Merge pull request 'Refactore the entire k8s manifest for pure https routing' (#79) from cart into main
Reviewed-on: #79
This commit was merged in pull request #79.
This commit is contained in:
@@ -4,6 +4,7 @@ using LiteCharms.Features.MidrandBooks.Extensions;
|
||||
using LiteCharms.Features.MidrandBooks.Payments;
|
||||
using LiteCharms.Features.Postgres;
|
||||
using MidrandBookshop.Components;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using static LiteCharms.Features.Extensions.Quartz;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
@@ -49,6 +50,25 @@ builder.Services.Configure<ForwardedHeadersOptions>(options =>
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
builder.WebHost.ConfigureKestrel(options =>
|
||||
{
|
||||
var certBase64 = builder.Configuration["DataProtection:Certificate"];
|
||||
var certPassword = builder.Configuration["DataProtection:Password"];
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(certBase64))
|
||||
{
|
||||
var rawBytes = Convert.FromBase64String(certBase64);
|
||||
var kestrelCert = X509CertificateLoader.LoadPkcs12(rawBytes, certPassword);
|
||||
|
||||
options.ListenAnyIP(8443, listenOptions =>
|
||||
{
|
||||
listenOptions.UseHttps(kestrelCert);
|
||||
});
|
||||
}
|
||||
else
|
||||
options.ListenAnyIP(8080);
|
||||
});
|
||||
|
||||
app.UseForwardedHeaders();
|
||||
app.UseCookiePolicy();
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
"commandName": "Project",
|
||||
"dotnetRunMessages": true,
|
||||
"launchBrowser": false,
|
||||
"applicationUrl": "https://localhost:7021;http://localhost:5053",
|
||||
"applicationUrl": "https://localhost:8440;http://localhost:8083",
|
||||
"environmentVariables": {
|
||||
"ASPNETCORE_ENVIRONMENT": "Development"
|
||||
}
|
||||
|
||||
+25
-16
@@ -10,8 +10,8 @@ metadata:
|
||||
name: midrandbooks-config
|
||||
namespace: midrandbooks-uat
|
||||
data:
|
||||
ASPNETCORE_ENVIRONMENT: "Development"
|
||||
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
||||
ASPNETCORE_ENVIRONMENT: "Development"
|
||||
ASPNETCORE_URLS: "https://0.0.0.0:8443"
|
||||
Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889"
|
||||
Monitoring__ServiceName: "MidrandBooks.Uat"
|
||||
HasherSettings__MinHashLength: "11"
|
||||
@@ -27,7 +27,6 @@ data:
|
||||
PayfastSettings__ValidHosts__4: "payment.payfast.io"
|
||||
LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
|
||||
LiteCharmsSettings__Audience: "midrandbooks-api"
|
||||
ASPNETCORE_FORWARDEDHEADERS_ENABLED: "true"
|
||||
LiteCharmsClientSettings__Authority: "https://sts.security.khongisa.co.za"
|
||||
LiteCharmsClientSettings__GrantType: "client_credentials"
|
||||
LiteCharmsClientSettings__Scope: "midrandbooks-api"
|
||||
@@ -53,7 +52,7 @@ data:
|
||||
payfast-merchantkey: anU2bmF2bjBqY2JmMA==
|
||||
litecharms-client-clientid: bWlkcmFuZGJvb2tzLWFwaS1zY2FsZXItdWF0
|
||||
litecharms-client-clientsecret: c2VjcmV0XzBhOGRjMWY5OTA2MTU5MGE1MmIxMjcyZGIzYTE4NzFkMjc2MWM3OWZiZDA1OGIyYTk2ODkxMTAyOWU0YjIwOGE=
|
||||
dataprotection-cert: TUlJS2dBSUJBekNDQ2pZR0NTcUdTSWIzRFFFSEFhQ0NDaWNFZ2dvak1JSUtIekNDQkZJR0NTcUdTSWIzRFFFSEJxQ0NCRU13Z2dRL0FnRUFNSUlFT0FZSktvWklodmNOQVFjQk1GY0dDU3FHU0liM0RRRUZEVEJLTUNrR0NTcUdTSWIzRFFFRkREQWNCQWg5cWthVmdHbXovZ0lDQ0FBd0RBWUlLb1pJaHZjTkFna0ZBREFkQmdsZ2hrZ0JaUU1FQVNvRUVLYjJDeXJVTDZCVFpqVUY1cHk4QkxXQWdnUFE3YzBNNnBMejhwSDVCM3hmY0MxMURldGVZOWl4VDlocHl4WVRnY0JDZnh4djBodW5HTXhvaTBPWmMrWUdwN1lFcDhYU0FmR2QzNGc5eERzMlRtQW53alFxVmliR0xHUjNmcElTWkgyMFQ1REhhU3dnV3BweGVGVkU3VXZlZGl4Q25rd0g2VzlFTjhjVUhWZDJJU1ZOK0VocnJPSlJWSTZYKzYydUpRd3EzQm1ZOUlvdXVhSDhkcE1xbXRWMXhTa1ZkM1c1NGdvWTMweVp0QmxQOHMxN2xSd0hYbllKUlBhMlF5djBxY2x5VEs0Nmt0bW01ZU5qV2hOWndZbXJGZ1g3eXhacVB3L3prMlExZjB0bUU3eUpwR0M2eG5wYlBoUVh4SFIyWDg5T0NCNlM5aE1tM3VpRWljMDFmVHNhVEVCSVZvU3dUNzFJWlZVQ2E0d1phZXIweFMwN29XUUszWWwwbnUvSWZtYkpDaytJSFJIckJNWit1T2s3RVcxMzNuK0NyNDhtcGdyMmd2Q2UvVjNLZWlEY0FRWVZmaHQ3aWhnTUUyN0dWNlZEN1ozMEptakY3RGhPTjkyMXpoLzdOaG9JaUxLb0lNbFIxa0lEMzlNNzh5RzRuNVhmNllkUWJkV0UyUFR0UHRCTkpkazBDMXZMTU9jS1ZmbTRNVm5WL0I0dWlZWlh6dGQwbktNRDR2L2tnQXB4RE9wdy9IWU41cHNWYkFlQzNZMWNscFAwVXNiTUovL1ZXUE1Ba3BibS9HeklNSGxlaWQ1ckxQN1VJZ3h4b3BVWU93SVA2aGw4d25zb3NPbExvMDlYTklBUm9QcUFOb3JoNngrOVFsaE4rNThKU1lJTGpuRm5rcjQ3RVl4WkhxQ0l6Q0x2MVZaZG1mcGJROGZLSjAyTGpHdTlTR1hzUUQzcXZRa3ZMR3llZ0JjcDMrOGdYa2ExVGlhS1RPS0h3eTg1UmhIM3VxMXFXNWZWNG54UXB2VjMrTWxFVlBSc2g3RmNNaFNlSys2NkNIT0NaN0pFRzRKUUE3b2NkMFVrYXRYa3NGK2RzOHlYMDJ1Z0xYNDB0bUZ2bmxEZzRYWHpKMXlFcEhjMHUrNzNxcUMrOXM1NnFHc204NFZaMGhuN1pkYzk4RHJYWitVN0hrbFp5Y1BudnRwUHd4enZsSXBmRHJiWWJVK3lqLytpcmlZRGhGdDk0R3phakVLc21scTlIdFc4d1NXZzYwbUpvVUlsejVBVi9aU3dUN1M4eTJXcGxFK1RNRkZ5ZzFUak9iNEpxL1RIcEluVUluZnorb1FqcjZ3NTZmUGRVa0RXN2Y1K1NpM1lZV3ZWZlREZ0FxVDcveFZ2bGlNYzhwUTdnWmViemVCQmpaQ21WNXFUTGVlT3BoalJMOXlNTndIa3JWaDFxVzVlR3ZIVUVTZ05WZFU1Qi9tMVZyY3RXMk5QY1ZmWE1xRGczaHZmd2FwTWxFbTlMWHcvYlh0TmZLOExKWjBmSTdTOFVTVFA4YVgvQlZrTi93YWQ3VjBHakxHSmdxNWtaVEtSRnFaRGZJeTdsSDhGY1VNWjIyRXgwSUkydXYwb2hBbmltWnRVWWtCTFBYUmlZZzRBZE9WMFlzUDZLd1UvNjJ1VUZpWHgvR0JtS1k0QUkyK3FUMkRjSjB1bWVkOXFXL1UyNUg5MXo5aWFzck52RStoWE52NHRFekpldyt0SVlwVXZLMGpScUxlVDFXamJrOGVwclRDQ0JjVUdDU3FHU0liM0RRRUhBYUNDQmJZRWdnV3lNSUlGcmpDQ0Jhb0dDeXFHU0liM0RRRU1DZ0VDb0lJRk1UQ0NCUzB3VndZSktvWklodmNOQVFVTk1Fb3dLUVlKS29aSWh2Y05BUVVNTUJ3RUNOVjB6VkRNUjIxL0FnSUlBREFNQmdncWhraUc5dzBDQ1FVQU1CMEdDV0NHU0FGbEF3UUJLZ1FRbUZRdjhNNFBKTk96c25rVEFqK0tXQVNDQk5EMDZNQi8vTTBWQWxBT2YyazhIWWlUZy9UM1NhRnhvaFpXaWEwcmt5b0svYktZSWdoZWhVelN5aVEwanNzQ3JBUC93TnorQ3BBM1dUTFhyT2lEaDhXWC8yRWpSMi9qc3Z0VEtDZGJqYjA3SktXRVFwNFE1SG81dWYxY2F0VDU5ZEFzZStJdWVWTjk0bGlFVkV0SVNXTmFJWGgrZVhwQm0yb3paOERJUjRDbjNKdTRPZC9vRjQ1cEhZZ09HaUIva21Nb0FDMDJ3TU9kc1Z2dEtvWFBNWXNGZncwWmpwOWZMNXVybzZyV1hEaDlhNnY4TEtocmtIdll0c3lZVmlFMmg4bzltbGlUZ3Rram92NGU2TGo2blViRW4zSXlEZTdtcmxaNU1lMjdLVzVmV1lyanNYTTloUUx2TGt1VUh3bTZnS2tVcXZaeWdlejc3QklrTzBrSCs4V3czb08wWExYWU9IaGdBbCsrd0NMR0wvQlhWMytDOUdiNWR2UVFHa0t5UDdlWkRLRi9URjZqU3pLN2tHdlkxSWs2MUFLSHcxcWc3TkRIZTZHYTNUWFEwRDZVdXVtL3UwdFptRGNsak9UalZXWlIvSkRRa25GNlVOUGVCOVE4RjN3b1RpeFR6eXVpaFI5dnhnNXJ5NldwZnAzK2RTdXQ1d3duNm1TV0lkanZKckphNThGcE1EbnBadGxFRXdkM2g0RnZhNllzd3NKRDI0VGZaVFhRVUlpVlhSWlRjaUI5U29tTHAwbjJva2p6UlpvcDY3Mnl4WGVSQ0tmb3d4REpIU1NBbThQWUFGMGUyeDZRcmV3TVp4UUV2dWVDOHVrNis3Y2p1enE4VmJQRng4T0FPSzdsaUlBZUdzaE9oTXJOOEJsNXYwUjAweWJpSDhTM1NTcDhvcC93RWNBV0ZyaFhNMWVwUzhBeUlqTlJYU2hCM0taaE5QVWg4WHBKSDRBVFhnbXlJbkk5TVZ0NUZZaGVwamo4UHNCRWJEVFN2UU4yY3p4aTBZYWJjM3ZxTWUrcSt1Tm9LOWtYbm9JOGNWSzBSanNXbS9DZjVRQU5nUEVVWDhrY0ZCdVpiZ1E2OHhMMS9KZVg5YlJYL1FJUzRZb2pRWTdGNG1adWxIUkpRaHNlT3VNUndlMnlhZk1na3VzakJQU2dEME5tdzU1L2t6V3NzWUxxb29jTFowOERGVjdlQ1FnYW11MFNXZGplSVZHbW8yN1BuYlF1TFVuSk1jNm5jQkxJcmJwNzExTmZHaWxDYjRqNzcvb2wxU2ZmM0tOaXBoa29JYzUxbGZIUTNRcUJMWmJib3NSQmFQeElsSDhzb1pQOFpyMVIvc0dqVHl0aDRlcEtJQlpMNi9SMGlvcHpKY1RNYnJVY3FyTW1ISVBDdVlkY1graEhGaFNFb2NoU0g5d0plZTRCZDgvVDh0WG1NVW1CVXZLVFJSZkhrYzdzL2V4Q2ZMTGY4cU9YMjNSVXBrZEk1dWZvTFFFT2VwUk9qN2VrUFVHeU15T3hyd2tDUHRhYVJqT3B2OU1LYmRMNnA1RUJHekowVGxyK3p0Q2xlcmhnTkZ1OWVnLzV0OVdhTFhybCtLQlRoc2F5anpTN3FacHBQa3h2RWlTQmdDRmVSSzg2M2wrdVcydVFubU44bTUzaUdMUDg0SzJOQ0JQUG1KM3V6cDFQYkgvTUJ3WHpGbm1sK29qTEw0Qm9vclRtZ1NQVGhoSHZMbk1QMTF0T1lrTjJXQUh2elAySksxQTJadjZWTVZuQU9HYkcrd0RtcXNBbVFaN0J1eVFyeGZBU3FwZytITFR4cWFkNzc2L3p2cDR6dVkzSlZicmxtNmNUNnBEbit1Skc1SEtGdHAvcEE1WDlvQVluU2JJRFdNalJoYVRMSXdlQ2JsTUVFTVRzUzk1aUVjb2JodlU2czNuVFNBU0ZJWjk1UmhhQkhjbHVRMXlkTlllYVpNUkZXeDlTUHJLRVVPSml6OUx3aVRMMWpLdEF0bndockJkTzZpMFM3SmJiK1VXNGJnR3I1WFJyVFRHSkRXSUw3enJ3LzUzYXhDejZUS2dyV0sxTmJjQ3VHS2t0WDV3QitWcTFlUVlQNFYyYWJvYWJyeUppQWlvOGdGQ3RnQTdiRTBwMU9XczJWY0N5MnpXditVTTdrWnlYRXllOHZYajVDMUN5cG5FK241cjM2TzJaU3pGbU1DTUdDU3FHU0liM0RRRUpGVEVXQkJRMWxRK3RvdHJrWmtRYjd1RTZsT3ovZ1B6cUtUQS9CZ2txaGtpRzl3MEJDUlF4TWg0d0FFd0FhUUIwQUdVQVF3Qm9BR0VBY2dCdEFITUFSQUJoQUhRQVlRQlFBSElBYndCMEFHVUFZd0IwQUdrQWJ3QnVNRUV3TVRBTkJnbGdoa2dCWlFNRUFnRUZBQVFnQVc3T3QrNmo5WHU0blQ3cEw5ckY0M2lPblNkNXFMZCt5Sk01QTVxMndEQUVDSDFwTy9oVUV6bE5BZ0lJQUE9PQ==
|
||||
dataprotection-cert: TUlJS2dBSUJBekNDQ2pZR0NTcUdTSWIzRFFFSEFhQ0NDaWNFZ2dvak1JSUtIekNDQkZJR0NTcUdTSWIzRFFFSEJxQ0NCRU13Z2dRL0FnRUFNSUlFT0FZSktvWklodmNOQVFjQk1GY0dDU3FHU0liM0RRRUZEVEJLTUNrR0NTcUdTSWIzRFFFUkREUWEwZ0F3RUFBaUFCQURBTkJnbGdoa2dCWlFNRUFnRUZBQUFTb0VFS2Y2bE55USt1REU4ZjNCOWw5T3pGNG9mSmw5cUtkK3lKTTVBNXEy d0RBRUNIMXBPL2hVRXpsTkFnSUlBQT09
|
||||
dataprotection-password: OWlIUSMmcl41eWZYRXc=
|
||||
---
|
||||
apiVersion: v1
|
||||
@@ -74,7 +73,7 @@ metadata:
|
||||
name: midrandbooks
|
||||
namespace: midrandbooks-uat
|
||||
spec:
|
||||
replicas: 2
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: midrandbooks
|
||||
@@ -102,7 +101,7 @@ spec:
|
||||
memory: "256Mi"
|
||||
cpu: "100m"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
- containerPort: 8443
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: midrandbooks-config
|
||||
@@ -194,13 +193,15 @@ spec:
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
port: 8443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
port: 8443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 3
|
||||
periodSeconds: 5
|
||||
volumes:
|
||||
@@ -214,14 +215,20 @@ metadata:
|
||||
name: midrandbooks-service
|
||||
namespace: midrandbooks-uat
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: https
|
||||
port: 443
|
||||
targetPort: 8443
|
||||
selector:
|
||||
app: midrandbooks
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: midrandbooks-bypass-backend-validation
|
||||
namespace: midrandbooks-uat
|
||||
spec:
|
||||
insecureSkipVerify: true
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
@@ -236,10 +243,12 @@ spec:
|
||||
kind: Rule
|
||||
services:
|
||||
- name: midrandbooks-service
|
||||
port: 80
|
||||
port: 443
|
||||
scheme: https
|
||||
serversTransport: midrandbooks-bypass-backend-validation
|
||||
sticky:
|
||||
cookie:
|
||||
name: "lp-sticky-session"
|
||||
httpOnly: true
|
||||
secure: true
|
||||
tls: {}
|
||||
tls: {}
|
||||
|
||||
Reference in New Issue
Block a user