AEGEE · linuxbandit · Jul 5, 2020 · Jul 5, 2020 · Jul 24, 2020 · Jul 24, 2020
diff --git a/.env.example b/.env.example
@@ -76,6 +76,7 @@ SUBDOMAIN_WIKI=wiki.
 SUBDOMAIN_SURVEY=survey.
 SUBDOMAIN_UPMONITOR=ciao.
 SUBDOMAIN_STATPING=ping.
+SUBDOMAIN_API=api.
 SUBDOMAIN_APIDOCS=apidocs.
 SUBDOMAIN_REDISADMIN=redis.
 

diff --git a/oms-global/docker/docker-compose.yml b/oms-global/docker/docker-compose.yml
@@ -2,8 +2,8 @@ version: "3.4"
 
 services:
 
-### OMS TUNNEL        #######################################
-### Proxy container #######################################
+### Entrypoints http/s  #######################################
+### Proxy container     #######################################
 
   traefik:
     image: traefik:v1.7.4-alpine
@@ -23,21 +23,63 @@ services:
       # below: we have to mount it to preserve it on the host, so no secrets
       - ./secrets/acme.json:/etc/acme.json
       - ./${PATH_OMS_GLOBAL}/traefik/traefik.toml:/etc/traefik/traefik.toml
-      - ./${PATH_OMS_GLOBAL}/traefik/logs:/var/log/traefik/
-      # - shared_logs:/var/log/traefik/
-#        networks:
-#          - management
     labels:
       - traefik.enable=true
       - traefik.backend=traefik
       - traefik.port=8080
       - traefik.frontend.rule=Host:${SUBDOMAIN_TRAEFIK}${BASE_URL}
       - traefik.frontend.priority=20
       - traefik.frontend.auth.basic.users=admin:${PW_TRAEFIK}
-# volumes:
-#    shared_logs:
-#        driver: "local"
-#    upload:
+
+
+### API gateway container   #######################################
+  postgres-kong:
+    image: postgres:9.6
+    volumes:
+      - kong_datastore:/var/lib/postgresql/data
+    expose:
+      - "5432"
+    environment:
+      POSTGRES_DB:       api-gw
+      POSTGRES_USER:     kong
+      POSTGRES_PASSWORD: ${PW_POSTGRES}
+
+  kong:
+    image: kong:2.0-ubuntu
+    #image: kong:2.1-alpine
+    depends_on:
+      - postgres-kong
+    ports:
+      - "8000:8000" # Listener
+      - "8001:8001" # Admin API
+      - "8443:8443" # Listener  (SSL)
+      - "8444:8444" # Admin API (SSL)
+    environment:
+      KONG_DATABASE:         postgres
+      KONG_PG_HOST:          postgres-kong
+      KONG_PG_PORT:          5432
+      KONG_PG_DATABASE:      api-gw
+      KONG_PG_PASSWORD:      ${PW_POSTGRES}
+      KONG_PROXY_ACCESS_LOG: /dev/stdout
+      KONG_ADMIN_ACCESS_LOG: /dev/stdout
+      KONG_PROXY_ERROR_LOG:  /dev/stderr
+      KONG_ADMIN_ERROR_LOG:  /dev/stderr
+      KONG_PROXY_LISTEN:     0.0.0.0:8000, 0.0.0.0:8443 ssl
+      KONG_ADMIN_LISTEN:     0.0.0.0:8001, 0.0.0.0:8444 ssl
+      KONG_PLUGINS:          key-auth, jwt
+    labels:
+      - traefik.enable=true
+      - traefik.backend=kong
+      - traefik.port=8000
+      - traefik.frontend.rule=Host:${SUBDOMAIN_API}${BASE_URL}
+      - traefik.frontend.priority=20
+# in order to initialise:
+#   see the provision_kong.sh for instructions
+# in order to update (e.g. after adding another plugin):
+#  the command becomes `kong migrations up`
+
+volumes:
+  kong_datastore:
 
 networks:
   default:

diff --git a/oms-global/docker/provision_kong.sh b/oms-global/docker/provision_kong.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+set -e
+
+# To run this script:
+#  1 cd into the root folder
+#  2 ./oms-global/docker/provision_kong.sh
+# Assumption: this script is run from the vagrant machine
+
+#migrations: the first time kong will go down because of missing
+# configuration. Launch this
+./helper.sh --docker -- run kong kong migrations bootstrap
+
+#starting kong again
+make start
+
+sleep 5
+
+### Create service for a debugging purpose
+curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=debugger' \
+  --data 'url=http://mockbin.org/request'
+
+### Create route of the service above
+curl -i -X POST \
+  --url http://localhost:8001/services/debugger/routes \
+  --data 'paths[]=/mock'
+
+### CORE svc
+curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=core' \
+  --data 'url=http://core:8084'
+
+### CORE svc route
+curl -i -X POST \
+  --url http://localhost:8001/services/core/routes \
+  --data 'paths[]=/core'
+  #--data 'hosts[]=example.org'
+
+sleep 1
+### try it
+curl -i -X GET \
+  --url http://localhost:8000/core/healthcheck
+  #--url http://localhost:8000/ \
+  #--header 'Host: example.com'
+
+### EVENTS svc
+curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=events' \
+  --data 'url=http://events:8084'
+
+### EVENTS svc route
+curl -i -X POST \
+  --url http://localhost:8001/services/events/routes \
+  --data 'paths[]=/events'
+
+
+### STATUTORY svc
+curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=statutory' \
+  --data 'url=http://statutory:8084'
+
+### STATUTORY svc route
+curl -i -X POST \
+  --url http://localhost:8001/services/statutory/routes \
+  --data 'paths[]=/statutory'
+
+
+### DISCOUNTS svc
+curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=discounts' \
+  --data 'url=http://discounts:8084'
+
+### DISCOUNTS svc route
+curl -i -X POST \
+  --url http://localhost:8001/services/discounts/routes \
+  --data 'paths[]=/discounts'
+
+
+### MAILER svc
+curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=mailer' \
+  --data 'url=http://mailer:3000'
+
+### MAILER svc route
+curl -i -X POST \
+  --url http://localhost:8001/services/mailer/routes \
+  --data 'paths[]=/mailer'
+
+# One can also add authentication, but it is left for later