service": { - "ClusterId": "administrationCluster", - "Match": { - "Path": "/api/abp/{**everything}" - } - }, - "Catalog Service": { - "ClusterId": "catalogCluster", - "Match": { - "Path": "/api/catalog/{**everything}" - } - }, - "Basket Service": { - "ClusterId": "basketCluster", - "Match": { - "Path": "/api/basket/{**everything}" - } - }, - "Ordering Service": { - "ClusterId": "orderingCluster", - "Match": { - "Path": "/api/ordering/{**everything}" - } - }, - "Payment Service": { - "ClusterId": "paymentCluster", - "Match": { - "Path": "/api/payment/{**everything}" - } - }, - "Cmskit Service": { - "ClusterId": "cmskitCluster", - "Match": { - "Path": "/api/cmskit/{**everything}" - } - }, - "product-picture-route": { - "ClusterId": "productPictureCluster", - "Match": { - "Path": "/product-images/{**everything}", - "Methods": [ "GET" ] - } - } - }, - "Clusters": { - "accountCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-authserver" - } - } - }, - "administrationCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-administration" - } - } - }, - "catalogCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-catalog" - } - } - }, - "basketCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-basket" - } - } - }, - "orderingCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-ordering" - } - } - }, - "paymentCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-payment" - } - } - }, - "cmskitCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-cmskit" - } - } - }, - "productPictureCluster": { - "Destinations": { - "destination1": { - "Address": "http://eshop-st-catalog" - } - } - } - } - } -} From d0fd628756c68925a23faf391ab597b4073e6c86 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Wed, 10 Jan 2024 21:27:35 -0500 Subject: [PATCH 09/20] Updated gateway-web configmap and values --- .../templates/gateway-web-configmap.yaml | 233 +++++++++--------- .../eshoponabp/charts/gateway-web/values.yaml | 12 +- etc/k8s/eshoponabp/values.st.yaml | 26 +- 3 files changed, 140 insertions(+), 131 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml index a2060492..0e28ffe8 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml @@ -5,127 +5,138 @@ metadata: data: yarp.json: |- { - "ReverseProxy": { - "Routes": { - "Account Service": { - "ClusterId": "account-cluster", - "Match": { - "Path": "/api/account/{**everything}" - } - }, - "Identity Service": { - "ClusterId": "identity-cluster", - "Match": { - "Path": "/api/identity/{**everything}" - } - }, - "Administration Service": { - "ClusterId": "administration-cluster", - "Match": { - "Path": "/api/abp/{**everything}" - } - }, - "feature-management-route": { - "ClusterId": "feature-management-cluster", - "Match": { - "Path": "/api/feature-management/{**everything}" - } - }, - "permission-management-route": { - "ClusterId": "permission-management-cluster", - "Match": { - "Path": "/api/permission-management/{**everything}" - } - }, - "setting-management-route": { - "ClusterId": "setting-management-cluster", - "Match": { - "Path": "/api/setting-management/{**everything}" - } - }, - "Catalog Service": { - "ClusterId": "catalogCluster", - "Match": { - "Path": "/api/catalog/{**everything}" - } - }, - "Ordering Service": { - "ClusterId": "orderingCluster", - "Match": { - "Path": "/api/ordering/{**everything}" - } - }, - "Cmskit Service": { - "ClusterId": "cmskitCluster", - "Match": { - "Path": "/api/cmskit/{**everything}" - } - } - }, - "Clusters": { - "account-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.accountService.url }}" + "ReverseProxy": { + "Routes": { + "AbpApi": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/abp/{**catch-all}" } - } - }, - "identity-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.identityService.url }}" + }, + "Identity Service": { + "ClusterId": "Identity", + "Match": { + "Path": "/api/identity/{**everything}" } - } - }, - "administration-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + }, + "Identity Service Swagger": { + "ClusterId": "Identity", + "Match": { + "Path": "/swagger-json/Identity/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Identity" } + ] + }, + "FeatureManagement": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/feature-management/{**everything}" } - } - }, - "feature-management-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + }, + "PermissionManagement": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/permission-management/{**everything}" } - } - }, - "permission-management-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + }, + "SettingManagement": { + "ClusterId": "Administration", + "Match": { + "Path": "/api/setting-management/{**everything}" } - } - }, - "setting-management-cluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + }, + "Administration Service Swagger": { + "ClusterId": "Administration", + "Match": { + "Path": "/swagger-json/Administration/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Administration" } + ] + }, + "Catalog Service": { + "ClusterId": "Catalog", + "Match": { + "Path": "/api/catalog/{**everything}" } - } - }, - "catalogCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.catalogService.url }}" + }, + "Catalog Service Swagger": { + "ClusterId": "Catalog", + "Match": { + "Path": "/swagger-json/Catalog/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Catalog" } + ] + }, + "Ordering Service": { + "ClusterId": "Ordering", + "Match": { + "Path": "/api/ordering/{**everything}" } - } - }, - "orderingCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.orderingService.url }}" + }, + "Ordering Service Swagger": { + "ClusterId": "Ordering", + "Match": { + "Path": "/swagger-json/Ordering/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Ordering" } + ] + }, + "Cmskit Service": { + "ClusterId": "Cmskit", + "Match": { + "Path": "/api/cmskit/{**everything}" } - } - }, - "cmskitCluster": { - "Destinations": { - "destination1": { - "Address": "{{ .Values.reRoutes.cmskitService.url }}" + }, + "Cmskit Service Swagger": { + "ClusterId": "Cmskit", + "Match": { + "Path": "/swagger-json/Cmskit/swagger/v1/swagger.json" + }, + "Transforms": [ + { "PathRemovePrefix": "/swagger-json/Cmskit" } + ] + } + }, + "Clusters": { + "Identity": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.identityService.url }}" + } + } + }, + "Administration": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.administrationService.url }}" + } + } + }, + "Catalog": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.catalogService.url }}" + } + } + }, + "Ordering": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.orderingService.url }}" + } + } + }, + "Cmskit": { + "Destinations": { + "destination1": { + "Address": "{{ .Values.reRoutes.cmskitService.url }}" + } } } } } - } } \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/gateway-web/values.yaml b/etc/k8s/eshoponabp/charts/gateway-web/values.yaml index ab1df0f5..1aa3f51f 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/values.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/values.yaml @@ -13,16 +13,16 @@ config: elasticsearchHost: # stringEncryptionDefaultPassPhrase: gsKnGZ041HLL4IM8 reRoutes: - accountService: - url: http://eshop-st-authserver identityService: - url: http://eshop-st-identity + url: https://eshop-st-identity administrationService: - url: http://eshop-st-administration + url: https://eshop-st-administration catalogService: - url: http://eshop-st-catalog + url: https://eshop-st-catalog orderingService: - url: http://eshop-st-order + url: https://eshop-st-ordering + cmskitService: + url: https://eshop-st-cmskit ingress: host: # eshop-st-gateway-web tlsSecret: eshop-wildcard-tls diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index f7c827f8..88045717 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -143,18 +143,16 @@ gateway-web: repository: "eshoponabp/gateway-web" tag: 1.0.0 reRoutes: - accountService: - url: http://account.eshoponabp.dev identityService: - url: http://identity.eshoponabp.dev + url: http://eshop-st-identity administrationService: - url: http://administration.eshoponabp.dev + url: http://eshop-st-administration catalogService: - url: http://catalog.eshoponabp.dev + url: http://eshop-st-catalog orderingService: - url: http://ordering.eshoponabp.dev + url: http://eshop-st-ordering cmskitService: - url: http://cmskit.eshoponabp.dev + url: http://eshop-st-cmskit # gateway-web-public sub-chart override gateway-web-public: @@ -177,19 +175,19 @@ gateway-web-public: tag: 1.0.0 reRoutes: identityService: - url: https://identity.eshoponabp.dev + url: http://identity.eshoponabp.dev administrationService: - url: https://administration.eshoponabp.dev + url: http://administration.eshoponabp.dev catalogService: - url: https://catalog.eshoponabp.dev + url: http://catalog.eshoponabp.dev basketService: - url: https://basket.eshoponabp.dev + url: http://basket.eshoponabp.dev orderingService: - url: https://ordering.eshoponabp.dev + url: http://ordering.eshoponabp.dev cmskitService: - url: https://cmskit.eshoponabp.dev + url: http://cmskit.eshoponabp.dev paymentService: - url: https://payment.eshoponabp.dev + url: http://payment.eshoponabp.dev # basket-service sub-chart override basket: From fdad18eecc79b0fceea03c40f1d16fd96fbc2a4d Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Wed, 10 Jan 2024 21:27:53 -0500 Subject: [PATCH 10/20] Update values.yaml --- etc/k8s/eshoponabp/values.yaml | 116 ++++++++++++++++----------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/etc/k8s/eshoponabp/values.yaml b/etc/k8s/eshoponabp/values.yaml index 71b4bc9a..ed057651 100644 --- a/etc/k8s/eshoponabp/values.yaml +++ b/etc/k8s/eshoponabp/values.yaml @@ -10,7 +10,7 @@ keycloak: keycloakAdminPassword: 1q2w3E* kcHealthEnabled: true ingress: - host: eshop-st-keycloak + host: account.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: quay.io/keycloak/keycloak @@ -20,16 +20,16 @@ keycloak: # web sub-chart override web: config: - selfUrl: https://eshop-st-web - gatewayUrl: https://eshop-st-gateway-web + selfUrl: https://admin.eshoponabp.dev + gatewayUrl: https://gateway-web.eshoponabp.dev authServer: - authority: http://eshop-st-keycloak + authority: https://account.eshoponabp.dev requireHttpsMetadata: false responseType: "code" strictDiscoveryDocumentValidation: false skipIssuerCheck: true ingress: - host: eshop-st-web + host: admin.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/app-web" @@ -38,10 +38,10 @@ web: # public-web sub-chart override public-web: config: - selfUrl: https://eshop-st-public-web - gatewayUrl: http://eshop-st-gateway-web-public/ + selfUrl: https://eshoponabp.dev + gatewayUrl: https://gateway-public.eshoponabp.dev/ authServer: - authority: http://eshop-st-keycloak + authority: https://account.eshoponabp.dev requireHttpsMetadata: "false" isOnProd: "false" metaAddress: http://eshop-st-keycloak @@ -50,7 +50,7 @@ public-web: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-public-web + host: eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/app-publicweb" @@ -59,8 +59,8 @@ public-web: # identity-service sub-chart override identity: config: - selfUrl: https://eshop-st-identity - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://identity.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" @@ -74,20 +74,20 @@ identity: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch identityServerClients: # Seeded Clients - webRootUrl: https://eshop-st-web/ - publicWebRootUrl: https://eshop-st-public-web/ - webGatewayRootUrl: https://eshop-st-gateway-web/ - publicWebGatewayRootUrl: https://eshop-st-gateway-web-public/ - identityServiceRootUrl: https://eshop-st-identity/ - administrationServiceRootUrl: https://eshop-st-administration/ - accountServiceRootUrl: https://eshop-st-authserver/ - basketServiceRootUrl: https://eshop-st-basket/ - catalogServiceRootUrl: https://eshop-st-catalog/ - orderingServiceRootUrl: https://eshop-st-ordering/ - cmskitServiceRootUrl: https://eshop-st-cmskit/ - paymentServiceRootUrl: https://eshop-st-payment/ + webRootUrl: https://admin.eshoponabp.dev/ + publicWebRootUrl: https://eshoponabp.dev/ + webGatewayRootUrl: https://gateway-web.eshoponabp.dev/ + publicWebGatewayRootUrl: https://gateway-public.eshoponabp.dev/ + identityServiceRootUrl: https://identity.eshoponabp.dev/ + administrationServiceRootUrl: https://administration.eshoponabp.dev/ + accountServiceRootUrl: https://account.eshoponabp.dev/ + basketServiceRootUrl: https://basket.eshoponabp.dev/ + catalogServiceRootUrl: https://catalog.eshoponabp.dev/ + orderingServiceRootUrl: https://ordering.eshoponabp.dev/ + cmskitServiceRootUrl: https://cmskit.eshoponabp.dev/ + paymentServiceRootUrl: https://payment.eshoponabp.dev/ ingress: - host: eshop-st-identity + host: identity.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-identity" @@ -96,8 +96,8 @@ identity: # administration sub-chart override administration: config: - selfUrl: https://eshop-st-administration - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://administration.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: @@ -106,16 +106,16 @@ administration: swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: - abpIdentityBaseUrl: https://eshop-st-identity + abpIdentityBaseUrl: https://identity.eshoponabp.dev useCurrentToken: "false" dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch synchedCommunication: # Used for server-to-server (client-credentials) communication with identityService for user permissions - authority: https://eshop-st-authserver + authority: https://account.eshoponabp.dev ingress: - host: eshop-st-administration + host: administration.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-administration" @@ -124,9 +124,9 @@ administration: # gateway-web sub-chart override gateway-web: config: - selfUrl: https://eshop-st-gateway-web - corsOrigins: https://eshop-st-web - globalConfigurationBaseUrl: http://eshop-st-gateway-public + selfUrl: https://gateway-web.eshoponabp.dev + corsOrigins: https://admin.eshoponabp.dev + globalConfigurationBaseUrl: http://eshop-st-gateway-web-public authServer: authority: http://eshop-st-keycloak requireHttpsMetadata: "false" @@ -137,7 +137,7 @@ gateway-web: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-gateway-web + host: gateway-web.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/gateway-web" @@ -159,7 +159,7 @@ gateway-web: # gateway-web-public sub-chart override gateway-web-public: config: - selfUrl: https://eshop-st-gateway-web-public + selfUrl: https://gateway-public.eshoponabp.dev authServer: authority: http://eshop-st-keycloak requireHttpsMetadata: "false" @@ -170,14 +170,12 @@ gateway-web-public: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-gateway-web-public + host: gateway-public.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/gateway-web-public" tag: 1.0.0 reRoutes: - accountService: - url: http://eshop-st-keycloak identityService: url: http://eshop-st-identity administrationService: @@ -191,13 +189,13 @@ gateway-web-public: cmskitService: url: http://eshop-st-cmskit paymentService: - url: http://eshop-st-payment + url: http://eshop-st-payment # basket-service sub-chart override basket: config: - selfUrl: https://eshop-st-basket - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public,https://eshop-st-public-web + selfUrl: https://basket.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://eshoponabp.dev connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: @@ -213,7 +211,7 @@ basket: catalogBaseUrl: http://eshop-st-catalog:80 catalogGrpcUrl: http://eshop-st-catalog:81 ingress: - host: eshop-st-basket + host: basket.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-basket" @@ -222,8 +220,8 @@ basket: # catalog-service sub-chart override catalog: config: - selfUrl: https://eshop-st-catalog - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public,https://eshop-st-public-web,https://eshop-st-web + selfUrl: https://catalog.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: catalogService: "mongodb://eshop-st-mongodb/EShopOnAbp_Catalog" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" @@ -242,7 +240,7 @@ catalog: grpcUrl: http://eshop-st-catalog:81 grpcProtocols: Http2 ingress: - host: eshop-st-catalog + host: catalog.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-catalog" @@ -251,8 +249,8 @@ catalog: # ordering-service sub-chart override ordering: config: - selfUrl: https://eshop-st-ordering - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://ordering.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: orderingService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Ordering;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" @@ -266,7 +264,7 @@ ordering: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-ordering + host: ordering.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-ordering" @@ -275,10 +273,10 @@ ordering: # cmskit-service sub-chart override cmskit: config: - selfUrl: https://eshop-st-cmskit - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://cmskit.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: - cmskitService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" + cmskitervice: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: authority: http://eshop-st-keycloak @@ -286,25 +284,25 @@ cmskit: swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: - abpIdentityBaseUrl: https://eshop-st-identity + abpIdentityBaseUrl: https://identity.eshoponabp.dev dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch synchedCommunication: # Used for server-to-server (client-credentials) communication with identityService for user permissions - authority: https://eshop-st-authserver + authority: https://admin.eshoponabp.dev ingress: - host: eshop-st-cmskit + host: cmskit.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: - repository: "ghcr.io/volosoft/eshoponabp/service-cmskit" - tag: 1.0.1 + repository: "eshoponabp/service-cmskit" + tag: 1.0.0 # payment-service sub-chart override payment: config: - selfUrl: https://eshop-st-payment - corsOrigins: https://eshop-st-gateway-web,https://eshop-st-gateway-web-public + selfUrl: https://payment.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev connectionStrings: paymentService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Payment;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" @@ -313,12 +311,14 @@ payment: requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" + remoteServices: + abpIdentityBaseUrl: https://identity.eshoponabp.dev dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch ingress: - host: eshop-st-payment + host: payment.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: "eshoponabp/service-payment" From b76274d3a26cb2ecf014c55922e69782aa6986de Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Fri, 12 Jan 2024 11:50:32 -0500 Subject: [PATCH 11/20] updated gateway config --- .../templates/gateway-web-deployment.yaml | 4 +--- etc/k8s/eshoponabp/values.st.yaml | 17 ++++++++--------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml index 81fb46d7..81388523 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml @@ -28,9 +28,7 @@ spec: - name: App__SelfUrl value: "{{ .Values.config.selfUrl }}" - name: App__CorsOrigins - value: "{{ .Values.config.corsOrigins }}" - - name: GlobalConfiguration__BaseUrl - value: "{{ .Values.config.globalConfigurationBaseUrl }}" + value: "{{ .Values.config.corsOrigins }}" - name: "DOTNET_ENVIRONMENT" value: "{{ .Values.config.dotnetEnv }}" - name: "Redis__Configuration" diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 88045717..992033d7 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -23,7 +23,7 @@ web: selfUrl: https://admin.eshoponabp.dev gatewayUrl: https://gateway-web.eshoponabp.dev authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev requireHttpsMetadata: false responseType: "code" strictDiscoveryDocumentValidation: false @@ -126,7 +126,6 @@ gateway-web: config: selfUrl: https://gateway-web.eshoponabp.dev corsOrigins: https://admin.eshoponabp.dev - globalConfigurationBaseUrl: http://eshop-st-gateway-public authServer: authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" @@ -175,19 +174,19 @@ gateway-web-public: tag: 1.0.0 reRoutes: identityService: - url: http://identity.eshoponabp.dev + url: http://eshop-st-identity administrationService: - url: http://administration.eshoponabp.dev + url: http://eshop-st-administration catalogService: - url: http://catalog.eshoponabp.dev + url: http://eshop-st-catalog basketService: - url: http://basket.eshoponabp.dev + url: http://eshop-st-basket orderingService: - url: http://ordering.eshoponabp.dev + url: http://eshop-st-ordering cmskitService: - url: http://cmskit.eshoponabp.dev + url: http://eshop-st-cmskit paymentService: - url: http://payment.eshoponabp.dev + url: http://eshop-st-payment # basket-service sub-chart override basket: From 135a8f2858f2bc3430f3be62283c44cf63b75bab Mon Sep 17 00:00:00 2001 From: selmankoc Date: Fri, 12 Jan 2024 20:07:53 +0300 Subject: [PATCH 12/20] keycloak --- .../templates/keycloak-deployment.yaml | 47 +++++++++++++------ .../eshoponabp/charts/keycloak/values.yaml | 21 ++++++--- 2 files changed, 48 insertions(+), 20 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml index 8dc63177..ad2d68ed 100644 --- a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-deployment.yaml @@ -14,30 +14,49 @@ spec: containers: - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/opt/keycloak/bin/kc.sh", "start", "--optimized", "--http-enabled=true", "--http-port=8080", "--hostname-strict=false", "--hostname-strict-https=false"] + args: ["start", "--cache-stack=kubernetes"] name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https - containerPort: 443 - env: - - name: DB_VENDOR - value: "{{ .Values.config.dbVendor }}" - - name: DB_ADDR - value: "{{ .Values.config.dbAddr }}" - - name: DB_DATABASE - value: "{{ .Values.config.dbDatabase }}" - - name: "DB_USER" - value: "{{ .Values.config.dbUser }}" - - name: "DB_PASSWORD" - value: "{{ .Values.config.dbPassword }}" + containerPort: 8443 + env: + - name: "KC_DB" + value: "{{ .Values.config.kcDb }}" + - name: "KC_DB_URL" + value: "{{ .Values.config.kcDbUrl }}" + - name: "KC_DB_URL_HOST" + value: "{{ .Values.config.kcDbUrlHost }}" + - name: "KC_DB_URL_PORT" + value: "{{ .Values.config.kcDbUrlPort }}" + - name: "KC_DB_URL_DATABASE" + value: "{{ .Values.config.kcDbUrlDatabase }}" + - name: "KC_DB_USERNAME" + value: "{{ .Values.config.kcDbUsername }}" + - name: "KC_DB_PASSWORD" + value: "{{ .Values.config.kcDbPassword }}" - name: "KEYCLOAK_ADMIN" value: "{{ .Values.config.keycloakAdmin }}" - name: "KEYCLOAK_ADMIN_PASSWORD" value: "{{ .Values.config.keycloakAdminPassword }}" - name: "KC_HEALTH_ENABLED" value: "{{ .Values.config.kcHealthEnabled }}" + - name: "KC_HTTP_RELATIVE_PATH" + value: "{{ .Values.config.kcHttpRelativePath }}" + - name: "KC_PROXY" + value: "{{ .Values.config.kcProxy }}" + - name: "PROXY_ADDRESS_FORWARDING" + value: "{{ .Values.config.proxyAddressForwarding }}" + - name: "KC_HTTP_ENABLED" + value: "{{ .Values.config.kcHttpEnabled }}" + - name: "KC_HOSTNAME_URL" + value: "{{ .Values.config.kcHostnameUrl }}" + - name: "KC_HOSTNAME_ADMIN_URL" + value: "{{ .Values.config.kcHostnameAdminUrl }}" + - name: "jgroups.dns.query" + value: "{{ .Values.config.jgroupsDnsQuery }}" + {{- if .Values.env }} {{ toYaml .Values.env | indent 8 }} {{- end }} diff --git a/etc/k8s/eshoponabp/charts/keycloak/values.yaml b/etc/k8s/eshoponabp/charts/keycloak/values.yaml index ba735123..79a4e9f8 100644 --- a/etc/k8s/eshoponabp/charts/keycloak/values.yaml +++ b/etc/k8s/eshoponabp/charts/keycloak/values.yaml @@ -1,12 +1,21 @@ config: - dbVendor: postgres - dbAddr: eshop-st-postgresdb - dbDatabase: keycloak - dbUser: postgres - dbPassword: myPassw0rd + kcDb: postgres + kcDbUrl: jdbc:postgresql://eshop-st-postgresdb:5432/keycloak + kcDbUrlHost: eshop-st-postgresdb + kcDbUrlPort: 5432 + kcDbUrlDatabase: keycloak + kcDbUsername: postgres + kcDbPassword: myPassw0rd keycloakAdmin: admin keycloakAdminPassword: 1q2w3E* kcHealthEnabled: true + kcHttpRelativePath : / + kcProxy: edge + proxyAddressForwarding: true + kcHttpEnabled: true + kcHostnameUrl: https://account.eshoponabp.dev + kcHostnameAdminUrl: https://account.eshoponabp.dev + jgroupsDnsQuery: eshop-st-keycloak ingress: host: account.eshoponabp.dev @@ -14,7 +23,7 @@ ingress: image: repository: quay.io/keycloak/keycloak - tag: 19.0.2 + tag: 21.1.1 pullPolicy: IfNotPresent # command: From 6ffa3056912586444ba9f8394f6007d52c5e3110 Mon Sep 17 00:00:00 2001 From: selmankoc Date: Fri, 12 Jan 2024 20:08:15 +0300 Subject: [PATCH 13/20] update keycloak --- .../templates/postgres-deployment.yaml | 2 ++ etc/k8s/eshoponabp/values.st.yaml | 22 ++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/postgres/templates/postgres-deployment.yaml b/etc/k8s/eshoponabp/charts/postgres/templates/postgres-deployment.yaml index a86da72b..073b6928 100644 --- a/etc/k8s/eshoponabp/charts/postgres/templates/postgres-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/postgres/templates/postgres-deployment.yaml @@ -28,6 +28,8 @@ spec: env: - name: POSTGRES_PASSWORD value: "myPassw0rd" + - name: POSTGRES_DB + value: "keycloak" {{- if eq .Release.Name "eshop-az" }} volumeClaimTemplates: - metadata: diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 992033d7..58aa1d10 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -1,20 +1,30 @@ # auth-server sub-chart override keycloak: config: - dbVendor: postgres - dbAddr: eshop-st-postgresdb - dbDatabase: keycloak - dbUser: postgres - dbPassword: myPassw0rd + kcDb: postgres + kcDbUrl: jdbc:postgresql://eshop-st-postgresdb:5432/keycloak + kcDbUrlHost: eshop-st-postgresdb + kcDbUrlPort: 5432 + kcDbUrlDatabase: keycloak + kcDbUsername: postgres + kcDbPassword: myPassw0rd keycloakAdmin: admin keycloakAdminPassword: 1q2w3E* kcHealthEnabled: true + kcHttpRelativePath : / + kcProxy: edge + proxyAddressForwarding: true + kcHttpEnabled: true + kcHostnameUrl: https://account.eshoponabp.dev + kcHostnameAdminUrl: https://account.eshoponabp.dev + jgroupsDnsQuery: eshop-st-keycloak + ingress: host: account.eshoponabp.dev tlsSecret: eshop-wildcard-tls image: repository: quay.io/keycloak/keycloak - tag: 19.0.2 + tag: 21.1.1 pullPolicy: IfNotPresent # web sub-chart override From b4f306042a804ed54e3f02eb89cdaf614b439b05 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Fri, 12 Jan 2024 12:45:29 -0500 Subject: [PATCH 14/20] Updated gateways for internal and public dns --- .../gateway-web-public-configmap.yaml | 35 ++++++-- .../gateway-web-public-deployment.yaml | 2 + .../charts/gateway-web-public/values.yaml | 22 ++++-- .../templates/gateway-web-configmap.yaml | 25 ++++-- .../templates/gateway-web-deployment.yaml | 2 + .../eshoponabp/charts/gateway-web/values.yaml | 17 ++-- etc/k8s/eshoponabp/values.st.yaml | 14 +++- .../appsettings.json | 3 +- .../src/EShopOnAbp.WebPublicGateway/yarp.json | 79 ++++++++++++------- .../EShopOnAbp.WebGateway/appsettings.json | 3 +- .../web/src/EShopOnAbp.WebGateway/yarp.json | 69 ++++++++-------- .../YarpSwaggerUIBuilderExtensions.cs | 12 ++- 12 files changed, 190 insertions(+), 93 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml index ecf5b1c4..cae7806e 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-configmap.yaml @@ -142,49 +142,70 @@ data: "Identity": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.identityService.url }}" + "Address": "{{ .Values.reRoutes.identityService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.identityService.dns }}" + } } } }, "Administration": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + "Address": "{{ .Values.reRoutes.administrationService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.administrationService.dns }}" + } } } }, "Catalog": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.catalogService.url }}" + "Address": "{{ .Values.reRoutes.catalogService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.catalogService.dns }}" + } } } }, "Basket": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.basketService.url }}" + "Address": "{{ .Values.reRoutes.basketService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.basketService.dns }}" + } } } }, "Ordering": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.orderingService.url }}" + "Address": "{{ .Values.reRoutes.orderingService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.orderingService.dns }}" + } } } }, "CmsKit": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.cmskitService.url }}" + "Address": "{{ .Values.reRoutes.cmskitService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.cmskitService.dns }}" + } } } }, "Payment": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.paymentService.url }}" + "Address": "{{ .Values.reRoutes.paymentService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.paymentService.dns }}" + } } } } diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-deployment.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-deployment.yaml index 5e25b31e..e341c241 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/templates/gateway-web-public-deployment.yaml @@ -27,6 +27,8 @@ spec: env: - name: App__SelfUrl value: "{{ .Values.config.selfUrl }}" + - name: App__IsOnK8s + value: "{{ .Values.config.isOnK8s }}" - name: "DOTNET_ENVIRONMENT" value: "{{ .Values.config.dotnetEnv }}" - name: "Redis__Configuration" diff --git a/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml b/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml index 7e2e38cb..b8d13976 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web-public/values.yaml @@ -1,5 +1,6 @@ config: selfUrl: https://eshop-st-gateway-public-web + isOnK8s: "true" authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" @@ -12,19 +13,26 @@ config: reRoutes: identityService: - url: https://eshop-st-identity + url: http://eshop-st-identity + dns: https://identity.eshoponabp.dev administrationService: - url: https://eshop-st-administration + url: http://eshop-st-administration + dns: https://administration.eshoponabp.dev catalogService: - url: https://eshop-st-catalog + url: http://eshop-st-catalog + dns: https://catalog.eshoponabp.dev basketService: - url: https://eshop-st-basket + url: http://eshop-st-basket + dns: https://basket.eshoponabp.dev orderingService: - url: https://eshop-st-ordering + url: http://eshop-st-ordering + dns: https://ordering.eshoponabp.dev cmskitService: - url: https://eshop-st-cmskit + url: http://eshop-st-cmskit + dns: https://cmskit.eshoponabp.dev paymentService: - url: https://eshop-st-payment + url: http://eshop-st-payment + dns: https://payment.eshoponabp.dev ingress: host: eshop-st-gateway-web-public diff --git a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml index 0e28ffe8..9aa5cffd 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-configmap.yaml @@ -105,35 +105,50 @@ data: "Identity": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.identityService.url }}" + "Address": "{{ .Values.reRoutes.identityService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.identityService.dns }}" + } } } }, "Administration": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.administrationService.url }}" + "Address": "{{ .Values.reRoutes.administrationService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.administrationService.dns }}" + } } } }, "Catalog": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.catalogService.url }}" + "Address": "{{ .Values.reRoutes.catalogService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.catalogService.dns }}" + } } } }, "Ordering": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.orderingService.url }}" + "Address": "{{ .Values.reRoutes.orderingService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.orderingService.dns }}" + } } } }, "Cmskit": { "Destinations": { "destination1": { - "Address": "{{ .Values.reRoutes.cmskitService.url }}" + "Address": "{{ .Values.reRoutes.cmskitService.url }}", + "MetaData": { + "PublicAddress": "{{ .Values.reRoutes.cmskitService.dns }}" + } } } } diff --git a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml index 81388523..9a729de6 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/templates/gateway-web-deployment.yaml @@ -29,6 +29,8 @@ spec: value: "{{ .Values.config.selfUrl }}" - name: App__CorsOrigins value: "{{ .Values.config.corsOrigins }}" + - name: App__IsOnK8s + value: "{{ .Values.config.isOnK8s }}" - name: "DOTNET_ENVIRONMENT" value: "{{ .Values.config.dotnetEnv }}" - name: "Redis__Configuration" diff --git a/etc/k8s/eshoponabp/charts/gateway-web/values.yaml b/etc/k8s/eshoponabp/charts/gateway-web/values.yaml index 1aa3f51f..945d27e5 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/values.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/values.yaml @@ -1,7 +1,7 @@ config: selfUrl: # https://eshop-st-gateway-web corsOrigins: # localhost:4200 - globalConfigurationBaseUrl: # http://eshop-st-gateway-web + isOnK8s: "true" authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" @@ -14,15 +14,20 @@ config: stringEncryptionDefaultPassPhrase: gsKnGZ041HLL4IM8 reRoutes: identityService: - url: https://eshop-st-identity + url: http://eshop-st-identity + dns: https://identity.eshoponabp.dev administrationService: - url: https://eshop-st-administration + url: http://eshop-st-administration + dns: https://administration.eshoponabp.dev catalogService: - url: https://eshop-st-catalog + url: http://eshop-st-catalog + dns: https://catalog.eshoponabp.dev orderingService: - url: https://eshop-st-ordering + url: http://eshop-st-ordering + dns: https://ordering.eshoponabp.dev cmskitService: - url: https://eshop-st-cmskit + url: http://eshop-st-cmskit + dns: https://cmskit.eshoponabp.dev ingress: host: # eshop-st-gateway-web tlsSecret: eshop-wildcard-tls diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 58aa1d10..5ea13ffe 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -135,7 +135,7 @@ administration: gateway-web: config: selfUrl: https://gateway-web.eshoponabp.dev - corsOrigins: https://admin.eshoponabp.dev + corsOrigins: http://admin.eshoponabp.dev,https://admin.eshoponabp.dev authServer: authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" @@ -154,14 +154,19 @@ gateway-web: reRoutes: identityService: url: http://eshop-st-identity + dns: https://identity.eshoponabp.dev administrationService: url: http://eshop-st-administration + dns: https://administration.eshoponabp.dev catalogService: url: http://eshop-st-catalog + dns: https://catalog.eshoponabp.dev orderingService: url: http://eshop-st-ordering + dns: https://ordering.eshoponabp.dev cmskitService: url: http://eshop-st-cmskit + dns: https://cmskit.eshoponabp.dev # gateway-web-public sub-chart override gateway-web-public: @@ -185,18 +190,25 @@ gateway-web-public: reRoutes: identityService: url: http://eshop-st-identity + dns: https://identity.eshoponabp.dev administrationService: url: http://eshop-st-administration + dns: https://administration.eshoponabp.dev catalogService: url: http://eshop-st-catalog + dns: https://catalog.eshoponabp.dev basketService: url: http://eshop-st-basket + dns: https://basket.eshoponabp.dev orderingService: url: http://eshop-st-ordering + dns: https://ordering.eshoponabp.dev cmskitService: url: http://eshop-st-cmskit + dns: https://cmskit.eshoponabp.dev paymentService: url: http://eshop-st-payment + dns: https://payment.eshoponabp.dev # basket-service sub-chart override basket: diff --git a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.json b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.json index d1afa842..60ed6166 100644 --- a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.json +++ b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/appsettings.json @@ -1,7 +1,8 @@ { "App": { "SelfUrl": "https://localhost:44373", - "CorsOrigins": "https://localhost:44335" + "CorsOrigins": "https://localhost:44335", + "IsOnK8s": "false" }, "AuthServer": { "Authority": "http://localhost:8080/realms/master", diff --git a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json index b0bac38e..b21d328a 100644 --- a/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json +++ b/gateways/web-public/src/EShopOnAbp.WebPublicGateway/yarp.json @@ -2,19 +2,19 @@ "ReverseProxy": { "Routes": { "AbpApi": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/api/abp/{**catch-all}" } }, "Identity Service": { - "ClusterId": "identityCluster", + "ClusterId": "Identity", "Match": { "Path": "/api/identity/{**everything}" } }, "Identity Service Swagger": { - "ClusterId": "identityCluster", + "ClusterId": "Identity", "Match": { "Path": "/swagger-json/Identity/swagger/v1/swagger.json" }, @@ -23,25 +23,25 @@ ] }, "FeatureManagement": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/api/feature-management/{**everything}" } }, "PermissionManagement": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/api/permission-management/{**everything}" } }, "SettingManagement": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/api/setting-management/{**everything}" } }, "Administration Service Swagger": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/swagger-json/Administration/swagger/v1/swagger.json" }, @@ -72,13 +72,13 @@ } }, "Basket Service": { - "ClusterId": "basketCluster", + "ClusterId": "Basket", "Match": { "Path": "/api/basket/{**everything}" } }, "Basket Service Swagger": { - "ClusterId": "basketCluster", + "ClusterId": "Basket", "Match": { "Path": "/swagger-json/Basket/swagger/v1/swagger.json" }, @@ -87,13 +87,13 @@ ] }, "Ordering Service": { - "ClusterId": "orderingCluster", + "ClusterId": "Ordering", "Match": { "Path": "/api/ordering/{**everything}" } }, "Ordering Service Swagger": { - "ClusterId": "orderingCluster", + "ClusterId": "Ordering", "Match": { "Path": "/swagger-json/Ordering/swagger/v1/swagger.json" }, @@ -102,13 +102,13 @@ ] }, "Cmskit Service": { - "ClusterId": "cmskitCluster", + "ClusterId": "CmsKit", "Match": { "Path": "/api/cmskit/{**everything}" } }, "Cmskit Service Swagger": { - "ClusterId": "cmskitCluster", + "ClusterId": "CmsKit", "Match": { "Path": "/swagger-json/Cmskit/swagger/v1/swagger.json" }, @@ -117,13 +117,13 @@ ] }, "Payment Service": { - "ClusterId": "paymentCluster", + "ClusterId": "Payment", "Match": { "Path": "/api/payment/{**everything}" } }, "Payment Service Swagger": { - "ClusterId": "paymentCluster", + "ClusterId": "Payment", "Match": { "Path": "/swagger-json/Payment/swagger/v1/swagger.json" }, @@ -133,52 +133,73 @@ } }, "Clusters": { - "identityCluster": { + "Identity": { "Destinations": { "destination1": { - "Address": "https://localhost:44351" + "Address": "https://localhost:44351", + "MetaData": { + "PublicAddress": "https://identity.eshoponabp.dev" + } } } }, - "administrationCluster": { + "Administration": { "Destinations": { "destination1": { - "Address": "https://localhost:44353" - } + "Address": "https://localhost:44353", + "MetaData": { + "PublicAddress": "https://admininstration.eshop.dev" + } + } } }, "catalogCluster": { "Destinations": { "destination1": { - "Address": "https://localhost:44354" + "Address": "https://localhost:44354", + "MetaData": { + "PublicAddress": "https://admininstration.eshoponabp.dev" + } } } }, - "basketCluster": { + "Basket": { "Destinations": { "destination1": { - "Address": "https://localhost:44355" + "Address": "https://localhost:44355", + "MetaData": { + "PublicAddress": "https://basket.eshoponabp.dev" + } } } }, - "orderingCluster": { + "Ordering": { "Destinations": { "destination1": { - "Address": "https://localhost:44356" + "Address": "https://localhost:44356", + "MetaData": { + "PublicAddress": "https://ordering.eshoponabp.dev" + } } } }, - "cmskitCluster": { + "CmsKit": { "Destinations": { "destination1": { - "Address": "https://localhost:44358" + "Address": "https://localhost:44358", + "MetaData": { + "PublicAddress": "https://cmskit.eshoponabp.dev" + } } } }, - "paymentCluster": { + "Payment": { "Destinations": { "destination1": { - "Address": "https://localhost:44357" + "Address": "https://localhost:44357", + "MetaData": { + "PublicAddress": "https://payment.eshoponabp.dev" + } } } } diff --git a/gateways/web/src/EShopOnAbp.WebGateway/appsettings.json b/gateways/web/src/EShopOnAbp.WebGateway/appsettings.json index 20a13351..00dde9fb 100644 --- a/gateways/web/src/EShopOnAbp.WebGateway/appsettings.json +++ b/gateways/web/src/EShopOnAbp.WebGateway/appsettings.json @@ -1,7 +1,8 @@ { "App": { "SelfUrl": "https://localhost:44372", - "CorsOrigins": "http://localhost:4200" + "CorsOrigins": "http://localhost:4200,https://localhost:4200", + "IsOnK8s": "false" }, "AuthServer": { "Authority": "http://localhost:8080/realms/master", diff --git a/gateways/web/src/EShopOnAbp.WebGateway/yarp.json b/gateways/web/src/EShopOnAbp.WebGateway/yarp.json index 78456fdf..f77a2db6 100644 --- a/gateways/web/src/EShopOnAbp.WebGateway/yarp.json +++ b/gateways/web/src/EShopOnAbp.WebGateway/yarp.json @@ -2,19 +2,19 @@ "ReverseProxy": { "Routes": { "AbpApi": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/api/abp/{**catch-all}" } }, "Identity Service": { - "ClusterId": "identityCluster", + "ClusterId": "Identity", "Match": { "Path": "/api/identity/{**everything}" } }, "Identity Service Swagger": { - "ClusterId": "identityCluster", + "ClusterId": "Identity", "Match": { "Path": "/swagger-json/Identity/swagger/v1/swagger.json" }, @@ -41,7 +41,7 @@ } }, "Administration Service Swagger": { - "ClusterId": "administrationCluster", + "ClusterId": "Administration", "Match": { "Path": "/swagger-json/Administration/swagger/v1/swagger.json" }, @@ -50,13 +50,13 @@ ] }, "Catalog Service": { - "ClusterId": "catalogCluster", + "ClusterId": "Catalog", "Match": { "Path": "/api/catalog/{**everything}" } }, "Catalog Service Swagger": { - "ClusterId": "catalogCluster", + "ClusterId": "Catalog", "Match": { "Path": "/swagger-json/Catalog/swagger/v1/swagger.json" }, @@ -65,13 +65,13 @@ ] }, "Ordering Service": { - "ClusterId": "orderingCluster", + "ClusterId": "Ordering", "Match": { "Path": "/api/ordering/{**everything}" } }, "Ordering Service Swagger": { - "ClusterId": "orderingCluster", + "ClusterId": "Ordering", "Match": { "Path": "/swagger-json/Ordering/swagger/v1/swagger.json" }, @@ -80,13 +80,13 @@ ] }, "Cmskit Service": { - "ClusterId": "cmskitCluster", + "ClusterId": "CmsKit", "Match": { "Path": "/api/cmskit/{**everything}" } }, "Cmskit Service Swagger": { - "ClusterId": "cmskitCluster", + "ClusterId": "CmsKit", "Match": { "Path": "/swagger-json/Cmskit/swagger/v1/swagger.json" }, @@ -96,52 +96,53 @@ } }, "Clusters": { - "identityCluster": { + "Identity": { "Destinations": { "destination1": { - "Address": "https://localhost:44351" + "Address": "https://localhost:44351", + "MetaData": { + "PublicAddress": "https://identity.eshoponabp.dev" + } } } }, - "administrationCluster": { + "Administration": { "Destinations": { "destination1": { - "Address": "https://localhost:44353" + "Address": "https://localhost:44353", + "MetaData": { + "PublicAddress": "https://administration.eshoponabp.dev" + } } } }, - "permission-management-cluster": { + "Catalog": { "Destinations": { "destination1": { - "Address": "https://localhost:44353" + "Address": "https://localhost:44354", + "MetaData": { + "PublicAddress": "https://catalog.eshoponabp.dev" + } } } }, - "setting-management-cluster": { + "Ordering": { "Destinations": { "destination1": { - "Address": "https://localhost:44353" + "Address": "https://localhost:44356", + "MetaData": { + "PublicAddress": "https://ordering.eshoponabp.dev" + } } } }, - "catalogCluster": { + "CmsKit": { "Destinations": { "destination1": { - "Address": "https://localhost:44354" - } - } - }, - "orderingCluster": { - "Destinations": { - "destination1": { - "Address": "https://localhost:44356" - } - } - }, - "cmskitCluster": { - "Destinations": { - "destination1": { - "Address": "https://localhost:44358" + "Address": "https://localhost:44358", + "MetaData": { + "PublicAddress": "https://cmskit.eshoponabp.dev" + } } } } diff --git a/shared/EShopOnAbp.Shared.Hosting.Gateways/YarpSwaggerUIBuilderExtensions.cs b/shared/EShopOnAbp.Shared.Hosting.Gateways/YarpSwaggerUIBuilderExtensions.cs index d8d12012..ad54e1da 100644 --- a/shared/EShopOnAbp.Shared.Hosting.Gateways/YarpSwaggerUIBuilderExtensions.cs +++ b/shared/EShopOnAbp.Shared.Hosting.Gateways/YarpSwaggerUIBuilderExtensions.cs @@ -1,4 +1,5 @@ -using System.Linq; +using System; +using System.Linq; using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; @@ -41,7 +42,14 @@ public static IApplicationBuilder UseSwaggerUIWithYarp(this IApplicationBuilder continue; } - options.SwaggerEndpoint($"{clusterGroup.Value.Address}/swagger/v1/swagger.json", $"{routeConfig.RouteId} API"); + var baseUrl = clusterGroup.Value.Address; + + if (Convert.ToBoolean(configuration["App:IsOnK8s"])) // If the application is running on K8s, the swagger.json should be reached from public dns. + { + baseUrl = clusterGroup.Value.Metadata?["PublicAddress"]; + } + + options.SwaggerEndpoint($"{baseUrl}/swagger/v1/swagger.json", $"{routeConfig.RouteId} API"); options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]); } }); From 72bd9f76dff77fcc15151032e9984ad867567c83 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Fri, 12 Jan 2024 16:07:45 -0500 Subject: [PATCH 15/20] Updated deployments with new 8080 port --- .../basket/templates/basket-deployment.yaml | 2 +- .../catalog/templates/catalog-deployment.yaml | 4 +- etc/k8s/eshoponabp/charts/catalog/values.yaml | 2 +- .../cmskit/templates/cmskit-deployment.yaml | 2 +- .../eshoponabp/charts/gateway-web/values.yaml | 1 + .../templates/identity-deployment.yaml | 2 +- .../templates/ordering-deployment.yaml | 2 +- .../payment/templates/payment-deployment.yaml | 2 +- .../templates/public-web-deployment.yaml | 2 +- etc/k8s/eshoponabp/values.st.yaml | 38 +++++++++---------- 10 files changed, 29 insertions(+), 28 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml b/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml index 8105cacf..67110761 100644 --- a/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml index e66bd8ab..dd0cfa19 100644 --- a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml @@ -17,14 +17,14 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP - name: grpc containerPort: 81 protocol: TCP env: - name: "ASPNETCORE_URLS" - value: "http://+:80;http://+:81" + value: "http://+:8080;http://+:81" - name: "DOTNET_ENVIRONMENT" value: "{{ .Values.config.dotnetEnv }}" - name: App__SelfUrl diff --git a/etc/k8s/eshoponabp/charts/catalog/values.yaml b/etc/k8s/eshoponabp/charts/catalog/values.yaml index 9c72c62a..4e09e976 100644 --- a/etc/k8s/eshoponabp/charts/catalog/values.yaml +++ b/etc/k8s/eshoponabp/charts/catalog/values.yaml @@ -16,7 +16,7 @@ config: stringEncryptionDefaultPassPhrase: gsKnGZ041HLL4IM8 grpcPort: 81 kestrel: - httpUrl: http://eshop-st-catalog:80 + httpUrl: http://eshop-st-catalog:8080 httpProtocols: Http1AndHttp2 grpcUrl: http://eshop-st-catalog:81 grpcProtocols: Http2 diff --git a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml index 13a08a9d..da0340d5 100644 --- a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/charts/gateway-web/values.yaml b/etc/k8s/eshoponabp/charts/gateway-web/values.yaml index 945d27e5..3e2a1273 100644 --- a/etc/k8s/eshoponabp/charts/gateway-web/values.yaml +++ b/etc/k8s/eshoponabp/charts/gateway-web/values.yaml @@ -28,6 +28,7 @@ reRoutes: cmskitService: url: http://eshop-st-cmskit dns: https://cmskit.eshoponabp.dev + ingress: host: # eshop-st-gateway-web tlsSecret: eshop-wildcard-tls diff --git a/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml b/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml index 9f7994a2..22e93580 100644 --- a/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml index 78bcb82e..3ad228eb 100644 --- a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml b/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml index c3526b1b..30753515 100644 --- a/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/charts/public-web/templates/public-web-deployment.yaml b/etc/k8s/eshoponabp/charts/public-web/templates/public-web-deployment.yaml index 1d644d77..2bc88b3a 100644 --- a/etc/k8s/eshoponabp/charts/public-web/templates/public-web-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/public-web/templates/public-web-deployment.yaml @@ -17,7 +17,7 @@ spec: name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http - containerPort: 80 + containerPort: 8080 - name: https containerPort: 443 env: diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 5ea13ffe..aeb8a2b2 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -49,12 +49,12 @@ web: public-web: config: selfUrl: https://eshoponabp.dev - gatewayUrl: http://gateway-public.eshoponabp.dev/ + gatewayUrl: http://eshop-st-gateway-web-public:8080/ authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev requireHttpsMetadata: "false" - isOnProd: "false" - metaAddress: http://account.eshoponabp.dev + isOnProd: "true" + metaAddress: http://eshop-st-keycloak:8080/ dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq @@ -153,19 +153,19 @@ gateway-web: tag: 1.0.0 reRoutes: identityService: - url: http://eshop-st-identity + url: http://eshop-st-identity:8080 dns: https://identity.eshoponabp.dev administrationService: - url: http://eshop-st-administration + url: http://eshop-st-administration:8080 dns: https://administration.eshoponabp.dev catalogService: - url: http://eshop-st-catalog + url: http://eshop-st-catalog:8080 dns: https://catalog.eshoponabp.dev orderingService: - url: http://eshop-st-ordering + url: http://eshop-st-ordering:8080 dns: https://ordering.eshoponabp.dev cmskitService: - url: http://eshop-st-cmskit + url: http://eshop-st-cmskit:8080 dns: https://cmskit.eshoponabp.dev # gateway-web-public sub-chart override @@ -189,25 +189,25 @@ gateway-web-public: tag: 1.0.0 reRoutes: identityService: - url: http://eshop-st-identity + url: http://eshop-st-identity:8080 dns: https://identity.eshoponabp.dev administrationService: - url: http://eshop-st-administration + url: http://eshop-st-administration:8080 dns: https://administration.eshoponabp.dev catalogService: - url: http://eshop-st-catalog + url: http://eshop-st-catalog:8080 dns: https://catalog.eshoponabp.dev basketService: - url: http://eshop-st-basket + url: http://eshop-st-basket:8080 dns: https://basket.eshoponabp.dev orderingService: - url: http://eshop-st-ordering + url: http://eshop-st-ordering:8080 dns: https://ordering.eshoponabp.dev cmskitService: - url: http://eshop-st-cmskit + url: http://eshop-st-cmskit:8080 dns: https://cmskit.eshoponabp.dev paymentService: - url: http://eshop-st-payment + url: http://eshop-st-payment:8080 dns: https://payment.eshoponabp.dev # basket-service sub-chart override @@ -227,8 +227,8 @@ basket: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch remoteServices: - catalogBaseUrl: http://catalog.eshoponabp.dev:80 - catalogGrpcUrl: http://catalog.eshoponabp.dev:81 + catalogBaseUrl: http://eshop-st-catalog:8080 + catalogGrpcUrl: http://eshop-st-catalog:81 ingress: host: basket.eshoponabp.dev tlsSecret: eshop-wildcard-tls @@ -254,7 +254,7 @@ catalog: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch kestrel: - httpUrl: http://catalog.eshoponabp.dev:80 + httpUrl: http://catalog.eshoponabp.dev:8080 httpProtocols: Http1AndHttp2 grpcUrl: http://catalog.eshoponabp.dev:81 grpcProtocols: Http2 From befedd63223f85067b9277a852dafb7bde69abee Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Mon, 15 Jan 2024 14:24:49 -0500 Subject: [PATCH 16/20] Updated public-web keycloak integration --- .../EShopOnAbpPublicWebModule.cs | 4 +- .../templates/identity-deployment.yaml | 58 ++- .../eshoponabp/charts/identity/values.yaml | 7 +- etc/k8s/eshoponabp/values.st.yaml | 11 +- .../DbMigrations/KeycloakDataSeeder.cs | 432 ++++++++++++++++++ ...pOnAbp.IdentityService.HttpApi.Host.csproj | 1 + .../appsettings.json | 2 +- 7 files changed, 483 insertions(+), 32 deletions(-) create mode 100644 services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/DbMigrations/KeycloakDataSeeder.cs diff --git a/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs b/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs index 16b4182e..30afa968 100644 --- a/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs +++ b/apps/public-web/src/EShopOnAbp.PublicWeb/EShopOnAbpPublicWebModule.cs @@ -215,7 +215,7 @@ public override void ConfigureServices(ServiceConfigurationContext context) { // Intercept the redirection so the browser navigates to the right URL in your host ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"].EnsureEndsWith('/') + - "connect/authorize"; + "protocol/openid-connect/auth"; if (previousOnRedirectToIdentityProvider != null) { @@ -228,7 +228,7 @@ public override void ConfigureServices(ServiceConfigurationContext context) { // Intercept the redirection for signout so the browser navigates to the right URL in your host ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"].EnsureEndsWith('/') + - "connect/endsession"; + "protocol/openid-connect/logout"; if (previousOnRedirectToIdentityProviderForSignOut != null) { diff --git a/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml b/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml index 22e93580..f67284ec 100644 --- a/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml @@ -36,7 +36,15 @@ spec: - name: "RabbitMQ__Connections__Default__HostName" value: "{{ .Values.config.rabbitmqHost }}" - name: "ElasticSearch__Url" - value: "{{ .Values.config.elasticsearchHost }}" + value: "{{ .Values.config.elasticsearchHost }}" + - name: "Keycloak__url" + value: "{{ .Values.config.keycloak.url }}" + - name: "Keycloak__adminUsername" + value: "{{ .Values.config.keycloak.adminUsername }}" + - name: "Keycloak__adminPassword" + value: "{{ .Values.config.keycloak.adminPassword }}" + - name: "Keycloak__realmName" + value: "{{ .Values.config.keycloak.realmName }}" - name: "AuthServer__Authority" value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" @@ -47,30 +55,30 @@ spec: value: "{{ .Values.config.authServer.swaggerClientSecret }}" - name: "StringEncryption__DefaultPassPhrase" value: "{{ .Values.config.stringEncryptionDefaultPassPhrase }}" - - name: "IdentityServerClients__Web__RootUrl" - value: {{ .Values.identityServerClients.webRootUrl }} - - name: "IdentityServerClients__PublicWeb__RootUrl" - value: {{ .Values.identityServerClients.publicWebRootUrl }} - - name: "IdentityServerClients__PublicWebGateway__RootUrl" - value: {{ .Values.identityServerClients.publicWebGatewayRootUrl }} - - name: "IdentityServerClients__WebGateway__RootUrl" - value: {{ .Values.identityServerClients.webGatewayRootUrl }} - - name: "IdentityServerClients__IdentityService__RootUrl" - value: {{ .Values.identityServerClients.identityServiceRootUrl }} - - name: "IdentityServerClients__AdministrationService__RootUrl" - value: {{ .Values.identityServerClients.administrationServiceRootUrl }} - - name: "IdentityServerClients__AccountService__RootUrl" - value: {{ .Values.identityServerClients.accountServiceRootUrl }} - - name: "IdentityServerClients__BasketService__RootUrl" - value: {{ .Values.identityServerClients.basketServiceRootUrl }} - - name: "IdentityServerClients__CatalogService__RootUrl" - value: {{ .Values.identityServerClients.catalogServiceRootUrl }} - - name: "IdentityServerClients__OrderingService__RootUrl" - value: {{ .Values.identityServerClients.orderingServiceRootUrl }} - - name: "IdentityServerClients__CmskitService__RootUrl" - value: {{ .Values.identityServerClients.cmskitServiceRootUrl }} - - name: "IdentityServerClients__PaymentService__RootUrl" - value: {{ .Values.identityServerClients.paymentServiceRootUrl }} + - name: "Clients__Web__RootUrl" + value: {{ .Values.keycloakClients.webRootUrl }} + - name: "Clients__PublicWeb__RootUrl" + value: {{ .Values.keycloakClients.publicWebRootUrl }} + - name: "Clients__PublicWebGateway__RootUrl" + value: {{ .Values.keycloakClients.publicWebGatewayRootUrl }} + - name: "Clients__WebGateway__RootUrl" + value: {{ .Values.keycloakClients.webGatewayRootUrl }} + - name: "Clients__IdentityService__RootUrl" + value: {{ .Values.keycloakClients.identityServiceRootUrl }} + - name: "Clients__AdministrationService__RootUrl" + value: {{ .Values.keycloakClients.administrationServiceRootUrl }} + - name: "Clients__AccountService__RootUrl" + value: {{ .Values.keycloakClients.accountServiceRootUrl }} + - name: "Clients__BasketService__RootUrl" + value: {{ .Values.keycloakClients.basketServiceRootUrl }} + - name: "Clients__CatalogService__RootUrl" + value: {{ .Values.keycloakClients.catalogServiceRootUrl }} + - name: "Clients__OrderingService__RootUrl" + value: {{ .Values.keycloakClients.orderingServiceRootUrl }} + - name: "Clients__CmskitService__RootUrl" + value: {{ .Values.keycloakClients.cmskitServiceRootUrl }} + - name: "Clients__PaymentService__RootUrl" + value: {{ .Values.keycloakClients.paymentServiceRootUrl }} {{- if .Values.env }} {{ toYaml .Values.env | indent 8 }} {{- end }} diff --git a/etc/k8s/eshoponabp/charts/identity/values.yaml b/etc/k8s/eshoponabp/charts/identity/values.yaml index f27575dd..133228ea 100644 --- a/etc/k8s/eshoponabp/charts/identity/values.yaml +++ b/etc/k8s/eshoponabp/charts/identity/values.yaml @@ -9,6 +9,11 @@ config: requireHttpsMetadata: "false" swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" + keycloak: + url: http://eshop-st-keycloak:8080 + adminUsername: admin + adminPassword: 1q2w3E* + realmName: master dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq @@ -16,7 +21,7 @@ config: stringEncryptionDefaultPassPhrase: gsKnGZ041HLL4IM8 # Seeded clients -identityServerClients: +keycloakClients: webRootUrl: # publicWebRootUrl: # webGatewayRootUrl: # diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index aeb8a2b2..4761c48e 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -51,10 +51,10 @@ public-web: selfUrl: https://eshoponabp.dev gatewayUrl: http://eshop-st-gateway-web-public:8080/ authServer: - authority: https://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" isOnProd: "true" - metaAddress: http://eshop-st-keycloak:8080/ + metaAddress: http://eshop-st-keycloak:8080/realms/master dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq @@ -74,6 +74,11 @@ identity: connectionStrings: identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" + keycloak: + url: http://eshop-st-keycloak:8080 + adminUsername: admin + adminPassword: 1q2w3E* + realmName: master authServer: authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" @@ -83,7 +88,7 @@ identity: redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch - identityServerClients: # Seeded Clients + keycloakClients: # Seeded Clients webRootUrl: https://admin.eshoponabp.dev/ publicWebRootUrl: https://eshoponabp.dev/ webGatewayRootUrl: https://gateway-web.eshoponabp.dev/ diff --git a/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/DbMigrations/KeycloakDataSeeder.cs b/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/DbMigrations/KeycloakDataSeeder.cs new file mode 100644 index 00000000..7cbc9fd3 --- /dev/null +++ b/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/DbMigrations/KeycloakDataSeeder.cs @@ -0,0 +1,432 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using EShopOnAbp.IdentityService.Keycloak.Service; +using Keycloak.Net; +using Keycloak.Net.Models.Clients; +using Keycloak.Net.Models.ClientScopes; +using Keycloak.Net.Models.ProtocolMappers; +using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; +using Volo.Abp.Data; +using Volo.Abp.DependencyInjection; + +namespace EShopOnAbp.IdentityService.DbMigrations; + +public class KeyCloakDataSeeder : IDataSeedContributor, ITransientDependency +{ + private readonly KeycloakClient _keycloakClient; + private readonly KeycloakClientOptions _keycloakOptions; + private readonly ILogger _logger; + private readonly IConfiguration _configuration; + + public KeyCloakDataSeeder(IOptions keycloakClientOptions, ILogger logger, + IConfiguration configuration) + { + _logger = logger; + _configuration = configuration; + _keycloakOptions = keycloakClientOptions.Value; + + _keycloakClient = new KeycloakClient( + _keycloakOptions.Url, + _keycloakOptions.AdminUserName, + _keycloakOptions.AdminPassword + ); + } + + public async Task SeedAsync(DataSeedContext context) + { + await UpdateRealmSettingsAsync(); + await UpdateAdminUserAsync(); + await CreateRoleMapperAsync(); // roles scope + await CreateClientScopesAsync(); + await CreateClientsAsync(); + } + + private async Task UpdateRealmSettingsAsync() + { + var masterRealm = await _keycloakClient.GetRealmAsync(_keycloakOptions.RealmName); + if (masterRealm.AccessTokenLifespan != 30 * 60) + { + masterRealm.AccessTokenLifespan = 30 * 60; + await _keycloakClient.UpdateRealmAsync(_keycloakOptions.RealmName, masterRealm); + } + } + + private async Task CreateRoleMapperAsync() + { + var roleScope = (await _keycloakClient.GetClientScopesAsync(_keycloakOptions.RealmName)) + .FirstOrDefault(q => q.Name == "roles"); + if (roleScope == null) + return; + + if (!roleScope.ProtocolMappers.Any(q => q.Name == "roles")) + { + await _keycloakClient.CreateProtocolMapperAsync(_keycloakOptions.RealmName, roleScope.Id, + new ProtocolMapper() + { + Name = "roles", + Protocol = "openid-connect", + _ProtocolMapper = "oidc-usermodel-realm-role-mapper", + Config = new Dictionary() + { + { "access.token.claim", "true" }, + { "id.token.claim", "true" }, + { "claim.name", "role" }, + { "multivalued", "true" }, + { "userinfo.token.claim", "true" }, + } + }); + } + } + + private async Task CreateClientScopesAsync() + { + await CreateScopeAsync("AdministrationService"); + await CreateScopeAsync("IdentityService"); + await CreateScopeAsync("BasketService"); + await CreateScopeAsync("CatalogService"); + await CreateScopeAsync("OrderingService"); + await CreateScopeAsync("PaymentService"); + await CreateScopeAsync("CmskitService"); + } + + private async Task CreateScopeAsync(string scopeName) + { + var scope = (await _keycloakClient.GetClientScopesAsync(_keycloakOptions.RealmName)) + .FirstOrDefault(q => q.Name == scopeName); + + if (scope == null) + { + scope = new ClientScope + { + Name = scopeName, + Description = scopeName + " scope", + Protocol = "openid-connect", + Attributes = new Attributes + { + ConsentScreenText = scopeName, + DisplayOnConsentScreen = "true", + IncludeInTokenScope = "true" + }, + ProtocolMappers = new List() + { + new ProtocolMapper() + { + Name = scopeName, + Protocol = "openid-connect", + _ProtocolMapper = "oidc-audience-mapper", + Config = + new + Dictionary + { + { "id.token.claim", "false" }, + { "access.token.claim", "true" }, + { "included.custom.audience", scopeName } + } + } + } + }; + + await _keycloakClient.CreateClientScopeAsync(_keycloakOptions.RealmName, scope); + } + } + + private async Task CreateClientsAsync() + { + await CreatePublicWebClientAsync(); + await CreateSwaggerClientAsync(); + await CreateWebClientAsync(); + // await CreateCmskitClientAsync(); + // await CreateAdministrationClientAsync(); + } + + private async Task CreateAdministrationClientAsync() + { + var administrationClient = + (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, + clientId: "EShopOnAbp_AdministrationService")) + .FirstOrDefault(); + + if (administrationClient == null) + { + administrationClient = new Client() + { + ClientId = "EShopOnAbp_AdministrationService", + Name = "Administration service client", + Protocol = "openid-connect", + PublicClient = false, + ImplicitFlowEnabled = false, + AuthorizationServicesEnabled = false, + StandardFlowEnabled = false, + DirectAccessGrantsEnabled = false, + ServiceAccountsEnabled = true, + Secret = "1q2w3e*" + }; + + administrationClient.Attributes = new Dictionary() + { + { "oauth2.device.authorization.grant.enabled", false }, + { "oidc.ciba.grant.enabled", false } + }; + + await _keycloakClient.CreateClientAsync(_keycloakOptions.RealmName, administrationClient); + + await AddOptionalClientScopesAsync( + "EShopOnAbp_AdministrationService", + new List + { + "IdentityService" + } + ); + + var insertedClient = + (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: "EShopOnAbp_AdministrationService")) + .First(); + + var clientIdProtocolMapper = insertedClient.ProtocolMappers.First(q => q.Name == "Client ID"); + + clientIdProtocolMapper.Config["claim.name"] = "client_id"; + + var result = await _keycloakClient.UpdateClientAsync(_keycloakOptions.RealmName, insertedClient.Id, + insertedClient); + } + } + + private async Task CreateCmskitClientAsync() + { + var cmsKitClient = + (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: "EShopOnAbp_CmskitService")) + .FirstOrDefault(); + + if (cmsKitClient == null) + { + cmsKitClient = new Client() + { + ClientId = "EShopOnAbp_CmskitService", + Name = "Cmskit microservice client", + Protocol = "openid-connect", + PublicClient = false, + ImplicitFlowEnabled = false, + AuthorizationServicesEnabled = false, + StandardFlowEnabled = false, + DirectAccessGrantsEnabled = false, + ServiceAccountsEnabled = true, + Secret = "1q2w3e*" + }; + cmsKitClient.Attributes = new Dictionary() + { + { "oauth2.device.authorization.grant.enabled", false }, + { "oidc.ciba.grant.enabled", false }, + { "client_credentials.use_refresh_token", false } + }; + + await _keycloakClient.CreateClientAsync(_keycloakOptions.RealmName, cmsKitClient); + + await AddOptionalClientScopesAsync( + "EShopOnAbp_CmskitService", + new List + { + "IdentityService" + } + ); + + var insertedClient = + (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: "EShopOnAbp_CmskitService")) + .First(); + + var clientIdProtocolMapper = insertedClient.ProtocolMappers.First(q => q.Name == "Client ID"); + + clientIdProtocolMapper.Config["claim.name"] = "client_id"; + + var result = await _keycloakClient.UpdateClientAsync(_keycloakOptions.RealmName, insertedClient.Id, + insertedClient); + } + } + + private async Task CreateWebClientAsync() + { + var webClient = (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: "Web")) + .FirstOrDefault(); + + if (webClient == null) + { + var webRootUrl = _configuration[$"Clients:Web:RootUrl"]; + webClient = new Client + { + ClientId = "Web", + Name = "Angular Back-Office Web Application", + Protocol = "openid-connect", + Enabled = true, + BaseUrl = webRootUrl, + RedirectUris = new List + { + $"{webRootUrl.TrimEnd('/')}" + }, + FrontChannelLogout = true, + PublicClient = true + }; + webClient.Attributes = new Dictionary + { + { "post.logout.redirect.uris", $"{webRootUrl.TrimEnd('/')}" } + }; + + await _keycloakClient.CreateClientAsync(_keycloakOptions.RealmName, webClient); + + await AddOptionalClientScopesAsync( + "Web", + new List + { + "AdministrationService", "IdentityService", "BasketService", "CatalogService", + "OrderingService", "PaymentService", "CmskitService" + } + ); + } + } + + private async Task CreateSwaggerClientAsync() + { + var swaggerClient = + (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: "SwaggerClient")) + .FirstOrDefault(); + + if (swaggerClient == null) + { + var webGatewaySwaggerRootUrl = _configuration[$"Clients:WebGateway:RootUrl"].TrimEnd('/'); + var publicWebGatewayRootUrl = _configuration[$"Clients:PublicWebGateway:RootUrl"].TrimEnd('/'); + var accountServiceRootUrl = _configuration[$"Clients:AccountService:RootUrl"].TrimEnd('/'); + var identityServiceRootUrl = _configuration[$"Clients:IdentityService:RootUrl"].TrimEnd('/'); + var administrationServiceRootUrl = _configuration[$"Clients:AdministrationService:RootUrl"].TrimEnd('/'); + var catalogServiceRootUrl = _configuration[$"Clients:CatalogService:RootUrl"].TrimEnd('/'); + var basketServiceRootUrl = _configuration[$"Clients:BasketService:RootUrl"].TrimEnd('/'); + var orderingServiceRootUrl = _configuration[$"Clients:OrderingService:RootUrl"].TrimEnd('/'); + var paymentServiceRootUrl = _configuration[$"Clients:PaymentService:RootUrl"].TrimEnd('/'); + var cmskitServiceRootUrl = _configuration[$"Clients:CmskitService:RootUrl"].TrimEnd('/'); + + swaggerClient = new Client + { + ClientId = "SwaggerClient", + Name = "Swagger Client Application", + Protocol = "openid-connect", + Enabled = true, + RedirectUris = new List + { + $"{webGatewaySwaggerRootUrl}/swagger/oauth2-redirect.html", // WebGateway redirect uri + $"{publicWebGatewayRootUrl}/swagger/oauth2-redirect.html", // PublicWebGateway redirect uri + $"{accountServiceRootUrl}/swagger/oauth2-redirect.html", // AccountService redirect uri + $"{identityServiceRootUrl}/swagger/oauth2-redirect.html", // IdentityService redirect uri + $"{administrationServiceRootUrl}/swagger/oauth2-redirect.html", // AdministrationService redirect uri + $"{catalogServiceRootUrl}/swagger/oauth2-redirect.html", // CatalogService redirect uri + $"{basketServiceRootUrl}/swagger/oauth2-redirect.html", // BasketService redirect uri + $"{orderingServiceRootUrl}/swagger/oauth2-redirect.html", // OrderingService redirect uri + $"{paymentServiceRootUrl}/swagger/oauth2-redirect.html", // PaymentService redirect uri + $"{cmskitServiceRootUrl}/swagger/oauth2-redirect.html" // CmskitService redirect uri + }, + FrontChannelLogout = true, + PublicClient = true + }; + + await _keycloakClient.CreateClientAsync(_keycloakOptions.RealmName, swaggerClient); + + await AddOptionalClientScopesAsync( + "SwaggerClient", + new List + { + "AdministrationService", "IdentityService", "BasketService", "CatalogService", + "OrderingService", "PaymentService", "CmskitService" + } + ); + } + } + + private async Task CreatePublicWebClientAsync() + { + var publicWebClient = (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: "PublicWeb")) + .FirstOrDefault(); + + if (publicWebClient == null) + { + var publicWebRootUrl = _configuration[$"Clients:PublicWeb:RootUrl"]; + publicWebClient = new Client + { + ClientId = "PublicWeb", + Name = "Public Web Application", + Protocol = "openid-connect", + Enabled = true, + BaseUrl = publicWebRootUrl, + RedirectUris = new List + { + $"{publicWebRootUrl.TrimEnd('/')}/signin-oidc" + }, + FrontChannelLogout = true, + PublicClient = true, + ImplicitFlowEnabled = true // for hybrid flow + }; + publicWebClient.Attributes = new Dictionary + { + { "post.logout.redirect.uris", $"{publicWebRootUrl.TrimEnd('/')}/signout-callback-oidc" } + }; + + await _keycloakClient.CreateClientAsync(_keycloakOptions.RealmName, publicWebClient); + + await AddOptionalClientScopesAsync( + "PublicWeb", + new List + { + "AdministrationService", "IdentityService", "BasketService", "CatalogService", + "OrderingService", "PaymentService", "CmskitService" + } + ); + } + } + + private async Task AddOptionalClientScopesAsync(string clientName, List scopes) + { + var client = (await _keycloakClient.GetClientsAsync(_keycloakOptions.RealmName, clientId: clientName)) + .FirstOrDefault(); + if (client == null) + { + _logger.LogError($"Couldn't find {clientName}! Could not seed optional scopes!"); + return; + } + + var clientOptionalScopes = + (await _keycloakClient.GetOptionalClientScopesAsync(_keycloakOptions.RealmName, client.Id)).ToList(); + + var clientScopes = (await _keycloakClient.GetClientScopesAsync(_keycloakOptions.RealmName)).ToList(); + + foreach (var scope in scopes) + { + if (!clientOptionalScopes.Any(q => q.Name == scope)) + { + var serviceScope = clientScopes.First(q => q.Name == scope); + _logger.LogInformation($"Seeding {scope} scope to {clientName}."); + await _keycloakClient.UpdateOptionalClientScopeAsync(_keycloakOptions.RealmName, client.Id, + serviceScope.Id); + } + } + } + + private async Task UpdateAdminUserAsync() + { + var users = await _keycloakClient.GetUsersAsync(_keycloakOptions.RealmName, username: "admin"); + var adminUser = users.FirstOrDefault(); + if (adminUser == null) + { + throw new Exception( + "Keycloak admin user is not provided, check if KEYCLOAK_ADMIN environment variable is passed properly."); + } + + if (string.IsNullOrEmpty(adminUser.Email)) + { + adminUser.Email = "admin@abp.io"; + adminUser.FirstName = "admin"; + adminUser.EmailVerified = true; + + _logger.LogInformation("Updating admin user with email and first name..."); + await _keycloakClient.UpdateUserAsync(_keycloakOptions.RealmName, adminUser.Id, adminUser); + } + } +} \ No newline at end of file diff --git a/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/EShopOnAbp.IdentityService.HttpApi.Host.csproj b/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/EShopOnAbp.IdentityService.HttpApi.Host.csproj index 460b38bd..df7b860b 100644 --- a/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/EShopOnAbp.IdentityService.HttpApi.Host.csproj +++ b/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/EShopOnAbp.IdentityService.HttpApi.Host.csproj @@ -6,6 +6,7 @@ + runtime; build; native; contentfiles; analyzers; buildtransitive diff --git a/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/appsettings.json b/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/appsettings.json index 5518e83b..8b7c19da 100644 --- a/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/appsettings.json +++ b/services/identity/src/EShopOnAbp.IdentityService.HttpApi.Host/appsettings.json @@ -47,7 +47,7 @@ "ElasticSearch": { "Url": "http://localhost:9200" }, - "IdentityServerClients": { + "Clients": { "Web": { "RootUrl": "http://localhost:4200" }, From 424c48ac3d94689275b732ea293ff23eae9947c0 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Mon, 15 Jan 2024 14:52:36 -0500 Subject: [PATCH 17/20] Updated angular keycloak integration --- etc/k8s/eshoponabp/charts/web/templates/web-configmap.yaml | 2 +- etc/k8s/eshoponabp/values.st.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/web/templates/web-configmap.yaml b/etc/k8s/eshoponabp/charts/web/templates/web-configmap.yaml index 0884be6e..6f42a385 100644 --- a/etc/k8s/eshoponabp/charts/web/templates/web-configmap.yaml +++ b/etc/k8s/eshoponabp/charts/web/templates/web-configmap.yaml @@ -18,7 +18,7 @@ data: "clientId": "Web", "responseType": "code", "responseType": "{{ .Values.config.authServer.responseType }}", - "scope": "offline_access openid profile email phone AccountService IdentityService AdministrationService CatalogService OrderingService", + "scope": "offline_access openid profile email phone roles AdministrationService IdentityService BasketService CatalogService OrderingService PaymentService CmskitService", "strictDiscoveryDocumentValidation": {{ .Values.config.authServer.strictDiscoveryDocumentValidation }}, "skipIssuerCheck": {{ .Values.config.authServer.skipIssuerCheck }} }, diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 4761c48e..a778b7fe 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -33,7 +33,7 @@ web: selfUrl: https://admin.eshoponabp.dev gatewayUrl: https://gateway-web.eshoponabp.dev authServer: - authority: https://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: false responseType: "code" strictDiscoveryDocumentValidation: false @@ -112,7 +112,7 @@ identity: administration: config: selfUrl: https://administration.eshoponabp.dev - corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: From c7c6d883cac5e6ce36e548ab21677f9c1d44f6f2 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Mon, 15 Jan 2024 16:57:37 -0500 Subject: [PATCH 18/20] Updated jwt issuer validation of microservices for keycloak --- .../templates/administration-deployment.yaml | 6 ++--- .../charts/administration/values.yaml | 4 +-- .../basket/templates/basket-deployment.yaml | 2 ++ etc/k8s/eshoponabp/charts/basket/values.yaml | 1 + .../catalog/templates/catalog-deployment.yaml | 2 ++ etc/k8s/eshoponabp/charts/catalog/values.yaml | 1 + .../cmskit/templates/cmskit-deployment.yaml | 2 ++ etc/k8s/eshoponabp/charts/cmskit/values.yaml | 1 + .../templates/identity-deployment.yaml | 2 ++ .../eshoponabp/charts/identity/values.yaml | 1 + .../templates/ordering-deployment.yaml | 2 ++ .../eshoponabp/charts/ordering/values.yaml | 1 + .../payment/templates/payment-deployment.yaml | 2 ++ etc/k8s/eshoponabp/charts/payment/values.yaml | 1 + etc/k8s/eshoponabp/values.st.yaml | 27 ++++++++++++------- .../JwtBearerConfigurationHelper.cs | 17 ++++++++++-- 16 files changed, 54 insertions(+), 18 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml b/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml index 889f6e8a..c5902d11 100644 --- a/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/administration/templates/administration-deployment.yaml @@ -29,10 +29,6 @@ spec: value: "{{ .Values.config.remoteServices.useCurrentToken }}" - name: App__CorsOrigins value: "{{ .Values.config.corsOrigins }}" - - name: IdentityClients__Default__Authority - value: "{{ .Values.synchedCommunication.authority }}" - - name: IdentityClients__Default__RequireHttps - value: "{{ .Values.config.authServer.requireHttpsMetadata }}" - name: "ConnectionStrings__AdministrationService" value: "{{ .Values.config.connectionStrings.administrationService }}" - name: "DOTNET_ENVIRONMENT" @@ -43,6 +39,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.authServer.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/administration/values.yaml b/etc/k8s/eshoponabp/charts/administration/values.yaml index ce4c296b..038199e8 100644 --- a/etc/k8s/eshoponabp/charts/administration/values.yaml +++ b/etc/k8s/eshoponabp/charts/administration/values.yaml @@ -4,10 +4,10 @@ config: connectionStrings: administrationService: # authServer: - authority: http://eshop-st-authserver + authority: http://eshop-st-keycloak:8080 requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: WebGateway_Swagger - swaggerClientSecret: "1q2w3e*" remoteServices: abpIdentityBaseUrl: # useCurrentToken: "false" diff --git a/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml b/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml index 67110761..913ef657 100644 --- a/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/basket/templates/basket-deployment.yaml @@ -39,6 +39,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/basket/values.yaml b/etc/k8s/eshoponabp/charts/basket/values.yaml index 88c5fb4c..df2dda03 100644 --- a/etc/k8s/eshoponabp/charts/basket/values.yaml +++ b/etc/k8s/eshoponabp/charts/basket/values.yaml @@ -6,6 +6,7 @@ config: authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: "WebGateway_Swagger" swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging diff --git a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml index dd0cfa19..af72a3c7 100644 --- a/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/catalog/templates/catalog-deployment.yaml @@ -45,6 +45,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.authServer.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/catalog/values.yaml b/etc/k8s/eshoponabp/charts/catalog/values.yaml index 4e09e976..a27e26ab 100644 --- a/etc/k8s/eshoponabp/charts/catalog/values.yaml +++ b/etc/k8s/eshoponabp/charts/catalog/values.yaml @@ -7,6 +7,7 @@ config: authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging diff --git a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml index da0340d5..a9d38fea 100644 --- a/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/cmskit/templates/cmskit-deployment.yaml @@ -41,6 +41,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.authServer.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/cmskit/values.yaml b/etc/k8s/eshoponabp/charts/cmskit/values.yaml index 185b1685..b1850731 100644 --- a/etc/k8s/eshoponabp/charts/cmskit/values.yaml +++ b/etc/k8s/eshoponabp/charts/cmskit/values.yaml @@ -7,6 +7,7 @@ config: authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: diff --git a/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml b/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml index f67284ec..cdb4a5f4 100644 --- a/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/identity/templates/identity-deployment.yaml @@ -49,6 +49,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.authServer.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/identity/values.yaml b/etc/k8s/eshoponabp/charts/identity/values.yaml index 133228ea..02535f3f 100644 --- a/etc/k8s/eshoponabp/charts/identity/values.yaml +++ b/etc/k8s/eshoponabp/charts/identity/values.yaml @@ -7,6 +7,7 @@ config: authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" keycloak: diff --git a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml index 3ad228eb..98b3fde9 100644 --- a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml @@ -41,6 +41,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.authServer.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/ordering/values.yaml b/etc/k8s/eshoponabp/charts/ordering/values.yaml index a427d0cf..da234936 100644 --- a/etc/k8s/eshoponabp/charts/ordering/values.yaml +++ b/etc/k8s/eshoponabp/charts/ordering/values.yaml @@ -7,6 +7,7 @@ config: authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging diff --git a/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml b/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml index 30753515..2ac12514 100644 --- a/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/payment/templates/payment-deployment.yaml @@ -41,6 +41,8 @@ spec: value: "{{ .Values.config.authServer.authority }}" - name: "AuthServer__RequireHttpsMetadata" value: "{{ .Values.config.authServer.requireHttpsMetadata }}" + - name: "AuthServer__MetadataAddress" + value: "{{ .Values.config.authServer.metadataAddress }}" - name: "AuthServer__SwaggerClientId" value: "{{ .Values.config.authServer.swaggerClientId }}" - name: "AuthServer__SwaggerClientSecret" diff --git a/etc/k8s/eshoponabp/charts/payment/values.yaml b/etc/k8s/eshoponabp/charts/payment/values.yaml index d641f59b..fa51d483 100644 --- a/etc/k8s/eshoponabp/charts/payment/values.yaml +++ b/etc/k8s/eshoponabp/charts/payment/values.yaml @@ -7,6 +7,7 @@ config: authServer: authority: http://eshop-st-authserver requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080 swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index a778b7fe..6cd0278d 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -70,7 +70,7 @@ public-web: identity: config: selfUrl: https://identity.eshoponabp.dev - corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" @@ -80,8 +80,9 @@ identity: adminPassword: 1q2w3E* realmName: master authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -116,8 +117,9 @@ administration: connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: @@ -223,8 +225,9 @@ basket: connectionStrings: administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -250,8 +253,9 @@ catalog: catalogService: "mongodb://eshop-st-mongodb/EShopOnAbp_Catalog" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -274,13 +278,14 @@ catalog: ordering: config: selfUrl: https://ordering.eshoponabp.dev - corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: orderingService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Ordering;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -298,13 +303,14 @@ ordering: cmskit: config: selfUrl: https://cmskit.eshoponabp.dev - corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: cmskitervice: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: - authority: http://account.eshoponabp.dev + authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: @@ -326,13 +332,14 @@ cmskit: payment: config: selfUrl: https://payment.eshoponabp.dev - corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev + corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: paymentService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Payment;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" + metadataAddress: http://eshop-st-keycloak:8080/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: diff --git a/shared/EShopOnAbp.Shared.Hosting.Microservices/JwtBearerConfigurationHelper.cs b/shared/EShopOnAbp.Shared.Hosting.Microservices/JwtBearerConfigurationHelper.cs index b00229f1..9bf9c8fe 100644 --- a/shared/EShopOnAbp.Shared.Hosting.Microservices/JwtBearerConfigurationHelper.cs +++ b/shared/EShopOnAbp.Shared.Hosting.Microservices/JwtBearerConfigurationHelper.cs @@ -1,6 +1,7 @@ -using Microsoft.AspNetCore.Authentication.JwtBearer; +using System; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.Extensions.DependencyInjection; -using System; +using Microsoft.IdentityModel.Tokens; using Volo.Abp.Modularity; namespace EShopOnAbp.Shared.Hosting.Microservices; @@ -19,6 +20,18 @@ public static void Configure( options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); options.Audience = audience; + // IDX10204: Unable to validate issuer on K8s if not set + options.TokenValidationParameters = new TokenValidationParameters() + { + ValidIssuers = new[] + { configuration["AuthServer:Authority"], configuration["AuthServer:MetadataAddress"] }, + // IDX10500: Signature validation failed. No security keys were provided to validate the signature on K8s + SignatureValidator = delegate(string token, TokenValidationParameters parameters) + { + var jwt = new Microsoft.IdentityModel.JsonWebTokens.JsonWebToken(token); + return jwt; + } + }; }); } } \ No newline at end of file From 39b7acc79338f4ab9cbebedab8f15dcc00015d10 Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Mon, 15 Jan 2024 17:02:09 -0500 Subject: [PATCH 19/20] updated k8s readme with new DNS --- etc/k8s/eshoponabp/README.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/etc/k8s/eshoponabp/README.md b/etc/k8s/eshoponabp/README.md index f04379fb..694da705 100644 --- a/etc/k8s/eshoponabp/README.md +++ b/etc/k8s/eshoponabp/README.md @@ -63,18 +63,19 @@ kubectl create secret tls -n eshop eshop-wildcard-tls --cert=./eshoponabp.dev+1. * Add entries to the hosts file (in Windows: `C:\Windows\System32\drivers\etc\hosts`, in linux and macos: `/etc/hosts` ): ````powershell - 127.0.0.1 eshop-st-web - 127.0.0.1 eshop-st-public-web - 127.0.0.1 eshop-st-authserver - 127.0.0.1 eshop-st-identity - 127.0.0.1 eshop-st-administration - 127.0.0.1 eshop-st-basket - 127.0.0.1 eshop-st-catalog - 127.0.0.1 eshop-st-ordering - 127.0.0.1 eshop-st-cmskit - 127.0.0.1 eshop-st-payment - 127.0.0.1 eshop-st-gateway-web - 127.0.0.1 eshop-st-gateway-web-public +127.0.0.1 admin.eshoponabp.dev +127.0.0.1 eshoponabp.dev +127.0.0.1 account.eshoponabp.dev +127.0.0.1 identity.eshoponabp.dev +127.0.0.1 administration.eshoponabp.dev +127.0.0.1 product.eshoponabp.dev +127.0.0.1 basket.eshoponabp.dev +127.0.0.1 catalog.eshoponabp.dev +127.0.0.1 ordering.eshoponabp.dev +127.0.0.1 cmskit.eshoponabp.dev +127.0.0.1 payment.eshoponabp.dev +127.0.0.1 gateway-web.eshoponabp.dev +127.0.0.1 gateway-public.eshoponabp.dev ```` * Run `helm upgrade --install eshop-st abp-charts/eshoponabp --namespace eshop --create-namespace` From c05333aa6d5434ce56e48bcfc0d47d6d3a1a0ea5 Mon Sep 17 00:00:00 2001 From: selmankoc Date: Tue, 16 Jan 2024 16:08:54 +0300 Subject: [PATCH 20/20] set port 80 service of keycloak --- .../keycloak/templates/keycloak-service.yaml | 6 +- .../templates/ordering-deployment.yaml | 72 +++++++++++-------- etc/k8s/eshoponabp/values.st.yaml | 27 +++---- 3 files changed, 58 insertions(+), 47 deletions(-) diff --git a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml index 9766e240..7d0e9837 100644 --- a/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml +++ b/etc/k8s/eshoponabp/charts/keycloak/templates/keycloak-service.yaml @@ -8,9 +8,9 @@ spec: type: ClusterIP ports: - name: "80" - port: 8080 + port: 80 + targetPort: 8080 - name: "443" port: 443 selector: - app: {{ .Release.Name }}-{{ .Chart.Name }} - + app: {{ .Release.Name }}-{{ .Chart.Name }} \ No newline at end of file diff --git a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml index 98b3fde9..4f421e31 100644 --- a/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml +++ b/etc/k8s/eshoponabp/charts/ordering/templates/ordering-deployment.yaml @@ -14,42 +14,52 @@ spec: containers: - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["start", "--cache-stack=kubernetes"] name: {{ .Release.Name }}-{{ .Chart.Name }} ports: - name: http containerPort: 8080 - name: https - containerPort: 443 - env: - - name: App__SelfUrl - value: "{{ .Values.config.selfUrl }}" - - name: App__CorsOrigins - value: "{{ .Values.config.corsOrigins }}" - - name: "ConnectionStrings__OrderingService" - value: {{ .Values.config.connectionStrings.orderingService }} - - name: "ConnectionStrings__AdministrationService" - value: {{ .Values.config.connectionStrings.administrationService }} - - name: "DOTNET_ENVIRONMENT" - value: "{{ .Values.config.dotnetEnv }}" - - name: "Redis__Configuration" - value: "{{ .Values.config.redisHost }}" - - name: "RabbitMQ__Connections__Default__HostName" - value: "{{ .Values.config.rabbitmqHost }}" - - name: "ElasticSearch__Url" - value: "{{ .Values.config.elasticsearchHost }}" - - name: "AuthServer__Authority" - value: "{{ .Values.config.authServer.authority }}" - - name: "AuthServer__RequireHttpsMetadata" - value: "{{ .Values.config.authServer.requireHttpsMetadata }}" - - name: "AuthServer__MetadataAddress" - value: "{{ .Values.config.authServer.metadataAddress }}" - - name: "AuthServer__SwaggerClientId" - value: "{{ .Values.config.authServer.swaggerClientId }}" - - name: "AuthServer__SwaggerClientSecret" - value: "{{ .Values.config.authServer.swaggerClientSecret }}" - - name: "StringEncryption__DefaultPassPhrase" - value: "{{ .Values.config.stringEncryptionDefaultPassPhrase }}" + containerPort: 8443 + env: + - name: "KC_DB" + value: "{{ .Values.config.kcDb }}" + - name: "KC_DB_URL" + value: "{{ .Values.config.kcDbUrl }}" + - name: "KC_DB_URL_HOST" + value: "{{ .Values.config.kcDbUrlHost }}" + - name: "KC_DB_URL_PORT" + value: "{{ .Values.config.kcDbUrlPort }}" + - name: "KC_DB_URL_DATABASE" + value: "{{ .Values.config.kcDbUrlDatabase }}" + - name: "KC_DB_USERNAME" + value: "{{ .Values.config.kcDbUsername }}" + - name: "KC_DB_PASSWORD" + value: "{{ .Values.config.kcDbPassword }}" + - name: "KEYCLOAK_ADMIN" + value: "{{ .Values.config.keycloakAdmin }}" + - name: "KEYCLOAK_ADMIN_PASSWORD" + value: "{{ .Values.config.keycloakAdminPassword }}" + - name: "KC_HEALTH_ENABLED" + value: "{{ .Values.config.kcHealthEnabled }}" + - name: "KC_HTTP_RELATIVE_PATH" + value: "{{ .Values.config.kcHttpRelativePath }}" + - name: "KC_PROXY" + value: "{{ .Values.config.kcProxy }}" + - name: "PROXY_ADDRESS_FORWARDING" + value: "{{ .Values.config.proxyAddressForwarding }}" + - name: "KC_HTTP_ENABLED" + value: "{{ .Values.config.kcHttpEnabled }}" + - name: "KC_HOSTNAME_URL" + value: "{{ .Values.config.kcHostnameUrl }}" + - name: "KC_HOSTNAME_ADMIN_URL" + value: "{{ .Values.config.kcHostnameAdminUrl }}" + - name: "jgroups.dns.query" + value: "{{ .Values.config.jgroupsDnsQuery }}" + - name: "KC_HOSTNAME_STRICT_BACKCHANNEL" + value: "{{ .Values.config.kcHostnameStrictBackchannel }}" + {{- if .Values.env }} {{ toYaml .Values.env | indent 8 }} {{- end }} - + \ No newline at end of file diff --git a/etc/k8s/eshoponabp/values.st.yaml b/etc/k8s/eshoponabp/values.st.yaml index 6cd0278d..2c0b31e3 100644 --- a/etc/k8s/eshoponabp/values.st.yaml +++ b/etc/k8s/eshoponabp/values.st.yaml @@ -17,7 +17,8 @@ keycloak: kcHttpEnabled: true kcHostnameUrl: https://account.eshoponabp.dev kcHostnameAdminUrl: https://account.eshoponabp.dev - jgroupsDnsQuery: eshop-st-keycloak + jgroupsDnsQuery: eshop-st-keycloak:8080 + kcHostnameStrictBackchannel: false ingress: host: account.eshoponabp.dev @@ -54,7 +55,7 @@ public-web: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" isOnProd: "true" - metaAddress: http://eshop-st-keycloak:8080/realms/master + metaAddress: http://eshop-st-keycloak/realms/master dotnetEnv: Staging redisHost: eshop-st-redis rabbitmqHost: eshop-st-rabbitmq @@ -75,14 +76,14 @@ identity: identityService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Identity;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" keycloak: - url: http://eshop-st-keycloak:8080 + url: http://eshop-st-keycloak adminUsername: admin adminPassword: 1q2w3E* realmName: master authServer: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -119,7 +120,7 @@ administration: authServer: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: @@ -227,7 +228,7 @@ basket: authServer: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -255,7 +256,7 @@ catalog: authServer: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -263,9 +264,9 @@ catalog: rabbitmqHost: eshop-st-rabbitmq elasticsearchHost: eshop-st-elasticsearch kestrel: - httpUrl: http://catalog.eshoponabp.dev:8080 + httpUrl: http://eshop-st-catalog:8080 httpProtocols: Http1AndHttp2 - grpcUrl: http://catalog.eshoponabp.dev:81 + grpcUrl: http://eshop-st-catalog:81 grpcProtocols: Http2 ingress: host: catalog.eshoponabp.dev @@ -285,7 +286,7 @@ ordering: authServer: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" dotnetEnv: Staging @@ -305,12 +306,12 @@ cmskit: selfUrl: https://cmskit.eshoponabp.dev corsOrigins: https://gateway-web.eshoponabp.dev,https://gateway-public.eshoponabp.dev,https://admin.eshoponabp.dev connectionStrings: - cmskitervice: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" + cmskitService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Cmskit;User ID=postgres;password=myPassw0rd;Pooling=false" administrationService: "Host=eshop-st-postgresdb;Port=5432;Database=EShopOnAbp_Administration;User ID=postgres;password=myPassw0rd;Pooling=false" authServer: authority: https://account.eshoponabp.dev/realms/master requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: @@ -339,7 +340,7 @@ payment: authServer: authority: http://account.eshoponabp.dev requireHttpsMetadata: "false" - metadataAddress: http://eshop-st-keycloak:8080/realms/master + metadataAddress: http://eshop-st-keycloak/realms/master swaggerClientId: WebGateway_Swagger swaggerClientSecret: "1q2w3e*" remoteServices: