diff --git a/README-install.md b/README-install.md new file mode 100644 index 0000000..e4102aa --- /dev/null +++ b/README-install.md @@ -0,0 +1,41 @@ +# Install + +## Terraform install + +The best way to deploy roxprox+envoy to your infrastructure is by using our terraform module. You can download and install terraform from [https://developer.hashicorp.com/terraform/install](https://developer.hashicorp.com/terraform/install). + +Once downloaded, create a new project directory, and create a proxy.tf file with the following contents: +``` +module "roxprox" { + source = "git@github.com:in4it/roxprox.git//terraform" + envoy_release = "v1.29.3" + release = "0.0.23" + envoy_proxy_cpu = 512 + envoy_proxy_memory = 1024 + loadbalancer = "alb" + loadbalancer_alb_cert = "example.com" + control_plane_count = 1 + envoy_proxy_count = 1 + envoy_extra_target_group_arns = [aws_lb_target_group.envoy-proxy-http-internal.id] + lb_subnets = [] # aws public subnet to use (pick 2) + subnets = [] # aws private subnet to use (typically corresponding private subnets in same AZ) + s3_bucket = "roxprox-examplecom" # s3 bucket will be created. config resides in config/ + bucket_lb_logs = "roxprox-examplecom" # lb logs +} +``` + +Make sure to have a TLS certificate configured for the domain name specified as "loadbalancer_alb_cert". Fill out the lb_subnets and subnets (public and private vpc subnets to use). Modify the s3 bucket name. Ssee next step to upload configuration. Make changes where desired, then apply the configuration: + +``` +terraform init +terraform apply +``` + +This will launch the roxprox and envoy container within a new ECS cluster, the s3 bucket, and add a loadbalancer pointing to the envoy instance. + +To change the configuration, upload a configuration yaml file to the s3 bucket (change the bucket with your bucket name): +``` +aws s3 cp resources/example-proxy/mocky.yaml s3://roxprox-examplecom/config/mocky.yaml +``` + +To test the installation, hit the newly created loadbalancer endpoint with curl or a browser. \ No newline at end of file diff --git a/cmd/envoy-control-plane/main.go b/cmd/envoy-control-plane/main.go index 48fae95..fc5d177 100644 --- a/cmd/envoy-control-plane/main.go +++ b/cmd/envoy-control-plane/main.go @@ -5,6 +5,7 @@ import ( "os" "strings" + "github.com/in4it/roxprox/pkg/awsmarketplace" envoy "github.com/in4it/roxprox/pkg/envoy" "github.com/in4it/roxprox/pkg/management" storage "github.com/in4it/roxprox/pkg/storage" @@ -15,15 +16,16 @@ var logger = loggo.GetLogger("envoy-control-plane") func main() { var ( - err error - loglevel string - storageType string - storagePath string - storageBucket string - storageNotifications string - awsRegion string - acmeContact string - s storage.Storage + err error + loglevel string + storageType string + storagePath string + storageBucket string + storageNotifications string + awsRegion string + acmeContact string + skipRegisterMarketplace bool + s storage.Storage ) flag.StringVar(&loglevel, "loglevel", "INFO", "log level") flag.StringVar(&storageType, "storage-type", "local", "storage type") @@ -32,6 +34,7 @@ func main() { flag.StringVar(&storageNotifications, "storage-notifications", "", "s3 storage notifications") flag.StringVar(&awsRegion, "aws-region", "", "AWS region") flag.StringVar(&acmeContact, "acme-contact", "", "acme contact for TLS certs") + flag.BoolVar(&skipRegisterMarketplace, "skip-register-marketplace", false, "skip the registration to the AWS marketplace") flag.Parse() @@ -43,6 +46,14 @@ func main() { loggo.ConfigureLoggers(`=INFO`) } + if !skipRegisterMarketplace { + err := awsmarketplace.Register(awsRegion) + if err != nil { + logger.Errorf("AWS marketplace registration error: %s", err) + os.Exit(1) + } + } + if storageType == "local" { s, err = storage.NewLocalStorage(storagePath) if err != nil { diff --git a/go.mod b/go.mod index c05e7e1..5410dd6 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 replace github.com/golang/mock v1.4.3 => github.com/golang/mock v1.4.4 require ( - github.com/aws/aws-sdk-go v1.38.69 + github.com/aws/aws-sdk-go v1.53.16 github.com/envoyproxy/go-control-plane v0.12.0 github.com/google/go-cmp v0.5.9 github.com/google/uuid v1.3.0 diff --git a/go.sum b/go.sum index 4f7fe11..4567bd0 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/aws/aws-sdk-go v1.38.69 h1:V489lmrdkIQSfF6OAGZZ1Cavcm7eczCm2JcGvX+yHRg= -github.com/aws/aws-sdk-go v1.38.69/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.53.16 h1:8oZjKQO/ml1WLUZw5hvF7pvYjPf8o9f57Wldoy/q9Qc= +github.com/aws/aws-sdk-go v1.53.16/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= @@ -41,7 +41,6 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -51,9 +50,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -64,10 +60,6 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -76,17 +68,11 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -109,8 +95,6 @@ google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/pkg/awsmarketplace/register.go b/pkg/awsmarketplace/register.go new file mode 100644 index 0000000..ae3358d --- /dev/null +++ b/pkg/awsmarketplace/register.go @@ -0,0 +1,33 @@ +package awsmarketplace + +import ( + "fmt" + "os" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/marketplacemetering" +) + +func Register(awsRegion string) error { + sess, err := session.NewSession(&aws.Config{Region: aws.String(awsRegion)}) + if err != nil { + return fmt.Errorf("couldn't initialize S3: %s", err) + } + + // Create a MarketplaceMetering client from just a session. + svc := marketplacemetering.New(sess) + + out, err := svc.RegisterUsage(&marketplacemetering.RegisterUsageInput{ + ProductCode: aws.String(os.Getenv("PROD_CODE")), + PublicKeyVersion: aws.Int64(1), + }) + + if err != nil { + return fmt.Errorf("RegisterUsage error: %s", err) + } + + fmt.Printf("Response from RegisterUsage API call: %s\n", aws.StringValue(out.Signature)) + + return nil +} diff --git a/pkg/storage/s3/io_test.go b/pkg/storage/s3/io_test.go index 7b604e9..58e55b5 100644 --- a/pkg/storage/s3/io_test.go +++ b/pkg/storage/s3/io_test.go @@ -8,7 +8,7 @@ import ( ) func TestMultiLineYaml(t *testing.T) { - input := "spec:\n inline_code: |\n this is\n Inline code." + input := "spec:\n inlineCode: |\n this is\n Inline code." var luaFilter api.LuaFilter err := yaml.Unmarshal([]byte(input), &luaFilter) if err != nil { diff --git a/terraform/variables.tf b/terraform/variables.tf index 411962f..b6ea598 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -146,6 +146,7 @@ variable "loadbalancer_https_forwarding" { variable "tls_listener" { description = "run a service for a tls (https) listener (true/false)" type = bool + default = false } variable "management_access_sg" { @@ -270,4 +271,4 @@ variable "envoy_nofile_hard_limit" { variable "envoy_extra_target_group_arns" { description = "extra target groups to add" default = [] -} \ No newline at end of file +}