chore: docker production updates

Sphereon-Opensource · Oct 23, 2024 · 2e339ef · 2e339ef
1 parent f4d4a9f
commit 2e339ef
Show file tree

Hide file tree

Showing 8 changed files with 169 additions and 4 deletions.
diff --git a/.docker/admin-server/Dockerfile b/.docker/admin-server/Dockerfile
@@ -13,7 +13,6 @@ FROM openjdk:21-jdk as runner
 
 WORKDIR /app
 
-COPY .env .env
 COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.0.1.jar ./admin-server-0.0.1.jar
 
 ENTRYPOINT ["java", "-jar", "admin-server-0.0.1.jar"]
diff --git a/.docker/federation-server/Dockerfile b/.docker/federation-server/Dockerfile
@@ -13,7 +13,6 @@ FROM openjdk:21-jdk as runner
 
 WORKDIR /app
 
-COPY .env .env
 COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.0.1.jar ./federation-server-0.0.1.jar
 
 ENTRYPOINT ["java", "-jar", "federation-server-0.0.1.jar"]
diff --git a/.docker/prod-deployment/build.sh b/.docker/prod-deployment/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+source ./version-config.sh
+
+docker build -t ${FED_IMAGE}:${FED_VERSION} -f ../federation-server/Dockerfile ../../
+docker build -t ${ADMIN_IMAGE}:${ADMIN_VERSION} -f ../admin-server/Dockerfile ../../
diff --git a/.docker/prod-deployment/docker-compose.yaml b/.docker/prod-deployment/docker-compose.yaml
@@ -0,0 +1,114 @@
+version: '3.9'
+
+services:
+  db:
+    image: postgres:latest
+    container_name: openid-federation-datastore
+    environment:
+      POSTGRES_USER: ${DATASOURCE_USER}
+      POSTGRES_PASSWORD: ${DATASOURCE_PASSWORD}
+      POSTGRES_DB: ${DATASOURCE_DB}
+    volumes:
+      - /mnt/openid-federation/volumes/postgres:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -d ${DATASOURCE_DB} -U ${DATASOURCE_USER}" ]
+      interval: 3s
+      timeout: 5s
+      retries: 20
+    restart: unless-stopped
+
+  local-kms-db:
+    image: postgres:latest
+    container_name: openid-federation-local-kms-datastore
+    environment:
+      POSTGRES_USER: ${LOCAL_KMS_DATASOURCE_USER}
+      POSTGRES_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
+      POSTGRES_DB: ${LOCAL_KMS_DATASOURCE_DB}
+    volumes:
+      - /mnt/openid-federation/volumes/local-kms:/var/lib/postgresql/data
+    networks:
+      - backend
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -d ${LOCAL_KMS_DATASOURCE_DB} -U ${LOCAL_KMS_DATASOURCE_USER}" ]
+      interval: 3s
+      timeout: 5s
+      retries: 20
+
+  federation-server:
+    image: sphereonregistry.azurecr.io/federation-server:latest
+    container_name: openid-federation-server
+    environment:
+      DATASOURCE_URL: ${DATASOURCE_URL}
+      DATASOURCE_USER: ${DATASOURCE_USER}
+      DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+      APP_KEY: ${APP_KEY}
+      KMS_PROVIDER: ${KMS_PROVIDER}
+      LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL}
+      LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER}
+      LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
+      LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB}
+      ROOT_IDENTIFIER: ${ROOT_IDENTIFIER}
+    volumes:
+      - ./config/federation-server/application.properties:/app/application.properties
+    depends_on:
+      admin-server:
+        condition: service_started
+      db:
+        condition: service_healthy
+    networks:
+      - frontend
+      - backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=frontend"
+      - "traefik.http.routers.federation-server.entrypoints=websecure"
+      - "traefik.http.routers.federation-server.rule=Host(`${FEDERATION_HOSTS}`)"
+      - "traefik.http.routers.federation-server.tls.certresolver=acmeresolver"
+      - "traefik.http.services.federation-server.loadbalancer.server.port=8080"
+      - "traefik.http.services.federation-server.loadbalancer.server.scheme=http"
+    restart: unless-stopped
+
+  admin-server:
+    image: sphereonregistry.azurecr.io/federation-admin-server:latest
+    container_name: openid-federation-server-admin
+    environment:
+      DATASOURCE_URL: ${DATASOURCE_URL}
+      DATASOURCE_USER: ${DATASOURCE_USER}
+      DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+      APP_KEY: ${APP_KEY}
+      KMS_PROVIDER: ${KMS_PROVIDER}
+      LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL}
+      LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER}
+      LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
+      LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB}
+      ROOT_IDENTIFIER: ${ROOT_IDENTIFIER}
+    volumes:
+      - ./config/admin-server/application.properties:/app/application.properties
+    depends_on:
+      db:
+        condition: service_healthy
+      local-kms-db:
+        condition: service_healthy
+    networks:
+      - frontend
+      - backend
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=frontend"
+      - "traefik.http.routers.federation-admin.entrypoints=websecure"
+      - "traefik.http.routers.federation-admin.rule=Host(`${FEDERATION_ADMIN_HOSTS}`)"
+      - "traefik.http.routers.federation-admin.tls.certresolver=acmeresolver"
+      - "traefik.http.services.federation-admin.loadbalancer.server.port=8080"
+      - "traefik.http.services.federation-admin.loadbalancer.server.scheme=http"
+         # IP Whitelist middleware
+      - "traefik.http.routers.federation-admin.middlewares=admin-whitelist-sourceip"
+      - "traefik.http.middlewares.admin-whitelist-sourceip.ipwhitelist.sourcerange=${ADMIN_IP_WHITELIST}"
+    restart: unless-stopped
+
+networks:
+  frontend:
+    external: true
+  backend:
+    driver: bridge
diff --git a/.docker/prod-deployment/push.sh b/.docker/prod-deployment/push.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+source ./version-config.sh
+
+# Push federation server images
+docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:${FED_VERSION}
+docker push ${REGISTRY}/${FED_IMAGE}:${FED_VERSION}
+docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:latest
+docker push ${REGISTRY}/${FED_IMAGE}:latest
+
+# Push admin server images
+docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION}
+docker push ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION}
+docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:latest
+docker push ${REGISTRY}/${ADMIN_IMAGE}:latest
diff --git a/.docker/prod-deployment/version-config.sh b/.docker/prod-deployment/version-config.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Function to extract version from gradle file
+get_version() {
+    local gradle_file=$1
+    local version=$(grep -m 1 "version = " "$gradle_file" | cut -d'"' -f2)
+    if [ -z "$version" ]; then
+        echo "Could not find version in $gradle_file"
+        exit 1
+    fi
+    echo "$version"
+}
+
+# Base paths
+MODULES_PATH="../../modules"
+REGISTRY="sphereonregistry.azurecr.io"
+
+# Get versions
+FED_VERSION=$(get_version "${MODULES_PATH}/federation-server/build.gradle.kts")
+ADMIN_VERSION=$(get_version "${MODULES_PATH}/admin-server/build.gradle.kts")
+
+# Image names
+FED_IMAGE="federation-server"
+ADMIN_IMAGE="federation-admin-server"
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -7,7 +7,7 @@ services:
       POSTGRES_PASSWORD: ${DATASOURCE_PASSWORD}
       POSTGRES_DB: ${DATASOURCE_DB}
     ports:
-      - "5432:5432"
+      - "5436:5432"
     volumes:
       - postgres_data:/var/lib/postgresql/data
     networks:
@@ -26,7 +26,7 @@ services:
       POSTGRES_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
       POSTGRES_DB: ${LOCAL_KMS_DATASOURCE_DB}
     ports:
-      - "5433:5432"
+      - "5437:5432"
     volumes:
       - local_kms_data:/var/lib/postgresql/data
     networks:
@@ -48,6 +48,13 @@ services:
       DATASOURCE_URL: ${DATASOURCE_URL}
       DATASOURCE_USER: ${DATASOURCE_USER}
       DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+      APP_KEY: ${APP_KEY}
+      KMS_PROVIDER: ${KMS_PROVIDER}
+      LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL}
+      LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER}
+      LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
+      LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB}
+      ROOT_IDENTIFIER: ${ROOT_IDENTIFIER}
     depends_on:
       admin-server:
         condition: service_started

diff --git a/modules/federation-server/src/main/resources/application.properties b/modules/federation-server/src/main/resources/application.properties
@@ -3,6 +3,7 @@ spring.application.name=OpenID Federation Server
 spring.datasource.url=${DATASOURCE_URL}
 spring.datasource.username=${DATASOURCE_USER}
 spring.datasource.password=${DATASOURCE_PASSWORD}
+
 # Mapping /actuator/health to /status
 management.endpoints.web.base-path=/
 management.endpoints.web.path-mapping.health=status