├── .gitignore ├── LICENSE ├── README.md ├── application-diagram.jpg ├── consul ├── kube-deployment.yml └── kube-service.yml ├── docker-compose.yml ├── hello-world.png ├── hello ├── Dockerfile ├── containerpilot.json5 ├── index.js ├── kube-deployment.yml ├── package.json └── test │ └── index.js ├── kube-README.md ├── kube-namespace.yml ├── nginx ├── Dockerfile ├── containerpilot.json5 ├── index.html ├── kube-deployment.yml ├── kube-service.yml ├── nginx.conf ├── nginx.conf.ctmpl ├── reload-nginx.sh └── style.css ├── triton-docker-setup.sh └── world ├── Dockerfile ├── containerpilot.json5 ├── index.js ├── kube-deployment.yml ├── package.json └── test └── index.js /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | .DS_Store 3 | npm-debug.log 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Mozilla Public License Version 2.0 2 | ================================== 3 | 4 | 1. Definitions 5 | -------------- 6 | 7 | 1.1. "Contributor" 8 | means each individual or legal entity that creates, contributes to 9 | the creation of, or owns Covered Software. 10 | 11 | 1.2. "Contributor Version" 12 | means the combination of the Contributions of others (if any) used 13 | by a Contributor and that particular Contributor's Contribution. 14 | 15 | 1.3. "Contribution" 16 | means Covered Software of a particular Contributor. 17 | 18 | 1.4. "Covered Software" 19 | means Source Code Form to which the initial Contributor has attached 20 | the notice in Exhibit A, the Executable Form of such Source Code 21 | Form, and Modifications of such Source Code Form, in each case 22 | including portions thereof. 23 | 24 | 1.5. "Incompatible With Secondary Licenses" 25 | means 26 | 27 | (a) that the initial Contributor has attached the notice described 28 | in Exhibit B to the Covered Software; or 29 | 30 | (b) that the Covered Software was made available under the terms of 31 | version 1.1 or earlier of the License, but not also under the 32 | terms of a Secondary License. 33 | 34 | 1.6. "Executable Form" 35 | means any form of the work other than Source Code Form. 36 | 37 | 1.7. "Larger Work" 38 | means a work that combines Covered Software with other material, in 39 | a separate file or files, that is not Covered Software. 40 | 41 | 1.8. "License" 42 | means this document. 43 | 44 | 1.9. "Licensable" 45 | means having the right to grant, to the maximum extent possible, 46 | whether at the time of the initial grant or subsequently, any and 47 | all of the rights conveyed by this License. 48 | 49 | 1.10. "Modifications" 50 | means any of the following: 51 | 52 | (a) any file in Source Code Form that results from an addition to, 53 | deletion from, or modification of the contents of Covered 54 | Software; or 55 | 56 | (b) any new file in Source Code Form that contains any Covered 57 | Software. 58 | 59 | 1.11. "Patent Claims" of a Contributor 60 | means any patent claim(s), including without limitation, method, 61 | process, and apparatus claims, in any patent Licensable by such 62 | Contributor that would be infringed, but for the grant of the 63 | License, by the making, using, selling, offering for sale, having 64 | made, import, or transfer of either its Contributions or its 65 | Contributor Version. 66 | 67 | 1.12. "Secondary License" 68 | means either the GNU General Public License, Version 2.0, the GNU 69 | Lesser General Public License, Version 2.1, the GNU Affero General 70 | Public License, Version 3.0, or any later versions of those 71 | licenses. 72 | 73 | 1.13. "Source Code Form" 74 | means the form of the work preferred for making modifications. 75 | 76 | 1.14. "You" (or "Your") 77 | means an individual or a legal entity exercising rights under this 78 | License. For legal entities, "You" includes any entity that 79 | controls, is controlled by, or is under common control with You. For 80 | purposes of this definition, "control" means (a) the power, direct 81 | or indirect, to cause the direction or management of such entity, 82 | whether by contract or otherwise, or (b) ownership of more than 83 | fifty percent (50%) of the outstanding shares or beneficial 84 | ownership of such entity. 85 | 86 | 2. License Grants and Conditions 87 | -------------------------------- 88 | 89 | 2.1. Grants 90 | 91 | Each Contributor hereby grants You a world-wide, royalty-free, 92 | non-exclusive license: 93 | 94 | (a) under intellectual property rights (other than patent or trademark) 95 | Licensable by such Contributor to use, reproduce, make available, 96 | modify, display, perform, distribute, and otherwise exploit its 97 | Contributions, either on an unmodified basis, with Modifications, or 98 | as part of a Larger Work; and 99 | 100 | (b) under Patent Claims of such Contributor to make, use, sell, offer 101 | for sale, have made, import, and otherwise transfer either its 102 | Contributions or its Contributor Version. 103 | 104 | 2.2. Effective Date 105 | 106 | The licenses granted in Section 2.1 with respect to any Contribution 107 | become effective for each Contribution on the date the Contributor first 108 | distributes such Contribution. 109 | 110 | 2.3. Limitations on Grant Scope 111 | 112 | The licenses granted in this Section 2 are the only rights granted under 113 | this License. No additional rights or licenses will be implied from the 114 | distribution or licensing of Covered Software under this License. 115 | Notwithstanding Section 2.1(b) above, no patent license is granted by a 116 | Contributor: 117 | 118 | (a) for any code that a Contributor has removed from Covered Software; 119 | or 120 | 121 | (b) for infringements caused by: (i) Your and any other third party's 122 | modifications of Covered Software, or (ii) the combination of its 123 | Contributions with other software (except as part of its Contributor 124 | Version); or 125 | 126 | (c) under Patent Claims infringed by Covered Software in the absence of 127 | its Contributions. 128 | 129 | This License does not grant any rights in the trademarks, service marks, 130 | or logos of any Contributor (except as may be necessary to comply with 131 | the notice requirements in Section 3.4). 132 | 133 | 2.4. Subsequent Licenses 134 | 135 | No Contributor makes additional grants as a result of Your choice to 136 | distribute the Covered Software under a subsequent version of this 137 | License (see Section 10.2) or under the terms of a Secondary License (if 138 | permitted under the terms of Section 3.3). 139 | 140 | 2.5. Representation 141 | 142 | Each Contributor represents that the Contributor believes its 143 | Contributions are its original creation(s) or it has sufficient rights 144 | to grant the rights to its Contributions conveyed by this License. 145 | 146 | 2.6. Fair Use 147 | 148 | This License is not intended to limit any rights You have under 149 | applicable copyright doctrines of fair use, fair dealing, or other 150 | equivalents. 151 | 152 | 2.7. Conditions 153 | 154 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted 155 | in Section 2.1. 156 | 157 | 3. Responsibilities 158 | ------------------- 159 | 160 | 3.1. Distribution of Source Form 161 | 162 | All distribution of Covered Software in Source Code Form, including any 163 | Modifications that You create or to which You contribute, must be under 164 | the terms of this License. You must inform recipients that the Source 165 | Code Form of the Covered Software is governed by the terms of this 166 | License, and how they can obtain a copy of this License. You may not 167 | attempt to alter or restrict the recipients' rights in the Source Code 168 | Form. 169 | 170 | 3.2. Distribution of Executable Form 171 | 172 | If You distribute Covered Software in Executable Form then: 173 | 174 | (a) such Covered Software must also be made available in Source Code 175 | Form, as described in Section 3.1, and You must inform recipients of 176 | the Executable Form how they can obtain a copy of such Source Code 177 | Form by reasonable means in a timely manner, at a charge no more 178 | than the cost of distribution to the recipient; and 179 | 180 | (b) You may distribute such Executable Form under the terms of this 181 | License, or sublicense it under different terms, provided that the 182 | license for the Executable Form does not attempt to limit or alter 183 | the recipients' rights in the Source Code Form under this License. 184 | 185 | 3.3. Distribution of a Larger Work 186 | 187 | You may create and distribute a Larger Work under terms of Your choice, 188 | provided that You also comply with the requirements of this License for 189 | the Covered Software. If the Larger Work is a combination of Covered 190 | Software with a work governed by one or more Secondary Licenses, and the 191 | Covered Software is not Incompatible With Secondary Licenses, this 192 | License permits You to additionally distribute such Covered Software 193 | under the terms of such Secondary License(s), so that the recipient of 194 | the Larger Work may, at their option, further distribute the Covered 195 | Software under the terms of either this License or such Secondary 196 | License(s). 197 | 198 | 3.4. Notices 199 | 200 | You may not remove or alter the substance of any license notices 201 | (including copyright notices, patent notices, disclaimers of warranty, 202 | or limitations of liability) contained within the Source Code Form of 203 | the Covered Software, except that You may alter any license notices to 204 | the extent required to remedy known factual inaccuracies. 205 | 206 | 3.5. Application of Additional Terms 207 | 208 | You may choose to offer, and to charge a fee for, warranty, support, 209 | indemnity or liability obligations to one or more recipients of Covered 210 | Software. However, You may do so only on Your own behalf, and not on 211 | behalf of any Contributor. You must make it absolutely clear that any 212 | such warranty, support, indemnity, or liability obligation is offered by 213 | You alone, and You hereby agree to indemnify every Contributor for any 214 | liability incurred by such Contributor as a result of warranty, support, 215 | indemnity or liability terms You offer. You may include additional 216 | disclaimers of warranty and limitations of liability specific to any 217 | jurisdiction. 218 | 219 | 4. Inability to Comply Due to Statute or Regulation 220 | --------------------------------------------------- 221 | 222 | If it is impossible for You to comply with any of the terms of this 223 | License with respect to some or all of the Covered Software due to 224 | statute, judicial order, or regulation then You must: (a) comply with 225 | the terms of this License to the maximum extent possible; and (b) 226 | describe the limitations and the code they affect. Such description must 227 | be placed in a text file included with all distributions of the Covered 228 | Software under this License. Except to the extent prohibited by statute 229 | or regulation, such description must be sufficiently detailed for a 230 | recipient of ordinary skill to be able to understand it. 231 | 232 | 5. Termination 233 | -------------- 234 | 235 | 5.1. The rights granted under this License will terminate automatically 236 | if You fail to comply with any of its terms. However, if You become 237 | compliant, then the rights granted under this License from a particular 238 | Contributor are reinstated (a) provisionally, unless and until such 239 | Contributor explicitly and finally terminates Your grants, and (b) on an 240 | ongoing basis, if such Contributor fails to notify You of the 241 | non-compliance by some reasonable means prior to 60 days after You have 242 | come back into compliance. Moreover, Your grants from a particular 243 | Contributor are reinstated on an ongoing basis if such Contributor 244 | notifies You of the non-compliance by some reasonable means, this is the 245 | first time You have received notice of non-compliance with this License 246 | from such Contributor, and You become compliant prior to 30 days after 247 | Your receipt of the notice. 248 | 249 | 5.2. If You initiate litigation against any entity by asserting a patent 250 | infringement claim (excluding declaratory judgment actions, 251 | counter-claims, and cross-claims) alleging that a Contributor Version 252 | directly or indirectly infringes any patent, then the rights granted to 253 | You by any and all Contributors for the Covered Software under Section 254 | 2.1 of this License shall terminate. 255 | 256 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all 257 | end user license agreements (excluding distributors and resellers) which 258 | have been validly granted by You or Your distributors under this License 259 | prior to termination shall survive termination. 260 | 261 | ************************************************************************ 262 | * * 263 | * 6. Disclaimer of Warranty * 264 | * ------------------------- * 265 | * * 266 | * Covered Software is provided under this License on an "as is" * 267 | * basis, without warranty of any kind, either expressed, implied, or * 268 | * statutory, including, without limitation, warranties that the * 269 | * Covered Software is free of defects, merchantable, fit for a * 270 | * particular purpose or non-infringing. The entire risk as to the * 271 | * quality and performance of the Covered Software is with You. * 272 | * Should any Covered Software prove defective in any respect, You * 273 | * (not any Contributor) assume the cost of any necessary servicing, * 274 | * repair, or correction. This disclaimer of warranty constitutes an * 275 | * essential part of this License. No use of any Covered Software is * 276 | * authorized under this License except under this disclaimer. * 277 | * * 278 | ************************************************************************ 279 | 280 | ************************************************************************ 281 | * * 282 | * 7. Limitation of Liability * 283 | * -------------------------- * 284 | * * 285 | * Under no circumstances and under no legal theory, whether tort * 286 | * (including negligence), contract, or otherwise, shall any * 287 | * Contributor, or anyone who distributes Covered Software as * 288 | * permitted above, be liable to You for any direct, indirect, * 289 | * special, incidental, or consequential damages of any character * 290 | * including, without limitation, damages for lost profits, loss of * 291 | * goodwill, work stoppage, computer failure or malfunction, or any * 292 | * and all other commercial damages or losses, even if such party * 293 | * shall have been informed of the possibility of such damages. This * 294 | * limitation of liability shall not apply to liability for death or * 295 | * personal injury resulting from such party's negligence to the * 296 | * extent applicable law prohibits such limitation. Some * 297 | * jurisdictions do not allow the exclusion or limitation of * 298 | * incidental or consequential damages, so this exclusion and * 299 | * limitation may not apply to You. * 300 | * * 301 | ************************************************************************ 302 | 303 | 8. Litigation 304 | ------------- 305 | 306 | Any litigation relating to this License may be brought only in the 307 | courts of a jurisdiction where the defendant maintains its principal 308 | place of business and such litigation shall be governed by laws of that 309 | jurisdiction, without reference to its conflict-of-law provisions. 310 | Nothing in this Section shall prevent a party's ability to bring 311 | cross-claims or counter-claims. 312 | 313 | 9. Miscellaneous 314 | ---------------- 315 | 316 | This License represents the complete agreement concerning the subject 317 | matter hereof. If any provision of this License is held to be 318 | unenforceable, such provision shall be reformed only to the extent 319 | necessary to make it enforceable. Any law or regulation which provides 320 | that the language of a contract shall be construed against the drafter 321 | shall not be used to construe this License against a Contributor. 322 | 323 | 10. Versions of the License 324 | --------------------------- 325 | 326 | 10.1. New Versions 327 | 328 | Mozilla Foundation is the license steward. Except as provided in Section 329 | 10.3, no one other than the license steward has the right to modify or 330 | publish new versions of this License. Each version will be given a 331 | distinguishing version number. 332 | 333 | 10.2. Effect of New Versions 334 | 335 | You may distribute the Covered Software under the terms of the version 336 | of the License under which You originally received the Covered Software, 337 | or under the terms of any subsequent version published by the license 338 | steward. 339 | 340 | 10.3. Modified Versions 341 | 342 | If you create software not governed by this License, and you want to 343 | create a new license for such software, you may create and use a 344 | modified version of this License if you rename the license and remove 345 | any references to the name of the license steward (except to note that 346 | such modified license differs from this License). 347 | 348 | 10.4. Distributing Source Code Form that is Incompatible With Secondary 349 | Licenses 350 | 351 | If You choose to distribute Source Code Form that is Incompatible With 352 | Secondary Licenses under the terms of this version of the License, the 353 | notice described in Exhibit B of this License must be attached. 354 | 355 | Exhibit A - Source Code Form License Notice 356 | ------------------------------------------- 357 | 358 | This Source Code Form is subject to the terms of the Mozilla Public 359 | License, v. 2.0. If a copy of the MPL was not distributed with this 360 | file, You can obtain one at http://mozilla.org/MPL/2.0/. 361 | 362 | If it is not possible or desirable to put the notice in a particular 363 | file, then You may include the notice in a location (such as a LICENSE 364 | file in a relevant directory) where a recipient would be likely to look 365 | for such a notice. 366 | 367 | You may add additional accurate notices of copyright ownership. 368 | 369 | Exhibit B - "Incompatible With Secondary Licenses" Notice 370 | --------------------------------------------------------- 371 | 372 | This Source Code Form is "Incompatible With Secondary Licenses", as 373 | defined by the Mozilla Public License, v. 2.0. 374 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hello World using the Autopilot Pattern 2 | 3 | 1. `git clone git@github.com:autopilotpattern/hello-world.git` 4 | 2. `cd hello-world` 5 | 3. `docker-compose up -d` 6 | 4. `open http://localhost` 7 | 8 | ## Overview 9 | 10 | The application is divided into 4 parts: 11 | 12 | 1. nginx - nginx server rendering static assets 13 | 2. consul - service catalog used to keep track of registered services 14 | 3. hello - Node.js service responding with the word "Hello" 15 | 4. world - Node.js service responding with the word "World" 16 | 17 | 18 | ![application configuration diagram](application-diagram.jpg) 19 | 20 | 21 | # Hello World running on Triton 22 | 23 | 1. `./triton-docker-setup.sh -k us-east-1.api.joyent.com ~/.ssh/` 24 | 2. `docker-compose up -d` 25 | -------------------------------------------------------------------------------- /application-diagram.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/autopilotpattern/hello-world/7ceb618f9e03f36d63b578a1879e0d7a95c41826/application-diagram.jpg -------------------------------------------------------------------------------- /consul/kube-deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: consul 5 | namespace: hello-world 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | app: consul 12 | spec: 13 | containers: 14 | - name: consul 15 | image: "consul:latest" 16 | ports: 17 | - containerPort: 8500 18 | name: ui-port 19 | - containerPort: 8400 20 | name: alt-port 21 | - containerPort: 53 22 | name: udp-port 23 | - containerPort: 443 24 | name: https-port 25 | - containerPort: 8080 26 | name: http-port 27 | - containerPort: 8301 28 | name: serflan 29 | - containerPort: 8302 30 | name: serfwan 31 | - containerPort: 8600 32 | name: consuldns 33 | - containerPort: 8300 34 | name: server 35 | -------------------------------------------------------------------------------- /consul/kube-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: consul 5 | namespace: hello-world 6 | spec: 7 | ports: 8 | - port: 8500 9 | targetPort: 8500 10 | protocol: TCP 11 | type: NodePort 12 | selector: 13 | app: consul -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | nginx: 2 | build: nginx/ 3 | ports: 4 | - "80:80" 5 | links: 6 | - consul:consul 7 | restart: always 8 | hello: 9 | build: hello/ 10 | links: 11 | - consul:consul 12 | world: 13 | build: world/ 14 | links: 15 | - consul:consul 16 | consul: 17 | image: consul:latest 18 | restart: always 19 | ports: 20 | - "8500:8500" 21 | -------------------------------------------------------------------------------- /hello-world.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/autopilotpattern/hello-world/7ceb618f9e03f36d63b578a1879e0d7a95c41826/hello-world.png -------------------------------------------------------------------------------- /hello/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mhart/alpine-node:latest 2 | 3 | RUN apk update && \ 4 | apk add curl 5 | 6 | # Install ContainerPilot 7 | ENV CONTAINERPILOT_VER 3.0.0 8 | ENV CONTAINERPILOT /etc/containerpilot.json5 9 | 10 | RUN export CONTAINERPILOT_CHECKSUM=6da4a4ab3dd92d8fd009cdb81a4d4002a90c8b7c \ 11 | && curl -Lso /tmp/containerpilot.tar.gz \ 12 | "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VER}/containerpilot-${CONTAINERPILOT_VER}.tar.gz" \ 13 | && echo "${CONTAINERPILOT_CHECKSUM} /tmp/containerpilot.tar.gz" | sha1sum -c \ 14 | && tar zxf /tmp/containerpilot.tar.gz -C /bin \ 15 | && rm /tmp/containerpilot.tar.gz 16 | 17 | # COPY ContainerPilot configuration 18 | COPY containerpilot.json5 /etc/containerpilot.json5 19 | ENV CONTAINERPILOT=/etc/containerpilot.json5 20 | 21 | # Install our application 22 | COPY index.js /opt/hello/ 23 | 24 | EXPOSE 3001 25 | CMD ["/bin/containerpilot"] 26 | -------------------------------------------------------------------------------- /hello/containerpilot.json5: -------------------------------------------------------------------------------- 1 | { 2 | consul: "consul:8500", 3 | jobs: [ 4 | { 5 | name: "hello", 6 | exec: "node /opt/hello/index.js", 7 | port: 3001, 8 | health: { 9 | exec: "/usr/bin/curl -o /dev/null --fail -s http://localhost:3001/", 10 | interval: 3, 11 | ttl: 10 12 | } 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /hello/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // Load modules 4 | 5 | const Http = require('http'); 6 | 7 | 8 | const server = module.exports = Http.createServer((req, res) => { 9 | res.writeHead(200); 10 | res.end('Hello'); 11 | }); 12 | 13 | server.listen(3001, () => { 14 | console.log(`Hello server listening on port ${server.address().port}`); 15 | }); 16 | -------------------------------------------------------------------------------- /hello/kube-deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: hello 5 | namespace: hello-world 6 | spec: 7 | replicas: 2 8 | template: 9 | metadata: 10 | labels: 11 | app: hello 12 | spec: 13 | containers: 14 | - image: gcr.io/jackzampolin-web/hello 15 | imagePullPolicy: Always 16 | name: hello 17 | ports: 18 | - containerPort: 3002 19 | -------------------------------------------------------------------------------- /hello/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "hello", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "lab -c" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "MPL-V2", 12 | "devDependencies": { 13 | "code": "3.x.x", 14 | "lab": "11.x.x", 15 | "wreck": "9.x.x" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /hello/test/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // Load modules 4 | 5 | const Code = require('code'); 6 | const Lab = require('lab'); 7 | const Wreck = require('wreck'); 8 | const Hello = require('../'); 9 | 10 | 11 | // Test shortcuts 12 | 13 | const lab = exports.lab = Lab.script(); 14 | const describe = lab.describe; 15 | const it = lab.it; 16 | const expect = Code.expect; 17 | 18 | 19 | describe('Hello', () => { 20 | it('responds with a 200 and the word "Hello"', (done) => { 21 | Wreck.get(`http://localhost:${Hello.address().port}/`, (err, res, payload) => { 22 | expect(err).to.not.exist(); 23 | expect(res.statusCode).to.equal(200); 24 | expect(payload.toString()).to.equal('Hello'); 25 | done(); 26 | }); 27 | }); 28 | }); 29 | -------------------------------------------------------------------------------- /kube-README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes deployment for `hello-world` 2 | 3 | This kubernetes deployment was tested on [GKE](https://cloud.google.com/container-engine/). It utilizes the built-in [`kubeDNS`](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns) to allow the services to find the Consul cluster (used for internal application discovery). 4 | 5 | All other service discovery and application orchestration is performed through the Autopilot Pattern using ContainerPilot. To deploy this example run the following from the project root: 6 | 7 | ```bash 8 | # First start the consul instance for service discovery 9 | $ kubectl apply -f consul/kube-deployment.yml 10 | 11 | # Then expose the consul deployment through a service. 12 | # This is instead of using the Triton CNS 13 | $ kubectl apply -f consul/kube-service.yml 14 | 15 | # Once consul is deployed you can spin up your services. 16 | $ kubectl apply -f hello/kube-deployment.yml 17 | $ kubectl apply -f world/kube-deployment.yml 18 | $ kubectl apply -f nginx/kube-deployment.yml 19 | ``` 20 | 21 | Once your deployments are created you can scale them up and down easily. ContainerPilot, in conjunction with Consul, automates the service discovery and the configuration (and re-configuration) of the components as we scale. To scale up the `hello` service change the number of replicas: 22 | 23 | ```yaml 24 | spec: 25 | # replicas: 2 26 | replicas: 4 27 | ``` 28 | 29 | If you check the Consul logs you should see the new `hello` services register. 30 | 31 | If you require a cloud load balancer to manage ingress to your cluster, also deploy the `nginx` service to allow traffic to the `hello-world` app: 32 | 33 | ```bash 34 | $ kubectl apply -f nginx/kube-service.yml 35 | ``` 36 | -------------------------------------------------------------------------------- /kube-namespace.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: hello-world -------------------------------------------------------------------------------- /nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.4 2 | 3 | # Install nginx and tooling we need 4 | RUN apk update && \ 5 | apk add nginx curl unzip && \ 6 | rm -rf /var/cache/apk/* 7 | 8 | # Use consul-template to re-write our Nginx virtualhost config 9 | RUN curl -Lo /tmp/consul_template_0.15.0_linux_amd64.zip https://releases.hashicorp.com/consul-template/0.15.0/consul-template_0.15.0_linux_amd64.zip && \ 10 | unzip /tmp/consul_template_0.15.0_linux_amd64.zip && \ 11 | mv consul-template /bin 12 | 13 | # Install ContainerPilot 14 | ENV CONTAINERPILOT_VER 3.0.0 15 | ENV CONTAINERPILOT /etc/containerpilot.json5 16 | 17 | RUN export CONTAINERPILOT_CHECKSUM=6da4a4ab3dd92d8fd009cdb81a4d4002a90c8b7c \ 18 | && curl -Lso /tmp/containerpilot.tar.gz \ 19 | "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VER}/containerpilot-${CONTAINERPILOT_VER}.tar.gz" \ 20 | && echo "${CONTAINERPILOT_CHECKSUM} /tmp/containerpilot.tar.gz" | sha1sum -c \ 21 | && tar zxf /tmp/containerpilot.tar.gz -C /bin \ 22 | && rm /tmp/containerpilot.tar.gz 23 | 24 | # COPY ContainerPilot configuration 25 | COPY containerpilot.json5 /etc/containerpilot.json5 26 | ENV CONTAINERPILOT=/etc/containerpilot.json5 27 | 28 | COPY reload-nginx.sh /bin/ 29 | COPY index.html /usr/share/nginx/html/ 30 | COPY style.css /usr/share/nginx/html/ 31 | COPY nginx.conf /etc/nginx/nginx.conf 32 | COPY nginx.conf.ctmpl /etc/containerpilot/ 33 | 34 | EXPOSE 80 35 | CMD ["/bin/containerpilot"] 36 | -------------------------------------------------------------------------------- /nginx/containerpilot.json5: -------------------------------------------------------------------------------- 1 | { 2 | consul: "consul:8500", 3 | logging: { 4 | level: "DEBUG", 5 | format: "text" 6 | }, 7 | jobs: [ 8 | { 9 | // without a "when" field this will start first 10 | name: "preStart", 11 | exec: "/bin/reload-nginx.sh preStart" 12 | }, 13 | { 14 | name: "nginx", 15 | port: 80, 16 | interfaces: ["eth1", "eth0"], 17 | exec: "nginx", 18 | when: { 19 | source: "preStart", 20 | once: "exitSuccess" 21 | }, 22 | health: { 23 | exec: "/usr/bin/curl -o /dev/null --fail -s http://localhost/health", 24 | interval: 10, 25 | ttl: 25 26 | } 27 | }, 28 | { 29 | name: "onchange-hello", 30 | exec: "/bin/reload-nginx.sh onChange", 31 | when: { 32 | source: "watch.hello", 33 | each: "changed" 34 | } 35 | }, 36 | { 37 | name: "onchange-world", 38 | exec: "/bin/reload-nginx.sh onChange", 39 | when: { 40 | source: "watch.world", 41 | each: "changed" 42 | } 43 | } 44 | ], 45 | watches: [ 46 | { 47 | name: "hello", 48 | interval: 3 49 | }, 50 | { 51 | name: "world", 52 | interval: 3 53 | } 54 | ] 55 | } 56 | -------------------------------------------------------------------------------- /nginx/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
10 |

11 |

12 |
13 | 14 | 38 | 39 | -------------------------------------------------------------------------------- /nginx/kube-deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | namespace: hello-world 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | app: nginx 12 | spec: 13 | containers: 14 | - image: gcr.io/jackzampolin-web/nginx 15 | imagePullPolicy: Always 16 | name: nginx 17 | ports: 18 | - containerPort: 80 19 | -------------------------------------------------------------------------------- /nginx/kube-service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | namespace: hello-world 6 | spec: 7 | type: LoadBalancer 8 | ports: 9 | - port: 80 10 | name: http 11 | - port: 443 12 | name: https 13 | selector: 14 | app: nginx 15 | -------------------------------------------------------------------------------- /nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | daemon off; 2 | user nginx; 3 | worker_processes 1; 4 | 5 | error_log /var/log/nginx/error.log warn; 6 | pid /var/run/nginx.pid; 7 | 8 | events { 9 | worker_connections 1024; 10 | } 11 | 12 | 13 | http { 14 | include /etc/nginx/mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 18 | '$status $body_bytes_sent "$http_referer" ' 19 | '"$http_user_agent" "$http_x_forwarded_for"'; 20 | 21 | access_log /var/log/nginx/access.log main; 22 | 23 | sendfile on; 24 | keepalive_timeout 65; 25 | 26 | server { 27 | listen 80; 28 | server_name _; 29 | 30 | root /usr/share/nginx/html; 31 | 32 | location /health { 33 | # requires http_stub_status_module 34 | stub_status; 35 | allow 127.0.0.1; 36 | deny all; 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /nginx/nginx.conf.ctmpl: -------------------------------------------------------------------------------- 1 | daemon off; 2 | user nginx; 3 | worker_processes 1; 4 | 5 | error_log /var/log/nginx/error.log warn; 6 | pid /var/run/nginx.pid; 7 | 8 | events { 9 | worker_connections 1024; 10 | } 11 | 12 | 13 | http { 14 | include /etc/nginx/mime.types; 15 | default_type application/octet-stream; 16 | 17 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 18 | '$status $body_bytes_sent "$http_referer" ' 19 | '"$http_user_agent" "$http_x_forwarded_for"'; 20 | 21 | access_log /var/log/nginx/access.log main; 22 | 23 | sendfile on; 24 | keepalive_timeout 65; 25 | 26 | 27 | {{ if service "hello" }} 28 | upstream hello { 29 | # write the address:port pairs for each healthy Hello node 30 | {{range service "hello"}} 31 | server {{.Address}}:{{.Port}}; 32 | {{end}} 33 | least_conn; 34 | }{{ end }} 35 | 36 | {{ if service "world" }} 37 | upstream world { 38 | # write the address:port pairs for each healthy World node 39 | {{range service "world"}} 40 | server {{.Address}}:{{.Port}}; 41 | {{end}} 42 | least_conn; 43 | }{{ end }} 44 | 45 | server { 46 | listen 80; 47 | server_name _; 48 | 49 | root /usr/share/nginx/html; 50 | 51 | location /health { 52 | # requires http_stub_status_module 53 | stub_status; 54 | allow 127.0.0.1; 55 | deny all; 56 | } 57 | 58 | {{ if service "hello" }} 59 | location ^~ /hello { 60 | # strip '/hello' from the request before passing 61 | # it along to the Hello upstream 62 | rewrite ^/hello(/.*)$ $1 break; 63 | proxy_pass http://hello; 64 | proxy_redirect off; 65 | }{{end}} 66 | 67 | {{ if service "world" }} 68 | location ^~ /world { 69 | # strip '/world' from the request before passing 70 | # it along to the World upstream 71 | rewrite ^/world(/.*)$ $1 break; 72 | proxy_pass http://world; 73 | proxy_redirect off; 74 | }{{end}} 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /nginx/reload-nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Render Nginx configuration template using values from Consul, 4 | # but do not reload because Nginx has't started yet 5 | preStart() { 6 | consul-template \ 7 | -once \ 8 | -consul consul:8500 \ 9 | -template "/etc/containerpilot/nginx.conf.ctmpl:/etc/nginx/nginx.conf" 10 | } 11 | 12 | # Render Nginx configuration template using values from Consul, 13 | # then gracefully reload Nginx 14 | onChange() { 15 | consul-template \ 16 | -once \ 17 | -consul consul:8500 \ 18 | -template "/etc/containerpilot/nginx.conf.ctmpl:/etc/nginx/nginx.conf:nginx -s reload" 19 | } 20 | 21 | until 22 | cmd=$1 23 | if [ -z "$cmd" ]; then 24 | onChange 25 | fi 26 | shift 1 27 | $cmd "$@" 28 | [ "$?" -ne 127 ] 29 | do 30 | onChange 31 | exit 32 | done 33 | -------------------------------------------------------------------------------- /nginx/style.css: -------------------------------------------------------------------------------- 1 | progress,sub,sup{vertical-align:baseline}button,hr,input{overflow:visible}[type=checkbox],[type=radio],legend{box-sizing:border-box;padding:0}html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}svg:not(:root){overflow:hidden}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}button,input,select,textarea{font:inherit;margin:0}optgroup{font-weight:700}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:ButtonText dotted 1px}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{color:inherit;display:table;max-width:100%;white-space:normal}textarea{overflow:auto}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-cancel-button,[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-input-placeholder{color:inherit;opacity:.54}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit} 2 | 3 | body {background-color:#4682B4;} 4 | .wrapper {max-width: 1000px; padding: 10px; margin: 0 auto; text-align: center;} 5 | h1 {color:#fff; display: inline-block; padding: 10px 0; font-size: 2em; } 6 | h2 {color:#7FFF00; display: inline-block; padding: 10px 0; font-size: 2em;} -------------------------------------------------------------------------------- /triton-docker-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # This Source Code Form is subject to the terms of the Mozilla Public 4 | # License, v. 2.0. If a copy of the MPL was not distributed with this 5 | # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 | # 7 | 8 | # 9 | # Copyright (c) 2015, Joyent, Inc. 10 | # 11 | 12 | # 13 | # Setup your environment for `docker` to use with SmartDataCenter. 14 | # 15 | # The basic steps are: 16 | # 17 | # 1. Select the data center (i.e. the CloudAPI URL). 18 | # 2. Select the account (login) to use. 19 | # 3. Ensure the account has an SSH key to use. 20 | # 4. Generate a client certificate from your SSH key and save that where 21 | # `docker` can use it: "~/.sdc/docker/$account/". 22 | # 23 | 24 | if [[ -n "$TRACE" ]]; then 25 | export PS4='[\D{%FT%TZ}] ${BASH_SOURCE}:${LINENO}: ${FUNCNAME[0]:+${FUNCNAME[0]}(): }' 26 | set -o xtrace 27 | fi 28 | set -o errexit 29 | set -o pipefail 30 | 31 | # ---- globals 32 | 33 | NAME=$(basename $0) 34 | VERSION=1.0.0 35 | 36 | # Ensure locale-independent output for 'date' for signing headers. 37 | # (See DOCKER-799.) 38 | LC_ALL=C 39 | 40 | CERT_BASE_DIR=$HOME/.sdc/docker 41 | 42 | CURL_OPTS=" -H user-agent:sdc-docker-setup/$VERSION" 43 | 44 | PROFILE_NAME_RE='^[a-z][a-z0-9\._-]+$' 45 | 46 | 47 | 48 | # ---- support functions 49 | 50 | function fatal 51 | { 52 | echo "" >&2 53 | echo "* * *" >&2 54 | printf "$NAME: fatal error: $*\n" >&2 55 | exit 1 56 | } 57 | 58 | function warn 59 | { 60 | echo "$NAME: warn: $*" >&2 61 | } 62 | 63 | function info 64 | { 65 | if [[ $optQuiet == "true" ]]; then 66 | return 67 | fi 68 | echo "$*" 69 | } 70 | 71 | function envInfo 72 | { 73 | if [[ -n "$envFile" ]]; then 74 | echo "$*" >>$envFile 75 | fi 76 | echo " $*" 77 | } 78 | 79 | function debug 80 | { 81 | #echo "$NAME: debug: $@" >&2 82 | true 83 | } 84 | 85 | 86 | function usage 87 | { 88 | echo "Usage:" 89 | echo " triton-docker-setup [CLOUDAPI-OR-REGION] [ACCOUNT] [SSH-PRIVATE-KEY-PATH]" 90 | echo "" 91 | echo "Options:" 92 | echo " -h Print this help and exit." 93 | echo " -V Print version and exit." 94 | echo " -q Quiet output. Only print out environment setup commands." 95 | echo " -f Force set up without checks (check that the given login and" 96 | echo " ssh key exist in the Triton CloudAPI, check that the Docker" 97 | echo " hostname responds, etc)." 98 | echo " -k Disable SSH certificate verification (e.g. if using CoaL" 99 | echo " for development)." 100 | echo " -s Include SDC_* environment variables for setting up Triton CLI." 101 | echo " Otherwise, only the 'docker' env vars are emitted." 102 | echo " -p PROFILE" 103 | echo " The profile name for this Docker host and account." 104 | echo " Profile info is stored under '~/.sdc/docker/\$profile/'." 105 | echo " It defaults to the ACCOUNT, it must match '${PROFILE_NAME_RE}'." 106 | # TODO: examples 107 | } 108 | 109 | function dockerInfo 110 | { 111 | local dockerUrl response 112 | dockerUrl=$1 113 | 114 | local curlOpts 115 | if [[ $optInsecure == "true" ]]; then 116 | curlOpts=" -k" 117 | fi 118 | curl $CURL_OPTS -sSf $curlOpts --connect-timeout 10 \ 119 | --url $dockerUrl/v1.16/info 120 | } 121 | 122 | 123 | 124 | # Return ssh fingerprint in the form "he:xh:ex:he:xh:..." 125 | # OpenSSH_6.8 changes the "-l" flag output. 126 | function sshGetMD5Fingerprint() { 127 | local sshPubKeyPath=$1 128 | local s 129 | s=$(ssh-keygen -E md5 -l -f "$sshPubKeyPath" 2> /dev/null) 130 | if [[ $? -eq 0 ]]; then 131 | echo "$s" | awk '{print $2}' | tr -d '\n' | cut -d: -f2-; 132 | else 133 | # OpenSSH version < 6.8 134 | ssh-keygen -l -f "$sshPubKeyPath" | awk '{print $2}' | tr -d '\n'; 135 | fi 136 | } 137 | 138 | 139 | function cloudapiVerifyAccount() { 140 | local cloudapiUrl account sshPrivKeyPath sshKeyId now signature response 141 | cloudapiUrl=$1 142 | account=$2 143 | sshPrivKeyPath=$3 144 | sshKeyId=$4 145 | 146 | now=$(date -u "+%a, %d %h %Y %H:%M:%S GMT") 147 | signature=$(echo ${now} | tr -d '\n' | openssl dgst -sha256 -sign $sshPrivKeyPath | openssl enc -e -a | tr -d '\n') 148 | 149 | local curlOpts 150 | if [[ $coal == "true" || $optInsecure == "true" ]]; then 151 | curlOpts=" -k" 152 | fi 153 | 154 | local response status 155 | response=$(curl $CURL_OPTS $curlOpts -isS \ 156 | -H "Accept:application/json" -H "api-version:*" -H "Date: ${now}" \ 157 | -H "Authorization: Signature keyId=\"/$account/keys/$sshKeyId\",algorithm=\"rsa-sha256\" ${signature}" \ 158 | --url $cloudapiUrl/--ping) 159 | status=$(echo "$response" | head -1 | awk '{print $2}') 160 | case "$status" in 161 | 401) 162 | if [[ -n "$portalUrl" ]]; then 163 | fatal "invalid credentials" \ 164 | "\nVisit <$portalUrl> to create the '$account' account" \ 165 | "\nand/or add your SSH public key ($sshPubKeyPath)" 166 | elif [[ "$coal" == "true" ]]; then 167 | fatal "invalid credentials" \ 168 | "\n You must create the '$account' account and/or add your SSH" \ 169 | "\n public key ($sshPubKeyPath) to the" \ 170 | "\n given SmartDataCenter."\ 171 | "\n" \ 172 | "\n On CoaL you can do this via:" \ 173 | "\n scp $sshPubKeyPath root@10.99.99.7:/var/tmp/id_rsa.pub" \ 174 | "\n ssh root@10.99.99.7" \ 175 | "\n sdc-useradm get $account >/dev/null 2>/dev/null || \\" \ 176 | "\n echo '{\"login\":\"$account\",\"userpassword\":\"secret123\",\"cn\":\"$account Test User\",\"email\":\"$account@example.com\"}' | sdc-useradm create -A" \ 177 | "\n sdc-useradm add-key $account /var/tmp/id_rsa.pub" 178 | else 179 | fatal "invalid credentials" \ 180 | "\n You must create the '$account' account and/or add your SSH" \ 181 | "\n public key ($sshPubKeyPath) to the" \ 182 | "\n given SmartDataCenter." 183 | fi 184 | ;; 185 | 200) 186 | info "CloudAPI access verified." 187 | info '' 188 | ;; 189 | *) 190 | if [[ "$status" == "400" && "$coal" == "true" ]]; then 191 | fatal "'Bad Request' from CloudAPI. Possibly clock skew. Otherwise, check the CloudAPI log.\n\n$response" 192 | fi 193 | fatal "unexpected CloudAPI response:\n\n$response" 194 | ;; 195 | esac 196 | } 197 | 198 | 199 | function cloudapiGetDockerService() { 200 | local cloudapiUrl account sshPrivKeyPath sshKeyId now signature response 201 | cloudapiUrl=$1 202 | account=$2 203 | sshPrivKeyPath=$3 204 | sshKeyId=$4 205 | 206 | # TODO: share the 'cloudapi request' code 207 | now=$(date -u "+%a, %d %h %Y %H:%M:%S GMT") 208 | signature=$(echo ${now} | tr -d '\n' | openssl dgst -sha256 -sign $sshPrivKeyPath | openssl enc -e -a | tr -d '\n') 209 | 210 | local curlOpts 211 | if [[ $coal == "true" || $optInsecure == "true" ]]; then 212 | curlOpts=" -k" 213 | fi 214 | 215 | # TODO: a test on ListServices being a single line of JSON 216 | local response status dockerService 217 | response=$(curl $CURL_OPTS $curlOpts -isS \ 218 | -H "Accept:application/json" -H "api-version:*" -H "Date: ${now}" \ 219 | -H "Authorization: Signature keyId=\"/$account/keys/$sshKeyId\",algorithm=\"rsa-sha256\" ${signature}" \ 220 | --url $cloudapiUrl/$account/services) 221 | status=$(echo "$response" | head -1 | awk '{print $2}') 222 | if [[ "$status" == "403" ]]; then 223 | # Forbidden (presumably from an invite-only DC). 224 | # Assuming the error response is all on the last line: 225 | # {"code":"NotAuthorized","message":"Forbidden (This serv ..."} 226 | local errmsg 227 | errmsg=$(echo "$response" | tail -1 | sed -E 's/.*"message":"([^"]*)".*/\1/') 228 | fatal "cannot setup for this datacenter: $errmsg" 229 | elif [[ "$status" != "200" ]]; then 230 | warn "could not get Docker service endpoint from CloudAPI (status=$status)" 231 | return 232 | fi 233 | if [[ -z "$(echo "$response" | (grep '"docker"' || true))" ]]; then 234 | warn "could not get Docker service endpoint from CloudAPI (no docker service listed)" 235 | return 236 | fi 237 | dockerService=$(echo "$response" | tail -1 | sed -E 's/.*"docker":"([^"]*)".*/\1/') 238 | if [[ "$dockerService" != "$response" ]]; then 239 | echo $dockerService 240 | fi 241 | } 242 | 243 | function downloadCaCertificate() 244 | { 245 | local dockerHttpsUrl="https://$1" 246 | local outFile=$2 247 | local curlOpts="" 248 | 249 | if [[ "$coal" == "true" || $optInsecure == "true" ]]; then 250 | curlOpts="-k" 251 | fi 252 | 253 | curl $CURL_OPTS $curlOpts --connect-timeout 10 \ 254 | --url "$dockerHttpsUrl/ca.pem" -o $outFile 2>/dev/null 255 | } 256 | 257 | # Arguments: 258 | # $1 - the function that will handle the printing 259 | # $2 - the indentation string 260 | function sdcEnvConfiguration() 261 | { 262 | local indent=$2 263 | if [[ -n "$optSdcSetup" ]]; then 264 | $1 "${indent}export SDC_URL=$cloudapiUrl" 265 | $1 "${indent}export SDC_ACCOUNT=$account" 266 | if [[ -f $sshPubKeyPath ]]; then 267 | $1 "${indent}export SDC_KEY_ID=$(sshGetMD5Fingerprint $sshPubKeyPath)" 268 | else 269 | $1 "${indent}# Could not calculate KEY_ID: SSH public key '$sshPubKeyPath' does not exist" 270 | $1 "${indent}export SDC_KEY_ID=''" 271 | fi 272 | if [[ "$coal" == "true" || $optInsecure == "true" ]]; then 273 | $1 "${indent}export SDC_TESTING=1" 274 | fi 275 | fi 276 | } 277 | 278 | 279 | 280 | # ---- mainline 281 | 282 | # This script currently requires Bash-isms, so guard for that. 283 | if [ "$POSIXLY_CORRECT" = "y" ]; then 284 | fatal "This script requires Bash running in *non*-posix mode. 285 | Please re-run with 'bash sdc-docker-setup.sh ...'." 286 | fi 287 | 288 | optQuiet= 289 | optForce= 290 | optInsecure= 291 | optSdcSetup= 292 | optProfileName= 293 | while getopts "hVqfksp:" opt; do 294 | case "$opt" in 295 | h) 296 | usage 297 | exit 0 298 | ;; 299 | V) 300 | echo "$(basename $0) $VERSION" 301 | exit 0 302 | ;; 303 | q) 304 | optQuiet=true 305 | ;; 306 | f) 307 | optForce=true 308 | ;; 309 | k) 310 | optInsecure=true 311 | ;; 312 | s) 313 | optSdcSetup=true 314 | ;; 315 | p) 316 | if [[ -z $(echo "$OPTARG" | (egrep "$PROFILE_NAME_RE" || true)) ]]; then 317 | fatal "profile name, '$OPTARG', does not match '$PROFILE_NAME_RE'" 318 | fi 319 | optProfileName=$OPTARG 320 | ;; 321 | *) 322 | usage 323 | exit 1 324 | ;; 325 | esac 326 | done 327 | shift $((OPTIND - 1)) 328 | 329 | # Ping the URL passed as the first positional parameter and outputs one 330 | # of three possible strings: 331 | # - "available" if the ping endpoint responded with an OK status to the ping 332 | # request 333 | # - "maintenance" if the ping endpoint responded with a 503 status code to 334 | # the ping request. 335 | # - "unavailable" if the ping endpoint responded with any other response 336 | function pingCloudAPIUrl() 337 | { 338 | local cloudApiUrl=$1 339 | local response status 340 | 341 | local curlOpts 342 | if [[ $coal == "true" || $optInsecure == "true" ]]; then 343 | curlOpts=" -k" 344 | fi 345 | 346 | response=$(curl -sSi $curlOpts $cloudApiUrl/--ping) 347 | status=$(echo "$response" | head -1 | awk '{print $2}') 348 | case "$status" in 349 | 200) 350 | echo "available" 351 | ;; 352 | 503) 353 | echo "maintenance" 354 | ;; 355 | *) 356 | echo "unavailable" 357 | ;; 358 | esac 359 | } 360 | 361 | # Get the cloudapi URL. Default to the cloudapi for the current pre-release 362 | # docker service. Eventually can default to the user's SDC_URL setting. 363 | # 364 | # Offer some shortcuts: 365 | # - coal: Find the cloudapi in your local CoaL via ssh. 366 | # - : Treat as a Joyent Cloud region name and use: 367 | # https://$dc.api.joyent.com 368 | # - if given without 'https://' prefix: add that automatically 369 | promptedUser= 370 | 371 | # While the URL passed on the command line is not a valid cloudapi URL, 372 | # prompt for a new one. 373 | cloudapiUrl=$1 374 | while true; do 375 | if [[ -z "$cloudapiUrl" ]]; then 376 | defaultCloudapiUrl=https://us-east-1.api.joyent.com 377 | #info "Enter the SDC Docker hostname. Press enter for the default." 378 | printf "SDC CloudAPI URL [$defaultCloudapiUrl]: " 379 | read cloudapiUrl 380 | promptedUser=true 381 | fi 382 | 383 | if [[ -z "$cloudapiUrl" ]]; then 384 | portalUrl=https://my.joyent.com 385 | cloudapiUrl=$defaultCloudapiUrl 386 | elif [[ "$cloudapiUrl" == "coal" ]]; then 387 | coal=true 388 | cloudapiUrl=https://$(ssh -o ConnectTimeout=5 root@10.99.99.7 "vmadm lookup -j alias=cloudapi0 | json -ae 'ext = this.nics.filter(function (nic) { return nic.nic_tag === \"external\"; })[0]; this.ip = ext ? ext.ip : this.nics[0].ip;' ip") 389 | if [[ -z "$cloudapiUrl" ]]; then 390 | fatal "could not find the cloudapi0 zone IP in CoaL" 391 | fi 392 | elif [[ "${cloudapiUrl/./X}" == "$cloudapiUrl" ]]; then 393 | portalUrl=https://my.joyent.com 394 | cloudapiUrl=https://$cloudapiUrl.api.joyent.com 395 | elif [[ "${cloudapiUrl:0:8}" != "https://" ]]; then 396 | cloudapiUrl=https://$cloudapiUrl 397 | fi 398 | debug "cloudapiUrl: $cloudapiUrl" 399 | 400 | cloudApiUrlStatus=$(pingCloudAPIUrl "$cloudapiUrl") 401 | if [[ "$cloudApiUrlStatus" == "maintenance" ]]; then 402 | if [[ $promptedUser == "true" ]]; then 403 | printf "\"$cloudapiUrl\" is currently in maintenance, please try another SDC CloudAPI URL\n" 404 | else 405 | fatal "\"$cloudapiUrl\" is currently in maintenance" 406 | fi 407 | elif [[ "$cloudApiUrlStatus" == "unavailable" ]]; then 408 | if [[ $promptedUser == "true" ]]; then 409 | printf "Cannot ping \"$cloudapiUrl\", are you sure it is a valid SDC CloudAPI URL?\n" 410 | else 411 | fatal "Cannot ping \"$cloudapiUrl\", are you sure it is a valid SDC CloudAPI URL?" 412 | fi 413 | elif [[ "$cloudApiUrlStatus" == "available" ]]; then 414 | break 415 | else 416 | fatal "There was an error when checking $cloudapiUrl's status\n" 417 | fi 418 | 419 | # Even if cloudapiUrl was set on the command line, reset it so that 420 | # we prompt for a new one because the one passed on the command line 421 | # was invalid. 422 | cloudapiUrl= 423 | done 424 | 425 | 426 | # Get the account to use. 427 | account=$2 428 | if [[ -z "$account" ]]; then 429 | defaultAccount=$SDC_ACCOUNT 430 | if [[ -z "$defaultAccount" ]]; then 431 | printf "SDC account: " 432 | else 433 | printf "SDC account [$defaultAccount]: " 434 | fi 435 | read account 436 | promptedUser=true 437 | fi 438 | if [[ -z "$account" && -n "$defaultAccount" ]]; then 439 | account=$defaultAccount 440 | fi 441 | debug "account: $account" 442 | if [[ -z "$account" ]]; then 443 | fatal "no account (login name) was given" 444 | fi 445 | 446 | 447 | # Get SSH priv key path. 448 | sshPrivKeyPath=$3 449 | if [[ -z "$sshPrivKeyPath" ]]; then 450 | # TODO: Using SDC_KEY_ID and search ~/.ssh for a matching key. 451 | if [[ -f $HOME/.ssh/id_rsa ]]; then 452 | defaultSSHPrivKeyPath=$HOME/.ssh/id_rsa 453 | fi 454 | if [[ -z "$defaultSSHPrivKeyPath" ]]; then 455 | printf "SSH private key path: " 456 | else 457 | printf "SSH private key [$defaultSSHPrivKeyPath]: " 458 | fi 459 | read sshPrivKeyPath 460 | promptedUser=true 461 | fi 462 | if [[ -z "$sshPrivKeyPath" && -n "$defaultSSHPrivKeyPath" ]]; then 463 | sshPrivKeyPath=$defaultSSHPrivKeyPath 464 | fi 465 | sshPrivKeyPath=$(bash -c "echo $sshPrivKeyPath") # resolve '~' 466 | if [[ ! -f $sshPrivKeyPath ]]; then 467 | fatal "'$sshPrivKeyPath' does not exist" 468 | fi 469 | debug "sshPrivKeyPath: $sshPrivKeyPath" 470 | if [[ -z "$sshPrivKeyPath" ]]; then 471 | fatal "no SSH private key path was given" 472 | fi 473 | 474 | 475 | [[ $promptedUser == "true" ]] && info "" 476 | info "Setting up Docker client for SDC using:" 477 | info " CloudAPI: $cloudapiUrl" 478 | info " Account: $account" 479 | info " Key: $sshPrivKeyPath" 480 | info "" 481 | 482 | 483 | sshPubKeyPath=$sshPrivKeyPath.pub 484 | if [[ $optForce != "true" ]]; then 485 | if [[ ! -f $sshPubKeyPath ]]; then 486 | fatal "could not verify account/key: SSH public key does not exist at '$sshPubKeyPath'" 487 | fi 488 | sshKeyId=$(sshGetMD5Fingerprint $sshPubKeyPath) 489 | debug "sshKeyId: $sshKeyId" 490 | 491 | info "If you have a pass phrase on your key, the openssl command will" 492 | info "prompt you for your pass phrase now and again later." 493 | info '' 494 | info "Verifying CloudAPI access." 495 | cloudapiVerifyAccount "$cloudapiUrl" "$account" "$sshPrivKeyPath" "$sshKeyId" 496 | fi 497 | 498 | 499 | info "Generating client certificate from SSH private key." 500 | profileName=$optProfileName 501 | if [[ -z "$profileName" ]]; then 502 | profileName=$account 503 | fi 504 | certDir="$CERT_BASE_DIR/$profileName" 505 | keyPath=$certDir/key.pem 506 | certPath=$certDir/cert.pem 507 | csrPath=$certDir/csr.pem 508 | caPath=$certDir/ca.pem 509 | 510 | mkdir -p $(dirname $keyPath) 511 | openssl rsa -in $sshPrivKeyPath -outform pem >$keyPath 2>/dev/null 512 | openssl req -new -key $keyPath -out $csrPath -subj "/CN=$account" >/dev/null 2>/dev/null 513 | # TODO: expiry? 514 | openssl x509 -req -days 365 -in $csrPath -signkey $keyPath -out $certPath >/dev/null 2>/dev/null 515 | rm $csrPath # The signing request has been used - remove it. 516 | info "Wrote certificate files to $certDir" 517 | info '' 518 | 519 | if [[ $optForce != "true" ]]; then 520 | info "Get Docker host endpoint from cloudapi." 521 | dockerService=$(cloudapiGetDockerService "$cloudapiUrl" "$account" "$sshPrivKeyPath" "$sshKeyId") 522 | dockerHostAndPort=${dockerService#*://} # remove 'tcp://' from start 523 | dockerHost=${dockerHostAndPort%:*} # remove ':2376' from end 524 | dockerPort=${dockerHostAndPort#*:} # remove everything before ':2376' 525 | if [[ -n "$dockerService" ]]; then 526 | info "Docker service endpoint is: $dockerService" 527 | else 528 | info "Could not discover service endpoint for DOCKER_HOST from CloudAPI." 529 | fi 530 | fi 531 | 532 | # Add the sdc-docker ca.pem (server certificate verification). 533 | downloadCaCertificate $dockerHostAndPort $caPath 534 | 535 | # TODO: success even if can't discover service endpoint for docker? 536 | info "" 537 | info "* * *" 538 | info "Success. Set your environment as follows: " 539 | info "" 540 | envFile=$certDir/env.sh 541 | rm -f $envFile 542 | touch $envFile 543 | 544 | sdcEnvConfiguration envInfo "" 545 | 546 | envInfo "export DOCKER_CERT_PATH=$certDir" 547 | if [[ -n "$dockerService" ]]; then 548 | envInfo "export DOCKER_HOST=$dockerService" 549 | envInfo "export DOCKER_CLIENT_TIMEOUT=300" 550 | envInfo "export COMPOSE_HTTP_TIMEOUT=300" 551 | if [[ $dockerHost =~ ^[0-9]+ ]]; then 552 | # IP address - let them know a FQDN is needed to use DOCKER_TLS_VERIFY. 553 | envInfo "unset DOCKER_TLS_VERIFY" 554 | envInfo "alias docker=\"docker --tls\"" 555 | dockerHostname="my.triton" 556 | info "" 557 | info "Your Docker host is not a DNS name, but an IP. If you want to run docker" 558 | info "with TLS verification, you can configure to use a '${dockerHostname}' DNS" 559 | info "name as follows (use this instead of the setup block above):" 560 | info "" 561 | info " sudo sed -e '\$G; \$s/\$/${dockerHost} ${dockerHostname}/;' -i.bak /etc/hosts" 562 | sdcEnvConfiguration info " " 563 | info " export DOCKER_CERT_PATH=$certDir" 564 | info " export DOCKER_HOST=tcp://${dockerHostname}:${dockerPort}" 565 | info " export DOCKER_TLS_VERIFY=1" 566 | info " export DOCKER_CLIENT_TIMEOUT=300" 567 | info " export COMPOSE_HTTP_TIMEOUT=300" 568 | else 569 | # Fully qualified domain name... assume the cert is already setup. 570 | envInfo "export DOCKER_TLS_VERIFY=1" 571 | fi 572 | else 573 | envInfo "# See the product docs for the value to use for DOCKER_HOST." 574 | envInfo "export DOCKER_HOST='tcp://:2376'" 575 | envInfo "export DOCKER_CLIENT_TIMEOUT=300" 576 | fi 577 | info "" 578 | info "Then you should be able to run 'docker info' and see your account" 579 | info "name 'SDCAccount: ${account}' in the output." 580 | info "" 581 | info "Note: If you receive any docker compose warning about the" 582 | info "DOCKER_CLIENT_TIMEOUT environment variable being deprecated," 583 | info "simply unset it and remove it from env.sh." 584 | -------------------------------------------------------------------------------- /world/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mhart/alpine-node:latest 2 | 3 | RUN apk update && \ 4 | apk add curl 5 | 6 | # Install ContainerPilot 7 | ENV CONTAINERPILOT_VER 3.0.0 8 | ENV CONTAINERPILOT /etc/containerpilot.json5 9 | 10 | RUN export CONTAINERPILOT_CHECKSUM=6da4a4ab3dd92d8fd009cdb81a4d4002a90c8b7c \ 11 | && curl -Lso /tmp/containerpilot.tar.gz \ 12 | "https://github.com/joyent/containerpilot/releases/download/${CONTAINERPILOT_VER}/containerpilot-${CONTAINERPILOT_VER}.tar.gz" \ 13 | && echo "${CONTAINERPILOT_CHECKSUM} /tmp/containerpilot.tar.gz" | sha1sum -c \ 14 | && tar zxf /tmp/containerpilot.tar.gz -C /bin \ 15 | && rm /tmp/containerpilot.tar.gz 16 | 17 | # COPY ContainerPilot configuration 18 | COPY containerpilot.json5 /etc/containerpilot.json5 19 | ENV CONTAINERPILOT=/etc/containerpilot.json5 20 | 21 | # Install our application 22 | COPY index.js /opt/world/ 23 | 24 | EXPOSE 3002 25 | CMD ["/bin/containerpilot"] 26 | -------------------------------------------------------------------------------- /world/containerpilot.json5: -------------------------------------------------------------------------------- 1 | { 2 | consul: "consul:8500", 3 | jobs: [ 4 | { 5 | name: "world", 6 | exec: "node /opt/world/index.js", 7 | port: 3002, 8 | health: { 9 | exec: "/usr/bin/curl -o /dev/null --fail -s http://localhost:3002/", 10 | interval: 3, 11 | ttl: 10 12 | } 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /world/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // Load modules 4 | 5 | const Http = require('http'); 6 | 7 | 8 | const server = module.exports = Http.createServer((req, res) => { 9 | res.writeHead(200); 10 | res.end('World'); 11 | }); 12 | 13 | server.listen(3002, () => { 14 | console.log(`World server listening on port ${server.address().port}`); 15 | }); 16 | -------------------------------------------------------------------------------- /world/kube-deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: world 5 | namespace: hello-world 6 | spec: 7 | replicas: 2 8 | template: 9 | metadata: 10 | labels: 11 | app: world 12 | spec: 13 | containers: 14 | - image: gcr.io/jackzampolin-web/world 15 | imagePullPolicy: Always 16 | name: world 17 | ports: 18 | - containerPort: 3002 19 | -------------------------------------------------------------------------------- /world/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "world", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "lab -c" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "MPL-V2", 12 | "devDependencies": { 13 | "code": "3.x.x", 14 | "lab": "11.x.x", 15 | "wreck": "9.x.x" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /world/test/index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | // Load modules 4 | 5 | const Code = require('code'); 6 | const Lab = require('lab'); 7 | const Wreck = require('wreck'); 8 | const World = require('../'); 9 | 10 | 11 | // Test shortcuts 12 | 13 | const lab = exports.lab = Lab.script(); 14 | const describe = lab.describe; 15 | const it = lab.it; 16 | const expect = Code.expect; 17 | 18 | 19 | describe('World', () => { 20 | it('responds with a 200 and the word "World"', (done) => { 21 | Wreck.get(`http://localhost:${World.address().port}/`, (err, res, payload) => { 22 | expect(err).to.not.exist(); 23 | expect(res.statusCode).to.equal(200); 24 | expect(payload.toString()).to.equal('World'); 25 | done(); 26 | }); 27 | }); 28 | }); 29 | --------------------------------------------------------------------------------