Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add traefik2 for all the services (except monitoring) in dev mode #1287

Draft
wants to merge 8 commits into
base: special/no-submodules-only-manifests
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 2 additions & 5 deletions base-docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,8 @@ services:
expose:
- 80
labels:
- "traefik.enable=true"
- "traefik.backend=portal"
- "traefik.port=80"
- "traefik.frontend.rule=Host:${SUBDOMAIN_PORTAL}${BASE_URL}"
- "traefik.frontend.priority=20"
- "traefik.http.routers.portal.rule=Host(`${SUBDOMAIN_PORTAL}${BASE_URL}`)"
- "traefik.http.routers.portal.tls=true"


secrets:
Expand Down
21 changes: 12 additions & 9 deletions core/docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ services:
environment:
POSTGRES_USER: "postgres"
POSTGRES_PASSWORD: "${PW_POSTGRES}"
labels:
# we don't access via traefik
- "traefik.enable=false"

core:
restart: always
Expand Down Expand Up @@ -40,16 +43,16 @@ services:
retries: 3
start_period: 40s
labels:
- "traefik.backend=core"
- "traefik.port=8084"
- "traefik.auth.frontend.rule=PathPrefix:/api/core/metrics;PathPrefixStrip:/api/core;"
- "traefik.old.frontend.rule=PathPrefixStrip:/services/oms-core-elixir/api;"
- "traefik.new.frontend.rule=PathPrefixStrip:/api/core;"
- "traefik.auth.frontend.auth.basic.users=admin:${METRICS_CREDENTIALS}"
- "traefik.old.frontend.priority=110"
- "traefik.new.frontend.priority=110"
- "traefik.auth.frontend.priority=120"
- "traefik.enable=true"
- "traefik.http.routers.core.entrypoints=websecure"
- "traefik.http.routers.core.tls=true"
- "traefik.http.routers.core.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`) && PathPrefix(`/api/core`)"

- "traefik.http.routers.core.middlewares=core-stripprefix"
- "traefik.http.middlewares.core-stripprefix.stripprefix.prefixes=/api/core"

- "traefik.http.routers.core-metrics.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`) && PathPrefix(`/api/core/metrics`)"
- "traefik.http.routers.core-metrics.middlewares=core-stripprefix, metricsauth"

volumes:
postgres-core:
Expand Down
35 changes: 16 additions & 19 deletions dev-tools/docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ services:
# - portainer-data:/data
labels:
- "traefik.enable=true"
- "traefik.backend=portainer"
- "traefik.port=9000"
- "traefik.frontend.rule=Host:${SUBDOMAIN_PORTAINER}${BASE_URL}"
- "traefik.frontend.priority=20"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.rule=Host(`${SUBDOMAIN_PORTAINER}${BASE_URL}`)"


### DB admin (UIs) Containers #######################################

Expand All @@ -33,11 +33,10 @@ services:
- "5050"
labels:
- "traefik.enable=true"
- "traefik.backend=pgadmin"
- "traefik.port=5050"
- "traefik.frontend.rule=Host:${SUBDOMAIN_PGADMIN}${BASE_URL}"
- "traefik.frontend.priority=20"
- "traefik.frontend.auth.basic.users=admin:${PW_TRAEFIK}"
- "traefik.http.routers.pgadmin.entrypoints=websecure"
- "traefik.http.routers.pgadmin.tls=true"
- "traefik.http.routers.pgadmin.rule=Host(`${SUBDOMAIN_PGADMIN}${BASE_URL}`)"
- "traefik.http.routers.pgadmin.middlewares=traefikauth"
environment:
PGADMIN_DEFAULT_EMAIL: "myaegee-admins@${EMAIL_DOMAIN}"
PGADMIN_DEFAULT_PASSWORD: "${PW_PGADMIN}"
Expand All @@ -53,11 +52,10 @@ services:
# REDIS_1_PORT: 6379
labels:
- "traefik.enable=true"
- "traefik.backend=redisadmin"
- "traefik.port=80"
- "traefik.frontend.rule=Host:${SUBDOMAIN_REDISADMIN}${BASE_URL}"
- "traefik.frontend.priority=20"
- "traefik.frontend.auth.basic.users=admin:${PW_TRAEFIK}"
- "traefik.http.routers.redisadmin.entrypoints=websecure"
- "traefik.http.routers.redisadmin.tls=true"
- "traefik.http.routers.redisadmin.rule=Host(`${SUBDOMAIN_REDISADMIN}${BASE_URL}`)"
- "traefik.http.routers.redisadmin.middlewares=traefikauth"


### show api docs Container #######################################
Expand All @@ -81,11 +79,10 @@ services:
name: \"knowledge\"}, \
]"
labels:
- traefik.enable=true
- traefik.backend=swagger
- traefik.port=8080
- traefik.frontend.rule=Host:${SUBDOMAIN_APIDOCS}${BASE_URL}
- traefik.frontend.priority=20
- "traefik.enable=true"
- "traefik.http.routers.swagger.entrypoints=websecure"
- "traefik.http.routers.swagger.tls=true"
- "traefik.http.routers.swagger.rule=Host(`${SUBDOMAIN_APIDOCS}${BASE_URL}`)"

volumes:
portainer-data:
Expand Down
21 changes: 12 additions & 9 deletions discounts/docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ services:
environment:
POSTGRES_USER: "postgres"
POSTGRES_PASSWORD: "${PW_POSTGRES}"
labels:
# we don't access via traefik
- "traefik.enable=false"

discounts:
image: aegee/discounts:latest
Expand All @@ -34,16 +37,16 @@ services:
# cpu_count: 1
# mem_limit: 900m
labels:
- "traefik.backend=discounts"
- "traefik.port=8084"
- "traefik.auth.frontend.rule=PathPrefix:/api/discounts/metrics;PathPrefixStrip:/api/discounts;"
- "traefik.old.frontend.rule=PathPrefixStrip:/services/oms-discounts/api;"
- "traefik.new.frontend.rule=PathPrefixStrip:/api/discounts;"
- "traefik.auth.frontend.auth.basic.users=admin:${METRICS_CREDENTIALS}"
- "traefik.old.frontend.priority=110"
- "traefik.new.frontend.priority=110"
- "traefik.auth.frontend.priority=120"
- "traefik.enable=true"
- "traefik.http.routers.discounts.entrypoints=websecure"
- "traefik.http.routers.discounts.tls=true"
- "traefik.http.routers.discounts.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`) && PathPrefix(`/api/discounts`)"

- "traefik.http.routers.discounts.middlewares=discounts-stripprefix"
- "traefik.http.middlewares.discounts-stripprefix.stripprefix.prefixes=/api/discounts"

- "traefik.http.routers.discounts-metrics.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`) && PathPrefix(`/api/discounts/metrics`)"
- "traefik.http.routers.discounts-metrics.middlewares=discounts-stripprefix, metricsauth"

volumes:
postgres-discounts:
Expand Down
34 changes: 17 additions & 17 deletions events/docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ services:
environment:
POSTGRES_USER: "postgres"
POSTGRES_PASSWORD: "${PW_POSTGRES}"
labels:
# we don't access via traefik
- "traefik.enable=false"

events:
restart: on-failure
Expand Down Expand Up @@ -37,25 +40,22 @@ services:
# cpu_count: 1
# mem_limit: 900m
labels:
- "traefik.backend=events"
- "traefik.port=8084"
- "traefik.auth.frontend.rule=PathPrefix:/api/events/metrics;PathPrefixStrip:/api/events;"
- "traefik.old.frontend.rule=PathPrefixStrip:/services/oms-events/api;"
- "traefik.new.frontend.rule=PathPrefixStrip:/api/events;"
- "traefik.auth.frontend.auth.basic.users=admin:${METRICS_CREDENTIALS}"
- "traefik.old.frontend.priority=110"
- "traefik.new.frontend.priority=110"
- "traefik.auth.frontend.priority=120"
- "traefik.enable=true"
- "traefik.http.routers.events.entrypoints=websecure"
- "traefik.http.routers.events.tls=true"
- "traefik.http.routers.events.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`) && PathPrefix(`/api/events`)"

- "traefik.http.routers.events.middlewares=events-stripprefix"
- "traefik.http.middlewares.events-stripprefix.stripprefix.prefixes=/api/events"

- "traefik.http.routers.events-metrics.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`) && PathPrefix(`/api/events/metrics`)"
- "traefik.http.routers.events-metrics.middlewares=events-stripprefix, metricsauth"

events-static:
restart: on-failure
image: aegee/nginx-static:latest
image: aegee/nginx-static:prod
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean we also updated nginx versions? Not sure if we really maintained this image. Which is the Dockerfile for it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i only made a Dockerfile FROM aegee/nginx-static:latest and with the 3 COPY instructions, and pushed

volumes:
- events-media:/usr/app/media:ro
- ./${PATH_EVENTS}/events-static/status.json:/usr/app/status.json:ro
- ./${PATH_EVENTS}/events-static/nginx.conf:/etc/nginx/nginx.conf:ro
- ./${PATH_EVENTS}/events-static/sites/default:/etc/nginx/sites-available/default:ro
- shared:/usr/app/shared:ro
expose:
- "80"
Expand All @@ -66,11 +66,11 @@ services:
retries: 3
start_period: 40s
labels:
- "traefik.backend=events-static"
- "traefik.port=80"
- "traefik.frontend.rule=PathPrefix:/media/events;PathPrefixStrip:/media/events"
- "traefik.frontend.priority=110"
- "traefik.enable=true"
- "traefik.http.routers.events-static.entrypoints=websecure"
- "traefik.http.routers.events-static.rule=PathPrefix(`/media/events`)"
- "traefik.http.routers.events-static.middlewares=events-static-stripprefix"
- "traefik.http.middlewares.events-static-stripprefix.stripprefix.prefixes=/media/events"

volumes:
postgres-events:
Expand Down
7 changes: 3 additions & 4 deletions frontend/docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,10 @@ services:
# cpu_count: 1
# mem_limit: 900m
labels:
- "traefik.frontend.rule=Host:${SUBDOMAIN_FRONTEND}${BASE_URL};PathPrefix:/"
- "traefik.frontend.priority=11"
- "traefik.port=80"
- "traefik.backend=frontend"
- "traefik.enable=true"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.routers.frontend.tls=true"
- "traefik.http.routers.frontend.rule=Host(`${SUBDOMAIN_FRONTEND}${BASE_URL}`)"

networks:
default:
Expand Down
4 changes: 3 additions & 1 deletion gateways/docker/docker-compose.dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,6 @@ version: "3.4"
services:
traefik:
volumes:
- ./${PATH_GATEWAYS}/traefik/traefik.toml.dev:/etc/traefik/traefik.toml
- ./${PATH_GATEWAYS}/traefik/dynamic_conf_mkcert.yml:/etc/traefik/dynamic_conf_mkcert.yml
command:
- "--providers.file.filename=/etc/traefik/dynamic_conf_mkcert.yml"
76 changes: 63 additions & 13 deletions gateways/docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,34 +6,84 @@ services:
### Proxy container #######################################

traefik:
image: traefik:v1.7.4-alpine
image: traefik:v2.11.0
restart: always
command: --web.metrics.prometheus
ports:
- 80:80
- 443:443
- 8080:8080
healthcheck:
test: ["CMD", "traefik", "healthcheck"]
interval: 30s
test: wget --quiet --tries=1 --spider http://localhost:8080 || exit 1
interval: 10s
timeout: 10s
retries: 3
start_period: 40s
start_period: 10s
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
# below: we have to mount it to preserve it on the host, so no secrets
- ./secrets/acme.json:/etc/acme.json
- ./${PATH_GATEWAYS}/traefik/traefik.toml:/etc/traefik/traefik.toml
- ./${PATH_GATEWAYS}/traefik/logs:/var/log/traefik/
- ./secrets/certs:/certs
- ./${PATH_GATEWAYS}/traefik/cors.yml:/etc/traefik/cors.yml
- ./${PATH_GATEWAYS}/traefik/logs:/var/log/
# only for dev, but we keep it in this file for now
- ./${PATH_GATEWAYS}/traefik/dynamic_conf_mkcert.yml:/etc/traefik/dynamic_conf_mkcert.yml
# - shared_logs:/var/log/traefik/
# networks:
# - management
command:
- "--api.insecure=true"
- "--api.dashboard=true"
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint=metrics"
- "--log.level=INFO"
- "--log.filePath=/var/log/traefik.log"
- "--accesslog=true"
- "--accesslog.filepath=/var/log/access.log"

- "--providers.docker=true"
- "--providers.docker.swarmMode=false"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=OMS"

#for prometheus, http, https
- "--entrypoints.metrics.address=:8082"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
- "--entrypoints.websecure.http.tls.certResolver=myresolver"
- "--entrypoints.websecure.http.tls.domains[0].main=${BASE_URL}"
- "--entrypoints.websecure.http.tls.domains[0].sans=*.${BASE_URL}"

#for CORS
- "--providers.file.filename=/etc/traefik/cors.yml"

#for HTTPS automatic
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=${DEVS_EMAIL}@aegee.eu"
- "--certificatesresolvers.myresolver.acme.storage=acme.json"
# For testing: staging certs of LE
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

# Use the following line to configure Traefik to use the manually provided certificates
# only for dev, but we keep it in this file for now
- "--providers.file.filename=/etc/traefik/dynamic_conf_mkcert.yml" #FIXME see if it overrides cors.yml somehow

labels:
- traefik.enable=true
- traefik.backend=traefik
- traefik.port=8080
- traefik.frontend.rule=Host:${SUBDOMAIN_TRAEFIK}${BASE_URL}
- traefik.frontend.priority=20
- traefik.frontend.auth.basic.users=admin:${PW_TRAEFIK}
- "traefik.enable=true"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.rule=Host(`${SUBDOMAIN_TRAEFIK}${BASE_URL}`)"
- "traefik.http.routers.api.service=api@internal"

- "traefik.http.routers.api.middlewares=traefikauth"
- "traefik.http.middlewares.traefikauth.basicauth.users=admin:${PW_TRAEFIK}"

# Defined here and used in all microservices
- "traefik.http.middlewares.metricsauth.basicauth.users=admin:${METRICS_CREDENTIALS}"


# volumes:
# shared_logs:
# driver: "local"
Expand Down
48 changes: 48 additions & 0 deletions gateways/docker/traefik/cors.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
http:
routers:
jira-cors-router:
rule: "PathPrefix(`/services/jira-cors/`)"
service: jira-cors-service
middlewares:
- strip-prefix
entryPoints:
- web

calendar-cors-router:
rule: "PathPrefix(`/services/calendar-cors/`)"
service: calendar-cors-service
middlewares:
- strip-prefix
entryPoints:
- web

dockerhub-cors-router:
rule: "PathPrefix(`/services/dockerhub/`)"
service: dockerhub-service
middlewares:
- strip-prefix
entryPoints:
- web
services:
jira-cors-service:
loadBalancer:
servers:
- url: "https://myaegee.atlassian.net/"

calendar-cors-service:
loadBalancer:
servers:
- url: "https://calendar.google.com/"

dockerhub-service:
loadBalancer:
servers:
- url: "https://hub.docker.com"

middlewares:
strip-prefix:
stripPrefix:
prefixes:
- "/services/jira-cors/"
- "/services/calendar-cors/"
- "/services/dockerhub/"
4 changes: 4 additions & 0 deletions gateways/docker/traefik/dynamic_conf_mkcert.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
tls:
certificates:
- certFile: /certs/mycert.crt
keyFile: /certs/mycert.key
Loading