diff --git a/cmd/cloudcore-server/Dockerfile b/cmd/cloudcore-server/Dockerfile index 9940654..09e86bf 100644 --- a/cmd/cloudcore-server/Dockerfile +++ b/cmd/cloudcore-server/Dockerfile @@ -2,4 +2,4 @@ FROM scratch COPY cloudcore /cloudcore -ENTRYPOINT ["cloudcore"] \ No newline at end of file +ENTRYPOINT ["/cloudcore"] \ No newline at end of file diff --git a/cmd/cloudcore-server/server/grpc.go b/cmd/cloudcore-server/server/grpc.go index 0460a1f..97f98e4 100644 --- a/cmd/cloudcore-server/server/grpc.go +++ b/cmd/cloudcore-server/server/grpc.go @@ -2,11 +2,12 @@ package server import ( "context" + "fmt" "github.com/clarkmcc/brpc" "github.com/clarkmcc/cloudcore/cmd/cloudcore-server/config" "github.com/clarkmcc/cloudcore/cmd/cloudcore-server/database" "github.com/clarkmcc/cloudcore/cmd/cloudcore-server/services" - "github.com/clarkmcc/cloudcore/internal/example" + "github.com/clarkmcc/cloudcore/internal/envtls" "github.com/clarkmcc/cloudcore/internal/rpc" "github.com/clarkmcc/cloudcore/internal/token" "github.com/quic-go/quic-go" @@ -39,7 +40,11 @@ func New( lc.Append(fx.Hook{ OnStart: func(_ context.Context) error { - l, err := quic.ListenAddr(":"+strconv.Itoa(config.AgentServer.Port), example.TLSConfig(), nil) + cfg, err := envtls.TLSConfig() + if err != nil { + return fmt.Errorf("getting tls config: %w", err) + } + l, err := quic.ListenAddr(":"+strconv.Itoa(config.AgentServer.Port), cfg, nil) if err != nil { return err } diff --git a/deploy/helm/.helmignore b/deploy/helm/.helmignore new file mode 100644 index 0000000..fb77c2e --- /dev/null +++ b/deploy/helm/.helmignore @@ -0,0 +1,3 @@ +*.md +.git +.gitignore diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml new file mode 100644 index 0000000..7659775 --- /dev/null +++ b/deploy/helm/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: cloudcore +description: A Helm chart for the CloudCore application +version: 0.1.0 +appVersion: "0.1.0" diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/templates/deployment.yaml new file mode 100644 index 0000000..1cec557 --- /dev/null +++ b/deploy/helm/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudcore +spec: + replicas: 1 + selector: + matchLabels: + app: cloudcore + template: + metadata: + labels: + app: cloudcore + spec: + containers: + - name: cloudcore + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.service.agentServer.port }} + - containerPort: {{ .Values.service.appServer.port }} + env: + - name: AGENT_SERVER_PORT + value: "{{ .Values.env.agentServerPort }}" + - name: APP_SERVER_PORT + value: "{{ .Values.env.appServerPort }}" + - name: AUTH0_DOMAIN + value: "{{ .Values.env.auth0Domain }}" + - name: AUTH0_AUDIENCE + value: "{{ .Values.env.auth0Audience }}" + - name: LOGGING_LEVEL + value: "{{ .Values.env.loggingLevel }}" + - name: AUTH_TOKEN_SIGNING_SECRET + valueFrom: + secretKeyRef: + name: cloudcore-secret + key: authTokenSigningSecret + - name: DATABASE_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: cloudcore-secret + key: databaseConnectionString diff --git a/deploy/helm/templates/secrets.yaml b/deploy/helm/templates/secrets.yaml new file mode 100644 index 0000000..32366fe --- /dev/null +++ b/deploy/helm/templates/secrets.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudcore-secret +type: Opaque +data: + authTokenSigningSecret: {{ randAlphaNum 32 | b64enc | quote }} + databaseConnectionString: {{ .Values.env.databaseConnectionString | b64enc | quote }} diff --git a/deploy/helm/templates/service.yaml b/deploy/helm/templates/service.yaml new file mode 100644 index 0000000..406bc79 --- /dev/null +++ b/deploy/helm/templates/service.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: agent-server-service +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.agentServer.port }} + targetPort: {{ .Values.service.agentServer.port }} + selector: + app: cloudcore + +--- +apiVersion: v1 +kind: Service +metadata: + name: app-server-service +spec: + type: ClusterIP + ports: + - port: {{ .Values.service.appServer.port }} + targetPort: {{ .Values.service.appServer.port }} + selector: + app: cloudcore diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml new file mode 100644 index 0000000..75ba6b1 --- /dev/null +++ b/deploy/helm/values.yaml @@ -0,0 +1,19 @@ +image: + repository: ghcr.io/clarkmcc/cloudcore + pullPolicy: Always + tag: "latest" + +service: + agentServer: + port: 10000 + appServer: + port: 10001 + +env: + agentServerPort: 10000 + appServerPort: 10001 + auth0Domain: "" + auth0Audience: "" + loggingLevel: "" + authTokenSigningSecret: "" # This will be set in the deployment + databaseConnectionString: "" # This will be set from a secret \ No newline at end of file diff --git a/internal/envtls/envtls.go b/internal/envtls/envtls.go new file mode 100644 index 0000000..f2c8908 --- /dev/null +++ b/internal/envtls/envtls.go @@ -0,0 +1,27 @@ +//go:build !dev + +package envtls + +import ( + "crypto/tls" + "fmt" + "os" +) + +func TLSConfig() (*tls.Config, error) { + c := os.Getenv("TLS_CERTIFICATE") + if len(c) == 0 { + return nil, fmt.Errorf("missing tls certificate") + } + k := os.Getenv("TLS_PRIVATE_KEY") + if len(k) == 0 { + return nil, fmt.Errorf("missing tls certificate") + } + cert, err := tls.X509KeyPair([]byte(c), []byte(k)) + if err != nil { + panic(err) + } + return &tls.Config{ + Certificates: []tls.Certificate{cert}, + }, nil +} diff --git a/internal/envtls/envtls_dev.go b/internal/envtls/envtls_dev.go new file mode 100644 index 0000000..2b9e197 --- /dev/null +++ b/internal/envtls/envtls_dev.go @@ -0,0 +1,12 @@ +//go:build dev + +package envtls + +import ( + "crypto/tls" + "github.com/clarkmcc/cloudcore/internal/envtls/example" +) + +func TLSConfig() (*tls.Config, error) { + return example.TLSConfig(), nil +} diff --git a/internal/example/certs.go b/internal/envtls/example/certs.go similarity index 100% rename from internal/example/certs.go rename to internal/envtls/example/certs.go diff --git a/internal/example/certs_gen.go b/internal/envtls/example/certs_gen.go similarity index 100% rename from internal/example/certs_gen.go rename to internal/envtls/example/certs_gen.go diff --git a/internal/example/certs_gen_dev.go b/internal/envtls/example/certs_gen_dev.go similarity index 100% rename from internal/example/certs_gen_dev.go rename to internal/envtls/example/certs_gen_dev.go diff --git a/internal/example/example.com-key.pem b/internal/envtls/example/example.com-key.pem similarity index 100% rename from internal/example/example.com-key.pem rename to internal/envtls/example/example.com-key.pem diff --git a/internal/example/example.com.pem b/internal/envtls/example/example.com.pem similarity index 100% rename from internal/example/example.com.pem rename to internal/envtls/example/example.com.pem