diff --git a/backend/Dockerfile b/backend/Dockerfile index a6f5816d4..a7d9cda9f 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,6 +1,5 @@ -# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1 -FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder - +# Build +FROM node:22-slim AS build # Install packages, build and keep only prod packages USER root WORKDIR /app @@ -10,26 +9,15 @@ RUN npm ci --omit=dev && \ npm run build # Deployment container -FROM registry.access.redhat.com/ubi8/ubi-micro:8.7-6@sha256:af0a83c2fb7db1b63a5655c85f3f37d32b114443b8969fd8a40d47429cd87016 - -# Set node to production -ENV NODE_ENV production - -# Node packages and dependencies -COPY --from=builder /usr/bin/node /usr/bin/ -COPY --from=builder /usr/lib64/libz.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlidec.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlienc.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libstdc++.so.6 /usr/lib64/ -COPY --from=builder /usr/lib64/libgcc_s.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlicommon.so.1 /usr/lib64/ +# Deploy using minimal Distroless image +FROM gcr.io/distroless/nodejs22-debian12:nonroot +# Set node to production +ENV NODE_ENV=production # Copy over app WORKDIR /app -COPY --from=builder /app/node_modules ./node_modules -COPY --from=builder /app/dist ./dist +COPY --from=build /app/node_modules ./node_modules +COPY --from=build /app/dist ./dist COPY ../templates /app/templates # Port and health check @@ -38,6 +26,5 @@ HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3000 # Non-privileged user USER app - -# Start up command -ENTRYPOINT ["node", "dist/main"] +# max old space the heap size, 120MB with 200MB limit in deployment. +CMD ["--max-old-space-size=120", "/app/dist/main"] diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts index 8410e517b..4b26b75c0 100644 --- a/backend/src/app.module.ts +++ b/backend/src/app.module.ts @@ -1,5 +1,5 @@ import "dotenv/config"; -import { MiddlewareConsumer, Module } from "@nestjs/common"; +import {MiddlewareConsumer, Module, RequestMethod} from "@nestjs/common"; import { TypeOrmModule } from "@nestjs/typeorm"; import { ConfigModule } from "@nestjs/config"; import { AutomapperModule } from "@automapper/nestjs"; @@ -135,7 +135,7 @@ if (process.env.POSTGRESQL_PASSWORD != null) { export class AppModule { // let's add a middleware on all routes configure(consumer: MiddlewareConsumer) { - consumer.apply(HTTPLoggerMiddleware).forRoutes("*"); + consumer.apply(HTTPLoggerMiddleware).exclude({ path: '', method: RequestMethod.ALL }).forRoutes("*"); consumer.apply(RequestTokenMiddleware).forRoutes("v1/code-table", "v1/case", "v1/configuration"); } } diff --git a/charts/app/templates/backend/templates/deployment.yaml b/charts/app/templates/backend/templates/deployment.yaml index 022cdddaa..7d13ae6a3 100644 --- a/charts/app/templates/backend/templates/deployment.yaml +++ b/charts/app/templates/backend/templates/deployment.yaml @@ -19,9 +19,6 @@ spec: metadata: annotations: rollme: {{ randAlphaNum 5 | quote }} - prometheus.io/scrape: 'true' - prometheus.io/port: '3000' - prometheus.io/path: '/api/metrics' labels: {{- include "backend.labels" . | nindent 8 }} spec: @@ -125,4 +122,4 @@ spec: - {{ .Release.Name }} topologyKey: "kubernetes.io/hostname" -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/app/templates/webeoc/templates/deployment.yaml b/charts/app/templates/webeoc/templates/deployment.yaml index 489c657bf..b46a97e63 100644 --- a/charts/app/templates/webeoc/templates/deployment.yaml +++ b/charts/app/templates/webeoc/templates/deployment.yaml @@ -52,12 +52,8 @@ spec: containerPort: {{ .Values.webeoc.service.targetPort }} protocol: TCP readinessProbe: - exec: - command: - - /usr/bin/env - - bash - - -c - - ls + tcpSocket: + port: {{ .Values.webeoc.service.targetPort }} initialDelaySeconds: 5 periodSeconds: 2 timeoutSeconds: 2 @@ -66,12 +62,8 @@ spec: livenessProbe: successThreshold: 1 failureThreshold: 3 - exec: - command: - - /usr/bin/env - - bash - - -c - - ls + tcpSocket: + port: {{ .Values.webeoc.service.targetPort }} initialDelaySeconds: 15 periodSeconds: 30 timeoutSeconds: 5 diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 2d8ec5ba4..b7535a94c 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -5,10 +5,9 @@ COPY . . RUN npm ci --omit=dev && \ npm run build -FROM caddy:2.7.6-alpine AS deploy -COPY --from=build /app/Caddyfile /etc/caddy/Caddyfile +FROM caddy:2.8.4-alpine AS deploy COPY --from=build /app/build /app/dist - +COPY Caddyfile /etc/caddy/Caddyfile EXPOSE 3000 3001 USER 1001 HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost/:3001/health || exit 1 diff --git a/webeoc/Dockerfile b/webeoc/Dockerfile index 6f23a62a7..705d1de74 100644 --- a/webeoc/Dockerfile +++ b/webeoc/Dockerfile @@ -1,39 +1,26 @@ -# https://catalog.redhat.com/software/containers/ubi8/nodejs-18-minimal/627d1c38e35da88581633bf1 -FROM registry.access.redhat.com/ubi8/nodejs-18-minimal:1-33.1679485315@sha256:74af9dc2b620022c77fcd712b811f64a03c1444ff1e9b9596a242b2edf3cf96f AS builder - +# Build +FROM node:22-slim AS build # Install packages, build and keep only prod packages USER root WORKDIR /app COPY *.json ./ COPY ./src /app/src -# Install dependencies -RUN npm ci --omit=dev --ignore-scripts - -# Run build -RUN npm run build +RUN npm ci --omit=dev --ignore-scripts && \ + npm run build # Deployment container -FROM registry.access.redhat.com/ubi8/ubi-micro:8.7-6@sha256:af0a83c2fb7db1b63a5655c85f3f37d32b114443b8969fd8a40d47429cd87016 - -# Set node to production -ENV NODE_ENV production - -# Node packages and dependencies -COPY --from=builder /usr/bin/node /usr/bin/ -COPY --from=builder /usr/lib64/libz.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlidec.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlienc.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libstdc++.so.6 /usr/lib64/ -COPY --from=builder /usr/lib64/libgcc_s.so.1 /usr/lib64/ -COPY --from=builder /usr/lib64/libbrotlicommon.so.1 /usr/lib64/ +# Deploy using minimal Distroless image +FROM gcr.io/distroless/nodejs22-debian12:nonroot +# Set node to production +ENV NODE_EN=production + + # Copy over app WORKDIR /app -COPY --from=builder /app/node_modules ./node_modules -COPY --from=builder /app/dist ./dist +COPY --from=build /app/node_modules ./node_modules +COPY --from=build /app/dist ./dist # Port and health check EXPOSE 3002 @@ -42,5 +29,5 @@ HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3002/health # Non-privileged user USER app -# Start up command -ENTRYPOINT ["node", "dist/main"] +# max old space the heap size, 80MB with 150MB limit in deployment. +CMD ["--max-old-space-size=80", "/app/dist/main"] diff --git a/webeoc/src/main.ts b/webeoc/src/main.ts index 680faf612..82e5b3622 100644 --- a/webeoc/src/main.ts +++ b/webeoc/src/main.ts @@ -11,6 +11,7 @@ async function bootstrap() { const server = express(); server.disable("x-powered-by"); server.get("/health", (req, res) => res.status(200).send("ok")); + server.listen(3002); const app = await NestFactory.create(AppModule, new ExpressAdapter(server)); await app.listen(3002); }