diff --git a/.docker/admin-server/Dockerfile b/.docker/admin-server/Dockerfile index f912757a..87be1628 100644 --- a/.docker/admin-server/Dockerfile +++ b/.docker/admin-server/Dockerfile @@ -13,7 +13,6 @@ FROM openjdk:21-jdk as runner WORKDIR /app -COPY .env .env COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.0.1.jar ./admin-server-0.0.1.jar ENTRYPOINT ["java", "-jar", "admin-server-0.0.1.jar"] diff --git a/.docker/federation-server/Dockerfile b/.docker/federation-server/Dockerfile index e9adeec1..2a95313b 100644 --- a/.docker/federation-server/Dockerfile +++ b/.docker/federation-server/Dockerfile @@ -13,7 +13,6 @@ FROM openjdk:21-jdk as runner WORKDIR /app -COPY .env .env COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.0.1.jar ./federation-server-0.0.1.jar ENTRYPOINT ["java", "-jar", "federation-server-0.0.1.jar"] diff --git a/.docker/prod-deployment/build.sh b/.docker/prod-deployment/build.sh new file mode 100644 index 00000000..96c2a23e --- /dev/null +++ b/.docker/prod-deployment/build.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +source ./version-config.sh + +docker build -t ${FED_IMAGE}:${FED_VERSION} -f ../federation-server/Dockerfile ../../ +docker build -t ${ADMIN_IMAGE}:${ADMIN_VERSION} -f ../admin-server/Dockerfile ../../ diff --git a/.docker/prod-deployment/docker-compose.yaml b/.docker/prod-deployment/docker-compose.yaml new file mode 100644 index 00000000..82a0e91c --- /dev/null +++ b/.docker/prod-deployment/docker-compose.yaml @@ -0,0 +1,114 @@ +version: '3.9' + +services: + db: + image: postgres:latest + container_name: openid-federation-datastore + environment: + POSTGRES_USER: ${DATASOURCE_USER} + POSTGRES_PASSWORD: ${DATASOURCE_PASSWORD} + POSTGRES_DB: ${DATASOURCE_DB} + volumes: + - /mnt/openid-federation/volumes/postgres:/var/lib/postgresql/data + networks: + - backend + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d ${DATASOURCE_DB} -U ${DATASOURCE_USER}" ] + interval: 3s + timeout: 5s + retries: 20 + restart: unless-stopped + + local-kms-db: + image: postgres:latest + container_name: openid-federation-local-kms-datastore + environment: + POSTGRES_USER: ${LOCAL_KMS_DATASOURCE_USER} + POSTGRES_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD} + POSTGRES_DB: ${LOCAL_KMS_DATASOURCE_DB} + volumes: + - /mnt/openid-federation/volumes/local-kms:/var/lib/postgresql/data + networks: + - backend + healthcheck: + test: [ "CMD-SHELL", "pg_isready -d ${LOCAL_KMS_DATASOURCE_DB} -U ${LOCAL_KMS_DATASOURCE_USER}" ] + interval: 3s + timeout: 5s + retries: 20 + + federation-server: + image: sphereonregistry.azurecr.io/federation-server:latest + container_name: openid-federation-server + environment: + DATASOURCE_URL: ${DATASOURCE_URL} + DATASOURCE_USER: ${DATASOURCE_USER} + DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD} + APP_KEY: ${APP_KEY} + KMS_PROVIDER: ${KMS_PROVIDER} + LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL} + LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER} + LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD} + LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB} + ROOT_IDENTIFIER: ${ROOT_IDENTIFIER} + volumes: + - ./config/federation-server/application.properties:/app/application.properties + depends_on: + admin-server: + condition: service_started + db: + condition: service_healthy + networks: + - frontend + - backend + labels: + - "traefik.enable=true" + - "traefik.docker.network=frontend" + - "traefik.http.routers.federation-server.entrypoints=websecure" + - "traefik.http.routers.federation-server.rule=${FEDERATION_HOSTS}" + - "traefik.http.routers.federation-server.tls.certresolver=acmeresolver" + - "traefik.http.services.federation-server.loadbalancer.server.port=8080" + - "traefik.http.services.federation-server.loadbalancer.server.scheme=http" + restart: unless-stopped + + admin-server: + image: sphereonregistry.azurecr.io/federation-admin-server:latest + container_name: openid-federation-server-admin + environment: + DATASOURCE_URL: ${DATASOURCE_URL} + DATASOURCE_USER: ${DATASOURCE_USER} + DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD} + APP_KEY: ${APP_KEY} + KMS_PROVIDER: ${KMS_PROVIDER} + LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL} + LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER} + LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD} + LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB} + ROOT_IDENTIFIER: ${ROOT_IDENTIFIER} + volumes: + - ./config/admin-server/application.properties:/app/application.properties + depends_on: + db: + condition: service_healthy + local-kms-db: + condition: service_healthy + networks: + - frontend + - backend + labels: + - "traefik.enable=true" + - "traefik.docker.network=frontend" + - "traefik.http.routers.federation-admin.entrypoints=websecure" + - "traefik.http.routers.federation-admin.rule=${FEDERATION_ADMIN_HOSTS}" + - "traefik.http.routers.federation-admin.tls.certresolver=acmeresolver" + - "traefik.http.services.federation-admin.loadbalancer.server.port=8080" + - "traefik.http.services.federation-admin.loadbalancer.server.scheme=http" + # IP Whitelist middleware + - "traefik.http.routers.federation-admin.middlewares=admin-whitelist-sourceip" + - "traefik.http.middlewares.admin-whitelist-sourceip.ipwhitelist.sourcerange=${ADMIN_IP_WHITELIST}" + restart: unless-stopped + +networks: + frontend: + external: true + backend: + driver: bridge diff --git a/.docker/prod-deployment/push.sh b/.docker/prod-deployment/push.sh new file mode 100644 index 00000000..77d27260 --- /dev/null +++ b/.docker/prod-deployment/push.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +source ./version-config.sh + +# Push federation server images +docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:${FED_VERSION} +docker push ${REGISTRY}/${FED_IMAGE}:${FED_VERSION} +docker tag ${FED_IMAGE}:${FED_VERSION} ${REGISTRY}/${FED_IMAGE}:latest +docker push ${REGISTRY}/${FED_IMAGE}:latest + +# Push admin server images +docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION} +docker push ${REGISTRY}/${ADMIN_IMAGE}:${ADMIN_VERSION} +docker tag ${ADMIN_IMAGE}:${ADMIN_VERSION} ${REGISTRY}/${ADMIN_IMAGE}:latest +docker push ${REGISTRY}/${ADMIN_IMAGE}:latest diff --git a/.docker/prod-deployment/version-config.sh b/.docker/prod-deployment/version-config.sh new file mode 100644 index 00000000..541e6c5c --- /dev/null +++ b/.docker/prod-deployment/version-config.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Function to extract version from gradle file +get_version() { + local gradle_file=$1 + local version=$(grep -m 1 "version = " "$gradle_file" | cut -d'"' -f2) + if [ -z "$version" ]; then + echo "Could not find version in $gradle_file" + exit 1 + fi + echo "$version" +} + +# Base paths +MODULES_PATH="../../modules" +REGISTRY="sphereonregistry.azurecr.io" + +# Get versions +FED_VERSION=$(get_version "${MODULES_PATH}/federation-server/build.gradle.kts") +ADMIN_VERSION=$(get_version "${MODULES_PATH}/admin-server/build.gradle.kts") + +# Image names +FED_IMAGE="federation-server" +ADMIN_IMAGE="federation-admin-server" diff --git a/docker-compose.yaml b/docker-compose.yaml index 356015bd..85609daa 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -48,6 +48,13 @@ services: DATASOURCE_URL: ${DATASOURCE_URL} DATASOURCE_USER: ${DATASOURCE_USER} DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD} + APP_KEY: ${APP_KEY} + KMS_PROVIDER: ${KMS_PROVIDER} + LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL} + LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER} + LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD} + LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB} + ROOT_IDENTIFIER: ${ROOT_IDENTIFIER} depends_on: admin-server: condition: service_started diff --git a/modules/federation-server/src/main/resources/application.properties b/modules/federation-server/src/main/resources/application.properties index 0ac4201e..4bf9cbc5 100644 --- a/modules/federation-server/src/main/resources/application.properties +++ b/modules/federation-server/src/main/resources/application.properties @@ -3,6 +3,7 @@ spring.application.name=OpenID Federation Server spring.datasource.url=${DATASOURCE_URL} spring.datasource.username=${DATASOURCE_USER} spring.datasource.password=${DATASOURCE_PASSWORD} + # Mapping /actuator/health to /status management.endpoints.web.base-path=/ management.endpoints.web.path-mapping.health=status