Skip to content

Commit

Permalink
review healthchecks and apisix generation
Browse files Browse the repository at this point in the history
  • Loading branch information
@sylvaingaudan
sylvaingaudan committed Oct 2, 2024
1 parent a6e006b commit 67b31ac
Show file tree
Hide file tree
Showing 24 changed files with 691 additions and 53 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
sample/sample.json
conf/server.crt
conf/server.key
conf/apisix/apisix.yaml
conf/apisix/domains.generated.ext
conf/apisix/apisix.generated.yaml
conf/apisix/apisix.generated.tmp.yaml
Expand Down
310 changes: 294 additions & 16 deletions conf/apisix/apisix.yaml
View file

Large diffs are not rendered by default.

260 changes: 260 additions & 0 deletions conf/apisix/apisix_part_arlas_services.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,260 @@
routes:
-
uri: /builder
upstream:
nodes:
"arlas-builder:80": 1
plugins:
redirect:
uri: /builder/
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /builder/*
upstream:
nodes:
"arlas-builder:80": 1
# response-rewrite:
# headers:
# set:
# # Fix CWE Id: 693
# Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# # Fix CWE Id: 1021
# X-Frame-Options: "DENY"
# # Fix CWE Id: 693 // The () means those resources are not allowed.
# Permissions-Policy: accelerometer=(), camera=(), microphone=(), geolocation=(), usb=()
# # Fix CWE Id: 200
# Server: "ARLAS services"
# # Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
# Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# # Fix CWE Id: 693
# X-Content-Type-Options: nosniff
plugins:
proxy-rewrite:
regex_uri: ["/builder/(.*)", "/$1"]
-
uri: /
plugins:
redirect:
uri: /hub/
plugins:
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /hub
plugins:
redirect:
uri: /hub/
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /hub/*
upstream:
nodes:
"arlas-hub:80": 1
plugins:
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 1021
X-Frame-Options: "DENY"
# Fix CWE Id: 693 // The () means those resources are not allowed.
Permissions-Policy: accelerometer=(), camera=(), microphone=(), geolocation=(), usb=()
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
proxy-rewrite:
regex_uri: ["/hub/(.*)", "/$1"]
-
uri: /wui
plugins:
redirect:
uri: /wui/
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /wui/*
upstream:
nodes:
"arlas-wui:80": 1
plugins:
# response-rewrite:
# headers:
# set:
# Fix CWE Id: 693
# Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src https://api.maptiler.com 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 1021
# X-Frame-Options: "DENY"
# Fix CWE Id: 693 // The () means those resources are not allowed.
# Permissions-Policy: accelerometer=(), camera=(), microphone=(), geolocation=(), usb=()
# Fix CWE Id: 200
# Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
# Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
# X-Content-Type-Options: nosniff
proxy-rewrite:
regex_uri: ["/wui/(.*)", "/$1"]
-
uri: /arlas_permissions_server/healthcheck
methods: ["GET"]
upstream:
nodes:
"arlas-permissions-server:9996": 1
plugins:
proxy-rewrite:
regex_uri: ["/arlas_permissions_server/healthcheck", "/admin/healthcheck"]
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /arlas_permissions_server/*
upstream:
nodes:
"arlas-permissions-server:9996": 1
plugins:
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /persist/healthcheck
methods: ["GET"]
upstream:
nodes:
"arlas-persistence-server:9997": 1
plugins:
proxy-rewrite:
regex_uri: ["/persist/healthcheck", "/admin/healthcheck"]
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /persist/*
upstream:
nodes:
"arlas-persistence-server:9997": 1
plugins:
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /arlas/healthcheck
methods: ["GET"]
upstream:
nodes:
"arlas-server:9999": 1
plugins:
proxy-rewrite:
regex_uri: ["/arlas/healthcheck", "/admin/healthcheck"]
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /arlas/*
upstream:
nodes:
"arlas-server:9999": 1
plugins:
proxy-rewrite:
headers:
set:
# Fix CWE Id: 1021
Access-Control-Allow-Origin: "https://${ARLAS_HOST}"
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /basemaps/*
methods: ["GET"]
upstream:
nodes:
"protomaps:8080": 1
79 changes: 79 additions & 0 deletions conf/apisix/apisix_part_iam_services.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
-
uri: /iam
plugins:
redirect:
uri: /iam/
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /iam/*
upstream:
nodes:
"arlas-wui-iam:80": 1
plugins:
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 1021
X-Frame-Options: "DENY"
# Fix CWE Id: 693 // The () means those resources are not allowed.
Permissions-Policy: accelerometer=(), camera=(), microphone=(), geolocation=(), usb=()
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /arlas_iam_server/*
upstream:
nodes:
"arlas-iam-server:9998": 1
plugins:
proxy-rewrite:
headers:
set:
# Fix CWE Id: 1021
Access-Control-Allow-Origin: "https://${ARLAS_HOST}"
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
-
uri: /arlas_iam_server/healthcheck
methods: ["GET"]
upstream:
nodes:
"arlas-iam-server:9998": 1
plugins:
proxy-rewrite:
regex_uri: ["/arlas_iam_server/healthcheck", "/admin/healthcheck"]
response-rewrite:
headers:
set:
# Fix CWE Id: 693
Content-Security-Policy: "default-src https: data: blob: 'self'; connect-src 'self' data: blob:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; font-src 'self'; img-src 'self' data: blob:; frame-ancestors 'none'; form-action 'self'; object-src 'none'; manifest-src 'self'; frame-src 'self'"
# Fix CWE Id: 200
Server: "ARLAS services"
# Fix CWE Id: 319 // Value recommended by https://hstspreload.org/
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# Fix CWE Id: 693
X-Content-Type-Options: nosniff
9 changes: 9 additions & 0 deletions conf/apisix/apisix_part_ssl.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
ssls:
-
snis:
- "localhost"
- "${ARLAS_HOST}"
cert: |
${SSL_CERT}
key: |
${SSL_KEY}
6 changes: 3 additions & 3 deletions dc/ref-dc-aias-airs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,6 @@ services:
tag: ${ARLAS_LOGGING_TAG:-arlas_logging}
healthcheck:
test: "curl -f http://localhost:8000/airs/healthcheck"
interval: 5s
timeout: 3s
retries: 30
interval: 10s
timeout: 10s
retries: 10
6 changes: 3 additions & 3 deletions dc/ref-dc-aias-aproc-service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,6 @@ services:
- ${PWD}/conf/aias/drivers.yaml:/app/conf/drivers.yaml:ro
healthcheck:
test: "curl -f http://localhost:8001/aproc/healthcheck"
interval: 5s
timeout: 3s
retries: 30
interval: 10s
timeout: 10s
retries: 10
6 changes: 3 additions & 3 deletions dc/ref-dc-aias-fam.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,6 @@ services:
- arlas-net
healthcheck:
test: "curl -f http://localhost:8005/fam/healthcheck"
interval: 5s
timeout: 3s
retries: 30
interval: 10s
timeout: 10s
retries: 10
4 changes: 2 additions & 2 deletions dc/ref-dc-aias-minio.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@ services:
tag: ${ARLAS_LOGGING_TAG:-arlas_logging}
healthcheck:
test: "mc alias set myminio http://localhost:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}; mc ping -x myminio"
interval: 5s
interval: 10s
timeout: 10s
retries: 3
retries: 10
Loading

0 comments on commit 67b31ac

Please sign in to comment.