chore(kong): build and push kong image

EchoSkorJjj · Apr 22, 2024 · e4444fc · e4444fc
1 parent f8fc383
commit e4444fc
Show file tree

Hide file tree

Showing 4 changed files with 210 additions and 36 deletions.
diff --git a/.github/workflows/kong-gateway.yml b/.github/workflows/kong-gateway.yml
@@ -33,7 +33,7 @@ jobs:
       uses: docker/build-push-action@v2
       with:
         context: ./backend/kong-gateway/
-        file: ./backend/kong-gateway/Dockerfile
+        file: ./backend/kong-gateway/Kong.Dockerfile
         push: true
         tags: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:kong-gateway
         platforms: linux/arm64
diff --git a/backend/kong-gateway/Dockerfile b/backend/kong-gateway/Dockerfile
@@ -10,38 +10,4 @@ FROM kong:3.1.1-alpine
 COPY --from=builder /usr/local/lib/luarocks/rocks-5.1/ /usr/local/lib/luarocks/rocks-5.1/
 COPY --from=builder /usr/local/share/lua/5.1 /usr/local/share/lua/5.1
 COPY certs /etc/kong/ssl
-USER kong
-
-# # Use Kong's official Alpine image as the base
-# FROM kong:3.1.1-alpine AS builder
-
-# # Set up environment and install dependencies with LuaRocks
-# USER root
-# RUN apk add --update lua5.4 lua5.4-dev luarocks build-base
-# RUN luarocks install lua-resty-jwt
-# RUN luarocks install lua-cjson
-# RUN luarocks install lua-resty-http
-# RUN luarocks install lua-resty-cookie
-
-# # Use multi-stage builds to keep the image size down
-# FROM kong:3.1.1-alpine
-
-# # Copy Lua dependencies
-# COPY --from=builder /usr/local/lib/luarocks/rocks-5.1/ /usr/local/lib/luarocks/rocks-5.1/
-# COPY --from=builder /usr/local/share/lua/5.1 /usr/local/share/lua/5.1
-
-# # Copy your custom Kong declarative configuration file
-# COPY kong.yml /etc/kong/kong.yml
-
-# # Copy your custom plugins
-# COPY authn-kong /usr/local/share/lua/5.1/kong/plugins/authn-kong
-# COPY rawstring-adapter /usr/local/share/lua/5.1/kong/plugins/rawstring-adapter
-
-# # Copy your protobuf files
-# COPY protos /usr/local/share/lua/5.1/kong/protos
-
-# # Ensure Kong runs as the kong user
-# USER kong
-
-# # Expose necessary ports
-# EXPOSE 8000 8443 8001 8444
+USER kong
diff --git a/backend/kong-gateway/Kong.Dockerfile b/backend/kong-gateway/Kong.Dockerfile
@@ -0,0 +1,33 @@
+# Use Kong's official Alpine image as the base
+FROM kong:3.1.1-alpine AS builder
+
+# Set up environment and install dependencies with LuaRocks
+USER root
+RUN apk add --update lua5.4 lua5.4-dev luarocks build-base
+RUN luarocks install lua-resty-jwt
+RUN luarocks install lua-cjson
+RUN luarocks install lua-resty-http
+RUN luarocks install lua-resty-cookie
+
+# Use multi-stage builds to keep the image size down
+FROM kong:3.1.1-alpine
+
+# Copy Lua dependencies
+COPY --from=builder /usr/local/lib/luarocks/rocks-5.1/ /usr/local/lib/luarocks/rocks-5.1/
+COPY --from=builder /usr/local/share/lua/5.1 /usr/local/share/lua/5.1
+
+# Copy your custom Kong declarative configuration file
+COPY kong.deployment.yml /etc/kong/kong.yml
+
+# Copy your custom plugins
+COPY authn-kong /usr/local/share/lua/5.1/kong/plugins/authn-kong
+COPY rawstring-adapter /usr/local/share/lua/5.1/kong/plugins/rawstring-adapter
+
+# Copy your protobuf files
+COPY protos /usr/local/share/lua/5.1/kong/protos
+
+# Ensure Kong runs as the kong user
+USER kong
+
+# Expose necessary ports
+EXPOSE 8000 8443 8444
diff --git a/backend/kong-gateway/kong.deployment.yml b/backend/kong-gateway/kong.deployment.yml
@@ -0,0 +1,175 @@
+_format_version: "3.0"
+_transform: true
+
+services:
+  - name: make-payment-service
+    host: make-payment
+    port: 50051
+    protocol: grpc
+    tags:
+      - make-payment-service
+    routes:
+      - name: make-payment-default
+        protocols:
+          - http
+        paths:
+          - /api/v1/payment
+        plugins:
+          - name: grpc-gateway
+            config:
+              proto: /usr/local/share/lua/5.1/kong/protos/make_payment.proto
+      - name: make-payment-success
+        protocols:
+          - http
+        paths:
+          - /api/v1/payment/success
+        plugins:
+          - name: grpc-gateway
+            config:
+              proto: /usr/local/share/lua/5.1/kong/protos/make_payment.proto
+          - name: rawstring-adapter
+
+  - name: save-notes-service
+    host: save-notes
+    port: 50051
+    protocol: grpc
+    tags:
+      - save-notes-service
+    routes:
+      - name: save-notes
+        protocols:
+          - http
+        paths:
+          - /api/v1/save-notes
+        plugins:
+          - name: grpc-gateway
+            config:
+              proto: /usr/local/share/lua/5.1/kong/protos/save_notes.proto
+
+  - name: verify-user-service
+    host: verify-user
+    port: 50051
+    protocol: grpc
+    tags:
+      - verify-user-service
+    routes:
+      - name: verify-user
+        protocols:
+          - http
+        paths:
+          - /api/v1/user
+          - /api/v1/auth
+        plugins:
+          - name: grpc-gateway
+            config:
+              proto: /usr/local/share/lua/5.1/kong/protos/verify_user.proto
+
+  - name: upload-notes-service
+    host: upload-notes
+    port: 8080
+    protocol: http
+    tags:
+      - upload-notes-service
+    routes:
+      - name: upload-notes
+        protocols:
+          - http
+        paths:
+          - /api/v1/notes/upload
+        strip_path: false
+        plugins:
+          - name: rate-limiting
+            config:
+              minute: 100
+              policy: local
+
+  - name: view-notes-service
+    host: view-notes
+    port: 50051
+    protocol: grpc
+    tags:
+      - view-notes-service
+    routes:
+      - name: view-notes
+        protocols:
+          - http
+        paths:
+          - /api/v1/notes
+        plugins:
+          - name: grpc-gateway
+            config:
+              proto: /usr/local/share/lua/5.1/kong/protos/view_notes.proto
+
+  - name: handle-temporary-contents-service
+    host: handle-temporary-contents
+    port: 50051
+    protocol: grpc
+    tags:
+      - handle-temporary-contents-service
+    routes:
+      - name: handle-temporary-contents
+        protocols:
+          - http
+        paths:
+          - /api/v1/contents/temporary
+        plugins:
+          - name: grpc-gateway
+            config:
+              proto: /usr/local/share/lua/5.1/kong/protos/handle_temporary_contents.proto
+
+plugins:
+  - name: file-log
+    service: verify-user-service
+    config:
+      path: /usr/local/share/lua/5.1/kong/plugins/authn-kong/user-storage.log
+  - name: cors
+    config:
+      origins:
+        - "https://eduhelper.info"
+      methods:
+        - HEAD
+        - GET
+        - POST
+        - PUT
+        - PATCH
+        - DELETE
+      headers:
+        - Access-Control-Allow-Origin
+        - Accept
+        - Accept-Version
+        - Content-Length
+        - Content-MD5
+        - Content-Type
+        - Date
+        - Authorization
+      exposed_headers:
+        - Authorization
+        - X-Myinfo-Unique-Id
+        - X-Access-Token
+        - X-Sgid-Unique-Id
+      credentials: true
+      max_age: 3600
+      preflight_continue: false
+
+  - name: correlation-id
+    config:
+      header_name: Kong-Request-ID
+      generator: uuid
+      echo_downstream: false
+
+  - name: rate-limiting
+    config:
+      minute: 100
+      policy: local
+
+  - name: authn-kong
+    config:
+      jwt_secret: "KUKUBIRDAIDHAIDHAJKSDAJIDBQIheh09u2jeqinwdjnbqwsdifhnw0euq2e0nqwdo" 
+      public_paths:
+        - /api/v1/payment/success # Better practice is to pass request through a Stripe plugin to verify
+        - /api/v1/auth/google/callback
+        - /api/v1/auth/sgId/generateAuthUrl
+        - /api/v1/auth/sgId/callback
+        - /api/v1/auth/myInfo/generateCodeChallenge
+        - /api/v1/auth/myInfo/callback
+        - /api/v1/auth/logout