updated travis. added namespace to update. added nginx reverse proxy

c2921364 · Spiros Koulouzis · 095776e2 · c2921364 · c2921364 · c2921364
Commit c2921364 authored May 11, 2020 by Spiros Koulouzis
10 changed files
--- a/.travis.yml
+++ b/.travis.yml
@@ -21,7 +21,7 @@ matrix:
    - cd sure_tosca-client_python_stubs
    - pip install -r requirements.txt
    - pip install -r test-requirements.txt
-    - docker stack deploy conf-test -c ../docker-compose-test.yml
+    - docker stack deploy conf-test -c ../docker-compose/docker-compose-test.yml
    - count=0 && until $(curl --output /dev/null --silent --head --fail http://localhost:8081);
    do printf '.' && sleep 10 && count=$((count+1)) && if [ $count -gt 4 ]; then break;
    fi; done    
@@ -35,7 +35,7 @@ matrix:
    - cd semaphore-python-client-generated
    - pip install -r requirements.txt
    - pip install -r test-requirements.txt
-    - docker stack deploy conf-test -c ../docker-compose-test.yml
+    - docker stack deploy conf-test -c ../docker-compose/docker-compose-test.yml
    - count=0 && until $(curl --output /dev/null --silent --head --fail http://localhost:8081);
    do printf '.' && sleep 10 && count=$((count+1)) && if [ $count -gt 4 ]; then break;
    fi; done    
@@ -48,7 +48,7 @@ matrix:
    before_script:
    - cd planner
    - pip install -r requirements.txt
-    - docker stack deploy conf-test -c ../docker-compose-test.yml
+    - docker stack deploy conf-test -c ../docker-compose/docker-compose-test.yml
    - count=0 && until $(curl --output /dev/null --silent --head --fail http://localhost:8081);
    do printf '.' && sleep 10 && count=$((count+1)) && if [ $count -gt 4 ]; then break;
    fi; done    
@@ -67,7 +67,7 @@ matrix:
    - cd ../sure_tosca-client_python_stubs/
    - python setup.py install
    - cd ../deployer
-    - docker stack deploy conf-test -c ../docker-compose-test.yml
+    - docker stack deploy conf-test -c ../docker-compose/docker-compose-test.yml
    - count=0 && until $(curl --output /dev/null --silent --head --fail http://localhost:8081);
    do printf '.' && sleep 10 && count=$((count+1)) && if [ $count -gt 5 ]; then break;
    fi; done   
@@ -80,7 +80,7 @@ matrix:
    jdk: openjdk11
    before_script:
    - mvn -Dmaven.test.skip=true install
-    - docker stack deploy conf-test -c ../docker-compose-test.yml
+    - docker stack deploy conf-test -c ../docker-compose/docker-compose-test.yml
    - count=0 && until $(curl --output /dev/null --silent --head --fail http://localhost:8081);
    do printf '.' && sleep 10 && count=$((count+1)) && if [ $count -gt 5 ]; then break;
    fi; done  

--- a/bin/kubectl_update.sh
+++ b/bin/kubectl_update.sh
@@ -5,8 +5,8 @@ deployments=(manager sure-tosca planner provisioner deployer)
 for deployment in ${deployments[*]}
 do
    echo "----------------- updating image for $deployment---------------" 
-    kubectl set image deployment $deployment $deployment=qcdis/$deployment:3.0.0
-    kubectl rollout history deployment $deployment
+    kubectl set image deployment $deployment $deployment=qcdis/$deployment:3.0.0 -n conf
+    kubectl rollout history deployment $deployment -n conf
 done


--- a/docker-compose-test.yml
+++ b/docker-compose-test.yml
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,7 +7,6 @@ services:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./cert.pem:/etc/nginx/cert/cert.pem
      - ./privkey.pem:/etc/nginx/cert/privkey.pem
-      - ./htpasswd:/etc/nginx/htpasswd
      #- ./www:/data/www
    ports:
    - "30000:80"
@@ -45,8 +44,8 @@ services:
      SEMAPHORE_ADMIN_EMAIL: admin@localhost
      SEMAPHORE_ADMIN: admin
      SEMAPHORE_WEB_ROOT: http://0.0.0.0:3000
-    #ports:
-      #- "30002:3000"
+    ports:
+      - "30002:3000"
    depends_on:
      - mysql
      
@@ -67,13 +66,13 @@ services:
      RABBITMQ_HOST: rabbit
      MONGO_HOST: mongo
      SURE_TOSCA_BASE_PATH: http://sure-tosca:8081/tosca-sure/1.0.0
-    #ports:
-      #- "30000:8080"       
+    ports:
+      - "8080:8080"       
            
  sure-tosca:
    image: qcdis/sure-tosca:3.0.0
-    #ports: 
-      #- "30001:8081"
+    ports: 
+      - "8081:8081"
    
  planner:
    depends_on:

--- a/docker-compose/nginx.conf
+++ b/docker-compose/nginx.conf
+worker_processes auto;
+
+events {
+  worker_connections 1024;
+  use epoll;
+  multi_accept on;
+}
+
+http {
+  tcp_nodelay on;
+
+  # this is necessary for us to be able to disable request buffering in all cases
+  proxy_http_version 1.1;
+
+  upstream semaphore {
+    server semaphore:3000;
+  }
+  
+#  upstream sure-tosca {
+#    server sure-tosca:8081;
+#  }  
+
+  server {
+  	listen [::]:80 default_server;
+  	server_name _;
+  	return 301 https://$host$request_uri;
+  }
+
+  server {
+#    auth_basic           "User's Area";
+#    auth_basic_user_file /etc/nginx/htpasswd;
+    
+    listen 443 ssl;
+    server_name  _;
+
+    # add Strict-Transport-Security to prevent man in the middle attacks
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
+    # SSL
+#    ssl_certificate /etc/nginx/cert/cert.pem;
+#    ssl_certificate_key /etc/nginx/cert/privkey.pem;
+  
+    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+  
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+  
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    location / {
+      proxy_pass http://semaphore/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+
+    location /api/ws {
+      proxy_pass http://semaphore/api/ws;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Origin "";
+    }
+    
+    
+    location /tosca-sure/1.0.0/ {
+      proxy_pass http://sure-tosca:8081/tosca-sure/1.0.0/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }    
+    
+    location /manager/ {
+      proxy_pass http:///manager:8080/manager;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }      
+  }
+  
+ 
+}
--- a/k8s/CONF/.gitignore
+++ b/k8s/CONF/.gitignore
+nginx-configmap.yaml
--- a/k8s/CONF/conf-namespace.yaml
+++ b/k8s/CONF/conf-namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: conf
+  
--- a/k8s/CONF/nginx-deployment.yaml
+++ b/k8s/CONF/nginx-deployment.yaml
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  namespace: conf
  annotations:
-    kompose.cmd: kompose convert
-    kompose.version: 1.16.0 (0c01309)
-  creationTimestamp: null
  labels:
    io.kompose.service: nginx
  name: nginx
 spec:
+  selector:
+    matchLabels:
+      io.kompose.service: nginx
  replicas: 1
-  strategy:
-    type: Recreate
  template:
    metadata:
-      creationTimestamp: null
      labels:
        io.kompose.service: nginx
    spec:
      containers:
      - image: nginx
        name: nginx
+        imagePullPolicy: Always
        ports:
        - containerPort: 80
        - containerPort: 443
-        resources: {}
-        volumeMounts:        
-        - mountPath: /etc/nginx/
-          name: nginx-conf
-      restartPolicy: Always
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/nginx/   
+          
      volumes:
-      - name: nginx-conf
+      - name: config-volume
        configMap:
-          name: nginx-conf
+          name: nginx-config
          items:
            - key: nginx.conf
              path: nginx.conf
+            - key: htpasswd
+              path: htpasswd      
            - key: cert.pem
-              path: cert.pem      
+              path: cert.pem       
            - key: privkey.pem
              path: privkey.pem       
-status: {}
--- a/k8s/CONF/nginx-service.yaml
+++ b/k8s/CONF/nginx-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
- namespace: conf
-  annotations:
-    kompose.cmd: kompose convert
-    kompose.version: 1.16.0 (0c01309)
-  creationTimestamp: null
+  namespace: conf
  labels:
    io.kompose.service: nginx
  name: nginx
 spec:
-  type: NodePort
+  type: NodePort  
  ports:
-    - port: 80
-      nodePort: 30000
-    - port: 443
-      nodePort: 30001      
+  - port: 80
+    nodePort: 30000
+    protocol: TCP
+    name: http
+  - port: 443
+    nodePort: 30001
+    protocol: TCP
+    name: https
  selector:
    io.kompose.service: nginx
 status:
-  loadBalancer: {}
+  loadBalancer: {} 
--- a/k8s/CONF/semaphore-service.yaml
+++ b/k8s/CONF/semaphore-service.yaml
@@ -10,9 +10,6 @@ metadata:
    io.kompose.service: semaphore
  name: semaphore
 spec:
-  #type: NodePort
-  #ports:
-    #- port: 3000
  ports:
  - name: "3000"
    port: 3000