Skip to content

Commit

Permalink
Revert SSL and ABL
Browse files Browse the repository at this point in the history
  • Loading branch information
vladbat00 committed Jan 7, 2022
1 parent f7478cb commit 761f6b3
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 111 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,8 @@ jobs:
cache-from: type=registry,ref=mvlabat/mr_web_client:buildcache
cache-to: type=registry,ref=mvlabat/mr_web_client:buildcache,mode=max
build-args: |
muddle_matchmaker_url=wss://muddle.run/matchmaker
muddle_persistence_url=https://muddle.run/persistence/
muddle_matchmaker_url=ws://muddle.run:8080
muddle_persistence_url=http://muddle.run:8082
sentry_dsn=${{ secrets.SENTRY_DSN_CLIENT }} # a client secret is not a secret really, but nvm :)
muddle_auth0_client_id=${{ secrets.MUDDLE_AUTH0_CLIENT_ID }}
muddle_google_client_id=${{ secrets.MUDDLE_GOOGLE_WEB_CLIENT_ID }}
Expand Down
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
[![Help wanted](https://img.shields.io/github/issues/mvlabat/muddle-run/help%20wanted?label=help%20wanted&color=008672)](https://github.com/mvlabat/muddle-run/issues)
[![CI](https://github.com/mvlabat/muddle-run/workflows/CI/badge.svg)](https://github.com/mvlabat/muddle-run/actions)

A home for experiments for [muddle.run](https://muddle.run).
A home for experiments for [muddle.run](http://muddle.run).

https://user-images.githubusercontent.com/2943388/125176134-cb4e6f00-e1d9-11eb-8fc8-6d9aa5c09583.mp4

Expand Down
2 changes: 1 addition & 1 deletion bins/persistence/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ async fn main() -> anyhow::Result<()> {
let public_data = data.clone();
let public = move || {
let cors = actix_cors::Cors::default()
.allowed_origin("https://muddle.run")
.allowed_origin("http://muddle.run")
.allow_any_header();
let data = public_data.clone();
App::new()
Expand Down
3 changes: 2 additions & 1 deletion k8s/route53/module.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ data "aws_route53_zone" "current" {
}

data "aws_lb" "public" {

tags = {
"ingress.k8s.aws/stack" = "default/mr-service"
"service.k8s.aws/stack" = "default/mr-service"
}
}

Expand Down
99 changes: 11 additions & 88 deletions k8s/service/module.tf
Original file line number Diff line number Diff line change
@@ -1,113 +1,36 @@
variable "hosted_zone_name" {
type = string
}

data "aws_acm_certificate" "current" {
domain = var.hosted_zone_name
statuses = ["ISSUED"]
most_recent = true
}

resource "kubernetes_ingress" "muddle_run_service" {
# https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html
# If this service gets stuck creating (processing finalizers), use the following command to enable force-deleting it:
# `kubectl patch service mr-matchmaker-service -p '{"metadata":{"finalizers":[]}}' --type=merge`
resource "kubernetes_service" "muddle_run_service" {
metadata {
name = "mr-service"
annotations = {
"kubernetes.io/ingress.class" : "alb"
"alb.ingress.kubernetes.io/scheme" : "internet-facing"
"alb.ingress.kubernetes.io/certificate-arn" : "${data.aws_acm_certificate.current.arn}"
"alb.ingress.kubernetes.io/listen-ports" : "[{\"HTTPS\":443}, {\"HTTP\":80}]"
"alb.ingress.kubernetes.io/actions.ssl-redirect" : "{\"Type\": \"redirect\", \"RedirectConfig\": { \"Protocol\": \"HTTPS\", \"Port\": \"443\", \"StatusCode\": \"HTTP_301\"}}"
}
}

spec {
rule {
host = "muddle.run"
http {
path {
path = "/*"
backend {
service_name = "ssl-redirect"
service_port = "use-annotation"
}
}

path {
path = "/matchmaker/*"
backend {
service_name = "mr-matchmaker"
service_port = 8080
}
}

path {
path = "/persistence/*"
backend {
service_name = "mr-persistence"
service_port = 8082
}
}

path {
path = "/*"
backend {
service_name = "mr-web-client"
service_port = 80
}
}
}
"service.beta.kubernetes.io/aws-load-balancer-type" : "external"
"service.beta.kubernetes.io/aws-load-balancer-scheme" : "internet-facing"
"service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" : "ip"
}
}
}

resource "kubernetes_service" "mr_web_client" {
metadata {
name = "mr-web-client"
}
spec {
type = "NodePort"
type = "LoadBalancer"
selector = {
app = "muddle-run"
}
port {
name = "http"
port = 80
}
}
}

resource "kubernetes_service" "mr_matchmaker" {
metadata {
name = "mr-matchmaker"
}
spec {
type = "NodePort"
selector = {
app = "muddle-run"
}
port {
name = "ws"
port = 8080
}
}
}

resource "kubernetes_service" "mr_persistence" {
metadata {
name = "mr-persistence"
}
spec {
type = "NodePort"
selector = {
app = "muddle-run"
}
port {
name = "persistence-pub"
port = 8082
}
}
}

# https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html
# If this service gets stuck creating (processing finalizers), use the following command to enable force-deleting it:
# `kubectl patch service mr-autoscaler-webhook-service -p '{"metadata":{"finalizers":[]}}' --type=merge`
resource "kubernetes_service" "muddle_run_autoscaler_webhook" {
metadata {
name = "mr-autoscaler-webhook-service"
Expand Down
2 changes: 0 additions & 2 deletions module.tf
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,6 @@ module "web_client" {
module "service" {
source = "./k8s/service"
depends_on = [module.matchmaker, module.persistence, module.web_client]

hosted_zone_name = var.hosted_zone_name
}

module "route53" {
Expand Down
2 changes: 0 additions & 2 deletions mr_web_client.dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,6 @@ RUN /usr/local/cargo/bin/wasm-pack build --target web
FROM nginx
EXPOSE 80

COPY mr_web_client.nginx.conf /etc/nginx/conf.d/default.conf

COPY --from=builder /usr/src/muddle-run/bins/web_client/index.html /usr/share/nginx/html/
COPY --from=builder /usr/src/muddle-run/bins/web_client/auth/ /usr/share/nginx/html/auth/
COPY --from=builder /usr/src/muddle-run/bins/web_client/pkg/ /usr/share/nginx/html/pkg/
Expand Down
13 changes: 0 additions & 13 deletions mr_web_client.nginx.conf

This file was deleted.

0 comments on commit 761f6b3

Please sign in to comment.