Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SWATCH-1864: quarkus-based services: consume configuration for TLS for inter-service communication from clowder config #2775

Merged
merged 1 commit into from Nov 20, 2023
Merged

SWATCH-1864: quarkus-based services: consume configuration for TLS for inter-service communication from clowder config #2775

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 4 additions & 0 deletions deploy/dev-clowdenv.yaml
View file
Open in desktop
Expand Up @@ -26,6 +26,10 @@ objects:
port: 8000
privatePort: 8080
mode: operator
# enable envoy sidecar to handle https connections
tls:
enabled: true
port: 8800
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know where this file is used, but perhaps it's good to keep this change for clarity.


# provides a prometheus metrics port on 9000
metrics:
Expand Down
2 changes: 1 addition & 1 deletion deploy_ephemeral_env.sh
View file
Open in desktop
Expand Up @@ -22,7 +22,7 @@ export NAMESPACE=$(bonfire namespace reserve --pool ${NAMESPACE_POOL})
SMOKE_NAMESPACE=$NAMESPACE # track which namespace was used here for 'teardown' in common_deploy_logic

# NOTE(khowell) this line added to force enable sidecars
oc patch env env-$NAMESPACE -p '{"spec":{"providers":{"sidecars":{"tokenRefresher":{"enabled":true}}}}}' --type=merge
oc patch env env-$NAMESPACE -p '{"spec":{"providers":{"sidecars":{"tokenRefresher":{"enabled":true}}, "web":{"tls":{"enabled": true, "port": 8800, "privatePort": 10800}}}}}' --type=merge

bonfire deploy \
${APP_NAME} \
Expand Down
1 change: 1 addition & 0 deletions swatch-contracts/deploy/clowdapp.yaml
View file
Open in desktop
Expand Up @@ -68,6 +68,7 @@ objects:
sharedDbAppName: swatch-tally
dependencies:
- swatch-tally
- swatch-subscription-sync

# Creates a database if local mode, or uses RDS in production
# database:
Expand Down
9 changes: 6 additions & 3 deletions swatch-contracts/src/main/resources/application.properties
View file
Open in desktop
@@ -1,5 +1,5 @@
SERVER_PORT=${clowder.endpoints.swatch-contracts.port:8000}
SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://swatch-subscription-sync-service:8000/api/rhsm-subscriptions/v1
SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=${clowder.endpoints.swatch-subscription-sync-service.url}
LOGGING_LEVEL_COM_REDHAT_SWATCH=INFO
LOGGING_LEVEL_ROOT=INFO
DATABASE_HOST: ${clowder.database.hostname:localhost}
Expand Down Expand Up @@ -30,7 +30,7 @@ SPLUNK_HEC_INCLUDE_EX=false
%dev.SPLUNKMETA_host=${USER}@${HOSTNAME}
%dev.SPLUNKMETA_namespace=local
%dev.SPLUNK_HEC_INCLUDE_EX=true
%dev.SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://localhost:8001/api/rhsm-subscriptions/v1
%dev.SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://localhost:8101

# set the test profile properties to the same values as dev; these get activated for @QuarkusTest
%test.SWATCH_SELF_PSK=${%dev.SWATCH_SELF_PSK}
Expand Down Expand Up @@ -109,7 +109,10 @@ quarkus.rest-client."com.redhat.swatch.clients.subscription.api.resources.Search
quarkus.rest-client."com.redhat.swatch.clients.subscription.api.resources.SearchApi".scope=jakarta.enterprise.context.ApplicationScoped

# configuration properties for subscriptions-sync
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".url=${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".url=${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}/api/rhsm-subscriptions/v1
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store=${clowder.endpoints.swatch-subscription-sync-service.trust-store-path}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store-password=${clowder.endpoints.swatch-subscription-sync-service.trust-store-password}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store-type=${clowder.endpoints.swatch-subscription-sync-service.trust-store-type}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".providers=com.redhat.swatch.resteasy.client.SwatchPskHeaderFilter

# rbac service configuration
Expand Down
6 changes: 2 additions & 4 deletions swatch-producer-aws/deploy/clowdapp.yaml
View file
Open in desktop
Expand Up @@ -41,8 +41,6 @@ parameters:
value: '3'
- name: SPLUNK_HEC_INCLUDE_EX
value: 'true'
- name: SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind putting an MR out in app-interface to clean up SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT out of the deploy-clowder.yml since it's no longer being exposed to override via env var?

It actually looks like it can be removed out of the swatch-producer-azure definition of that same file too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done: https://gitlab.cee.redhat.com/service/app-interface/-/merge_requests/88459

value: http://swatch-subscription-sync-service:8000/api/rhsm-subscriptions/v1
- name: MOTO_REPLICAS
value: '0'
- name: AWS_MARKETPLACE_ENDPOINT_URL
Expand Down Expand Up @@ -85,6 +83,8 @@ objects:
prometheus: quarkus
spec:
envName: ${ENV_NAME}
dependencies:
- swatch-subscription-sync
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this configuration, the clowder config file will include the configuration for this service.


kafkaTopics:
- replicas: ${{KAFKA_BILLABLE_USAGE_REPLICAS}}
Expand Down Expand Up @@ -167,8 +167,6 @@ objects:
value: ${SPLUNK_HEC_RETRY_COUNT}
- name: SPLUNK_HEC_INCLUDE_EX
value: ${SPLUNK_HEC_INCLUDE_EX}
- name: SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT
value: ${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}
- name: AWS_MANUAL_SUBMISSION_ENABLED
value: ${AWS_MANUAL_SUBMISSION_ENABLED}
- name: AWS_MARKETPLACE_ENDPOINT_OVERRIDE
Expand Down
9 changes: 6 additions & 3 deletions swatch-producer-aws/src/main/resources/application.properties
View file
Open in desktop
@@ -1,7 +1,7 @@
SERVER_PORT=${clowder.endpoints.swatch-producer-aws.port:8000}
LOGGING_LEVEL_COM_REDHAT_SWATCH=INFO
LOGGING_LEVEL_ROOT=INFO
SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://${clowder.endpoints.capacity-ingress.hostname}:${clowder.endpoints.capacity-ingress.port}
SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=${clowder.endpoints.swatch-subscription-sync-service.url}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The capacity-ingress didn't exist. The SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT value was being set in the clowderapp.yaml.
After these changes, all the Quarkus-based services will populate the configuration using the clowder config source.

AWS_REGION=us-east-1
AWS_MANUAL_SUBMISSION_ENABLED=false
AWS_SEND_RETRIES=0
Expand All @@ -21,7 +21,7 @@ TALLY_IN_FAIL_ON_DESER_FAILURE=true
# dev-specific defaults; these can still be overridden by env var
%dev.LOGGING_LEVEL_COM_REDHAT_SWATCH=DEBUG
%dev.AWS_CREDENTIALS_JSON=[{"accessKeyId":"accessKey","secretAccessKey":"placeholder","sellerAccount":"awsSellerAccountId"}]
%dev.SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://localhost:8101/api/rhsm-subscriptions/v1
%dev.SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://localhost:8101
%dev.AWS_MARKETPLACE_ENDPOINT_URL=http://localhost:8101/aws-marketplace/
%dev.AWS_MARKETPLACE_ENDPOINT_OVERRIDE=true
%dev.AWS_MANUAL_SUBMISSION_ENABLED=true
Expand Down Expand Up @@ -88,7 +88,10 @@ mp.messaging.incoming.tally-in.auto.offset.reset = earliest
mp.messaging.outgoing.tally-out.connector=smallrye-kafka
mp.messaging.outgoing.tally-out.topic=platform.rhsm-subscriptions.billable-usage

quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".url=${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".url=${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}/api/rhsm-subscriptions/v1
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store=${clowder.endpoints.swatch-subscription-sync-service.trust-store-path}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store-password=${clowder.endpoints.swatch-subscription-sync-service.trust-store-password}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store-type=${clowder.endpoints.swatch-subscription-sync-service.trust-store-type}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".providers=com.redhat.swatch.resteasy.client.SwatchPskHeaderFilter, com.redhat.swatch.aws.resource.DefaultApiExceptionMapper
com.redhat.swatch.processors.BillableUsageProcessor/lookupAwsUsageContext/Retry/maxRetries=${AWS_USAGE_CONTEXT_LOOKUP_RETRIES}
com.redhat.swatch.processors.BillableUsageProcessor/send/Retry/maxRetries=${AWS_SEND_RETRIES}
Expand Down
2 changes: 2 additions & 0 deletions swatch-producer-azure/deploy/clowdapp.yaml
View file
Open in desktop
Expand Up @@ -53,6 +53,8 @@ objects:
prometheus: quarkus
spec:
envName: ${ENV_NAME}
dependencies:
- swatch-subscription-sync

kafkaTopics:
- replicas: ${{KAFKA_BILLABLE_USAGE_REPLICAS}}
Expand Down
9 changes: 6 additions & 3 deletions swatch-producer-azure/src/main/resources/application.properties
View file
Open in desktop
@@ -1,7 +1,7 @@
SERVER_PORT=${clowder.endpoints.swatch-producer-azure.port:8000}
LOGGING_LEVEL_COM_REDHAT_SWATCH=INFO
LOGGING_LEVEL_ROOT=INFO
SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://swatch-subscription-sync-service:8000/api/rhsm-subscriptions/v1
SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=${clowder.endpoints.swatch-subscription-sync-service.url}
ENABLE_SPLUNK_HEC=true
SPLUNK_HEC_URL=https://splunk-hec.redhat.com:8088/
SPLUNK_SOURCE=${quarkus.application.name}
Expand All @@ -27,7 +27,7 @@ ENABLE_AZURE_DRY_RUN=true

# dev-specific defaults; these can still be overridden by env var
%dev.LOGGING_LEVEL_COM_REDHAT_SWATCH=DEBUG
%dev.SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://localhost:8101/api/rhsm-subscriptions/v1
%dev.SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT=http://localhost:8101
%dev.SWATCH_SELF_PSK=placeholder
%dev.ENABLE_SPLUNK_HEC=false
%dev.SPLUNK_HEC_URL=https://splunk-hec.prod.utility-us-east-2.redhat.com:8088/
Expand Down Expand Up @@ -87,7 +87,10 @@ mp.messaging.incoming.tally-in.auto.offset.reset = earliest
mp.messaging.outgoing.tally-out.connector=smallrye-kafka
mp.messaging.outgoing.tally-out.topic=platform.rhsm-subscriptions.billable-usage

quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".url=${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".url=${SWATCH_INTERNAL_SUBSCRIPTION_ENDPOINT}/api/rhsm-subscriptions/v1
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store=${clowder.endpoints.swatch-subscription-sync-service.trust-store-path}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store-password=${clowder.endpoints.swatch-subscription-sync-service.trust-store-password}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".trust-store-type=${clowder.endpoints.swatch-subscription-sync-service.trust-store-type}
quarkus.rest-client."com.redhat.swatch.clients.swatch.internal.subscription.api.resources.InternalSubscriptionsApi".providers=com.redhat.swatch.resteasy.client.SwatchPskHeaderFilter

quarkus.log.handler.splunk.enabled=${ENABLE_SPLUNK_HEC:false}
Expand Down