Deploy nginx

cmd/platform/kubernetes/install.sh

@@ -62,7 +62,8 @@ base64 /tmp/jwt.pub > /tmp/jwt-base64.pub
 # Create the k8s secret
 kubectl create secret generic micro-secrets \
   --from-file=auth_public_key=/tmp/jwt-base64.pub \
-  --from-file=auth_private_key=/tmp/jwt-base64
+  --from-file=auth_private_key=/tmp/jwt-base64 \
+  --from-literal=cloudflare=$CF_API_KEY
 
 # Remove the files from tmp
 rm /tmp/jwt /tmp/jwt.pub /tmp/jwt-base64 /tmp/jwt-base64.pub
@@ -77,20 +78,8 @@ for d in ./resource/*/; do
   popd
 done
 
-# replace m3o.com with m3o.dev
-if [ $ENV == "staging" ]; then
-  sed -i 's@m3o.com@m3o.dev@g' service/*.yaml
-  sed -i 's@m3o.app@m3o.dev@g' service/*.yaml
-fi
-
 # execute the yaml
 kubectl apply -f service
 
-# replace back
-if [ $ENV == "staging" ]; then
-  sed -i 's@*.m3o.dev@*.m3o.com@g' service/*.yaml
-  sed -i 's@m3o.dev@m3o.com@g' service/*.yaml
-fi
-
 # go back to the top level
 cd ..;

cmd/platform/kubernetes/resource/ingress/ingress.yaml

@@ -0,0 +1,57 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grpc-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+spec:
+  tls:
+  - hosts:
+    - "*.m3o.com"
+    secretName: nginx-tls
+  rules:
+  - host: "proxy.m3o.com"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: micro-proxy
+            port:
+              number: 8081
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: http-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  tls:
+  - hosts:
+    - "*.m3o.app"
+    - "*.m3o.com"
+    secretName: nginx-tls
+  rules:
+  - host: "api.m3o.com"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: micro-api
+            port:
+              number: 8080
+  - host: "*.m3o.app"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: micro-api
+            port:
+              number: 8080

cmd/platform/kubernetes/resource/ingress/install.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Reference: https://cert-manager.io/docs/tutorials/acme/ingress/
+
+# REQUIRED MICRO ENV CF_API_KEY
+
+# Install nginx using helm
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm install nginx ingress-nginx/ingress-nginx
+kubectl wait deployment/nginx-ingress-nginx-controller --for=condition=available --timeout=120s
+
+# Replace m3o.com with m3o.dev in staging
+if [ $MICRO_ENV == "staging" ]; then
+  sed -i '' 's/\*.m3o.app/\*.m3o.dev/g' ingress.yaml
+  sed -i '' 's/m3o.com/m3o.dev/g' ingress.yaml
+fi
+
+# Install the ingress
+kubectl apply -f ingress.yaml
+
+# replace back
+if [ $MICRO_ENV == "staging" ]; then
+  sed -i '' 's/\*.m3o.dev/\*.m3o.app/g' ingress.yaml
+  sed -i '' 's/m3o.dev/m3o.com/g' ingress.yaml
+fi
+
+# Don't use TLS locally
+if [ "$MICRO_ENV" == "dev" ]; then
+  exit 0
+fi
+
+# Install Cert Manager
+kubectl create namespace cert-manager
+helm repo add jetstack https://charts.jetstack.io
+helm install \
+  cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --version v1.0.3 \
+  --set installCRDs=true
+kubectl wait deployment --all --for=condition=available -n cert-manager --timeout=120s
+
+echo "Waiting for a Public IP to be assigned to the nginx ingress..."
+while true; do
+  grpcIP=$(kubectl get ingress grpc-ingress -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
+  httpIP=$(kubectl get ingress http-ingress -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
+  if [ "$grpcIP" == "" ] | [ "$httpIP" == "" ]; then
+    sleep 1
+  else 
+    break
+  fi
+done
+
+
+echo "Please set the following DNS entries and then press [y] to continue:"
+kubectl get ingress grpc-ingress -o jsonpath="{.spec.rules[*].host}" | xargs -n 1 -I{} printf "%-10s %-30s %-20s\n" "A" {} $grpcIP
+kubectl get ingress http-ingress -o jsonpath="{.spec.rules[*].host}" | xargs -n 1 -I{} printf "%-10s %-30s %-20s\n" "A" {} $httpIP 
+
+while true; do
+  read -r ans
+  if [ "$ans" == "y" ]; then
+    break
+  else 
+    echo "Invalid input, please press [y] to continue"
+  fi
+done
+
+# Update the ingress to use letsencrypt
+kubectl apply -f ./letsencrypt.yaml
+kubectl annotate ingress grpc-ingress cert-manager.io/issuer="letsencrypt-prod" --overwrite
+kubectl annotate ingress http-ingress cert-manager.io/issuer="letsencrypt-prod" --overwrite
+
+echo "nginx ingress configured, it will take about 2-3 minutes for the TLS certificate to be issued"

cmd/platform/kubernetes/resource/ingress/letsencrypt.yaml

@@ -0,0 +1,35 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: support@m3o.com
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - dns01:
+        cloudflare:
+          email: ben@micro.mu
+          apiTokenSecretRef:
+            name: micro-secrets
+            key: cloudflare
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: support@m3o.com
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - dns01:
+        cloudflare:
+          email: ben@micro.mu
+          apiTokenSecretRef:
+            name: micro-secrets
+            key: cloudflare

cmd/platform/kubernetes/resource/ingress/uninstall.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+helm uninstall nginx
+kubectl delete namespace cert-manager
+
+kubectl delete -f letsencrypt.yaml
+kubectl delete -f ingress.yaml
+kubectl delete secret nginx-tls

cmd/platform/kubernetes/resource/prometheus/uninstall.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+helm uninstall prometheus 

cmd/platform/kubernetes/service/api-svc.yaml

@@ -9,9 +9,9 @@
      version: latest
  spec:
    ports:
-   - name: https
-     port: 443
-     targetPort: 443
+   - name: http
+     port: 8080
+     targetPort: 8080
    selector:
      name: micro-api
      micro: runtime

cmd/platform/kubernetes/service/api.yaml

@@ -66,24 +66,13 @@ spec:
           value: client
         - name: MICRO_PROXY
           value: "micro-network.default.svc.cluster.local:8443"
-        - name: MICRO_ENABLE_ACME
-          value: "true"
-        - name: MICRO_ACME_PROVIDER
-          value: certmagic
-        - name: MICRO_ACME_HOSTS
-          value: '*.m3o.app,api.m3o.com'
-        - name: CF_API_TOKEN
-          valueFrom:
-            secretKeyRef:
-              key: cloudflare
-              name: micro-secrets
         args:
         - service
         - api
         image: micro/platform
         imagePullPolicy: Always
         ports:
-        - containerPort: 443
+        - containerPort: 8080
           name: api-port
         readinessProbe:
           tcpSocket:

cmd/platform/kubernetes/service/proxy-svc.yaml

@@ -9,9 +9,6 @@ metadata:
     version: latest
 spec:
   ports:
-  - name: https
-    port: 443
-    targetPort: 443
   - name: proxy
     port: 8081
     targetPort: 8081

cmd/platform/kubernetes/service/proxy.yaml

@@ -64,33 +64,18 @@ spec:
               key: auth_private_key
         - name: MICRO_PROFILE
           value: "client"
-        - name: MICRO_PROXY_ADDRESS
-          value: "0.0.0.0:443"
         - name: MICRO_LOG_LEVEL
           value: "trace"
-        - name: MICRO_ENABLE_ACME
-          value: "true"
-        - name: MICRO_ACME_PROVIDER
-          value: certmagic
-        - name: MICRO_ACME_HOSTS
-          value: 'proxy.m3o.com'
-        - name: CF_API_TOKEN
-          valueFrom:
-            secretKeyRef:
-              key: cloudflare
-              name: micro-secrets
         args:
         - service
         - proxy
         image: micro/platform
         imagePullPolicy: Always
         ports:
-        - containerPort: 443
-          name: https-port
         - containerPort: 8081
           name: proxy-port
         readinessProbe:
           tcpSocket:
-            port: https-port
+            port: proxy-port
           initialDelaySeconds: 5
           periodSeconds: 10

cmd/platform/kubernetes/uninstall.sh

@@ -6,16 +6,14 @@
 kubectl delete secret micro-secrets
 
 # uninstall the resources
-cd ./resource/cockroachdb;
-bash uninstall.sh;
-cd ../etcd;
-bash uninstall.sh;
-cd ../nats;
-bash uninstall.sh;
+for d in ./resource/*/; do
+  pushd $d
+  MICRO_ENV=$ENV bash uninstall.sh
+  popd
+done
 
-# move to the /kubernetes folder and apply the deployments
-cd ../..;
-kubectl delete -f service
+# delete the deployments and services
+kubectl delete -f ./service
 
 # go back to the top level
 cd ..;

scripts/kind-reset.sh

@@ -8,7 +8,7 @@ popd
 namespaces=$(kubectl get namespaces -o name | sed 's/namespace\///g')
 for ns in $namespaces 
 do
-    if [[ $ns == "kube-system" || $ns == "kube-node-lease" || $ns == "default" || $ns == "kube-public" || $ns == "local-path-storage" || $ns == "default" || $ns == "monitoring" ]]; then
+    if [[ $ns == "kube-system" || $ns == "kube-node-lease" || $ns == "default" || $ns == "kube-public" || $ns == "local-path-storage" || $ns == "default" ]]; then
         continue
     fi
     kubectl delete namespace $ns