diff --git a/Makefile b/Makefile index 78d10aa5f2d89cd42a0011942463831c453a65b0..0f98da180c806b0f6e73f213edabb0932ce9ab47 100644 --- a/Makefile +++ b/Makefile @@ -14,16 +14,16 @@ init: ./scripts/initialize-user-and-keys.sh client-image: - docker build -t tommylike/signatrust-client:$(GIT_COMMIT) --build-arg BINARY=client -f Dockerfile . + docker build -t tommylike/signatrust-client:$(GIT_COMMIT) --build-arg BINARY=client -f docker/Dockerfile . data-server-image: - docker build -t tommylike/signatrust-data-server:$(GIT_COMMIT) --build-arg BINARY=data-server -f Dockerfile . + docker build -t tommylike/signatrust-data-server:$(GIT_COMMIT) --build-arg BINARY=data-server -f docker/Dockerfile.data-server . control-server-image: - docker build -t tommylike/signatrust-control-server:$(GIT_COMMIT) --build-arg BINARY=control-server -f Dockerfile . + docker build -t tommylike/signatrust-control-server:$(GIT_COMMIT) --build-arg BINARY=control-server -f docker/Dockerfile . control-admin-image: - docker build -t tommylike/signatrust-control-admin:$(GIT_COMMIT) --build-arg BINARY=control-admin -f Dockerfile . + docker build -t tommylike/signatrust-control-admin:$(GIT_COMMIT) --build-arg BINARY=control-admin -f docker/Dockerfile . app-image: docker build -t tommylike/signatrust-app:$(GIT_COMMIT) -f app/Dockerfile ./app diff --git a/deploy/config.yaml b/deploy/config.yaml index 32db1a015d553244ec7791e899a636605c8d099c..1d5cb9d749c19c1e89a9ab60294dc0f1c36ef384 100644 --- a/deploy/config.yaml +++ b/deploy/config.yaml @@ -16,7 +16,6 @@ data: type = "dns" server_address = "signatrust-server-headless.signatrust-local-development.svc.cluster.local" server_port = "8088" - server.toml: | name = "application" tls_cert = "" @@ -31,6 +30,7 @@ data: cookie_key = "2B5AEC57F7CC4FF8B4120AA7E4527C7B597CAF43183E453A9B981991E6FACB76" redis_connection = "redis://:signatrust-redis@signatrust-redis.signatrust-local-development.svc.cluster.local:6379" limits_per_minute = 100 + domain_name = "signatrust.test.osinfra.cn" [oidc] client_id = "" client_secret = "" diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 3185b0730fa4ff23c5b730043fff8ff256fb6458..c73b98f130991ce145638dbba3026d8712bc2ba1 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -37,6 +37,20 @@ spec: - mountPath: /app/config/server.toml name: config-volume subPath: server.toml + livenessProbe: + httpGet: + path: /api/health/ + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /api/health/ + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 volumes: - name: config-volume configMap: @@ -61,6 +75,20 @@ spec: - name: init-mysql image: busybox:1.28 command: [ "sh", "-c", "until nslookup signatrust-database.signatrust-local-development.svc.cluster.local; do echo waiting for mysql service ; sleep 2; done;" ] + - name: prepare-table + image: tommylike/rust-sqlx + env: + - name: DATABASE_URL + value: mysql://test:test@signatrust-database.signatrust-local-development.svc.cluster.local:3306/signatrust + command: + - /bin/sh + - -c + - | + # TODO: Use commit it instead of latest master + git clone https://gitee.com/openeuler/signatrust + cd signatrust + sqlx database create + sqlx migrate run containers: - image: tommylike/signatrust-control-admin:f1e04f2fd37a92b04dfc9a4fd78cba1956654970 imagePullPolicy: Always @@ -81,40 +109,46 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: signatrust-server + name: signatrust-data-server spec: replicas: 1 selector: matchLabels: - component: signatrust-server + component: signatrust-data-server template: metadata: labels: - component: signatrust-server + component: signatrust-data-server spec: initContainers: - name: init-mysql image: busybox:1.28 command: [ "sh", "-c", "until nslookup signatrust-database.signatrust-local-development.svc.cluster.local; do echo waiting for mysql service ; sleep 2; done;" ] - - name: prepare-table - image: tommylike/rust-sqlx - env: - - name: DATABASE_URL - value: mysql://test:test@signatrust-database.signatrust-local-development.svc.cluster.local:3306/signatrust - command: - - /bin/sh - - -c - - | - # TODO: Use commit it instead of latest master - git clone https://gitee.com/openeuler/signatrust - cd signatrust - sqlx database create - sqlx migrate run containers: - image: tommylike/signatrust-data-server:f1e04f2fd37a92b04dfc9a4fd78cba1956654970 imagePullPolicy: Always name: signatrust-server command: ["/app/data-server"] + livenessProbe: + exec: + # NOTE: For production environment, we need to use grpc with client certificate, + # for example, grpc_health_probe --addr=0.0.0.0:8088 -tls -tls-no-verify -tls-client-cert ./.data/certs/client/server.crt -tls-client-key ./.data/certs/client/server.key + command: + - /app/grpc_health_probe + - --addr=0.0.0.0:8088 + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 3 + readinessProbe: + # NOTE: For production environment, we need to use grpc with client certificate, + # for example, grpc_health_probe --addr=0.0.0.0:8088 -tls -tls-no-verify -tls-client-cert ./.data/certs/client/server.crt -tls-client-key ./.data/certs/client/server.key + exec: + command: + - /app/grpc_health_probe + - --addr=0.0.0.0:8088 + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 3 resources: requests: cpu: 4000m diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml index 25b679db706935b708ff33968ea09874d4b383c4..b7fbadf8f91679e25552b93946f568dc38568fa3 100644 --- a/deploy/kustomization.yaml +++ b/deploy/kustomization.yaml @@ -11,3 +11,12 @@ commonAnnotations: namespace: signatrust-local-development apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +images: + - name: tommylike/signatrust-control-admin + newTag: f326b869ada3832cee80af1b9d0cd47cf7e65790 + - name: tommylike/signatrust-client + newTag: f326b869ada3832cee80af1b9d0cd47cf7e65790 + - name: tommylike/signatrust-control-server + newTag: f326b869ada3832cee80af1b9d0cd47cf7e65790 + - name: tommylike/signatrust-data-server + newTag: f326b869ada3832cee80af1b9d0cd47cf7e65790 \ No newline at end of file diff --git a/Dockerfile b/docker/Dockerfile similarity index 92% rename from Dockerfile rename to docker/Dockerfile index ad967b6f3fd3717eb860561cb633b36df30357ee..41caa7a55962cc512f12896b8882f8b911023123 100644 --- a/Dockerfile +++ b/docker/Dockerfile @@ -2,7 +2,7 @@ FROM clux/muslrust:nightly as builder ARG BINARY LABEL Author=TommyLike WORKDIR /app -COPY . /app +COPY .. /app RUN cargo +nightly build --release --bin $BINARY --target x86_64-unknown-linux-musl @@ -16,5 +16,5 @@ WORKDIR /app COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/$BINARY /app COPY --from=builder /app/bin/sqlx /app COPY $CONFIG /app/config -COPY ./migrations /app/migrations +COPY ../migrations /app/migrations ENTRYPOINT /app/$(echo $BINARY) diff --git a/docker/Dockerfile.data-server b/docker/Dockerfile.data-server new file mode 100644 index 0000000000000000000000000000000000000000..89a11fddf4e60d913d914b6d9b35fd3ba3ed0501 --- /dev/null +++ b/docker/Dockerfile.data-server @@ -0,0 +1,23 @@ +FROM clux/muslrust:nightly as builder +ARG BINARY +LABEL Author=TommyLike +WORKDIR /app +COPY .. /app + + +RUN cargo +nightly build --release --bin $BINARY --target x86_64-unknown-linux-musl +RUN cargo install sqlx-cli --no-default-features --features native-tls,mysql,openssl-vendored --root /app + +FROM openeuler/openeuler:22.03 +ARG BINARY +ARG CONFIG=./config +ENV BINARY=${BINARY} +WORKDIR /app +COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/$BINARY /app +COPY --from=builder /app/bin/sqlx /app +COPY $CONFIG /app/config +COPY ../migrations /app/migrations + +COPY ../docker/grpc_health_probe-linux-amd64 /app/grpc_health_probe +CMD chmod +x /app/grpc_health_probe +ENTRYPOINT /app/$(echo $BINARY) diff --git a/docker/grpc_health_probe-linux-amd64 b/docker/grpc_health_probe-linux-amd64 new file mode 100644 index 0000000000000000000000000000000000000000..3f0da73061926c583b8d2617e4329dd6df892c0c Binary files /dev/null and b/docker/grpc_health_probe-linux-amd64 differ