feat: User service ports Traefik Docker labels #1871

laurentluce · 2023-11-29T21:34:07Z

Description:

As part of the authenticated public http ports feature, we are bringing Traefik inside the Docker cluster to route HTTP traffic to the user service HTTP ports. This PR sets the required Docker labels.

This was tested with Traefik running inside the engine enclave with the following static config and the user service enclave network added to the Traefik container list of networks.

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.10
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - --accesslog=true
      - --api.debug=true
      - --api.insecure=true
      - --api.dashboard=true
      - --api.disabledashboardad=true
      - --providers.docker
      - --entrypoints.web.address=:8000
      - --providers.docker.network=bridge
      - --providers.docker.exposedByDefault=false
      - --log.level=DEBUG
    ports:
      # The HTTP port
      - "8000:8000"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock

User service "nginx" port labels:
Enclave short UUID: 65d2fb6d6732
Service short UUID: 3771c85af16a
HTTP Port number: 80

"traefik.enable": "true"
"traefik.http.routers.65d2fb6d6732-3771c85af16a-80.rule": "Host(`80-3771c85af16a-65d2fb6d6732`)"
"traefik.http.routers.65d2fb6d6732-3771c85af16a-80.service": "65d2fb6d6732-3771c85af16a-80"
"traefik.http.services.65d2fb6d6732-3771c85af16a-80.loadbalancer.server.port": "80"

$ curl -I http://localhost:8000 -H "Host: 80-3771c85af16a-65d2fb6d6732"
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 615
Content-Type: text/html
Date: Wed, 29 Nov 2023 21:32:51 GMT
Etag: "6537cac7-267"
Last-Modified: Tue, 24 Oct 2023 13:46:47 GMT
Server: nginx/1.25.

Is this change user facing?

NO

References (if applicable):

https://www.notion.so/kurtosistech/Public-user-service-HTTP-ports-bdf1107b0d1c4ca990c346fd87473174

...ib/lib/backend_impls/docker/object_attributes_provider/enclave_object_attributes_provider.go

🤖 I have created a release *beep* *boop* --- ## [0.85.39](0.85.38...0.85.39) (2023-11-30) ### Features * emui package details page ([#1873](#1873)) ([e2b75b2](e2b75b2)) * User service ports Traefik Docker labels ([#1871](#1871)) ([d18f20e](d18f20e)) ### Bug Fixes * move log collector creation logic ([#1870](#1870)) ([b695e27](b695e27)) * service name collision error message ([#1863](#1863)) ([164b316](164b316)) * Update custom Nix dev deps to work on also linux ([#1862](#1862)) ([d11cd37](d11cd37)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: kurtosisbot <[email protected]>

…1906) ## Description: In #1871 we added the Traefik labels to the user services so Traefik can discover them and route to them. This PR implements a reverse proxy using Traefik on Docker. The engine starts and stops Traefik. The Traefik container is automatically connected to the enclave networks. The implementation leverages what was done for the logs aggregator. ## Is this change user facing? YES ## References (if applicable): #1871

## Description: Similar to how we are adding Traefik labels for user services on Docker, we are adding a K8S ingress for each user service with a path per HTTP port so HTTP traffic can be routed to them. ## Is this change user facing? NO ## References (if applicable): #1871

laurentluce added 3 commits November 29, 2023 15:47

User service ports traefik labels.

2a8b657

Merge branch 'main' into laurent/public-ports

c6ba274

Update comments.

4cfb31e

laurentluce requested a review from adschwartz November 29, 2023 21:34

Linting.

2178164

adschwartz reviewed Nov 29, 2023

View reviewed changes

...ib/lib/backend_impls/docker/object_attributes_provider/enclave_object_attributes_provider.go Show resolved Hide resolved

laurentluce added 2 commits November 29, 2023 20:53

Add obj attributes provider tests for user service.

ad3ffe7

Merge branch 'main' into laurent/public-ports

37bef35

laurentluce requested a review from adschwartz November 30, 2023 01:55

Linting.

ae2d2a8

adschwartz approved these changes Nov 30, 2023

View reviewed changes

laurentluce added this pull request to the merge queue Nov 30, 2023

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 30, 2023

laurentluce added this pull request to the merge queue Nov 30, 2023

Merged via the queue into main with commit d18f20e Nov 30, 2023
33 checks passed

laurentluce deleted the laurent/public-ports branch November 30, 2023 17:02

kurtosisbot mentioned this pull request Nov 30, 2023

chore(main): release 0.85.39 #1869

Merged

laurentluce mentioned this pull request Dec 6, 2023

feat: Reverse proxy lifecycle management and connectivity on Docker #1906

Merged

laurentluce mentioned this pull request Dec 13, 2023

feat: User service K8S ingresses for reverse proxy routing #1941

Merged

kurtosisbot mentioned this pull request Nov 1, 2024

chore(main): release kurtosis 2.0.0 #2589

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: User service ports Traefik Docker labels #1871

feat: User service ports Traefik Docker labels #1871

laurentluce commented Nov 29, 2023 •

edited

Loading

feat: User service ports Traefik Docker labels #1871

feat: User service ports Traefik Docker labels #1871

Conversation

laurentluce commented Nov 29, 2023 • edited Loading

Description:

Is this change user facing?

References (if applicable):

laurentluce commented Nov 29, 2023 •

edited

Loading