feat: enable h2c for api-gateway to handle both http and https (#183)

Because

- we would like to use `http` for local development and make `https` optional for CE-VDP

This commit

- make the `api-gateway` default to non-TLS `http`.

Co-authored-by: EiffelFly <57251712+EiffelFly@users.noreply.github.com>
Co-authored-by: Xiaofei Du <xiaofei.du@instill.tech>

.github/workflows/integration-test.yml

@@ -67,9 +67,9 @@ jobs:
           cd console && docker build --build-arg TEST_USER='root' -f Dockerfile.playwright -t console-playwright .
           docker run -t --rm \
             -e NEXT_PUBLIC_CONSOLE_BASE_URL=http://console:3000 \
-            -e NEXT_PUBLIC_API_GATEWAY_BASE_URL=https://api-gateway:8080 \
+            -e NEXT_PUBLIC_API_GATEWAY_BASE_URL=http://api-gateway:8080 \
             -e NEXT_PUBLIC_API_VERSION=v1alpha \
-            -e NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION=true \
+            -e NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION=false \
             -e NEXT_PUBLIC_INSTILL_AI_USER_COOKIE_NAME=instill-ai-user \
             --network instill-network \
             --entrypoint ./entrypoint-playwright.sh \

Dockerfile.dev

@@ -8,7 +8,7 @@ RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /
 RUN echo \
     "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
     $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-RUN apt-get update
+RUN apt-get update --fix-missing
 RUN apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
 RUN apt-get install -y git bash make curl wget vim
 
@@ -29,10 +29,12 @@ COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
 WORKDIR /vdp/dev
 
 ARG CACHE_DATE
-RUN echo "VDP codebase cloned on ${CACHE_DATE}: "
-RUN git clone https://github.com/instill-ai/api-gateway.git api-gateway
-RUN git clone https://github.com/instill-ai/pipeline-backend.git pipeline-backend
-RUN git clone https://github.com/instill-ai/connector-backend.git connector-backend
-RUN git clone https://github.com/instill-ai/model-backend.git model-backend
-RUN git clone https://github.com/instill-ai/mgmt-backend.git mgmt-backend
-RUN git clone https://github.com/instill-ai/console.git console
+RUN echo "VDP codebase cloned on ${CACHE_DATE}"
+
+ARG PROFILE
+RUN if [ "${PROFILE}" = "all" ] || [ "${PROFILE}" = "api-gateway" ]; then git clone https://github.com/instill-ai/api-gateway.git api-gateway; fi
+RUN if [ "${PROFILE}" = "all" ] || [ "${PROFILE}" = "pipeline" ]; then git clone https://github.com/instill-ai/pipeline-backend.git pipeline-backend; fi
+RUN if [ "${PROFILE}" = "all" ] || [ "${PROFILE}" = "connector" ]; then git clone https://github.com/instill-ai/connector-backend.git connector-backend; fi
+RUN if [ "${PROFILE}" = "all" ] || [ "${PROFILE}" = "model" ]; then git clone https://github.com/instill-ai/model-backend.git model-backend; fi
+RUN if [ "${PROFILE}" = "all" ] || [ "${PROFILE}" = "mgmt" ]; then git clone https://github.com/instill-ai/mgmt-backend.git mgmt-backend; fi
+RUN if [ "${PROFILE}" = "all" ] || [ "${PROFILE}" = "console" ]; then git clone https://github.com/instill-ai/console.git console; fi

Makefile

@@ -60,6 +60,9 @@ rm:				## Remove all stopped service containers
 
 .PHONY: down
 down:			## Stop all services and remove all service containers and volumes
+	@docker rm -f vdp-build >/dev/null 2>&1
+	@docker rm -f vdp-integration-test >/dev/null 2>&1
+	@docker rm -f console-integration-test >/dev/null 2>&1
 	@docker compose down -v
 
 .PHONY: images
@@ -80,9 +83,10 @@ build:							## Build latest images for VDP components (param: PROFILE=<profile-
 		--build-arg UBUNTU_VERSION=${UBUNTU_VERSION} \
 		--build-arg GOLANG_VERSION=${GOLANG_VERSION} \
 		--build-arg K6_VERSION=${K6_VERSION} \
+		--build-arg PROFILE=$(PROFILE) \
 		--build-arg CACHE_DATE="$(shell date)" \
 		-t instill/vdp:dev .
-	@docker run -t --rm \
+	@docker run -it --rm \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		-v ${PWD}/.env:/vdp/dev/.env \
 		-v ${PWD}/docker-compose.build.yml:/vdp/dev/docker-compose.build.yml \
@@ -92,8 +96,7 @@ build:							## Build latest images for VDP components (param: PROFILE=<profile-
 		-e REDIS_IMAGE_TAG=${REDIS_IMAGE_TAG} \
 		--name vdp-build \
 		instill/vdp:dev /bin/bash -c " \
-			COMPOSE_PROFILES=$(PROFILE) docker compose -f docker-compose.build.yml build --progress plain && \
-			cd console && docker build --build-arg TEST_USER='root' -f Dockerfile.playwright -t console-playwright . \
+			COMPOSE_PROFILES=$(PROFILE) docker compose -f docker-compose.build.yml build --progress plain \
 		"
 
 .PHONY: doc
@@ -102,26 +105,26 @@ doc:						## Run Redoc for OpenAPI spec at http://localhost:3001
 
 .PHONY: integration-test
 integration-test:			## Run integration test for all dev repositories
+	@make build PROFILE=all
 	@make dev PROFILE=all ITMODE=true CONSOLE_BASE_URL_HOST=console CONSOLE_BASE_API_GATEWAY_URL_HOST=api-gateway
-	@docker rm -f vdp-integration-test >/dev/null 2>&1
-	@docker rm -f console-integration-test >/dev/null 2>&1
-	@docker run -d -t --rm \
+	@sleep 60
+	@docker run -it --rm \
 		--network instill-network \
-		--name vdp-integration-test instill/vdp:dev tail -f /dev/null >/dev/null 2>&1
-	@docker exec -t vdp-integration-test /bin/bash -c "cd pipeline-backend && make integration-test MODE=api-gateway"
-	@docker exec -t vdp-integration-test /bin/bash -c "cd connector-backend && make integration-test MODE=api-gateway"
-	@docker exec -t vdp-integration-test /bin/bash -c "cd model-backend && make integration-test MODE=api-gateway"
-	@docker exec -t vdp-integration-test /bin/bash -c "cd mgmt-backend && make integration-test MODE=api-gateway"
-	@docker stop -t 1 vdp-integration-test
-	@docker run -t --rm \
+		--name vdp-integration-test instill/vdp:dev /bin/bash -c " \
+			cd pipeline-backend && make integration-test MODE=api-gateway && cd ~- && \
+			cd connector-backend && make integration-test MODE=api-gateway && cd ~- && \
+			cd model-backend && make integration-test MODE=api-gateway && cd ~- && \
+			cd mgmt-backend && make integration-test MODE=api-gateway && cd ~- \
+		"
+	@docker run -it --rm \
 		-e NEXT_PUBLIC_CONSOLE_BASE_URL=http://console:3000 \
-		-e NEXT_PUBLIC_API_GATEWAY_BASE_URL=https://api-gateway:8080 \
+		-e NEXT_PUBLIC_API_GATEWAY_BASE_URL=http://api-gateway:8080 \
 		-e NEXT_PUBLIC_API_VERSION=v1alpha \
-		-e NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION=true \
+		-e NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION=false \
 		-e NEXT_PUBLIC_INSTILL_AI_USER_COOKIE_NAME=instill-ai-user \
 		--network instill-network \
 		--entrypoint ./entrypoint-playwright.sh \
-		--name console-integration-test console-playwright
+		--name console-integration-test instill/console-playwright
 	@make down
 
 .PHONY: help

docker-compose.build.yml

@@ -71,3 +71,14 @@ services:
     image: instill/${CONSOLE_HOST}:latest
     build:
       context: ./${CONSOLE_HOST}
+
+  console_playwright:
+    profiles:
+      - all
+      - console
+    image: instill/${CONSOLE_HOST}-playwright:latest
+    build:
+      context: ./${CONSOLE_HOST}
+      dockerfile: Dockerfile.playwright
+      args:
+        TEST_USER: "root"

docker-compose.dev.yml

@@ -33,8 +33,6 @@ services:
       API_GATEWAY_HTTPS_PORT: ${API_GATEWAY_HTTPS_PORT}
       API_GATEWAY_STATS_PORT: ${API_GATEWAY_STATS_PORT}
       API_GATEWAY_METRICS_PORT: ${API_GATEWAY_METRICS_PORT}
-      API_GATEWAY_CERT_FILE: cert/dev-cert.pem
-      API_GATEWAY_KEY_FILE: cert/dev-key.pem
       API_GATEWAY_LOG_LEVEL: DEBUG
       PIPELINE_BACKEND_HOST: ${PIPELINE_BACKEND_HOST}
       PIPELINE_BACKEND_PORT: ${PIPELINE_BACKEND_PORT}
@@ -45,7 +43,6 @@ services:
       MGMT_BACKEND_HOST: ${MGMT_BACKEND_HOST}
       MGMT_BACKEND_PORT: ${MGMT_BACKEND_PORT}
     command: /bin/bash -c "
-      mkcert -install && mkdir cert && mkcert -client -key-file cert/dev-key.pem -cert-file cert/dev-cert.pem localhost api-gateway &&
       envsubst <config/.env.envsubst >config/.env &&
       make config &&
       krakend run -c krakend.json"
@@ -416,9 +413,9 @@ services:
       NEXT_PUBLIC_DISABLE_USAGE_COLLECTION: "false"
       NEXT_PUBLIC_CONSOLE_EDITION: local-ce:latest
       NEXT_PUBLIC_CONSOLE_BASE_URL: http://${CONSOLE_BASE_URL_HOST}:${CONSOLE_PORT}
-      NEXT_PUBLIC_API_GATEWAY_BASE_URL: https://${CONSOLE_BASE_API_GATEWAY_URL_HOST}:${API_GATEWAY_HTTPS_PORT}
+      NEXT_PUBLIC_API_GATEWAY_BASE_URL: http://${CONSOLE_BASE_API_GATEWAY_URL_HOST}:${API_GATEWAY_HTTPS_PORT}
       NEXT_PUBLIC_INSTILL_AI_USER_COOKIE_NAME: instill-ai-user
-      NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION: true
+      NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION: false
       NODE_ENV: development
     ports:
       - ${CONSOLE_PORT}:${CONSOLE_PORT}
@@ -506,7 +503,7 @@ services:
     ports:
       - ${TEMPORAL_PORT}:7233
     healthcheck:
-      test: ["CMD", "tctl", "--address", "temporal:7233", "workflow", "list"]
+      test: ["CMD", "tctl", "--address", "temporal:7233", "cluster", "health"]
       interval: 10s
       timeout: 1m
       retries: 10
@@ -520,8 +517,6 @@ services:
     restart: unless-stopped
     environment:
       TEMPORAL_CLI_ADDRESS: ${TEMPORAL_HOST}:${TEMPORAL_PORT}
-    stdin_open: true
-    tty: true
     depends_on:
       temporal:
         condition: service_healthy

docker-compose.yml

@@ -15,14 +15,6 @@ volumes:
     name: model-repository
 
 services:
-  cert:
-    container_name: cert
-    image: instill/cert:latest
-    restart: on-failure
-    volumes:
-      - vdp:/vdp
-    command: sh -c "cp -r /certs /vdp/certs"
-
   api_gateway:
     container_name: ${API_GATEWAY_HOST}
     image: instill/${API_GATEWAY_HOST}:${API_GATEWAY_VERSION}
@@ -32,8 +24,6 @@ services:
       API_GATEWAY_HTTPS_PORT: ${API_GATEWAY_HTTPS_PORT}
       API_GATEWAY_STATS_PORT: ${API_GATEWAY_STATS_PORT}
       API_GATEWAY_METRICS_PORT: ${API_GATEWAY_METRICS_PORT}
-      API_GATEWAY_CERT_FILE: /vdp/certs/${API_GATEWAY_HOST}/cert.pem
-      API_GATEWAY_KEY_FILE: /vdp/certs/${API_GATEWAY_HOST}/key.pem
       API_GATEWAY_LOG_LEVEL: INFO
       PIPELINE_BACKEND_HOST: ${PIPELINE_BACKEND_HOST}
       PIPELINE_BACKEND_PORT: ${PIPELINE_BACKEND_PORT}
@@ -52,7 +42,6 @@ services:
       make config &&
       krakend run -c krakend.json"
     depends_on:
-      - cert
       - pipeline_backend
       - connector_backend
       - model_backend
@@ -233,6 +222,7 @@ services:
       CFG_SERVER_DISABLEUSAGE: ${DISABLEUSAGE}
       CFG_SERVER_EDITION: local-ce
       CFG_SERVER_MAXIMAGESIZE: ${MAX_IMAGE_SIZE}
+      CFG_SERVER_ITMODE: ${ITMODE}
       CFG_DATABASE_HOST: ${POSTGRESQL_HOST}
       CFG_DATABASE_PORT: ${POSTGRESQL_PORT}
       CFG_DATABASE_USERNAME: postgres
@@ -309,7 +299,7 @@ services:
       NEXT_PUBLIC_CONSOLE_BASE_URL: http://${CONSOLE_BASE_URL_HOST}:${CONSOLE_PORT}
       NEXT_PUBLIC_API_GATEWAY_BASE_URL: https://${CONSOLE_BASE_API_GATEWAY_URL_HOST}:${API_GATEWAY_HTTPS_PORT}
       NEXT_PUBLIC_INSTILL_AI_USER_COOKIE_NAME: instill-ai-user
-      NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION: true
+      NEXT_PUBLIC_SELF_SIGNED_CERTIFICATION: false
       NODE_ENV: production
     ports:
       - ${CONSOLE_PORT}:${CONSOLE_PORT}
@@ -339,6 +329,7 @@ services:
     volumes:
       - model_repository:/model-repository
       - conda_pack:/conda-pack
+      - ./asset/lib/libgomp-d22c30c5.so.1:/opt/tritonserver/lib/libgomp-d22c30c5.so.1
     healthcheck:
       test: ["CMD-SHELL", "curl localhost:8000/v2/health/ready"]
       timeout: 20s
@@ -410,10 +401,9 @@ services:
     restart: unless-stopped
     environment:
       TEMPORAL_CLI_ADDRESS: ${TEMPORAL_HOST}:${TEMPORAL_PORT}
-    stdin_open: true
-    tty: true
     depends_on:
-      - temporal
+      temporal:
+        condition: service_healthy
 
   temporal_ui:
     container_name: ${TEMPORAL_UI_HOST}