From a275c3411cdc7913a9bdd5add2156ec7bce4cc3d Mon Sep 17 00:00:00 2001 From: Tim Burks Date: Tue, 11 Apr 2023 09:00:31 -0700 Subject: [PATCH] Remove the registry-bundle container. (#192) --- containers/README.md | 10 +-- containers/registry-bundle/Dockerfile | 67 --------------- containers/registry-bundle/RUN.sh | 43 ---------- containers/registry-bundle/envoy.yaml | 115 -------------------------- 4 files changed, 1 insertion(+), 234 deletions(-) delete mode 100644 containers/registry-bundle/Dockerfile delete mode 100755 containers/registry-bundle/RUN.sh delete mode 100644 containers/registry-bundle/envoy.yaml diff --git a/containers/README.md b/containers/README.md index 66626550..64882e42 100644 --- a/containers/README.md +++ b/containers/README.md @@ -1,13 +1,5 @@ # containers This directory contains configurations and support files for building -containers containing `registry-server` and related tools. +containers containing `registry-experimental` and other tools. -Use `registry-bundle/Dockerfile` to build a container with `registry-server`, -`envoy`, and `authz-server`. Envoy is configured to support grpc-web and to -perform authorization using the `authz-server` that is included with this -project, which is also included and run in the container. - -Use `authz-server/Dockerfile` to build a container with only `authz-server`. -This can be deployed in Kubernetes in a three-container pod with -`registry-server` and `envoy`. diff --git a/containers/registry-bundle/Dockerfile b/containers/registry-bundle/Dockerfile deleted file mode 100644 index aab7731b..00000000 --- a/containers/registry-bundle/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This Dockerfile builds an image that runs the registry-server behind an -# included Envoy proxy. - -# Use the official Golang image to create a build artifact. -# This is based on Debian and sets the GOPATH to /go. -# https://hub.docker.com/_/golang -FROM golang:1.18 as builder - -RUN apt-get update -RUN apt-get install unzip - -# Create and change to the app directory. -WORKDIR /app - -# Retrieve application dependencies. -# This allows the container build to reuse cached dependencies. -COPY go.* ./ -RUN go mod download - -# Copy local code to the container image. -COPY . ./ - -# Build authz-server. -RUN CGO_ENABLED=0 GOOS=linux go build -v -o authz-server ./cmd/authz-server - -# Get registry code. -RUN git clone https://github.com/apigee/registry - -# Build registry-server. -RUN cd registry; CGO_ENABLED=0 GOOS=linux go build -v -o registry-server ./cmd/registry-server - -# Use an Envoy release image to get envoy in the image. -FROM envoyproxy/envoy:v1.16.0 - -COPY containers/registry-bundle/RUN.sh /RUN.sh -COPY containers/registry-bundle/envoy.yaml /etc/envoy/envoy.yaml -COPY --from=builder /app/registry/deployments/envoy/proto.pb /proto.pb - -# Copy the registry-server binary to the production image from the builder stage. -COPY --from=builder /app/registry/registry-server /registry-server - -# Copy the authz-server binary to the production image from the builder stage. -COPY --from=builder /app/authz-server /authz-server - -# Copy configuration files to the production image. -COPY --from=builder /app/registry/config/registry-server.yaml /registry-server.yaml -COPY cmd/authz-server/authz.yaml /authz.yaml - -# Run as root in the container. Needed to use the Envoy release image. -ENV ENVOY_UID=0 - -# Run services on container startup. -CMD ["/RUN.sh"] diff --git a/containers/registry-bundle/RUN.sh b/containers/registry-bundle/RUN.sh deleted file mode 100755 index 494f5ce2..00000000 --- a/containers/registry-bundle/RUN.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright 2020 Google LLC. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# This script runs in a container and starts the registry-server in the -# background before running envoy. -# - -# This causes bash to exit immediately if anything fails. -set -e - -# run the authz server on its default port. -/authz-server -c authz.yaml & - -# run the registry server on a fixed port. -REGISTRY_SERVER_PORT=8081 -PORT=$REGISTRY_SERVER_PORT /registry-server -c registry-server.yaml & - -# update envoy.yaml to look for the registry-server on the port we just set. -sed -i "s/8080/${REGISTRY_SERVER_PORT}/g" /etc/envoy/envoy.yaml - -# update envoy.yaml to point to the container-assigned port. -sed -i "s/9999/${PORT}/g" /etc/envoy/envoy.yaml - -# run envoy. -/usr/local/bin/envoy -c /etc/envoy/envoy.yaml & - -# wait until any child process exits. -wait -n diff --git a/containers/registry-bundle/envoy.yaml b/containers/registry-bundle/envoy.yaml deleted file mode 100644 index f8e94c5e..00000000 --- a/containers/registry-bundle/envoy.yaml +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -admin: - access_log_path: /tmp/admin_access.log - address: - socket_address: { address: 0.0.0.0, port_value: 9901 } - -static_resources: - listeners: - - name: listener1 - address: - socket_address: { address: 0.0.0.0, port_value: 9999 } - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: grpc_json - codec_type: AUTO - route_config: - name: local_route - virtual_hosts: - - name: local_service - domains: ["*"] - routes: - - match: { prefix: "/" } - route: { cluster: registry-server, timeout: { seconds: 60 } } - cors: - allow_origin_string_match: - - prefix: "*" - allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: authorization, keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout - max_age: "1728000" - expose_headers: grpc-status,grpc-message - http_filters: - - name: envoy.filters.http.cors - - name: envoy.filters.http.ext_authz - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz - grpc_service: - envoy_grpc: - cluster_name: authz-server - timeout: 0.5s - - name: envoy.filters.http.grpc_json_transcoder - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_json_transcoder.v3.GrpcJsonTranscoder - proto_descriptor: "proto.pb" - services: ["google.cloud.apigee.registry.v1.Registry"] - print_options: - add_whitespace: true - always_print_primitive_fields: true - always_print_enums_as_ints: false - preserve_proto_field_names: false - - name: envoy.filters.http.grpc_web - - name: envoy.filters.http.router - clusters: - - name: registry-server - connect_timeout: 1.25s - type: logical_dns - lb_policy: round_robin - dns_lookup_family: V4_ONLY - http2_protocol_options: {} - load_assignment: - cluster_name: registry-server - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8080 - - name: authz-server - type: static - http2_protocol_options: {} - load_assignment: - cluster_name: authz-server - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 50051 - common_lb_config: - healthy_panic_threshold: - value: 50.0 - health_checks: - - timeout: 1s - interval: 600s - interval_jitter: 1s - no_traffic_interval: 600s - unhealthy_threshold: 1 - healthy_threshold: 3 - grpc_health_check: - service_name: "envoy.service.auth.v2alpha.Authorization" - authority: "server.domain.com" - connect_timeout: 0.25s - -layered_runtime: - layers: - - name: static_layer_0 - static_layer: - overload: - global_downstream_max_connections: 50000