From db19f6c97fbbaffbf7057b801f39747b5c57aae1 Mon Sep 17 00:00:00 2001 From: Vihang Patil Date: Sat, 29 Sep 2018 22:06:55 +0200 Subject: [PATCH 1/2] Added metrics grpc endpoint to prime in prod --- prime/infra/README.md | 2 ++ prime/infra/dev/metrics-api.yaml | 2 +- prime/infra/prod/metrics-api.yaml | 30 ++++++++++++++++++++++ prime/infra/prod/prime.yaml | 42 ++++++++++++++++++++++++++++++- 4 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 prime/infra/prod/metrics-api.yaml diff --git a/prime/infra/README.md b/prime/infra/README.md index 5103ef877..e1d3d696d 100644 --- a/prime/infra/README.md +++ b/prime/infra/README.md @@ -83,6 +83,8 @@ Reference: Generate self-contained protobuf descriptor file - `ocs_descriptor.pb` & `metrics_descriptor.pb` ```bash +pyenv versions +pyenv local 3.5.2 pip install grpcio grpcio-tools python -m grpc_tools.protoc \ diff --git a/prime/infra/dev/metrics-api.yaml b/prime/infra/dev/metrics-api.yaml index 750adc869..fafd2ff79 100644 --- a/prime/infra/dev/metrics-api.yaml +++ b/prime/infra/dev/metrics-api.yaml @@ -27,4 +27,4 @@ authentication: rules: - selector: "*" requirements: - - provider_id: google_service_account + - provider_id: google_service_account \ No newline at end of file diff --git a/prime/infra/prod/metrics-api.yaml b/prime/infra/prod/metrics-api.yaml new file mode 100644 index 000000000..7badcd6a5 --- /dev/null +++ b/prime/infra/prod/metrics-api.yaml @@ -0,0 +1,30 @@ +type: google.api.Service + +config_version: 3 + +name: metrics.ostelco.org + +title: Prime Metrics Reporter Service gRPC API + +apis: + - name: org.ostelco.prime.metrics.api.OcsgwAnalyticsService + +usage: + rules: + # All methods can be called without an API Key. + - selector: "*" + allow_unregistered_calls: true + +authentication: + providers: + - id: google_service_account + issuer: prime-service-account@pantel-2decb.iam.gserviceaccount.com + jwks_uri: https://www.googleapis.com/robot/v1/metadata/x509/prime-service-account@pantel-2decb.iam.gserviceaccount.com + audiences: > + https://metrics.ostelco.org/org.ostelco.prime.metrics.api.OcsgwAnalyticsService, + metrics.ostelco.org/org.ostelco.prime.metrics.api.OcsgwAnalyticsService, + metrics.ostelco.org + rules: + - selector: "*" + requirements: + - provider_id: google_service_account \ No newline at end of file diff --git a/prime/infra/prod/prime.yaml b/prime/infra/prod/prime.yaml index 2dfc8a11a..54691ae8a 100644 --- a/prime/infra/prod/prime.yaml +++ b/prime/infra/prod/prime.yaml @@ -37,6 +37,25 @@ spec: --- apiVersion: v1 kind: Service +metadata: + name: prime-metrics + labels: + app: prime + tier: backend +spec: + type: LoadBalancer + loadBalancerIP: 35.240.23.167 + ports: + - name: grpc + port: 443 + targetPort: 9443 + protocol: TCP + selector: + app: prime + tier: backend +--- +apiVersion: v1 +kind: Service metadata: name: pseudonym-server-service labels: @@ -71,7 +90,7 @@ spec: prometheus.io/port: '8081' spec: containers: - - name: esp + - name: ocs-esp image: gcr.io/endpoints-release/endpoints-runtime:1 args: [ "--http2_port=9000", @@ -105,6 +124,23 @@ spec: - mountPath: /etc/nginx/ssl name: api-ostelco-ssl readOnly: true + - name: metrics-esp + image: gcr.io/endpoints-release/endpoints-runtime:1 + args: [ + "--http2_port=9004", + "--ssl_port=9443", + "--status_port=8094", + "--service=metrics.ostelco.org", + "--rollout_strategy=managed", + "--backend=grpc://127.0.0.1:8083" + ] + ports: + - containerPort: 9004 + - containerPort: 9443 + volumeMounts: + - mountPath: /etc/nginx/ssl + name: metrics-ostelco-ssl + readOnly: true - name: prime image: eu.gcr.io/pantel-2decb/prime:PRIME_VERSION imagePullPolicy: Always @@ -132,6 +168,7 @@ spec: - containerPort: 8080 - containerPort: 8081 - containerPort: 8082 + - containerPort: 8083 volumes: - name: secret-config secret: @@ -142,3 +179,6 @@ spec: - name: ocs-ostelco-ssl secret: secretName: ocs-ostelco-ssl + - name: metrics-ostelco-ssl + secret: + secretName: metrics-ostelco-ssl From 17363403456a190b0405ad436d3becd14656a596 Mon Sep 17 00:00:00 2001 From: Vihang Patil Date: Sat, 29 Sep 2018 22:21:13 +0200 Subject: [PATCH 2/2] Fixed issue with wildcard certificates --- certs/dev.ostelco.org/.gitignore | 2 -- certs/metrics.ostelco.org/.gitignore | 2 -- certs/ocs.ostelco.org/.gitignore | 2 -- ocsgw/build.gradle | 14 -------------- 4 files changed, 20 deletions(-) delete mode 100644 certs/dev.ostelco.org/.gitignore delete mode 100644 certs/metrics.ostelco.org/.gitignore delete mode 100644 certs/ocs.ostelco.org/.gitignore diff --git a/certs/dev.ostelco.org/.gitignore b/certs/dev.ostelco.org/.gitignore deleted file mode 100644 index 47c805dfe..000000000 --- a/certs/dev.ostelco.org/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -nginx.crt -nginx.key \ No newline at end of file diff --git a/certs/metrics.ostelco.org/.gitignore b/certs/metrics.ostelco.org/.gitignore deleted file mode 100644 index 47c805dfe..000000000 --- a/certs/metrics.ostelco.org/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -nginx.crt -nginx.key \ No newline at end of file diff --git a/certs/ocs.ostelco.org/.gitignore b/certs/ocs.ostelco.org/.gitignore deleted file mode 100644 index 47c805dfe..000000000 --- a/certs/ocs.ostelco.org/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -nginx.crt -nginx.key \ No newline at end of file diff --git a/ocsgw/build.gradle b/ocsgw/build.gradle index 021f7dab9..0c92891f4 100644 --- a/ocsgw/build.gradle +++ b/ocsgw/build.gradle @@ -95,20 +95,6 @@ task packDev(type: Zip, dependsOn: 'shadowJar') { fileName.replace('dev.', '') } } - // TODO vihang: figure out why wild-card certs fail to verify - from ('../certs/dev.ostelco.org/nginx.crt') { - into (project.name + '/config/') - rename { String fileName -> - fileName.replace('nginx', 'ocs') - } - } - from ('../certs/dev.ostelco.org/nginx.crt') { - into (project.name + '/config/') - rename { String fileName -> - fileName.replace('nginx', 'metrics') - } - } - // END of certs from ('config/pantel-prod.json') { into (project.name + '/config/') }