enable envoy

n0stack · Sep 30, 2019 · 1829d17 · 1829d17
1 parent 48e1b5d
commit 1829d17
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 23 deletions.
diff --git a/deploy/master/etc/envoy/envoy.yaml b/deploy/master/etc/envoy/envoy.yaml
@@ -0,0 +1,135 @@
+admin:
+  access_log_path: /dev/null
+  address:
+    socket_address:
+      address: 0.0.0.0
+      port_value: 8001
+static_resources:
+  listeners:
+  - address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 80
+    filter_chains:
+    - filters:
+      - name: envoy.http_connection_manager
+        config:
+          codec_type: auto
+          stat_prefix: ingress_http
+          route_config:
+            name: local_route
+            virtual_hosts:
+            - name: redirect
+              domains:
+              - "*"
+              routes:
+              - match:
+                  prefix: "/"
+                redirect:
+                  https_redirect: true
+          access_log:
+          - name: envoy.file_access_log
+            config:
+              path: "/dev/stdout"
+          http_filters:
+          - name: envoy.router
+            confeig: {}
+
+  - address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 443
+    filter_chains:
+    - filters:
+      - name: envoy.http_connection_manager
+        config:
+          access_log:
+          - name: envoy.file_access_log
+            config:
+              path: "/dev/stdout"
+          codec_type: AUTO
+          stat_prefix: ingress_https
+          route_config:
+            name: local_route
+            virtual_hosts:
+            - name: https
+              domains:
+              - "*"
+              routes:
+              - match:
+                  regex: "^/api/?[^/]*$"
+                route:
+                  cluster: swagger
+              - match:
+                  prefix: "/api"
+                route:
+                  cluster: bff
+              - match:
+                  prefix: "/"
+                route:
+                  cluster: api
+          http_filters:
+          - name: envoy.router
+            config: {}
+          # - name: envoy.health_check
+          #   config:
+          #     pass_through_mode: false
+          #     headers:
+          #     - name: ":path"
+          #       exact_match: "/healthz"
+          #     - name: "x-envoy-livenessprobe"
+          #       exact_match: "healthz"
+      tls_context:
+        common_tls_context:
+          tls_certificates:
+          - certificate_chain:
+              filename: "/etc/ssl/envoy/localhost.crt"
+            private_key:
+              filename: "/etc/ssl/envoy/localhost.key"
+
+  clusters:
+  - name: api
+    connect_timeout: 0.25s
+    type: strict_dns
+    lb_policy: round_robin
+    http2_protocol_options: {}
+    health_checks:
+    - timeout: 5s
+      interval: 10s
+      unhealthy_threshold: 2
+      healthy_threshold: 2
+      tcp_health_check: {}
+    hosts:
+    - socket_address:
+        address: api
+        port_value: 20180
+  - name: swagger
+    connect_timeout: 0.25s
+    type: strict_dns
+    lb_policy: round_robin
+    # http2_protocol_options: {}
+    health_checks:
+    - timeout: 5s
+      interval: 10s
+      unhealthy_threshold: 2
+      healthy_threshold: 2
+      tcp_health_check: {}
+    hosts:
+    - socket_address:
+        address: swagger
+        port_value: 80
+  - name: bff
+    connect_timeout: 0.25s
+    type: strict_dns
+    lb_policy: round_robin
+    # http2_protocol_options: {}
+    health_checks:
+    - timeout: 5s
+      interval: 10s
+      unhealthy_threshold: 2
+      healthy_threshold: 2
+      tcp_health_check: {}
+    hosts:
+    - socket_address:
+        address: bff
+        port_value: 8080
diff --git a/deploy/master/nginx/etc/nginx/conf.d/api.conf b/deploy/master/nginx/etc/nginx/conf.d/api.conf
@@ -2,29 +2,11 @@ server {
     listen      80;
     server_name _;
 
-    return      301 https://$host$request_uri;
-}
-
-server {
-    listen      443 ssl http2;
-    server_name _;
-
     root  /usr/share/nginx/html;
     index index.html;
 
-    ssl_certificate     /etc/nginx/ssl/server.crt;
-    ssl_certificate_key /etc/nginx/ssl/server.key;
-
     location ~ ^/api/[^/]*$ {
         expires 7d;
         try_files $uri $uri/ =404;
     }
-
-    location /api/ {
-        proxy_pass http://bff:8080;
-    }
-
-    location / {
-        grpc_pass grpc://api:20180;
-    }
 }
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -50,18 +50,24 @@ services:
     links:
       - etcd
 
-  nginx:
+  swagger:
     build:
       context: ./deploy/master/nginx
     image: n0stack/front
+    volumes:
+      - ./n0stack.swagger.json:/usr/share/nginx/html/api/n0stack.swagger.json:ro
+      - ./deploy/master/nginx/etc/nginx/conf.d:/etc/nginx/conf.d:ro
+
+  envoy:
+    image: envoyproxy/envoy
     ports:
       - "80:80"
       - "443:443"
+      - "8001:8001"
     links:
       - api
       - bff
+      - swagger
     volumes:
-      - ./n0stack.swagger.json:/usr/share/nginx/html/api/n0stack.swagger.json:ro
-      - ./deploy/master/nginx/etc/nginx/ssl/localhost.crt:/etc/nginx/ssl/server.crt:ro
-      - ./deploy/master/nginx/etc/nginx/ssl/localhost.key:/etc/nginx/ssl/server.key:ro
-      - ./deploy/master/nginx/etc/nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./deploy/master/etc/envoy:/etc/envoy:ro
+      - ./deploy/master/nginx/etc/nginx/ssl:/etc/ssl/envoy:ro