--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# mep pod
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: mepagent
+ namespace: mep
+ labels:
+ app: mepagent
+spec:
+ containers:
+ - image: ealtedge/mepagent:latest
+ imagePullPolicy: Always
+ name: mepagent-pod
+ env:
+ - name: CA_CERT_DOMAIN_NAME
+ value: "www.ealtedge.org"
+ - name: SSL_ROOT
+ value: "/etc/mepagent_ssl/trust.cer"
+ - name: APP_SSL_MODE
+ value: "0"
+ ports:
+ - containerPort: 80
+ #volumeMounts:
+ #- name: mepagentssl
+ #mountPath: "/etc/mepagent_ssl"
+ #readOnly: true
+ #volumes:
+ #- name: mepagentssl
+ #secret:
+ #secretName: mepagentssl-secret
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: copy deploy folder to mep node to install mepagent
+ copy:
+ src: deploy
+ dest: /tmp/mepagent/
+
+- name: Create mepagent-secret
+ shell:
+# yamllint disable rule:line-length
+ cmd: kubectl create secret --namespace mep generic mepagentssl-secret --from-file=/tmp/mepserver/deploy/server.cer --from-file=/tmp/mepserver/deploy/server_key.pem --from-file=/tmp/mepserver/deploy/trust.cer
+
+- name: Apply mepagent service
+ shell:
+ cmd: kubectl apply -f /tmp/mepagent/deploy/mepagent.yaml
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- include: "install.yml"
+ when: operation == 'install'
--- /dev/null
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Uninstalling mepagent
+ shell:
+ cmd: echo "Reseting the mepagent"
+
+- name: Remove the Deployment of mepagent
+ shell:
+ cmd: kubectl delete namespace mep
+ ignore_errors: 'True'
+
+
+- name: Remove the Deployment of mepserver
+ shell:
+ cmd: kubectl delete -f /tmp/mepagent/deploy
+ ignore_errors: 'True'
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
+ #- name: KONG_SSL_CERT
+ #value: /run/kongssl/server.cer
+ #- name: KONG_SSL_CERT_KEY
+ #value: /run/kongssl/server_key.pem
ports:
- containerPort: 8000
name: proxy
- containerPort: 8444
name: admin-api-ssl
protocol: TCP
- volumeMounts:
- - name: kongssl
- mountPath: "/run/kongssl"
- readOnly: true
- volumes:
- - name: kongssl
- secret:
- secretName: kongssl-secret
+ #volumeMounts:
+ #- name: kongssl
+ #mountPath: "/run/kongssl"
+ #readOnly: true
+ #volumes:
+ #- name: kongssl
+ #secret:
+ #secretName: kongssl-secret
# kong service
ports:
- port: 8000
name: proxy
+ nodePort: 30010
- port: 8443
name: proxy-ssl
+ nodePort: 30011
- port: 8001
name: admin-api
+ nodePort: 30012
- port: 8444
name: admin-api-ssl
+ nodePort: 30013
--- /dev/null
+#!/bin/bash
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Command to update Kong
+
+
+curl --location --request DELETE 'http://159.138.22.15:30012/routes/mp1'
+curl --location --request DELETE 'http://159.138.22.15:30012/services/http-mp1'
+curl --location --request POST 'http://159.138.22.15:30012/services' --header 'Content-Type: application/json' --data '{"url": "https://mep-service:8088","name": "http-mp1"}'
+curl --location --request POST 'http://159.138.22.15:30012/services/http-mp1/routes' --header 'Content-Type: application/json' --data '{"paths": ["/mp1"], "name": "mp1"}'
value: "/etc/mepssl"
- name: MEP_SSL_MODE
value: "0"
- volumeMounts:
- - name: mepssl
- mountPath: "/etc/mepssl"
- readOnly: true
- volumes:
- - name: mepssl
- secret:
- secretName: mepssl-secret
+ #volumeMounts:
+ #- name: mepssl
+ #mountPath: "/etc/mepssl"
+ #readOnly: true
+ #volumes:
+ #- name: mepssl
+ #secret:
+ #secretName: mepssl-secret
# mep service
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDBjCCAe4CCQCfViZd0MNOEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTIwMDUwOTE1MDczNFoXDTMwMDUwNzE1MDczNFowRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-APAyHQYv9OUkzXF/jcSl24MxmzY8FGrTAv1HsY1I0IH/vzeig60CGAyvi/Za/rWq
-6vh2lR4mSHRJ7aB6gNrvhj/IHrJFtt6HDhIoG6WiJ0xZRjnkvYdgye2/Jc6ydJjQ
-F4nz17BbvyzkxdZtnd5aHhM5Fbkd/R5DPNyaNnCetUUehMH7I0vAew//kIu2PfQJ
-stvOzgdAtBuPz/D6Cq7EljkX+6ROZggDi2NRFKzMp2moajKdvPQFs1WTKg1at/+k
-zFAcAi68DxyxhdPEFpKU3uepccbh332cJ1/x1bVHlUSVwH9SNi8to9nLG/NrL2UY
-wrX/ZzrYL7IUHqu7zlVpUN8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA42ECvTd3
-ZsL5a1x5HKQiIuvjKYI6pfsU67vB3e+IiXC8KqYVTWLIWILUXDXYrmO68vQ4+ewz
-GKTPmL50x7y6EurX5qYJ/Znj4frBOkFIRlT17rwz+HDx/ZdaLmh4D3q0jkfsjSqi
-eEh2kHfiJMLEWwPLcTfTdqtnjITvPIVydj+T+ocCvgfXsriJq4TwXl8panJiQAS2
-15gs3aRtb6PEr8jvt+a1WfnBtpFscelr7BTGpQZvGPbIFx0Xw1O106dMbi1nxG5B
-xsWL8JAb5qlbxW+jQdSuz+O2vF/CGeGZLUqvJjHx+Ud6OBoBMBmf9tEprQxJeCRD
-OhHC7N5cztTIdQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C02B29671A16FE3F
-
-oj2/2Q763tk6b6+A0H16+G7CEjnx6uWlKbf6N2GzcvQnJBd7n39Q2aImVM8syNCO
-2wyNL5LH/FZt8qBOAFMIX8wba+VRbDAZrVK3mVNLjHf5K2Pb4kQdvzwunGC9vjR3
-C4w8sVvs2Lo+zU3f/TpWNrN8B4AVx0jn+yPmyzMgJ+TgpvBOsinSWC96UBNOeabf
-ShwFtO7wrFDWjmgtBWlWYUn4DogFiahIfw/CVMzvsSAtpB03Ajb5boEWLtkfly+s
-EfajYn42/YeG5/ibzb7aQ5Ld/U5RFX36s4O3J3FGnHhsGIWNn0NUM4NfPBiKD9r8
-Wy9muK9n1MsaUPbn2Dn8tWjSZGVeNjeVCLQaEoIYRin8zhDlpco3fE2F+cKWOTce
-VV8ejCikB+bQeFnQCAeT0RNNhXgeRwSTotLKjmGYB2PiWsBdiBy1XM3Icw5nc6MF
-jx6zCN5VeQ0k2ZOkoNUn95C/3d6JfyGTOAbzRvfJAoLS1ZguwZFL3Ki27Q/pdkdl
-HAjJbS/l4CRXftn2IHSTS7OBtbnKeD0Ui19Iq50SLQEFfobKxdquio0vxIQCovkp
-ouiUH/93yETLyIkc1enYnwqpEnoEgYV+aQRbdVUMajNWDcsemI9sdHQR9xueAokU
-ksNK4+YejmcW3+DZva+haTaeG73RKRVVuVSczeQs5mEaCl4sKJANR/flfcZFtBBD
-LSj82oa8lc72c7a3w5P8qZIui91jEIjpnZPstUGv8Pc1MqnSMu4oyehYF1tkOVfR
-LdxZhzRGyYjkU1ki6GvRQ5+hd6cPV8AP46dxYyk5/tmdnY+cAMs+VpP4eK9CR6LD
-FkjwkHRxpSIvY2useQWCszCaEgIl6KwysWTPH4mAztH028/2jw1GgAe5xlBBYHlE
-uHbBP6h8VNLGWV1TADXpERYnudGAf3RA7/PU7JzeEebCVWuV21DhaU0KU8gNx+tO
-J/LHn95BtVEsuweeUyJh2G35sas50RxBi5UXy8MfG50QteUa7RPyGCkoxyo3wyts
-O2FKsPLpUsqKD73XL1BB1hiBeylB41r9zrQAK845V2M8lhWSe0yI96LDkphaDHWs
-G8C9q9zR5+aNdJK4tgDYA1MkIArmMDKoknQkJFGn1QbVnYTIXQZNIyfalhriW/0Z
-GPqPIeX8ejUU1Ev0s+0sTp/yVMMZzCInUQCcPMcFS7QDL3K3IsMw/2ucpp5thPSE
-IehioQf8gnDqaDD8qaOjAoZ+F5hthysAv7lDQEX/d/wr28g1PBZr5p78x4x5T3uE
-uLaGFmxIC1UdcKeOkCxUGXahqjaHuFeJI1eL8KHKi/b57Co1dHlfqx3pQJi74TlF
-AwkqC5s2VBa2fCXy7gfcE5wkrD2KpGcaOa37AiSocSMcYnF4RmWiZ2CHnebMuG5s
-hVDqXofamV4E0CpJHq9TRCAdR6qq6rTfQcT73Vmu7FvMXb3cT/F8aXfli2x157zw
-K2Xi2PsbBLDl6zODzZ2/EjShNnwPOTtx0m73kppa/RoW+56AlFG6q/7fH1tDkOqW
-fvVrZlJVFeDNp7sBEuoN+OhCiuKG9VajaQWpeUeCkua0kRzsKRs/oA==
------END RSA PRIVATE KEY-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDBjCCAe4CCQCfViZd0MNOEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTIwMDUwOTE1MDczNFoXDTMwMDUwNzE1MDczNFowRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-APAyHQYv9OUkzXF/jcSl24MxmzY8FGrTAv1HsY1I0IH/vzeig60CGAyvi/Za/rWq
-6vh2lR4mSHRJ7aB6gNrvhj/IHrJFtt6HDhIoG6WiJ0xZRjnkvYdgye2/Jc6ydJjQ
-F4nz17BbvyzkxdZtnd5aHhM5Fbkd/R5DPNyaNnCetUUehMH7I0vAew//kIu2PfQJ
-stvOzgdAtBuPz/D6Cq7EljkX+6ROZggDi2NRFKzMp2moajKdvPQFs1WTKg1at/+k
-zFAcAi68DxyxhdPEFpKU3uepccbh332cJ1/x1bVHlUSVwH9SNi8to9nLG/NrL2UY
-wrX/ZzrYL7IUHqu7zlVpUN8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA42ECvTd3
-ZsL5a1x5HKQiIuvjKYI6pfsU67vB3e+IiXC8KqYVTWLIWILUXDXYrmO68vQ4+ewz
-GKTPmL50x7y6EurX5qYJ/Znj4frBOkFIRlT17rwz+HDx/ZdaLmh4D3q0jkfsjSqi
-eEh2kHfiJMLEWwPLcTfTdqtnjITvPIVydj+T+ocCvgfXsriJq4TwXl8panJiQAS2
-15gs3aRtb6PEr8jvt+a1WfnBtpFscelr7BTGpQZvGPbIFx0Xw1O106dMbi1nxG5B
-xsWL8JAb5qlbxW+jQdSuz+O2vF/CGeGZLUqvJjHx+Ud6OBoBMBmf9tEprQxJeCRD
-OhHC7N5cztTIdQ==
------END CERTIFICATE-----
src: deploy
dest: /tmp/mepserver/
+- name: Generate Certificates
+ shell:
+# yamllint disable rule:line-length
+ cmd: openssl genrsa -out ca.key 2048
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate Certificate - Step 2
+ shell:
+ cmd: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out ca.csr
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate Root Certificate
+ shell:
+ cmd: openssl x509 -req -days 365 -in ca.csr -extensions v3_req -signkey ca.key -out trust.cer
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS certificate and TLS Key
+ shell:
+ cmd: openssl genrsa -out server_key.pem 2048
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS Certificate and TLS Key
+ shell:
+ cmd: openssl req -new -key server_key.pem -subj /C=CN/ST=Beijing/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out tls.csr
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS Certificate and TLS Key
+ shell:
+ cmd: openssl x509 -req -in tls.csr -extensions v3_req -CA trust.cer -CAkey ca.key -CAcreateserial -out server.cer
+ chdir: /tmp/mepserver/deploy/
+
- name: Create mepssl-secret
shell:
# yamllint disable rule:line-length
- name: Apply postgres-k8s.yaml
shell:
cmd: kubectl apply -f /tmp/mepserver/deploy/postgres-k8s.yaml
+
+- name: -----Configuring Kong API Gateway-----
+ shell:
+ cmd: sleep 30
+
+- name: Configuring Kong API Gateway
+ shell:
+ cmd: chmod +x kongconfig.sh && ./kongconfig.sh
+ chdir: /tmp/mepserver/deploy/