diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c2f1e8e67ec5..183d17d18a80 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -46,13 +46,123 @@ updates: schedule: interval: "daily" +- package-ecosystem: "docker" + directory: "/.devcontainer" + schedule: + interval: daily + - package-ecosystem: "docker" directory: "/ci" schedule: interval: daily - package-ecosystem: "docker" - directory: "/.devcontainer" + directory: "/examples/dynamic-config-cp" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/ext_authz" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/ext_authz/auth/http-service" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/ext_authz/auth/grpc-service" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/fault-injection" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/grpc-bridge" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/grpc-bridge/client" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/grpc-bridge/server" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/load-reporting-service" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/local_ratelimit" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/lua" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/mysql" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/redis" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/shared/echo" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/shared/flask" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/shared/postgres" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/skywalking-tracing" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/tls" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/tls-sni" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/tls-inspector" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/websocket" + schedule: + interval: daily + +- package-ecosystem: "docker" + directory: "/examples/zipkin-tracing" schedule: interval: daily @@ -80,4 +190,3 @@ updates: directory: "/examples/load-reporting-service" schedule: interval: daily - diff --git a/docs/root/start/sandboxes/jaeger_tracing.rst b/docs/root/start/sandboxes/jaeger_tracing.rst index fb3359146fed..901c39d8f3f3 100644 --- a/docs/root/start/sandboxes/jaeger_tracing.rst +++ b/docs/root/start/sandboxes/jaeger_tracing.rst @@ -50,9 +50,9 @@ To build this sandbox example, and start the example apps run the following comm $ docker-compose ps Name Command State Ports - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ - jaeger-tracing_front-envoy_1 /docker-entrypoint.sh /bin ... Up 10000/tcp, 0.0.0.0:8000->8000/tcp, 0.0.0.0:8001->8001/tcp - jaeger-tracing_jaeger_1 /go/bin/all-in-one-linux - ... Up 14250/tcp, 14268/tcp, 0.0.0.0:16686->16686/tcp, 5775/udp, 5778/tcp, 6831/udp, 6832/udp, 0.0.0.0:9411->9411/tcp + ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- + jaeger-tracing_front-envoy_1 /docker-entrypoint.sh /bin ... Up 10000/tcp, 0.0.0.0:8000->8000/tcp + jaeger-tracing_jaeger_1 /go/bin/all-in-one-linux - ... Up 14250/tcp, 14268/tcp, 0.0.0.0:16686->16686/tcp, 5775/udp, 5778/tcp, 6831/udp, 6832/udp, 9411/tcp jaeger-tracing_service1_1 /bin/sh -c /usr/local/bin/ ... Up 10000/tcp jaeger-tracing_service2_1 /bin/sh -c /usr/local/bin/ ... Up 10000/tcp diff --git a/docs/root/start/sandboxes/load_reporting_service.rst b/docs/root/start/sandboxes/load_reporting_service.rst index a3e2bb7977de..db454d2f08be 100644 --- a/docs/root/start/sandboxes/load_reporting_service.rst +++ b/docs/root/start/sandboxes/load_reporting_service.rst @@ -43,7 +43,7 @@ Terminal 2 :: ------------------------------------------------------------------------------------------------------------ load-reporting-service_http_service_1 /bin/sh -c /usr/local/bin/ ... Up 10000/tcp, 0.0.0.0:81->80/tcp load-reporting-service_http_service_2 /bin/sh -c /usr/local/bin/ ... Up 10000/tcp, 0.0.0.0:80->80/tcp - load-reporting-service_lrs_server_1 go run main.go Up 0.0.0.0:18000->18000/tcp + load-reporting-service_lrs_server_1 go run main.go Up 18000/tcp Step 2: Start sending stream of HTTP requests ********************************************* diff --git a/docs/root/start/sandboxes/mysql.rst b/docs/root/start/sandboxes/mysql.rst index aa4b8f0bb3a1..9aa0fdfb21e1 100644 --- a/docs/root/start/sandboxes/mysql.rst +++ b/docs/root/start/sandboxes/mysql.rst @@ -33,9 +33,9 @@ Terminal 1 $ docker-compose ps Name Command State Ports - ------------------------------------------------------------------------------------------------------------------ + ---------------------------------------------------------------------------------------------------- mysql_mysql_1 docker-entrypoint.sh mysqld Up 3306/tcp - mysql_proxy_1 /docker-entrypoint.sh /bin Up 10000/tcp, 0.0.0.0:1999->1999/tcp, 0.0.0.0:8001->8001/tcp + mysql_proxy_1 /docker-entrypoint.sh /bin Up 10000/tcp, 1999/tcp, 0.0.0.0:8001->8001/tcp Step 2: Issue commands using mysql ********************************** @@ -49,7 +49,7 @@ Terminal 1 .. code-block:: console - $ docker run --rm -it --network envoymesh mysql:5.7 mysql -h proxy -P 1999 -u root --skip-ssl + $ docker run --rm -it --network mysql_default mysql:5.7 mysql -h proxy -P 1999 -u root --skip-ssl ... snip ... mysql> CREATE DATABASE test; diff --git a/docs/root/start/sandboxes/postgres.rst b/docs/root/start/sandboxes/postgres.rst index fd88671704b2..0481454a2a11 100644 --- a/docs/root/start/sandboxes/postgres.rst +++ b/docs/root/start/sandboxes/postgres.rst @@ -32,9 +32,9 @@ Build and start the containers. $ docker-compose ps Name Command State Ports - ---------------------------------------------------------------------------------------------------------------------- + -------------------------------------------------------------------------------------------------------- postgres_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp - postgres_proxy_1 /docker-entrypoint.sh /usr ... Up 10000/tcp, 0.0.0.0:1999->1999/tcp, 0.0.0.0:8001->8001/tcp + postgres_proxy_1 /docker-entrypoint.sh /usr ... Up 10000/tcp, 1999/tcp, 0.0.0.0:8001->8001/tcp Step 2: Issue commands using psql ********************************* diff --git a/examples/brotli/docker-compose.yaml b/examples/brotli/docker-compose.yaml index d17ab3a57859..546a51c92137 100644 --- a/examples/brotli/docker-compose.yaml +++ b/examples/brotli/docker-compose.yaml @@ -14,9 +14,9 @@ services: context: . dockerfile: Dockerfile-brotli ports: - - "9901:9901" - - "9902:9902" - - "10000:10000" + - "${PORT_PROXY:-10000}:10000" + - "${PORT_STATS0:-9901}:9901" + - "${PORT_STATS1:-9902}:9902" service: build: diff --git a/examples/brotli/verify.sh b/examples/brotli/verify.sh index 674bc892a9c5..18c37626846b 100755 --- a/examples/brotli/verify.sh +++ b/examples/brotli/verify.sh @@ -1,30 +1,35 @@ #!/bin/bash -e export NAME=brotli +export PORT_PROXY="${BROTLI_PORT_PROXY:-10200}" +export PORT_STATS0="${BROTLI_PORT_PROXY:-10201}" +export PORT_STATS1="${BROTLI_PORT_PROXY:-10202}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" -run_log "Test service: localhost:10000/file.json with compression" +sleep 5 + +run_log "Test service: localhost:${PORT_PROXY}/file.json with compression" responds_with_header \ "content-encoding: br" \ - https://localhost:10000/file.json \ + "https://localhost:${PORT_PROXY}/file.json" \ -ki -H "Accept-Encoding: br" -run_log "Test service: localhost:10000/file.txt without compression" +run_log "Test service: localhost:${PORT_PROXY}/file.txt without compression" responds_without_header \ "content-encoding: br" \ - https://localhost:10000/file.txt \ + "https://localhost:${PORT_PROXY}/file.txt" \ -ki -H "Accept-Encoding: br" -run_log "Test service: localhost:9901/stats/prometheus without compression" +run_log "Test service: localhost:${PORT_STATS0}/stats/prometheus without compression" responds_without_header \ "content-encoding: br" \ - http://localhost:9901/stats/prometheus \ + "http://localhost:${PORT_STATS0}/stats/prometheus" \ -ki -H "Accept-Encoding: br" -run_log "Test service: localhost:9902/stats/prometheus with compression" +run_log "Test service: localhost:${PORT_STATS1}/stats/prometheus with compression" responds_with_header \ "content-encoding: br" \ - https://localhost:9902/stats/prometheus \ + "https://localhost:${PORT_STATS1}/stats/prometheus" \ -ki -H "Accept-Encoding: br" diff --git a/examples/cache/Dockerfile-service b/examples/cache/Dockerfile-service deleted file mode 100644 index 3620967019d4..000000000000 --- a/examples/cache/Dockerfile-service +++ /dev/null @@ -1,4 +0,0 @@ -FROM flask_service:python-3.10-slim-bullseye - -ADD requirements.txt /tmp/requirements.txt -RUN pip3 install -r /tmp/requirements.txt diff --git a/examples/cache/docker-compose.yaml b/examples/cache/docker-compose.yaml index 9c927937b3b7..17e33931396d 100644 --- a/examples/cache/docker-compose.yaml +++ b/examples/cache/docker-compose.yaml @@ -14,12 +14,11 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8000:8000" + - "${PORT_PROXY:-8000}:8000" service1: build: - context: . - dockerfile: Dockerfile-service + context: ../shared/service volumes: - ./responses.yaml:/etc/responses.yaml - ./service.py:/code/service.py @@ -28,8 +27,7 @@ services: service2: build: - context: . - dockerfile: Dockerfile-service + context: ../shared/service volumes: - ./responses.yaml:/etc/responses.yaml - ./service.py:/code/service.py diff --git a/examples/cache/verify.sh b/examples/cache/verify.sh index 38d9f2c909ae..d52b3b8f335b 100755 --- a/examples/cache/verify.sh +++ b/examples/cache/verify.sh @@ -2,6 +2,8 @@ export NAME=cache +export PORT_PROXY="${CACHE_PORT_PROXY:-10300}" + # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -51,36 +53,36 @@ check_from_origin() { run_log "Valid-for-minute: First request should be served by the origin" -response=$(curl -si localhost:8000/service/1/valid-for-minute) +response=$(curl -si "localhost:${PORT_PROXY}/service/1/valid-for-minute") check_from_origin "$response" run_log "Snooze for 30 seconds" sleep 30 run_log "Valid-for-minute: Second request should be served from cache" -response=$(curl -si localhost:8000/service/1/valid-for-minute) +response=$(curl -si "localhost:${PORT_PROXY}/service/1/valid-for-minute") check_cached "$response" run_log "Snooze for 31 more seconds" sleep 31 run_log "Valid-for-minute: More than a minute has passed, this request should get a validated response" -response=$(curl -si localhost:8000/service/1/valid-for-minute) +response=$(curl -si "localhost:${PORT_PROXY}/service/1/valid-for-minute") check_validated "$response" run_log "Private: Make 4 requests make sure they are all served by the origin" for _ in {0..3}; do - response=$(curl -si localhost:8000/service/1/private) + response=$(curl -si "localhost:${PORT_PROXY}/service/1/private") check_from_origin "$response" done run_log "No-cache: First request should be served by the origin" -response=$(curl -si localhost:8000/service/1/no-cache) +response=$(curl -si "localhost:${PORT_PROXY}/service/1/no-cache") check_from_origin "$response" run_log "No-cache: Make 4 more requests and make sure they are all validated before being served from cache" for _ in {0..3}; do sleep 1 - response=$(curl -si localhost:8000/service/1/no-cache) + response=$(curl -si "localhost:${PORT_PROXY}/service/1/no-cache") check_validated "$response" done diff --git a/examples/cors/backend/docker-compose.yaml b/examples/cors/backend/docker-compose.yaml index 55f1878ac150..07db36c2a68c 100644 --- a/examples/cors/backend/docker-compose.yaml +++ b/examples/cors/backend/docker-compose.yaml @@ -14,10 +14,11 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8002:8000" - - "8003:8001" + - "${PORT_BACKEND:-8002}:8000" + - "${PORT_STATS:-8003}:8001" backend-service: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../../shared/service volumes: - ./service.py:/code/service.py diff --git a/examples/cors/frontend/docker-compose.yaml b/examples/cors/frontend/docker-compose.yaml index 57b4ec91f07c..d08788d2e194 100644 --- a/examples/cors/frontend/docker-compose.yaml +++ b/examples/cors/frontend/docker-compose.yaml @@ -14,10 +14,11 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8000:8000" + - "${PORT_PROXY:-8000}:8000" frontend-service: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../../shared/service volumes: - ./service.py:/code/service.py - ./index.html:/code/index.html diff --git a/examples/cors/verify.sh b/examples/cors/verify.sh index 136d10a1565b..fc37386f265f 100755 --- a/examples/cors/verify.sh +++ b/examples/cors/verify.sh @@ -3,6 +3,10 @@ export NAME=cors export PATHS=frontend,backend +export PORT_PROXY="${CORS_PORT_PROXY:-10310}" +export PORT_BACKEND="${CORS_PORT_BACKEND:-10311}" +export PORT_STATS="${CORS_PORT_STATS:-10312}" + # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -10,43 +14,43 @@ export PATHS=frontend,backend run_log "Test service" responds_with \ "Envoy CORS Webpage" \ - http://localhost:8000 + "http://localhost:${PORT_PROXY}" run_log "Test cors server: disabled" responds_with \ Success \ -H "Origin: http://example.com" \ - http://localhost:8002/cors/disabled + "http://localhost:${PORT_BACKEND}/cors/disabled" responds_without_header \ access-control-allow-origin \ -H "Origin: http://example.com" \ - http://localhost:8002/cors/disabled + "http://localhost:${PORT_BACKEND}/cors/disabled" run_log "Test cors server: open" responds_with \ Success \ -H 'Origin: http://example.com' \ - http://localhost:8002/cors/open + "http://localhost:${PORT_BACKEND}/cors/open" responds_with_header \ "access-control-allow-origin: http://example.com" \ -H "Origin: http://example.com" \ - http://localhost:8002/cors/open + "http://localhost:${PORT_BACKEND}/cors/open" run_log "Test cors server: restricted" responds_with \ Success \ -H "Origin: http://example.com" \ - http://localhost:8002/cors/restricted + "http://localhost:${PORT_BACKEND}/cors/restricted" responds_without_header \ access-control-allow-origin \ -H "Origin: http://example.com" \ - http://localhost:8002/cors/restricted + "http://localhost:${PORT_BACKEND}/cors/restricted" responds_with_header \ "access-control-allow-origin: http://foo.envoyproxy.io" \ -H "Origin: http://foo.envoyproxy.io" \ - http://localhost:8002/cors/restricted + "http://localhost:${PORT_BACKEND}/cors/restricted" run_log "Check admin ingress stats" responds_with \ ingress_http.cors \ - "http://localhost:8003/stats?filter=ingress_http" + "http://localhost:${PORT_STATS}/stats?filter=ingress_http" diff --git a/examples/csrf/crosssite/docker-compose.yml b/examples/csrf/crosssite/docker-compose.yml index 391d36db5b4c..255035750e09 100644 --- a/examples/csrf/crosssite/docker-compose.yml +++ b/examples/csrf/crosssite/docker-compose.yml @@ -14,10 +14,11 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8002:8000" + - "${PORT_CROSS:-8000}:8000" service: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../../shared/service volumes: - ./service.py:/code/service.py - ../index.html:/code/index.html diff --git a/examples/csrf/samesite/docker-compose.yml b/examples/csrf/samesite/docker-compose.yml index c5a6b28dc81c..8080582856f7 100644 --- a/examples/csrf/samesite/docker-compose.yml +++ b/examples/csrf/samesite/docker-compose.yml @@ -14,11 +14,12 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8000:8000" - - "8001:8001" + - "${PORT_SAME:-8000}:8000" + - "${PORT_STATS:-8001}:8001" service: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../../shared/service volumes: - ./service.py:/code/service.py - ../index.html:/code/index.html diff --git a/examples/csrf/verify.sh b/examples/csrf/verify.sh index 1656cb09f16a..f2188a5e7815 100755 --- a/examples/csrf/verify.sh +++ b/examples/csrf/verify.sh @@ -3,6 +3,10 @@ export NAME=csrf export PATHS=samesite,crosssite +export PORT_SAME="${CSRF_PORT_SAME:-10320}" +export PORT_STATS="${CSRF_PORT_STATS:-10321}" +export PORT_CROSS="${CSRF_PORT_CROSS:-10322}" + # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -10,65 +14,65 @@ export PATHS=samesite,crosssite run_log "Test services" responds_with \ "Envoy CSRF Demo" \ - http://localhost:8002 + "http://localhost:${PORT_CROSS}" responds_with \ "Envoy CSRF Demo" \ - http://localhost:8000 + "http://localhost:${PORT_SAME}" run_log "Test stats server" responds_with \ ":" \ - http://localhost:8001/stats + "http://localhost:${PORT_STATS}/stats" run_log "Test csrf server: disabled" responds_with \ Success \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/disabled + "http://localhost:${PORT_SAME}/csrf/disabled" responds_with_header \ "access-control-allow-origin: http://example.com" \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/disabled + "http://localhost:${PORT_SAME}/csrf/disabled" run_log "Test csrf server: shadow" responds_with \ Success \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/shadow + "http://localhost:${PORT_SAME}/csrf/shadow" responds_with_header \ "access-control-allow-origin: http://example.com" \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/shadow + "http://localhost:${PORT_SAME}/csrf/shadow" run_log "Test csrf server: enabled" responds_with \ "Invalid origin" \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/enabled + "http://localhost:${PORT_SAME}/csrf/enabled" responds_with_header \ "HTTP/1.1 403 Forbidden" \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/enabled + "http://localhost:${PORT_SAME}/csrf/enabled" run_log "Test csrf server: additional_origin" responds_with \ Success \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/additional_origin + "http://localhost:${PORT_SAME}/csrf/additional_origin" responds_with_header \ "access-control-allow-origin: http://example.com" \ -X POST \ -H "Origin: http://example.com" \ - http://localhost:8000/csrf/additional_origin + "http://localhost:${PORT_SAME}/csrf/additional_origin" run_log "Check admin ingress stats" responds_with \ ingress_http.csrf \ - "http://localhost:8001/stats?filter=ingress_http" + "http://localhost:${PORT_STATS}/stats?filter=ingress_http" diff --git a/examples/double-proxy/Dockerfile-app b/examples/double-proxy/Dockerfile-app index 3620967019d4..591b01b5d3c1 100644 --- a/examples/double-proxy/Dockerfile-app +++ b/examples/double-proxy/Dockerfile-app @@ -1,4 +1,4 @@ FROM flask_service:python-3.10-slim-bullseye ADD requirements.txt /tmp/requirements.txt -RUN pip3 install -r /tmp/requirements.txt +RUN pip3 install -qr /tmp/requirements.txt diff --git a/examples/double-proxy/docker-compose.yaml b/examples/double-proxy/docker-compose.yaml index 84bd26193ac3..0a5fb455b8ad 100644 --- a/examples/double-proxy/docker-compose.yaml +++ b/examples/double-proxy/docker-compose.yaml @@ -49,7 +49,8 @@ services: - proxy-postgres-backend.example.com postgres: - image: postgres:latest + build: + context: ../shared/postgres networks: postgres-backend: environment: diff --git a/examples/dynamic-config-cp/Dockerfile-control-plane b/examples/dynamic-config-cp/Dockerfile-control-plane index cc676ae2412f..b4c5897c736b 100644 --- a/examples/dynamic-config-cp/Dockerfile-control-plane +++ b/examples/dynamic-config-cp/Dockerfile-control-plane @@ -1,8 +1,10 @@ -FROM golang +FROM golang@sha256:a452d6273ad03a47c2f29b898d6bb57630e77baf839651ef77d03e4e049c5bf3 -RUN apt-get update \ - && apt-get install --no-install-recommends -y netcat \ - && apt-get autoremove -y \ +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update \ + && apt-get -qq install --no-install-recommends -y netcat \ + && apt-get -qq autoremove -y \ && apt-get clean \ && rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* diff --git a/examples/dynamic-config-cp/docker-compose.yaml b/examples/dynamic-config-cp/docker-compose.yaml index 8b77f1b50e51..5d7205ccced6 100644 --- a/examples/dynamic-config-cp/docker-compose.yaml +++ b/examples/dynamic-config-cp/docker-compose.yaml @@ -13,11 +13,13 @@ services: - 19000:19000 service1: - image: jmalloc/echo-server + build: + context: ../shared/echo hostname: service1 service2: - image: jmalloc/echo-server + build: + context: ../shared/echo hostname: service2 go-control-plane: diff --git a/examples/dynamic-config-cp/verify.sh b/examples/dynamic-config-cp/verify.sh index d684caebc9b1..c8f5303c8a9a 100755 --- a/examples/dynamic-config-cp/verify.sh +++ b/examples/dynamic-config-cp/verify.sh @@ -20,9 +20,9 @@ curl -s http://localhost:19000/config_dump \ | grep NO_CLUSTERS run_log "Bring up go-control-plane" -docker-compose up --build -d go-control-plane +"$DOCKER_COMPOSE" up --build -d go-control-plane -wait_for 30 sh -c "docker-compose ps go-control-plane | grep healthy | grep -v unhealthy" +wait_for 30 sh -c "${DOCKER_COMPOSE} ps go-control-plane | grep healthy | grep -v unhealthy" sleep 2 @@ -40,7 +40,7 @@ curl -s http://localhost:19000/config_dump \ | grep '"address": "service1"' run_log "Bring down the control plane" -docker-compose stop go-control-plane +"$DOCKER_COMPOSE" stop go-control-plane sleep 2 @@ -62,8 +62,8 @@ sed -i'.bak' s/service1/service2/ resource.go sed -i'.bak' s/\"1\",/\"2\",/ resource.go run_log "Bring back up the control plane" -docker-compose up --build -d go-control-plane -wait_for 30 sh -c "docker-compose ps go-control-plane | grep healthy | grep -v unhealthy" +"$DOCKER_COMPOSE" up --build -d go-control-plane +wait_for 30 sh -c "$DOCKER_COMPOSE ps go-control-plane | grep healthy | grep -v unhealthy" run_log "Check for response from service2 backend" responds_with \ diff --git a/examples/dynamic-config-fs/docker-compose.yaml b/examples/dynamic-config-fs/docker-compose.yaml index 4023611185c2..915daa02f592 100644 --- a/examples/dynamic-config-fs/docker-compose.yaml +++ b/examples/dynamic-config-fs/docker-compose.yaml @@ -13,9 +13,11 @@ services: - 19000:19000 service1: - image: jmalloc/echo-server + build: + context: ../shared/echo hostname: service1 service2: - image: jmalloc/echo-server + build: + context: ../shared/echo hostname: service2 diff --git a/examples/dynamic-config-fs/verify.sh b/examples/dynamic-config-fs/verify.sh index f9371cdf30b0..b9c55bb34e6f 100755 --- a/examples/dynamic-config-fs/verify.sh +++ b/examples/dynamic-config-fs/verify.sh @@ -19,7 +19,7 @@ curl -s http://localhost:19000/config_dump \ | grep '"address": "service1"' run_log "Set upstream to service2" -docker-compose exec -T proxy sed -i s/service1/service2/ /var/lib/envoy/cds.yaml +"$DOCKER_COMPOSE" exec -T proxy sed -i s/service1/service2/ /var/lib/envoy/cds.yaml run_log "Check for response comes from service2 upstream" responds_with \ diff --git a/examples/ext_authz/Dockerfile-opa b/examples/ext_authz/Dockerfile-opa new file mode 100644 index 000000000000..3fcf07e40bd3 --- /dev/null +++ b/examples/ext_authz/Dockerfile-opa @@ -0,0 +1 @@ +FROM openpolicyagent/opa:0.25.1-istio@sha256:fb61ab9b14668d77ede7ba1becf67d879f76efef0548e88440145296a8aee956 diff --git a/examples/ext_authz/auth/grpc-service/Dockerfile b/examples/ext_authz/auth/grpc-service/Dockerfile index f77cdd69e39f..037888e27ef3 100644 --- a/examples/ext_authz/auth/grpc-service/Dockerfile +++ b/examples/ext_authz/auth/grpc-service/Dockerfile @@ -1,10 +1,10 @@ -FROM golang:alpine AS builder +FROM golang:alpine@sha256:7cc62574fcf9c5fb87ad42a9789d5539a6a085971d58ee75dd2ee146cb8a8695 AS builder RUN apk --no-cache add make COPY . /app RUN make -C /app/grpc-service -FROM alpine +FROM alpine@sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c COPY --from=builder /app/grpc-service/server /app/server CMD ["/app/server", "-users", "/etc/users.json"] diff --git a/examples/ext_authz/auth/http-service/Dockerfile b/examples/ext_authz/auth/http-service/Dockerfile index d0bcbc91f8b0..42c6fba7f0fa 100644 --- a/examples/ext_authz/auth/http-service/Dockerfile +++ b/examples/ext_authz/auth/http-service/Dockerfile @@ -1,4 +1,4 @@ -FROM node:alpine +FROM node:alpine@sha256:7ae41699c38d8e50f5bf592867cf661368d71ff922e07f6f66f36dca2ff0c590 COPY . /app CMD ["node", "/app/http-service/server"] diff --git a/examples/ext_authz/docker-compose.yaml b/examples/ext_authz/docker-compose.yaml index ce6e231b9cab..91ed26aa1b91 100644 --- a/examples/ext_authz/docker-compose.yaml +++ b/examples/ext_authz/docker-compose.yaml @@ -16,7 +16,7 @@ services: environment: - FRONT_ENVOY_YAML ports: - - "8000:8000" + - "${PORT_PROXY:-8000}:8000" ext_authz-http-service: build: @@ -35,7 +35,9 @@ services: - ./users.json:/etc/users.json ext_authz-opa-service: - image: openpolicyagent/opa:0.25.1-istio + build: + context: . + dockerfile: Dockerfile-opa volumes: - ./config/opa-service/policy.rego:/etc/policy.rego command: @@ -47,6 +49,7 @@ services: - /etc/policy.rego upstream-service: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../shared/service volumes: - ./upstream/service/service.py:/code/service.py diff --git a/examples/ext_authz/verify.sh b/examples/ext_authz/verify.sh index 77171640101c..3097cb808d46 100755 --- a/examples/ext_authz/verify.sh +++ b/examples/ext_authz/verify.sh @@ -1,6 +1,7 @@ #!/bin/bash -e export NAME=ext_authz +export PORT_PROXY="${EXT_AUTH_PORT_PROXY:-10500}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -9,39 +10,39 @@ export NAME=ext_authz run_log "Test services responds with 403" responds_with_header \ "HTTP/1.1 403 Forbidden"\ - http://localhost:8000/service + "http://localhost:${PORT_PROXY}/service" run_log "Restart front-envoy with FRONT_ENVOY_YAML=config/http-service.yaml" -docker-compose down -FRONT_ENVOY_YAML=config/http-service.yaml docker-compose up -d +"$DOCKER_COMPOSE" down +FRONT_ENVOY_YAML=config/http-service.yaml "$DOCKER_COMPOSE" up -d sleep 10 run_log "Test service responds with 403" responds_with_header \ "HTTP/1.1 403 Forbidden"\ - http://localhost:8000/service + "http://localhost:${PORT_PROXY}/service" run_log "Test authenticated service responds with 200" responds_with_header \ "HTTP/1.1 200 OK" \ -H "Authorization: Bearer token1" \ - http://localhost:8000/service + "http://localhost:${PORT_PROXY}/service" run_log "Restart front-envoy with FRONT_ENVOY_YAML=config/opa-service/v3.yaml" -docker-compose down -FRONT_ENVOY_YAML=config/opa-service/v3.yaml docker-compose up -d +"$DOCKER_COMPOSE" down +FRONT_ENVOY_YAML=config/opa-service/v3.yaml "$DOCKER_COMPOSE" up -d sleep 10 run_log "Test OPA service responds with 200" responds_with_header \ "HTTP/1.1 200 OK" \ - http://localhost:8000/service + "http://localhost:${PORT_PROXY}/service" run_log "Check OPA logs" -docker-compose logs ext_authz-opa-service | grep decision_id -A 30 +"$DOCKER_COMPOSE" logs ext_authz-opa-service | grep decision_id -A 30 run_log "Check OPA service rejects POST" responds_with_header \ "HTTP/1.1 403 Forbidden" \ -X POST \ - http://localhost:8000/service + "http://localhost:${PORT_PROXY}/service" diff --git a/examples/fault-injection/Dockerfile-backend b/examples/fault-injection/Dockerfile-backend new file mode 100644 index 000000000000..6ff4e0fc2a1f --- /dev/null +++ b/examples/fault-injection/Dockerfile-backend @@ -0,0 +1 @@ +FROM kennethreitz/httpbin@sha256:2c7abc4803080c22928265744410173b6fea3b898872c01c5fd0f0f9df4a59fb diff --git a/examples/fault-injection/Dockerfile-envoy b/examples/fault-injection/Dockerfile-envoy index 17e350d7d535..039572ca7937 100644 --- a/examples/fault-injection/Dockerfile-envoy +++ b/examples/fault-injection/Dockerfile-envoy @@ -1,9 +1,11 @@ FROM envoyproxy/envoy-dev:latest -RUN apt-get update \ - && apt-get install --no-install-recommends -y tree curl \ - && apt-get autoremove -y \ - && apt-get clean \ +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update \ + && apt-get -qq install --no-install-recommends -y tree curl \ + && apt-get -qq autoremove -y \ + && apt-get -qq clean \ && rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* COPY ./envoy.yaml /etc/envoy.yaml RUN chmod go+r /etc/envoy.yaml diff --git a/examples/fault-injection/docker-compose.yaml b/examples/fault-injection/docker-compose.yaml index b867795d0622..4c2d4f3f244b 100644 --- a/examples/fault-injection/docker-compose.yaml +++ b/examples/fault-injection/docker-compose.yaml @@ -10,6 +10,8 @@ services: ports: - 9211:9211 backend: - image: kennethreitz/httpbin@sha256:2c7abc4803080c22928265744410173b6fea3b898872c01c5fd0f0f9df4a59fb + build: + context: . + dockerfile: Dockerfile-backend ports: - 8080:80 diff --git a/examples/fault-injection/verify.sh b/examples/fault-injection/verify.sh index 611acddc15ed..8f21f91e681a 100755 --- a/examples/fault-injection/verify.sh +++ b/examples/fault-injection/verify.sh @@ -7,12 +7,12 @@ export NAME=fault-injection run_log "Send requests for 20 seconds" -docker-compose exec -T envoy bash -c \ +"$DOCKER_COMPOSE" exec -T envoy bash -c \ "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ &> /dev/null run_log "Check logs" -docker-compose logs | grep "HTTP/1.1\" 200" +"$DOCKER_COMPOSE" logs | grep "HTTP/1.1\" 200" _fault_injection_test () { @@ -22,30 +22,30 @@ _fault_injection_test () { existing_codes=0 # enable fault injection and check for http hits of type $code - existing_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}" || :) + existing_codes=$("$DOCKER_COMPOSE" logs | grep -c "HTTP/1.1\" ${code}" || :) run_log "Enable ${action} fault injection" - docker-compose exec -T envoy bash "enable_${action}_fault_injection.sh" + "$DOCKER_COMPOSE" exec -T envoy bash "enable_${action}_fault_injection.sh" run_log "Send requests for 20 seconds" - docker-compose exec -T envoy bash -c \ + "$DOCKER_COMPOSE" exec -T envoy bash -c \ "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ &> /dev/null run_log "Check logs again" - new_codes=$(docker-compose logs | grep -c "HTTP/1.1\" ${code}") + new_codes=$("$DOCKER_COMPOSE" logs | grep -c "HTTP/1.1\" ${code}") if [[ "$new_codes" -le "$existing_codes" ]]; then echo "ERROR: expected to find new logs with response code $code" >&2 return 1 fi # disable fault injection and check for http hits of type 200 - existing_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") + existing_200s=$("$DOCKER_COMPOSE" logs | grep -c "HTTP/1.1\" 200") run_log "Disable ${action} fault injection" - docker-compose exec -T envoy bash "disable_${action}_fault_injection.sh" + "$DOCKER_COMPOSE" exec -T envoy bash "disable_${action}_fault_injection.sh" run_log "Send requests for 20 seconds" - docker-compose exec -T envoy bash -c \ + "$DOCKER_COMPOSE" exec -T envoy bash -c \ "bash send_request.sh & export pid=\$! && sleep 20 && kill \$pid" \ &> /dev/null run_log "Check logs again" - new_200s=$(docker-compose logs | grep -c "HTTP/1.1\" 200") + new_200s=$("$DOCKER_COMPOSE" logs | grep -c "HTTP/1.1\" 200") if [[ "$new_200s" -le "$existing_200s" ]]; then echo "ERROR: expected to find new logs with response code 200" >&2 return 1 @@ -56,4 +56,4 @@ _fault_injection_test abort 503 _fault_injection_test delay 200 run_log "Check tree" -docker-compose exec -T envoy tree /srv/runtime +"$DOCKER_COMPOSE" exec -T envoy tree /srv/runtime diff --git a/examples/front-proxy/Dockerfile-frontenvoy b/examples/front-proxy/Dockerfile-frontenvoy index 183d46c7a5c3..77636f222b82 100644 --- a/examples/front-proxy/Dockerfile-frontenvoy +++ b/examples/front-proxy/Dockerfile-frontenvoy @@ -1,8 +1,10 @@ FROM envoyproxy/envoy-dev:latest -RUN apt-get update \ - && apt-get install --no-install-recommends -y curl \ - && apt-get autoremove -y \ +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update \ + && apt-get -qq install --no-install-recommends -y curl \ + && apt-get -qq autoremove -y \ && apt-get clean \ && rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* COPY ./front-envoy.yaml /etc/front-envoy.yaml diff --git a/examples/front-proxy/docker-compose.yaml b/examples/front-proxy/docker-compose.yaml index 971c75033de0..0e3a012133df 100644 --- a/examples/front-proxy/docker-compose.yaml +++ b/examples/front-proxy/docker-compose.yaml @@ -10,33 +10,27 @@ services: deploy: replicas: 0 - tracing: - build: - context: ../shared/tracing - image: envoyproxy:tracing - restart: "no" - deploy: - replicas: 0 - # front-proxy front-envoy: build: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8080:8080" - - "8443:8443" - - "8001:8001" + - "${PORT_PROXY:-8080}:8080" + - "${PORT_HTTPS:-8443}:8443" + - "${PORT_STATS:-8001}:8001" service1: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service-envoy.yaml:/etc/service-envoy.yaml environment: - SERVICE_NAME=1 service2: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service-envoy.yaml:/etc/service-envoy.yaml environment: diff --git a/examples/front-proxy/verify.sh b/examples/front-proxy/verify.sh index 0e85be8b875a..c50f0163527c 100755 --- a/examples/front-proxy/verify.sh +++ b/examples/front-proxy/verify.sh @@ -1,44 +1,46 @@ #!/bin/bash -e export NAME=front-proxy +export PORT_PROXY="${FRONT_PROXY_PORT_PROXY:-10600}" +export PORT_HTTPS="${FRONT_PROXY_PORT_HTTPS:-10601}" +export PORT_STATS="${FRONT_PROXY_PORT_STATS:-10602}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" -run_log "Test service: localhost:8080/service/1" +run_log "Test service: localhost:${PORT_PROXY}/service/1" responds_with \ "Hello from behind Envoy (service 1)!" \ - http://localhost:8080/service/1 + "http://localhost:${PORT_PROXY}/service/1" -run_log "Test service: localhost:8080/service/2" +run_log "Test service: localhost:${PORT_PROXY}/service/2" responds_with \ "Hello from behind Envoy (service 2)!" \ - http://localhost:8080/service/2 + "http://localhost:${PORT_PROXY}/service/2" -run_log "Test service: https://localhost:8443/service/1" +run_log "Test service: https://localhost:${PORT_HTTPS}/service/1" responds_with \ "Hello from behind Envoy (service 1)!" \ - -k https://localhost:8443/service/1 + -k "https://localhost:${PORT_HTTPS}/service/1" run_log "Scale up docker service1=3" -docker-compose scale service1=3 -run_log "Snooze for 5 while docker-compose scales..." +"$DOCKER_COMPOSE" up -d --scale service1=3 +run_log "Snooze for 5 while $DOCKER_COMPOSE scales..." sleep 5 -run_log "Test round-robin localhost:8080/service/1" -docker-compose exec -T front-envoy bash -c "\ +run_log "Test round-robin localhost:${PORT_PROXY}/service/1" +"$DOCKER_COMPOSE" exec -T front-envoy bash -c "\ curl -s http://localhost:8080/service/1 \ && curl -s http://localhost:8080/service/1 \ && curl -s http://localhost:8080/service/1" \ | grep Hello | grep "service 1" +run_log "Test service inside front-envoy: localhost:${PORT_PROXY}/service/2" +"$DOCKER_COMPOSE" exec -T front-envoy curl -s "http://localhost:8080/service/2" | grep Hello | grep "service 2" -run_log "Test service inside front-envoy: localhost:8080/service/2" -docker-compose exec -T front-envoy curl -s http://localhost:8080/service/2 | grep Hello | grep "service 2" +run_log "Test service info: localhost:${PORT_STATS}/server_info" +"$DOCKER_COMPOSE" exec -T front-envoy curl -s "http://localhost:8001/server_info" | jq '.' -run_log "Test service info: localhost:8080/server_info" -docker-compose exec -T front-envoy curl -s http://localhost:8001/server_info | jq '.' - -run_log "Test service stats: localhost:8080/stats" -docker-compose exec -T front-envoy curl -s http://localhost:8001/stats | grep ":" +run_log "Test service stats: localhost:${PORT_STATS}/stats" +"$DOCKER_COMPOSE" exec -T front-envoy curl -s "http://localhost:8001/stats" | grep ":" diff --git a/examples/grpc-bridge/Dockerfile-grpc-go b/examples/grpc-bridge/Dockerfile-grpc-go new file mode 100644 index 000000000000..8b74dbaddba4 --- /dev/null +++ b/examples/grpc-bridge/Dockerfile-grpc-go @@ -0,0 +1 @@ +FROM grpc/go@sha256:0d3bb1fbfab306680ebaf751992bd2db2a0322106e4b389e85028a027242c2bc diff --git a/examples/grpc-bridge/Dockerfile-grpc-python b/examples/grpc-bridge/Dockerfile-grpc-python new file mode 100644 index 000000000000..800c00915b81 --- /dev/null +++ b/examples/grpc-bridge/Dockerfile-grpc-python @@ -0,0 +1 @@ +FROM grpc/python@sha256:6f0898ac290991eab0c262fa18453904f75286f17978d3185164d01400dc042e diff --git a/examples/grpc-bridge/client/Dockerfile b/examples/grpc-bridge/client/Dockerfile index 6159167e8e8d..5d99061cb6e3 100644 --- a/examples/grpc-bridge/client/Dockerfile +++ b/examples/grpc-bridge/client/Dockerfile @@ -1,11 +1,11 @@ -FROM python:3.8-slim +FROM python:3.8-slim@sha256:844251263c4fbfe1c0a7fbfbf8e59521d51a1ec166aa1257e60210ba6e652880 WORKDIR /client COPY requirements.txt /client/requirements.txt # Cache the dependencies -RUN pip install --require-hashes -r /client/requirements.txt +RUN pip install --require-hashes -qr /client/requirements.txt # Copy the sources, including the stubs COPY client.py /client/grpc-kv-client.py diff --git a/examples/grpc-bridge/docker-compose-protos.yaml b/examples/grpc-bridge/docker-compose-protos.yaml index 7b3ada55dfa4..beaf8567c011 100644 --- a/examples/grpc-bridge/docker-compose-protos.yaml +++ b/examples/grpc-bridge/docker-compose-protos.yaml @@ -6,7 +6,9 @@ services: # $ docker run -ti -v $(pwd):/protos -v $(pwd)/stubs:/stubs grpc/go protoc --go_out=plugins=grpc:/stubs -I/protos /protos/kv.proto stubs_go: - image: grpc/go + build: + context: . + dockerfile: Dockerfile-grpc-go command: protoc --go_out=plugins=grpc:/stubs -I/protos /protos/kv.proto volumes: - ./protos:/protos @@ -14,7 +16,9 @@ services: # $ docker run -ti -v $(pwd):/protos -v $(pwd)/stubs:/stubs grpc/python python -m grpc.tools.protoc --python_out=/stubs --grpc_python_out=/stubs -I/protos /protos/kv.proto stubs_python: - image: grpc/python + build: + context: . + dockerfile: Dockerfile-grpc-python command: python -m grpc.tools.protoc --python_out=/stubs --grpc_python_out=/stubs -I/protos /protos/kv.proto volumes: - ./protos:/protos diff --git a/examples/grpc-bridge/server/Dockerfile b/examples/grpc-bridge/server/Dockerfile index 14e169cf4a9f..d476dbe08a16 100644 --- a/examples/grpc-bridge/server/Dockerfile +++ b/examples/grpc-bridge/server/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.13.0-stretch as builder +FROM golang:1.13.0-stretch@sha256:80f4b78216f04cc67c4a7fa25296e9bfcaa2f97e8980655ea868e09b1d993286 as builder WORKDIR /build @@ -20,7 +20,7 @@ ENV CGO_ENABLED=0 RUN go build -o server # Build the main container (Linux Runtime) -FROM alpine:latest +FROM alpine:latest@sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c WORKDIR /root/ # Copy the linux amd64 binary diff --git a/examples/grpc-bridge/verify.sh b/examples/grpc-bridge/verify.sh index 5ff219bb3c76..422a70b7c062 100755 --- a/examples/grpc-bridge/verify.sh +++ b/examples/grpc-bridge/verify.sh @@ -9,7 +9,7 @@ export MANUAL=true run_log "Generate protocol stubs" -docker-compose -f docker-compose-protos.yaml up +"$DOCKER_COMPOSE" -f docker-compose-protos.yaml up docker rm grpc-bridge_stubs_go_1 grpc-bridge_stubs_python_1 ls client/kv/kv_pb2.py @@ -18,7 +18,7 @@ ls server/kv/kv.pb.go bring_up_example run_log "Set key value foo=bar" -docker-compose exec -T grpc-client /client/grpc-kv-client.py set foo bar | grep setf +"$DOCKER_COMPOSE" exec -T grpc-client /client/grpc-kv-client.py set foo bar | grep setf run_log "Get key foo" -docker-compose exec -T grpc-client /client/grpc-kv-client.py get foo | grep bar +"$DOCKER_COMPOSE" exec -T grpc-client /client/grpc-kv-client.py get foo | grep bar diff --git a/examples/gzip/docker-compose.yaml b/examples/gzip/docker-compose.yaml index f06e9c4960d7..fdc3b15a803d 100644 --- a/examples/gzip/docker-compose.yaml +++ b/examples/gzip/docker-compose.yaml @@ -14,9 +14,9 @@ services: context: . dockerfile: Dockerfile-gzip ports: - - "9901:9901" - - "9902:9902" - - "10000:10000" + - "${PORT_PROXY:-10000}:10000" + - "${PORT_STATS0:-9901}:9901" + - "${PORT_STATS1:-9902}:9902" service: build: diff --git a/examples/gzip/verify.sh b/examples/gzip/verify.sh index ea16d0fc8510..347463891a55 100755 --- a/examples/gzip/verify.sh +++ b/examples/gzip/verify.sh @@ -1,30 +1,33 @@ #!/bin/bash -e export NAME=gzip +export PORT_PROXY="${GZIP_PORT_PROXY:-10700}" +export PORT_STATS0="${GZIP_PORT_STATS0:-10701}" +export PORT_STATS1="${GZIP_PORT_STATS1:-10702}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" -run_log "Test service: localhost:10000/file.json with compression" +run_log "Test service: localhost:${PORT_PROXY}/file.json with compression" responds_with_header \ "content-encoding: gzip" \ - http://localhost:10000/file.json \ + "http://localhost:${PORT_PROXY}/file.json" \ -i -H "Accept-Encoding: gzip" -run_log "Test service: localhost:10000/file.txt without compression" +run_log "Test service: localhost:${PORT_PROXY}/file.txt without compression" responds_without_header \ "content-encoding: gzip" \ - http://localhost:10000/file.txt \ + "http://localhost:${PORT_PROXY}/file.txt" \ -i -H "Accept-Encoding: gzip" -run_log "Test service: localhost:9901/stats/prometheus without compression" +run_log "Test service: localhost:${PORT_STATS0}/stats/prometheus without compression" responds_without_header \ "content-encoding: gzip" \ - http://localhost:9901/stats/prometheus \ + "http://localhost:${PORT_STATS0}/stats/prometheus" \ -i -H "Accept-Encoding: gzip" -run_log "Test service: localhost:9902/stats/prometheus with compression" +run_log "Test service: localhost:${PORT_STATS1}/stats/prometheus with compression" responds_with_header \ "content-encoding: gzip" \ - http://localhost:9902/stats/prometheus \ + "http://localhost:${PORT_STATS1}/stats/prometheus" \ -i -H "Accept-Encoding: gzip" diff --git a/examples/jaeger-native-tracing/Dockerfile-frontenvoy b/examples/jaeger-native-tracing/Dockerfile-frontenvoy index fbb826bf0ef9..3fc52ec24e0f 100644 --- a/examples/jaeger-native-tracing/Dockerfile-frontenvoy +++ b/examples/jaeger-native-tracing/Dockerfile-frontenvoy @@ -1,9 +1,11 @@ FROM envoyproxy/envoy-dev:latest -RUN apt-get update \ - && apt-get install --no-install-recommends -y curl \ - && apt-get autoremove -y \ - && apt-get clean \ +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update \ + && apt-get -qq install --no-install-recommends -y curl \ + && apt-get -qq autoremove -y \ + && apt-get -qq clean \ && rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* COPY ./front-envoy-jaeger.yaml /etc/front-envoy.yaml diff --git a/examples/jaeger-native-tracing/Dockerfile-jaeger b/examples/jaeger-native-tracing/Dockerfile-jaeger new file mode 100644 index 000000000000..d3d25b50fbaa --- /dev/null +++ b/examples/jaeger-native-tracing/Dockerfile-jaeger @@ -0,0 +1 @@ +FROM jaegertracing/all-in-one@sha256:af062c6d0632f5bcf82a8a5572442fec2c79af7a780d689e9f1dbe17f4544fe2 diff --git a/examples/jaeger-native-tracing/Dockerfile-jaeger-service b/examples/jaeger-native-tracing/Dockerfile-jaeger-service index e72d52e6bfe2..8e290aad97cb 100644 --- a/examples/jaeger-native-tracing/Dockerfile-jaeger-service +++ b/examples/jaeger-native-tracing/Dockerfile-jaeger-service @@ -1,6 +1,6 @@ FROM envoyproxy:tracing -RUN apt-get update && apt-get -q install --no-install-recommends -y curl +RUN apt-get -qq update && apt-get -qq install --no-install-recommends -y curl # # for discussion on jaeger binary compatibility, and the source of the file, see here: diff --git a/examples/jaeger-native-tracing/docker-compose.yaml b/examples/jaeger-native-tracing/docker-compose.yaml index 33e4a8982b70..6136a514ed64 100644 --- a/examples/jaeger-native-tracing/docker-compose.yaml +++ b/examples/jaeger-native-tracing/docker-compose.yaml @@ -24,7 +24,7 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8000:8000" + - "${PORT_PROXY:-10000}:8000" dns: - 8.8.8.8 - 8.8.4.4 @@ -54,8 +54,10 @@ services: - 8.8.4.4 jaeger: - image: jaegertracing/all-in-one + build: + context: . + dockerfile: Dockerfile-jaeger environment: - COLLECTOR_ZIPKIN_HOST_PORT=9411 ports: - - "16686:16686" + - "${PORT_UI:-10000}:16686" diff --git a/examples/jaeger-native-tracing/verify.sh b/examples/jaeger-native-tracing/verify.sh index 8461a97750e8..cbc0d1fee6ee 100755 --- a/examples/jaeger-native-tracing/verify.sh +++ b/examples/jaeger-native-tracing/verify.sh @@ -2,6 +2,8 @@ export NAME=jaeger-native export DELAY=10 +export PORT_PROXY="${JAEGER_NATIVE_PORT_PROXY:-11000}" +export PORT_UI="${JAEGER_NATIVE_PORT_UI:-11001}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -10,9 +12,9 @@ export DELAY=10 run_log "Test services" responds_with \ Hello \ - http://localhost:8000/trace/1 + "http://localhost:${PORT_PROXY}/trace/1" run_log "Test Jaeger UI" responds_with \ "" \ - http://localhost:16686 + "http://localhost:${PORT_UI}" diff --git a/examples/jaeger-tracing/Dockerfile-frontenvoy b/examples/jaeger-tracing/Dockerfile-frontenvoy index 0d939a0c696a..162fe186b053 100644 --- a/examples/jaeger-tracing/Dockerfile-frontenvoy +++ b/examples/jaeger-tracing/Dockerfile-frontenvoy @@ -1,6 +1,6 @@ FROM envoyproxy/envoy-dev:latest -RUN apt-get update && apt-get -q install -y \ +RUN apt-get -qq update && apt-get -qq install -y \ curl COPY ./front-envoy-jaeger.yaml /etc/front-envoy.yaml RUN chmod go+r /etc/front-envoy.yaml diff --git a/examples/jaeger-tracing/Dockerfile-jaeger b/examples/jaeger-tracing/Dockerfile-jaeger new file mode 100644 index 000000000000..d3d25b50fbaa --- /dev/null +++ b/examples/jaeger-tracing/Dockerfile-jaeger @@ -0,0 +1 @@ +FROM jaegertracing/all-in-one@sha256:af062c6d0632f5bcf82a8a5572442fec2c79af7a780d689e9f1dbe17f4544fe2 diff --git a/examples/jaeger-tracing/docker-compose.yaml b/examples/jaeger-tracing/docker-compose.yaml index 2cdbe309aca6..acb569cf5852 100644 --- a/examples/jaeger-tracing/docker-compose.yaml +++ b/examples/jaeger-tracing/docker-compose.yaml @@ -24,27 +24,29 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8000:8000" - - "8001:8001" + - "${PORT_PROXY:-10000}:8000" service1: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service1-envoy-jaeger.yaml:/etc/service-envoy.yaml environment: - SERVICE_NAME=1 service2: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service2-envoy-jaeger.yaml:/etc/service-envoy.yaml environment: - SERVICE_NAME=2 jaeger: - image: jaegertracing/all-in-one + build: + context: . + dockerfile: Dockerfile-jaeger environment: - COLLECTOR_ZIPKIN_HOST_PORT=9411 ports: - - "9411:9411" - - "16686:16686" + - "${PORT_UI:-10000}:16686" diff --git a/examples/jaeger-tracing/front-envoy-jaeger.yaml b/examples/jaeger-tracing/front-envoy-jaeger.yaml index 94f8c2f4a7c9..a35e31c247fd 100644 --- a/examples/jaeger-tracing/front-envoy-jaeger.yaml +++ b/examples/jaeger-tracing/front-envoy-jaeger.yaml @@ -65,8 +65,3 @@ static_resources: socket_address: address: jaeger port_value: 9411 -admin: - address: - socket_address: - address: 0.0.0.0 - port_value: 8001 diff --git a/examples/jaeger-tracing/verify.sh b/examples/jaeger-tracing/verify.sh index 9882f1f3ed5c..628f6988eac5 100755 --- a/examples/jaeger-tracing/verify.sh +++ b/examples/jaeger-tracing/verify.sh @@ -1,6 +1,8 @@ #!/bin/bash -e export NAME=jaeger-tracing +export PORT_PROXY="${JAEGER_PORT_PROXY:-11010}" +export PORT_UI="${JAEGER_PORT_UI:-11011}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -9,9 +11,9 @@ export NAME=jaeger-tracing run_log "Test services" responds_with \ Hello \ - http://localhost:8000/trace/1 + "http://localhost:${PORT_PROXY}/trace/1" run_log "Test Jaeger UI" responds_with \ "" \ - http://localhost:16686 + "http://localhost:${PORT_UI}" diff --git a/examples/load-reporting-service/Dockerfile-lrs b/examples/load-reporting-service/Dockerfile-lrs index c19e33dca804..988fee0cf83a 100644 --- a/examples/load-reporting-service/Dockerfile-lrs +++ b/examples/load-reporting-service/Dockerfile-lrs @@ -1,4 +1,5 @@ -FROM golang +FROM golang@sha256:a452d6273ad03a47c2f29b898d6bb57630e77baf839651ef77d03e4e049c5bf3 + COPY ./server /go/src/github.com/envoyproxy/envoy/example/load-reporting-service/server COPY *.go /go/src/github.com/envoyproxy/envoy/example/load-reporting-service/ COPY go.sum /go/src/github.com/envoyproxy/envoy/example/load-reporting-service diff --git a/examples/load-reporting-service/docker-compose.yaml b/examples/load-reporting-service/docker-compose.yaml index 85038d4d4ad3..af17d3d249d4 100644 --- a/examples/load-reporting-service/docker-compose.yaml +++ b/examples/load-reporting-service/docker-compose.yaml @@ -14,11 +14,12 @@ services: context: . dockerfile: Dockerfile-envoy ports: - - "80-81:80" - - "8081:8081" + - "${PORT_PROXY0:-80}-${PORT_PROXY0:-81}:80" + - "${PORT_ADMIN:-8081}:8081" http_service: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../shared/service volumes: - ./service.py:/code/service.py @@ -28,5 +29,3 @@ services: dockerfile: Dockerfile-lrs volumes: - /go/src/github.com/envoyproxy/envoy/examples/load-reporting-service - ports: - - "18000:18000" diff --git a/examples/load-reporting-service/send_requests.sh b/examples/load-reporting-service/send_requests.sh index d8cf8f9e8721..d9b9d0b9ecb7 100644 --- a/examples/load-reporting-service/send_requests.sh +++ b/examples/load-reporting-service/send_requests.sh @@ -1,10 +1,13 @@ #!/usr/bin/env bash +PORT_PROXY0=${PORT_PROXY0:-80} +PORT_PROXY1=${PORT_PROXY1:-81} + counter=1 while [ $counter -le 50 ] do # generate random Port number to send requests - ports=("80" "81") + ports=("${PORT_PROXY0}" "${PORT_PROXY1}") port=${ports[$RANDOM % ${#ports[@]} ]} curl -v "localhost:${port}/service" diff --git a/examples/load-reporting-service/verify.sh b/examples/load-reporting-service/verify.sh index c97b394aba4d..55871bec9d86 100755 --- a/examples/load-reporting-service/verify.sh +++ b/examples/load-reporting-service/verify.sh @@ -3,6 +3,9 @@ export NAME=load-reporting export UPARGS="--scale http_service=2" export DELAY=10 +export PORT_PROXY0="${LRS_PORT_PROXY0:-11200}" +export PORT_PROXY1="${LRS_PORT_PROXY1:-11201}" +export PORT_ADMIN="${LRS_PORT_ADMIN:-11202}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -10,20 +13,20 @@ export DELAY=10 run_log "Send requests" bash send_requests.sh 2> /dev/null run_log "Check logs: http 1" -docker-compose logs http_service | grep http_service_1 | grep HTTP | grep 200 +"${DOCKER_COMPOSE}" logs http_service | grep http_service_1 | grep HTTP | grep 200 run_log "Check logs: http 2" -docker-compose logs http_service | grep http_service_2 | grep HTTP | grep 200 +"${DOCKER_COMPOSE}" logs http_service | grep http_service_2 | grep HTTP | grep 200 run_log "Check logs: lrs_server" -docker-compose logs lrs_server | grep "up and running" +"${DOCKER_COMPOSE}" logs lrs_server | grep "up and running" run_log "Check logs: envoy is connect to lrs_server" responds_with \ upstream_rq_200 \ - "http://localhost:8081/stats?filter=load_reporting_cluster" + "http://localhost:${PORT_ADMIN}/stats?filter=load_reporting_cluster" run_log "Check logs: lrs_server works normally" -docker-compose logs lrs_server | grep "Got stats from cluster" +"${DOCKER_COMPOSE}" logs lrs_server | grep "Got stats from cluster" # TODO(phlax): add some test/docs for interacting with load reporting server diff --git a/examples/local_ratelimit/Dockerfile-nginx b/examples/local_ratelimit/Dockerfile-nginx new file mode 100644 index 000000000000..f2bf88d79ded --- /dev/null +++ b/examples/local_ratelimit/Dockerfile-nginx @@ -0,0 +1 @@ +FROM nginx@sha256:4ed64c2e0857ad21c38b98345ebb5edb01791a0a10b0e9e3d9ddde185cdbd31a diff --git a/examples/local_ratelimit/docker-compose.yaml b/examples/local_ratelimit/docker-compose.yaml index 1fc831487202..aba2e60d84bf 100644 --- a/examples/local_ratelimit/docker-compose.yaml +++ b/examples/local_ratelimit/docker-compose.yaml @@ -5,8 +5,10 @@ services: context: . dockerfile: Dockerfile-ratelimit ports: - - "9901:9901" - - "9902:9902" - - "10000:10000" + - "${PORT_PROXY:-10000}:10000" + - "${PORT_STATS0:-9901}:9901" + - "${PORT_STATS1:-9902}:9902" service: - image: nginx@sha256:4ed64c2e0857ad21c38b98345ebb5edb01791a0a10b0e9e3d9ddde185cdbd31a + build: + context: . + dockerfile: Dockerfile-nginx diff --git a/examples/local_ratelimit/verify.sh b/examples/local_ratelimit/verify.sh index 1dfb30e2f7ea..859debf62f51 100755 --- a/examples/local_ratelimit/verify.sh +++ b/examples/local_ratelimit/verify.sh @@ -1,20 +1,23 @@ #!/bin/bash -e -export NAME=ratelimit +export NAME=local_ratelimit +export PORT_PROXY="${LOCAL_RATELIMIT_PORT_PROXY:-11210}" +export PORT_STATS0="${LOCAL_RATELIMIT_PORT_STATS0:-11211}" +export PORT_STATS1="${LOCAL_RATELIMIT_PORT_STATS1:-11212}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" -run_log "Test upstream: localhost:10000 without rate limit header two times" +run_log "Test upstream: localhost:${PORT_PROXY} without rate limit header two times" for i in {1..2}; do - output=$(curl -s -X GET --head http://localhost:10000) + output=$(curl -s -X GET --head "http://localhost:${PORT_PROXY}") echo "${output}" | grep "429 Too Many Requests" && exit 1 echo "${output}" | grep "x-local-rate-limit: true" && exit 1 done -run_log "Test upstream: localhost:10000 with rate limit header three times" +run_log "Test upstream: localhost:${PORT_PROXY} with rate limit header three times" for i in {1..3}; do - output=$(curl -s -X GET --head http://localhost:10000) + output=$(curl -s -X GET --head "http://localhost:${PORT_PROXY}") echo "${output}" | grep "429 Too Many Requests" || exit 1 echo "${output}" | grep "x-local-rate-limit: true" || exit 1 done @@ -22,44 +25,44 @@ done run_log "Sleep 5s to wait rate limiting refresh" sleep 5 -run_log "Test upstream: localhost:10000 without rate limit response two times" +run_log "Test upstream: localhost:${PORT_PROXY} without rate limit response two times" for i in {1..2}; do responds_without \ "local_rate_limited" \ - http://localhost:10000 + "http://localhost:${PORT_PROXY}" done -run_log "Test upstream: localhost:10000 with rate limit response three times" +run_log "Test upstream: localhost:${PORT_PROXY} with rate limit response three times" for i in {1..3}; do responds_with \ "local_rate_limited" \ - http://localhost:10000 + "http://localhost:${PORT_PROXY}" done -run_log "Test admin interface: localhost:9901/stats/prometheus without rate limit header five times" +run_log "Test admin interface: localhost:${PORT_STATS0}/stats/prometheus without rate limit header five times" for i in {1..5}; do - output=$(curl -s -X GET --head http://localhost:9901/stats/prometheus) + output=$(curl -s -X GET --head "http://localhost:${PORT_STATS0}/stats/prometheus") echo "${output}" | grep "429 Too Many Requests" && exit 1 echo "${output}" | grep "x-local-rate-limit: true" && exit 1 done -run_log "Test admin interface: localhost:9901/stats/prometheus without rate limit response five times" +run_log "Test admin interface: localhost:${PORT_STATS0}/stats/prometheus without rate limit response five times" for i in {1..5}; do responds_without \ "local_rate_limited" \ - http://localhost:9901/stats/prometheus + "http://localhost:${PORT_STATS0}/stats/prometheus" done -run_log "Test admin interface: localhost:9902/stats/prometheus without rate limit header two times" +run_log "Test admin interface: localhost:${PORT_STATS1}/stats/prometheus without rate limit header two times" for i in {1..2}; do - output=$(curl -s -X GET --head http://localhost:9902/stats/prometheus) + output=$(curl -s -X GET --head "http://localhost:${PORT_STATS1}/stats/prometheus") echo "${output}" | grep "429 Too Many Requests" && exit 1 echo "${output}" | grep "x-local-rate-limit: true" && exit 1 done -run_log "Test admin interface: localhost:9902/stats/prometheus with rate limit header three times" +run_log "Test admin interface: localhost:${PORT_STATS1}/stats/prometheus with rate limit header three times" for i in {1..3}; do - output=$(curl -s -X GET --head http://localhost:9902/stats/prometheus) + output=$(curl -s -X GET --head "http://localhost:${PORT_STATS1}/stats/prometheus") echo "${output}" | grep "429 Too Many Requests" || exit 1 echo "${output}" | grep "x-local-rate-limit: true" || exit 1 done @@ -67,16 +70,16 @@ done run_log "Sleep 5s to wait rate limiting refresh" sleep 5 -run_log "Test admin interface: localhost:9902/stats/prometheus without rate limit response two times" +run_log "Test admin interface: localhost:${PORT_STATS1}/stats/prometheus without rate limit response two times" for i in {1..2}; do responds_without \ "local_rate_limited" \ - http://localhost:9902/stats/prometheus + "http://localhost:${PORT_STATS1}/stats/prometheus" done -run_log "Test admin interface: localhost:9902/stats/prometheus with rate limit response three times" +run_log "Test admin interface: localhost:${PORT_STATS1}/stats/prometheus with rate limit response three times" for i in {1..3}; do responds_with \ "local_rate_limited" \ - http://localhost:9902/stats/prometheus + "http://localhost:${PORT_STATS1}/stats/prometheus" done diff --git a/examples/locality-load-balancing/Dockerfile-client b/examples/locality-load-balancing/Dockerfile-client index 92869c792d57..019f0510ca6b 100644 --- a/examples/locality-load-balancing/Dockerfile-client +++ b/examples/locality-load-balancing/Dockerfile-client @@ -1,5 +1,8 @@ FROM envoyproxy/envoy-dev:latest -RUN apt-get update && apt-get install -y bash curl python3 + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update && apt-get -qq install -y bash curl python3 COPY ./envoy-proxy.yaml /etc/envoy.yaml COPY ./client.py /client.py diff --git a/examples/locality-load-balancing/docker-compose.yaml b/examples/locality-load-balancing/docker-compose.yaml index 8d7bad8df1db..c16fc02a8864 100644 --- a/examples/locality-load-balancing/docker-compose.yaml +++ b/examples/locality-load-balancing/docker-compose.yaml @@ -13,8 +13,6 @@ services: build: context: . dockerfile: Dockerfile-client - ports: - - 8001:8001 depends_on: - "backend-local-1" - "backend-local-2" @@ -22,29 +20,33 @@ services: - "backend-remote-2" backend-local-1: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../shared/service volumes: - ./service.py:/code/service.py environment: - - HOST=backend-local-1 + - HOST=backend-local-1 backend-local-2: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../shared/service volumes: - ./service.py:/code/service.py environment: - - HOST=backend-local-2 + - HOST=backend-local-2 backend-remote-1: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../shared/service volumes: - ./service.py:/code/service.py environment: - - HOST=backend-remote-1 + - HOST=backend-remote-1 backend-remote-2: - image: flask_service:python-3.10-slim-bullseye + build: + context: ../shared/service volumes: - ./service.py:/code/service.py environment: - - HOST=backend-remote-2 + - HOST=backend-remote-2 diff --git a/examples/locality-load-balancing/verify.sh b/examples/locality-load-balancing/verify.sh index 7b25ae6c1903..a7e9c91f8a63 100755 --- a/examples/locality-load-balancing/verify.sh +++ b/examples/locality-load-balancing/verify.sh @@ -7,11 +7,11 @@ export DELAY=5 . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" check_health() { - docker-compose exec -T client-envoy curl -s localhost:8001/clusters | grep health_flags + "$DOCKER_COMPOSE" exec -T client-envoy curl -s "localhost:8001/clusters" | grep health_flags } check_backend() { - output=$(docker-compose exec -T client-envoy python3 client.py http://localhost:3000/ 100) + output=$("$DOCKER_COMPOSE" exec -T client-envoy python3 client.py http://localhost:3000/ 100) echo "$output" for expected in "$@" do @@ -27,14 +27,14 @@ bring_up_backend() { local server server="$1" - docker-compose exec -T client-envoy curl -s "$server":8000/healthy + "$DOCKER_COMPOSE" exec -T client-envoy curl -s "$server":8000/healthy } bring_down_backend() { local server server="$1" - docker-compose exec -T client-envoy curl -s "$server":8000/unhealthy + "$DOCKER_COMPOSE" exec -T client-envoy curl -s "$server":8000/unhealthy } run_log "=== Demo setup @@ -74,7 +74,7 @@ bring_up_backend "${NAME}"_backend-local-2_1 sleep ${DELAY} run_log "Scale backend-local-1 to 5 replicas then snooze for ${DELAY}s" -docker-compose -p ${NAME} up --scale backend-local-1=5 -d --build +"$DOCKER_COMPOSE" -p ${NAME} up --scale backend-local-1=5 -d --build sleep ${DELAY} run_log "Bring down 4 replicas in backend-local-1 then snooze for ${DELAY}s. Priority 0 locality is 20% healthy." diff --git a/examples/lua/Dockerfile-web-service b/examples/lua/Dockerfile-web-service index edf3810fa79b..5d13c863991c 100644 --- a/examples/lua/Dockerfile-web-service +++ b/examples/lua/Dockerfile-web-service @@ -1 +1 @@ -FROM solsson/http-echo +FROM solsson/http-echo@sha256:cadde771b6e022c3ea1a8ee84958d9b82ba5f7bda5f75730a8f8542d206c321c diff --git a/examples/lua/docker-compose.yaml b/examples/lua/docker-compose.yaml index a02575515898..7a24a773d3fa 100644 --- a/examples/lua/docker-compose.yaml +++ b/examples/lua/docker-compose.yaml @@ -6,11 +6,11 @@ services: context: . dockerfile: Dockerfile-proxy ports: - - "8000:8000" + - "${PORT_PROXY:-8000}:8000" web_service: build: context: . dockerfile: Dockerfile-web-service ports: - - "8080:80" + - "${PORT_WEB:-8080}:80" diff --git a/examples/lua/verify.sh b/examples/lua/verify.sh index 56a391da6ad4..797d99e88d4b 100755 --- a/examples/lua/verify.sh +++ b/examples/lua/verify.sh @@ -1,6 +1,8 @@ #!/bin/bash -e export NAME=lua +export PORT_PROXY="${LUA_PORT_PROXY:-11230}" +export PORT_WEB="${LUA_PORT_WEB:-11231}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -9,4 +11,6 @@ export NAME=lua run_log "Test connection" responds_with \ foo \ - http://localhost:8000 + "http://localhost:${PORT_PROXY}" + +# TODO(phlax): Add some docs/tests for web service diff --git a/examples/mysql/Dockerfile-mysql b/examples/mysql/Dockerfile-mysql index 7efee1dc3095..46d4508a9c9d 100644 --- a/examples/mysql/Dockerfile-mysql +++ b/examples/mysql/Dockerfile-mysql @@ -1 +1 @@ -FROM mysql:5.7 +FROM mysql:5.7@sha256:8b4b41d530c40d77a3205c53f7ecf1026d735648d9a09777845f305953e5eff5 diff --git a/examples/mysql/docker-compose.yaml b/examples/mysql/docker-compose.yaml index 5a795a9f009e..0bf731e77191 100644 --- a/examples/mysql/docker-compose.yaml +++ b/examples/mysql/docker-compose.yaml @@ -5,21 +5,12 @@ services: build: context: . dockerfile: Dockerfile-proxy - networks: - - envoymesh ports: - - "1999:1999" - - "8001:8001" + - "${PORT_ADMIN:-8001}:8001" mysql: build: context: . dockerfile: Dockerfile-mysql - networks: - - envoymesh environment: - MYSQL_ALLOW_EMPTY_PASSWORD=yes - -networks: - envoymesh: - name: envoymesh diff --git a/examples/mysql/verify.sh b/examples/mysql/verify.sh index 4e257f572862..646951f7c6a6 100755 --- a/examples/mysql/verify.sh +++ b/examples/mysql/verify.sh @@ -2,13 +2,15 @@ export NAME=mysql export DELAY=10 +export PORT_ADMIN="${MYSQL_PORT_ADMIN:-11300}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" _mysql () { local mysql_client - mysql_client=(docker run --network envoymesh mysql:5.7 mysql -h proxy -P 1999 -u root) + # TODO(phlax): pin mysql client + mysql_client=(docker run --network mysql_default mysql:5.7 mysql -h proxy -P 1999 -u root) "${mysql_client[@]}" "${@}" } @@ -23,9 +25,9 @@ _mysql -e "SELECT COUNT(*) from test.test;" | grep 1 run_log "Check mysql egress stats" responds_with \ egress_mysql \ - "http://localhost:8001/stats?filter=egress_mysql" + "http://localhost:${PORT_ADMIN}/stats?filter=egress_mysql" run_log "Check mysql TCP stats" responds_with \ mysql_tcp \ - "http://localhost:8001/stats?filter=mysql_tcp" + "http://localhost:${PORT_ADMIN}/stats?filter=mysql_tcp" diff --git a/examples/postgres/docker-compose.yaml b/examples/postgres/docker-compose.yaml index f4022bb02592..168b7fc08b51 100644 --- a/examples/postgres/docker-compose.yaml +++ b/examples/postgres/docker-compose.yaml @@ -6,12 +6,12 @@ services: context: . dockerfile: Dockerfile-proxy ports: - - "1999:1999" - - "8001:8001" + - "${PORT_ADMIN:-8001}:8001" command: "/usr/local/bin/envoy -c /etc/envoy.yaml" postgres: - image: postgres:latest + build: + context: ../shared/postgres environment: # WARNING! Do not use it on production environments because this will # allow anyone with access to the Postgres port to access your diff --git a/examples/postgres/verify.sh b/examples/postgres/verify.sh index b55b78716cb0..def62f0f7d41 100755 --- a/examples/postgres/verify.sh +++ b/examples/postgres/verify.sh @@ -2,6 +2,7 @@ export NAME=postgres export DELAY=10 +export PORT_ADMIN="${POSTGRES_PORT_ADMIN:-11600}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -40,9 +41,9 @@ _psql -d ${DBNAME} -c 'INSERT INTO tbl VALUES (DEFAULT);' run_log "Check postgres egress stats" responds_with \ egress_postgres \ - "http://localhost:8001/stats?filter=egress_postgres" + "http://localhost:${PORT_ADMIN}/stats?filter=egress_postgres" run_log "Check postgres TCP stats" responds_with \ postgres_tcp \ - "http://localhost:8001/stats?filter=postgres_tcp" + "http://localhost:${PORT_ADMIN}/stats?filter=postgres_tcp" diff --git a/examples/redis/Dockerfile-redis b/examples/redis/Dockerfile-redis index bf0a7a975605..c1ec77e957b5 100644 --- a/examples/redis/Dockerfile-redis +++ b/examples/redis/Dockerfile-redis @@ -1 +1 @@ -FROM redis +FROM redis@sha256:d581aded52343c461f32e4a48125879ed2596291f4ea4baa7e3af0ad1e56feed diff --git a/examples/redis/docker-compose.yaml b/examples/redis/docker-compose.yaml index 852216a063a6..70527966e34a 100644 --- a/examples/redis/docker-compose.yaml +++ b/examples/redis/docker-compose.yaml @@ -9,7 +9,7 @@ services: - envoymesh ports: - "1999:1999" - - "8001:8001" + - "${PORT_ADMIN:-8001}:8001" redis: build: diff --git a/examples/redis/verify.sh b/examples/redis/verify.sh index 117cb5ffce46..d142617b33ac 100755 --- a/examples/redis/verify.sh +++ b/examples/redis/verify.sh @@ -1,6 +1,7 @@ #!/bin/bash -e export NAME=redis +export PORT_ADMIN="${REDIS_PORT_ADMIN:-11800}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -17,4 +18,4 @@ redis-cli -h localhost -p 1999 get bar | grep BAR run_log "Test redis stats" responds_with \ egress_redis \ - "http://localhost:8001/stats?usedonly&filter=redis.egress_redis.command" + "http://localhost:${PORT_ADMIN}/stats?usedonly&filter=redis.egress_redis.command" diff --git a/examples/shared/echo/Dockerfile b/examples/shared/echo/Dockerfile new file mode 100644 index 000000000000..264e7a2dfe4c --- /dev/null +++ b/examples/shared/echo/Dockerfile @@ -0,0 +1 @@ +FROM jmalloc/echo-server@sha256:e4eaee2c7998f1edce4ffbe8375f326bef856608f42d6cd6d1f0b82d0e53ccfe diff --git a/examples/shared/flask/Dockerfile b/examples/shared/flask/Dockerfile index c9da8a4a1ac6..af38faf035ce 100644 --- a/examples/shared/flask/Dockerfile +++ b/examples/shared/flask/Dockerfile @@ -1,7 +1,7 @@ -FROM python:3.10-slim-bullseye +FROM python:3.10-slim-bullseye@sha256:c853c4bce75d939c4d5b2892753503ba3c3125282392ad58084e77f68862c7eb ADD requirements.txt /tmp/flask-requirements.txt -RUN pip3 install -r /tmp/flask-requirements.txt +RUN pip3 install -qr /tmp/flask-requirements.txt RUN mkdir /code ENTRYPOINT ["python3", "/code/service.py"] diff --git a/examples/shared/flask/requirements.in b/examples/shared/flask/requirements.in index 7e1060246fd6..4834a59a8b35 100644 --- a/examples/shared/flask/requirements.in +++ b/examples/shared/flask/requirements.in @@ -1 +1,2 @@ flask +pyyaml diff --git a/examples/shared/flask/requirements.txt b/examples/shared/flask/requirements.txt index 7db8b66af23c..f49565be8fcd 100644 --- a/examples/shared/flask/requirements.txt +++ b/examples/shared/flask/requirements.txt @@ -62,6 +62,41 @@ markupsafe==2.1.1 \ --hash=sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a \ --hash=sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7 # via jinja2 +pyyaml==6.0 \ + --hash=sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293 \ + --hash=sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b \ + --hash=sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57 \ + --hash=sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b \ + --hash=sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4 \ + --hash=sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07 \ + --hash=sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba \ + --hash=sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9 \ + --hash=sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287 \ + --hash=sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513 \ + --hash=sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0 \ + --hash=sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0 \ + --hash=sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92 \ + --hash=sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f \ + --hash=sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2 \ + --hash=sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc \ + --hash=sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c \ + --hash=sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86 \ + --hash=sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4 \ + --hash=sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c \ + --hash=sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34 \ + --hash=sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b \ + --hash=sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c \ + --hash=sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb \ + --hash=sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737 \ + --hash=sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3 \ + --hash=sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d \ + --hash=sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53 \ + --hash=sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78 \ + --hash=sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803 \ + --hash=sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a \ + --hash=sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174 \ + --hash=sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5 + # via -r requirements.in werkzeug==2.0.3 \ --hash=sha256:1421ebfc7648a39a5c58c601b154165d05cf47a3cd0ccb70857cbdacf6c8f2b8 \ --hash=sha256:b863f8ff057c522164b6067c9e28b041161b4be5ba4d0daceeaa50a163822d3c diff --git a/examples/shared/postgres/Dockerfile b/examples/shared/postgres/Dockerfile new file mode 100644 index 000000000000..b80c257294fc --- /dev/null +++ b/examples/shared/postgres/Dockerfile @@ -0,0 +1 @@ +FROM postgres:latest@sha256:4ba3b78788bb284687376b9c1e0565b245375ddee0fe14cef25e315b6bd88b1a diff --git a/examples/shared/service/Dockerfile b/examples/shared/service/Dockerfile new file mode 100644 index 000000000000..041f8a4a70bc --- /dev/null +++ b/examples/shared/service/Dockerfile @@ -0,0 +1 @@ +FROM flask_service:python-3.10-slim-bullseye diff --git a/examples/shared/tracing/Dockerfile b/examples/shared/tracing/Dockerfile index b31f6d683634..50b05781af66 100644 --- a/examples/shared/tracing/Dockerfile +++ b/examples/shared/tracing/Dockerfile @@ -3,7 +3,7 @@ FROM flask_service:python-3.10-slim-bullseye COPY --from=envoyproxy/envoy-dev:latest /usr/local/bin/envoy /usr/local/bin/envoy ADD requirements.txt /tmp/requirements.txt -RUN pip3 install -r /tmp/requirements.txt +RUN pip3 install -qr /tmp/requirements.txt ADD ./service.py /code/service.py diff --git a/examples/skywalking-tracing/Dockerfile-elasticsearch b/examples/skywalking-tracing/Dockerfile-elasticsearch new file mode 100644 index 000000000000..1d30d60f768c --- /dev/null +++ b/examples/skywalking-tracing/Dockerfile-elasticsearch @@ -0,0 +1 @@ +FROM elasticsearch:7.9.2@sha256:e3b52403c6fb95eb4dc6092d39c187acfc38e8afd61e4d38801ae323b3eeeff3 diff --git a/examples/skywalking-tracing/Dockerfile-skywalking-oap b/examples/skywalking-tracing/Dockerfile-skywalking-oap new file mode 100644 index 000000000000..81a762bf1893 --- /dev/null +++ b/examples/skywalking-tracing/Dockerfile-skywalking-oap @@ -0,0 +1 @@ +FROM apache/skywalking-oap-server:latest@sha256:d8529d0363e3c761337e31ed84cdf0a71ad3ceb68418e9860a3adf8da38cc4e6 diff --git a/examples/skywalking-tracing/Dockerfile-skywalking-ui b/examples/skywalking-tracing/Dockerfile-skywalking-ui new file mode 100644 index 000000000000..cb29af872aeb --- /dev/null +++ b/examples/skywalking-tracing/Dockerfile-skywalking-ui @@ -0,0 +1 @@ +FROM apache/skywalking-ui:latest@sha256:32cc4078cceab403620cc387c90364399bdd29f0de39c31e23006fb2419b2db5 diff --git a/examples/skywalking-tracing/docker-compose.yaml b/examples/skywalking-tracing/docker-compose.yaml index 9bdd679059d8..4ecbb8c7937d 100644 --- a/examples/skywalking-tracing/docker-compose.yaml +++ b/examples/skywalking-tracing/docker-compose.yaml @@ -24,14 +24,15 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - 8000:8000 - - 8001:8001 + - "${PORT_PROXY:-8000}:8000" + - "${PORT_ADMIN:-8001}:8001" depends_on: - skywalking-oap # First service. service1: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service1-envoy-skywalking.yaml:/etc/service-envoy.yaml environment: @@ -41,7 +42,8 @@ services: # Second service. service2: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service2-envoy-skywalking.yaml:/etc/service-envoy.yaml environment: @@ -51,7 +53,9 @@ services: # Skywalking components. elasticsearch: - image: elasticsearch:7.9.2 + build: + context: . + dockerfile: Dockerfile-elasticsearch healthcheck: test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"] interval: 30s @@ -66,25 +70,45 @@ services: hard: -1 skywalking-oap: - image: apache/skywalking-oap-server:8.6.0-es7 + build: + context: . + dockerfile: Dockerfile-skywalking-oap depends_on: - - elasticsearch + elasticsearch: + condition: service_healthy environment: - SW_STORAGE: elasticsearch7 + SW_HEALTH_CHECKER: default + SW_STORAGE: elasticsearch SW_STORAGE_ES_CLUSTER_NODES: elasticsearch:9200 healthcheck: - test: ["CMD-SHELL", "/skywalking/bin/swctl"] + test: ["CMD-SHELL", "/skywalking/bin/swctl ch"] interval: 30s timeout: 10s retries: 3 - start_period: 40s + start_period: 10s restart: on-failure skywalking-ui: - image: apache/skywalking-ui:8.6.0 + build: + context: . + dockerfile: Dockerfile-skywalking-ui + healthcheck: + test: ["CMD-SHELL", 'curl --silent --fail curl http://localhost:8080/graphql -X POST -H "Content-Type:application/json" -d "{ \"query\": \"query version { version }\"}" || exit 1'] + interval: 5s + timeout: 10s + retries: 10 + start_period: 10s depends_on: - - skywalking-oap + skywalking-oap: + condition: service_healthy ports: - - 8080:8080 + - "${PORT_UI:-8080}:8080" environment: - SW_OAP_ADDRESS: skywalking-oap:12800 + SW_OAP_ADDRESS: http://skywalking-oap:12800 + SW_HEALTH_CHECKER: default + + started: + image: hello-world:latest + depends_on: + skywalking-ui: + condition: service_healthy diff --git a/examples/skywalking-tracing/verify.sh b/examples/skywalking-tracing/verify.sh index 3c5c4799ca90..9cf3a88bc722 100755 --- a/examples/skywalking-tracing/verify.sh +++ b/examples/skywalking-tracing/verify.sh @@ -1,7 +1,10 @@ #!/bin/bash -e export NAME=skywalking -export DELAY=200 +export DELAY=10 +export PORT_PROXY="${SKYWALKING_PORT_PROXY:-11900}" +export PORT_ADMIN="${SKYWALKING_PORT_ADMIN:-11901}" +export PORT_UI="${SKYWALKING_PORT_UI:-11902}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -9,22 +12,22 @@ export DELAY=200 run_log "Test connection" responds_with \ "Hello from behind Envoy (service 1)!" \ - http://localhost:8000/trace/1 + "http://localhost:${PORT_PROXY}/trace/1" run_log "Test stats" responds_with \ "tracing.skywalking.segments_sent: 1" \ - http://localhost:8001/stats + "http://localhost:${PORT_ADMIN}/stats" run_log "Test dashboard" responds_with \ "" \ - http://localhost:8080 + "http://localhost:${PORT_UI}" run_log "Test OAP Server" responds_with \ "getEndpoints" \ - http://localhost:8080/graphql \ + "http://localhost:${PORT_UI}/graphql" \ -X POST \ -H "Content-Type:application/json" \ -d "{ \"query\": \"query queryEndpoints(\$serviceId: ID!, \$keyword: String!) { @@ -38,7 +41,7 @@ responds_with \ responds_with \ "currentTimestamp" \ - http://localhost:8080/graphql \ + "http://localhost:${PORT_UI}/graphql" \ -X POST \ -H "Content-Type:application/json" \ -d "{ \"query\": \"query queryOAPTimeInfo { diff --git a/examples/tls-inspector/Dockerfile-echo b/examples/tls-inspector/Dockerfile-echo new file mode 100644 index 000000000000..48a273ba75d2 --- /dev/null +++ b/examples/tls-inspector/Dockerfile-echo @@ -0,0 +1 @@ +FROM mendhak/http-https-echo@sha256:a5661adca985057c94e31d633ee57051dbf29ada1ccfaa4f5fb58f4a5b1a2b2b diff --git a/examples/tls-inspector/docker-compose.yaml b/examples/tls-inspector/docker-compose.yaml index 038630806a32..ac27e7f7941a 100644 --- a/examples/tls-inspector/docker-compose.yaml +++ b/examples/tls-inspector/docker-compose.yaml @@ -6,23 +6,29 @@ services: context: . dockerfile: Dockerfile ports: - - "10000:10000" - - "12345:12345" + - "${PORT_PROXY:-10000}:10000" + - "${PORT_ADMIN:-12345}:12345" service-https-http2: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: service-https-http2 environment: - HTTP_PORT=0 service-https-http1.1: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: service-https-http1.1 environment: - HTTP_PORT=0 service-http: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: service-http environment: - HTTPS_PORT=0 diff --git a/examples/tls-inspector/verify.sh b/examples/tls-inspector/verify.sh index ac53029ccdc0..7702637a6c0f 100755 --- a/examples/tls-inspector/verify.sh +++ b/examples/tls-inspector/verify.sh @@ -1,21 +1,23 @@ #!/bin/bash -e export NAME=tls-inspector +export PORT_PROXY="${TLS_INSPECTOR_PORT_PROXY:-12010}" +export PORT_ADMIN="${TLS_INSPECTOR_PORT_ADMIN:-12011}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" run_log "Curl tls inspector: HTTPS -> HTTP/1.1" -curl -sk --http1.1 https://localhost:10000 | jq '.os.hostname' | grep service-https-http1.1 +curl -sk --http1.1 "https://localhost:${PORT_PROXY}" | jq '.os.hostname' | grep service-https-http1.1 run_log "Curl tls inspector: HTTPS -> HTTP/2" -curl -sk --http2 https://localhost:10000 | jq '.os.hostname' | grep service-https-http2 +curl -sk --http2 "https://localhost:${PORT_PROXY}" | jq '.os.hostname' | grep service-https-http2 run_log "Curl tls inspector: HTTP" -curl -s http://localhost:10000 | jq '.os.hostname' | grep service-http +curl -s "http://localhost:${PORT_PROXY}" | jq '.os.hostname' | grep service-http run_log "Check stats of tls inspector" -curl -s http://localhost:12345/stats | grep "tls_inspector.alpn_found: 2" -curl -s http://localhost:12345/stats | grep "tls_inspector.sni_found: 2" -curl -s http://localhost:12345/stats | grep "tls_inspector.tls_found: 2" -curl -s http://localhost:12345/stats | grep "tls_inspector.tls_not_found: 1" +curl -s "http://localhost:${PORT_ADMIN}/stats" | grep "tls_inspector.alpn_found: 2" +curl -s "http://localhost:${PORT_ADMIN}/stats" | grep "tls_inspector.sni_found: 2" +curl -s "http://localhost:${PORT_ADMIN}/stats" | grep "tls_inspector.tls_found: 2" +curl -s "http://localhost:${PORT_ADMIN}/stats" | grep "tls_inspector.tls_not_found: 1" diff --git a/examples/tls-sni/Dockerfile-echo b/examples/tls-sni/Dockerfile-echo new file mode 100644 index 000000000000..48a273ba75d2 --- /dev/null +++ b/examples/tls-sni/Dockerfile-echo @@ -0,0 +1 @@ +FROM mendhak/http-https-echo@sha256:a5661adca985057c94e31d633ee57051dbf29ada1ccfaa4f5fb58f4a5b1a2b2b diff --git a/examples/tls-sni/docker-compose.yaml b/examples/tls-sni/docker-compose.yaml index bd4304b6f93d..a7e944a363b3 100644 --- a/examples/tls-sni/docker-compose.yaml +++ b/examples/tls-sni/docker-compose.yaml @@ -6,29 +6,35 @@ services: context: . dockerfile: Dockerfile ports: - - "10000:10000" + - "${PORT_PROXY:-10000}:10000" proxy-client: build: context: . dockerfile: Dockerfile-client ports: - - "20000:10000" + - "${PORT_PROXY_CLIENT:-20000}:10000" http-upstream1: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: http-upstream1 environment: - HTTPS_PORT=0 http-upstream2: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: http-upstream2 environment: - HTTPS_PORT=0 https-upstream3: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: https-upstream3 environment: - HTTP_PORT=0 diff --git a/examples/tls-sni/verify.sh b/examples/tls-sni/verify.sh index 375f764b4beb..f615835b5ea1 100755 --- a/examples/tls-sni/verify.sh +++ b/examples/tls-sni/verify.sh @@ -2,6 +2,8 @@ export NAME=tls-sni export MANUAL=true +export PORT_PROXY="${TLS_SNI_PORT_PROXY:-12020}" +export PORT_PROXY_CLIENT="${TLS_SNI_PORT_PROXY_CLIENT:-12021}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -27,28 +29,28 @@ create_self_signed_certs domain2 bring_up_example run_log "Query domain1 with curl and tls/sni" -curl -sk --resolve domain1.example.com:10000:127.0.0.1 \ - https://domain1.example.com:10000 \ +curl -sk --resolve "domain1.example.com:${PORT_PROXY}:127.0.0.1" \ + "https://domain1.example.com:${PORT_PROXY}" \ | jq '.os.hostname' | grep http-upstream1 run_log "Query domain2 with curl and tls/sni" -curl -sk --resolve domain2.example.com:10000:127.0.0.1 \ - https://domain2.example.com:10000 \ +curl -sk --resolve "domain2.example.com:${PORT_PROXY}:127.0.0.1" \ + "https://domain2.example.com:${PORT_PROXY}" \ | jq '.os.hostname' | grep http-upstream2 run_log "Query domain3 with curl and tls/sni" -curl -sk --resolve domain3.example.com:10000:127.0.0.1 \ - https://domain3.example.com:10000 \ +curl -sk --resolve "domain3.example.com:${PORT_PROXY}:127.0.0.1" \ + "https://domain3.example.com:${PORT_PROXY}" \ | jq '.os.hostname' | grep https-upstream3 run_log "Query domain1 via Envoy sni client" -curl -s http://localhost:20000/domain1 \ +curl -s "http://localhost:${PORT_PROXY_CLIENT}/domain1" \ | jq '.os.hostname' | grep http-upstream1 run_log "Query domain2 via Envoy sni client" -curl -s http://localhost:20000/domain2 \ +curl -s "http://localhost:${PORT_PROXY_CLIENT}/domain2" \ | jq '.os.hostname' | grep http-upstream2 run_log "Query domain3 via Envoy sni client" -curl -s http://localhost:20000/domain3 \ +curl -s "http://localhost:${PORT_PROXY_CLIENT}/domain3" \ | jq '.os.hostname' | grep https-upstream3 diff --git a/examples/tls/Dockerfile-echo b/examples/tls/Dockerfile-echo new file mode 100644 index 000000000000..48a273ba75d2 --- /dev/null +++ b/examples/tls/Dockerfile-echo @@ -0,0 +1 @@ +FROM mendhak/http-https-echo@sha256:a5661adca985057c94e31d633ee57051dbf29ada1ccfaa4f5fb58f4a5b1a2b2b diff --git a/examples/tls/docker-compose.yaml b/examples/tls/docker-compose.yaml index dee5dffa0872..83bc0c7a36d6 100644 --- a/examples/tls/docker-compose.yaml +++ b/examples/tls/docker-compose.yaml @@ -6,37 +6,41 @@ services: context: . dockerfile: Dockerfile-proxy-https-http ports: - - "10000:10000" + - "${PORT_PROXY0:-10000}:10000" proxy-https-to-https: build: context: . dockerfile: Dockerfile-proxy-https-https ports: - - "10001:10000" + - "${PORT_PROXY1:-10001}:10000" proxy-http-to-https: build: context: . dockerfile: Dockerfile-proxy-http-https ports: - - "10002:10000" + - "${PORT_PROXY2:-10002}:10000" proxy-https-passthrough: build: context: . dockerfile: Dockerfile-proxy-https-passthrough ports: - - "10003:10000" + - "${PORT_PROXY3:-10003}:10000" service-http: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: service-http environment: - HTTPS_PORT=0 service-https: - image: mendhak/http-https-echo + build: + context: . + dockerfile: Dockerfile-echo hostname: service-https environment: - HTTP_PORT=0 diff --git a/examples/tls/verify.sh b/examples/tls/verify.sh index 96c92992ce26..46c4af01e2d4 100755 --- a/examples/tls/verify.sh +++ b/examples/tls/verify.sh @@ -1,6 +1,10 @@ #!/bin/bash -e export NAME=tls +export PORT_PROXY0="${TLS_PORT_PROXY0:-12000}" +export PORT_PROXY1="${TLS_PORT_PROXY1:-12001}" +export PORT_PROXY2="${TLS_PORT_PROXY2:-12002}" +export PORT_PROXY3="${TLS_PORT_PROXY3:-12003}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -9,25 +13,25 @@ run_log "Test https -> http" responds_with \ '"x-forwarded-proto": "https",' \ -k \ - https://localhost:10000 -curl -sk https://localhost:10000 | jq '.os.hostname' | grep '"service-http"' + "https://localhost:${PORT_PROXY0}" +curl -sk "https://localhost:${PORT_PROXY0}" | jq '.os.hostname' | grep '"service-http"' run_log "Test https -> https" responds_with \ '"x-forwarded-proto": "https",' \ -k \ - https://localhost:10001 -curl -sk https://localhost:10001 | jq '.os.hostname' | grep '"service-https"' + "https://localhost:${PORT_PROXY1}" +curl -sk "https://localhost:${PORT_PROXY1}" | jq '.os.hostname' | grep '"service-https"' run_log "Test http -> https" responds_with \ '"x-forwarded-proto": "http",' \ - http://localhost:10002 -curl -s http://localhost:10002 | jq '.os.hostname' | grep '"service-https"' + "http://localhost:${PORT_PROXY2}" +curl -s "http://localhost:${PORT_PROXY2}" | jq '.os.hostname' | grep '"service-https"' run_log "Test https passthrough" responds_without \ '"x-forwarded-proto"' \ -k \ - https://localhost:10003 -curl -sk https://localhost:10003 | jq '.os.hostname' | grep '"service-https"' + "https://localhost:${PORT_PROXY3}" +curl -sk "https://localhost:${PORT_PROXY3}" | jq '.os.hostname' | grep '"service-https"' diff --git a/examples/udp/Dockerfile-udp b/examples/udp/Dockerfile-udp new file mode 100644 index 000000000000..76a45d7ac5ad --- /dev/null +++ b/examples/udp/Dockerfile-udp @@ -0,0 +1 @@ +FROM mendhak/udp-listener@sha256:ecc2961447560372fd6660c6db4bcf7e70d61f37f1421b1f8c4c7647da7c0aca diff --git a/examples/udp/docker-compose.yaml b/examples/udp/docker-compose.yaml index 33d32b9d40e6..3c6aed200df1 100644 --- a/examples/udp/docker-compose.yaml +++ b/examples/udp/docker-compose.yaml @@ -6,8 +6,10 @@ services: context: . dockerfile: Dockerfile ports: - - "10000:10000/udp" - - "10001:10001" + - "${PORT_PROXY:-10000}:10000/udp" + - "${PORT_ADMIN:-10001}:10001" service-udp: - image: mendhak/udp-listener + build: + context: . + dockerfile: Dockerfile-udp diff --git a/examples/udp/verify.sh b/examples/udp/verify.sh index 4f59779dd317..387f0fc4a042 100755 --- a/examples/udp/verify.sh +++ b/examples/udp/verify.sh @@ -1,17 +1,19 @@ #!/bin/bash -e export NAME=udp +export PORT_PROXY="${UDP_PORT_PROXY:-12100}" +export PORT_ADMIN="${UDP_PORT_ADMIN:-12101}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" run_log "Send some UDP packets" -echo -n HELO | nc -4u -w1 127.0.0.1 10000 -echo -n OLEH | nc -4u -w1 127.0.0.1 10000 +echo -n HELO | nc -4u -w1 127.0.0.1 "${PORT_PROXY}" +echo -n OLEH | nc -4u -w1 127.0.0.1 "${PORT_PROXY}" run_log "Check backend log" docker-compose logs service-udp | grep HELO docker-compose logs service-udp | grep OLEH run_log "Check admin stats" -curl -s http://127.0.0.1:10001/stats | grep udp | grep -v "\: 0" +curl -s "http://127.0.0.1:${PORT_ADMIN}/stats" | grep udp | grep -v "\: 0" diff --git a/examples/verify-common.sh b/examples/verify-common.sh index 9efac58ff0e8..df70c9a95b98 100644 --- a/examples/verify-common.sh +++ b/examples/verify-common.sh @@ -7,6 +7,7 @@ NAME="${NAME:-}" PATHS="${PATHS:-.}" UPARGS="${UPARGS:-}" +DOCKER_COMPOSE="${DOCKER_COMPOSE:-docker-compose}" run_log () { echo -e "\n> [${NAME}] ${*}" @@ -16,20 +17,22 @@ bring_up_example_stack () { local args path up_args args=("${UPARGS[@]}") path="$1" - read -ra up_args <<< "up --build -d ${args[*]}" + read -ra up_args <<< "up --quiet-pull --build -d ${args[*]}" + if [[ -z "$DOCKER_NO_PULL" ]]; then run_log "Pull the images ($path)" - docker-compose pull + "$DOCKER_COMPOSE" pull -q echo fi run_log "Bring up services ($path)" - docker-compose "${up_args[@]}" || return 1 + "$DOCKER_COMPOSE" "${up_args[@]}" || return 1 echo } bring_up_example () { local path paths read -ra paths <<< "$(echo "$PATHS" | tr ',' ' ')" + for path in "${paths[@]}"; do pushd "$path" > /dev/null || return 1 bring_up_example_stack "$path" || { @@ -44,8 +47,8 @@ bring_up_example () { fi for path in "${paths[@]}"; do pushd "$path" > /dev/null || return 1 - docker-compose ps - docker-compose logs + "$DOCKER_COMPOSE" ps + "$DOCKER_COMPOSE" logs popd > /dev/null || return 1 done } @@ -54,7 +57,7 @@ cleanup_stack () { local path path="$1" run_log "Cleanup ($path)" - docker-compose down + "$DOCKER_COMPOSE" down } cleanup () { diff --git a/examples/websocket/Dockerfile-websocat b/examples/websocket/Dockerfile-websocat new file mode 100644 index 000000000000..c7af716c46b7 --- /dev/null +++ b/examples/websocket/Dockerfile-websocat @@ -0,0 +1 @@ +FROM solsson/websocat@sha256:902f0b3a263fd274fc1acf24e95c7226071075b42775894205285fd894188120 diff --git a/examples/websocket/Dockerfile-websocat-client b/examples/websocket/Dockerfile-websocat-client new file mode 100644 index 000000000000..6d3c3aff7574 --- /dev/null +++ b/examples/websocket/Dockerfile-websocat-client @@ -0,0 +1,15 @@ +FROM solsson/websocat@sha256:902f0b3a263fd274fc1acf24e95c7226071075b42775894205285fd894188120 + +ENV DEBIAN_FRONTEND=noninteractive + +ADD interact.sh /interact.sh +RUN chmod +x /interact.sh + +RUN apt-get -qq update \ + && apt-get -qq install -qq --no-install-recommends -y expect \ + && apt-get -qq autoremove -y && apt-get clean \ + && rm -rf /tmp/* /var/tmp/* \ + && rm -rf /var/lib/apt/lists/* + + +ENTRYPOINT ["/interact.sh"] diff --git a/examples/websocket/docker-compose.yaml b/examples/websocket/docker-compose.yaml index e7cf16719ad3..12bdf93bc925 100644 --- a/examples/websocket/docker-compose.yaml +++ b/examples/websocket/docker-compose.yaml @@ -1,34 +1,47 @@ version: "3.8" services: + client-ws: + build: + context: . + dockerfile: Dockerfile-websocat-client + network_mode: host + restart: "no" + deploy: + replicas: 0 + proxy-ws: build: context: . dockerfile: Dockerfile-proxy-ws ports: - - "10000:10000" + - "${PORT_PROXY0:-10000}:10000" proxy-wss-wss: build: context: . dockerfile: Dockerfile-proxy-wss ports: - - "20000:10000" + - "${PORT_PROXY1:-20000}:10000" proxy-wss-passthrough: build: context: . dockerfile: Dockerfile-proxy-wss-passthrough ports: - - "30000:10000" + - "${PORT_PROXY2:-30000}:10000" service-ws: - image: solsson/websocat + build: + context: . + dockerfile: Dockerfile-websocat hostname: service-ws command: -E ws-listen:0.0.0.0:80 literalreply:'[ws] HELO' service-wss: - image: solsson/websocat + build: + context: . + dockerfile: Dockerfile-websocat hostname: service-wss command: wss-listen:0.0.0.0:443 literalreply:"[wss] HELO" --pkcs12-der /certs/output.pkcs12 volumes: diff --git a/examples/websocket/interact.sh b/examples/websocket/interact.sh new file mode 100644 index 000000000000..6f507d5427b7 --- /dev/null +++ b/examples/websocket/interact.sh @@ -0,0 +1,30 @@ +#!/bin/bash -e + +interact_ws () { + local port="$1" \ + protocol="$2" \ + backend="$3" \ + insecure="" + if [ "$protocol" == "wss" ]; then + insecure="--insecure" + fi + expect < ws" -interact_ws 10000 ws ws +"${DOCKER_COMPOSE}" run client-ws "${PORT_PROXY0}" ws ws run_log "Interact with web socket wss -> wss" -interact_ws 20000 wss wss +"${DOCKER_COMPOSE}" run client-ws "${PORT_PROXY1}" wss wss run_log "Interact with web socket wss passthrough" -interact_ws 30000 wss wss +"${DOCKER_COMPOSE}" run client-ws "${PORT_PROXY2}" wss wss diff --git a/examples/zipkin-tracing/Dockerfile-zipkin b/examples/zipkin-tracing/Dockerfile-zipkin new file mode 100644 index 000000000000..3928aa7d71a4 --- /dev/null +++ b/examples/zipkin-tracing/Dockerfile-zipkin @@ -0,0 +1 @@ +FROM openzipkin/zipkin:latest@sha256:9a7dbc81516a15348a250225fb79cd60d0d9938f1a5373b2a0118ba8c828ffdf diff --git a/examples/zipkin-tracing/docker-compose.yaml b/examples/zipkin-tracing/docker-compose.yaml index fcd9e5ea8a64..699d2abfd7bd 100644 --- a/examples/zipkin-tracing/docker-compose.yaml +++ b/examples/zipkin-tracing/docker-compose.yaml @@ -24,23 +24,27 @@ services: context: . dockerfile: Dockerfile-frontenvoy ports: - - "8000:8000" + - "${PORT_PROXY:-8000}:8000" service1: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service1-envoy-zipkin.yaml:/etc/service-envoy.yaml environment: - SERVICE_NAME=1 service2: - image: envoyproxy:tracing + build: + context: ../shared/tracing volumes: - ./service2-envoy-zipkin.yaml:/etc/service-envoy.yaml environment: - SERVICE_NAME=2 zipkin: - image: openzipkin/zipkin + build: + context: . + dockerfile: Dockerfile-zipkin ports: - - "9411:9411" + - "${PORT_ADMIN:-9411}:9411" diff --git a/examples/zipkin-tracing/verify.sh b/examples/zipkin-tracing/verify.sh index c2135e1d99de..3d8cfb4b146d 100755 --- a/examples/zipkin-tracing/verify.sh +++ b/examples/zipkin-tracing/verify.sh @@ -1,6 +1,8 @@ #!/bin/bash -e export NAME=zipkin +export PORT_PROXY="${ZIPKIN_PORT_PROXY:-12600}" +export PORT_ADMIN="${ZIPKIN_PORT_ADMIN:-12601}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" @@ -9,11 +11,11 @@ export NAME=zipkin run_log "Test connection" responds_with \ "Hello from behind Envoy (service 1)!" \ - http://localhost:8000/trace/1 + "http://localhost:${PORT_PROXY}/trace/1" run_log "Test dashboard" # this could do with using the healthcheck and waiting sleep 20 responds_with \ "" \ - http://localhost:9411/zipkin/ + "http://localhost:${PORT_ADMIN}/zipkin/" diff --git a/examples/zstd/Dockerfile-service b/examples/zstd/Dockerfile-service index c9103f91a32a..62f7d7fb6e7e 100644 --- a/examples/zstd/Dockerfile-service +++ b/examples/zstd/Dockerfile-service @@ -1,8 +1,10 @@ FROM debian:buster-slim -RUN apt-get update \ - && apt-get install --no-install-recommends -y python3 python3-pip python3-setuptools \ - && apt-get autoremove -y && apt-get clean \ +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update \ + && apt-get -qq install -qq --no-install-recommends -y python3 python3-pip python3-setuptools \ + && apt-get -qq autoremove -y && apt-get clean \ && rm -rf /tmp/* /var/tmp/* \ && rm -rf /var/lib/apt/lists/* RUN pip3 install -q Flask==2.0.3 diff --git a/examples/zstd/docker-compose.yaml b/examples/zstd/docker-compose.yaml index dd75f779e667..1114d2a9e2b4 100644 --- a/examples/zstd/docker-compose.yaml +++ b/examples/zstd/docker-compose.yaml @@ -5,9 +5,9 @@ services: context: . dockerfile: Dockerfile-zstd ports: - - "9901:9901" - - "9902:9902" - - "10000:10000" + - "${PORT_PROXY:-10000}:10000" + - "${PORT_ADMIN0:-9901}:9901" + - "${PORT_ADMIN1:-9902}:9902" service: build: diff --git a/examples/zstd/service.py b/examples/zstd/service.py index 1d3fa1bbe556..da2a24506fff 100644 --- a/examples/zstd/service.py +++ b/examples/zstd/service.py @@ -15,4 +15,4 @@ def get_json_file(): if __name__ == "__main__": - app.run(host='0.0.0.0', port=8080, debug=True) + app.run(host='0.0.0.0', port=8080) diff --git a/examples/zstd/verify.sh b/examples/zstd/verify.sh index 8d1dcf37de5b..0437e2f1d69c 100755 --- a/examples/zstd/verify.sh +++ b/examples/zstd/verify.sh @@ -1,30 +1,33 @@ #!/bin/bash -e export NAME=zstd +export PORT_PROXY="${ZSTD_PORT_PROXY:-12610}" +export PORT_ADMIN0="${ZSTD_PORT_ADMIN0:-12611}" +export PORT_ADMIN1="${ZSTD_PORT_ADMIN1:-12612}" # shellcheck source=examples/verify-common.sh . "$(dirname "${BASH_SOURCE[0]}")/../verify-common.sh" -run_log "Test service: localhost:10000/file.json with compression" +run_log "Test service: localhost:${PORT_PROXY}/file.json with compression" responds_with_header \ "content-encoding: zstd" \ - https://localhost:10000/file.json \ + "https://localhost:${PORT_PROXY}/file.json" \ -ki -H "Accept-Encoding: zstd" -run_log "Test service: localhost:10000/file.txt without compression" +run_log "Test service: localhost:${PORT_PROXY}/file.txt without compression" responds_without_header \ "content-encoding: zstd" \ - https://localhost:10000/file.txt \ + "https://localhost:${PORT_PROXY}/file.txt" \ -ki -H "Accept-Encoding: zstd" -run_log "Test service: localhost:9901/stats/prometheus without compression" +run_log "Test service: localhost:${PORT_ADMIN0}/stats/prometheus without compression" responds_without_header \ "content-encoding: zstd" \ - http://localhost:9901/stats/prometheus \ + "http://localhost:${PORT_ADMIN0}/stats/prometheus" \ -ki -H "Accept-Encoding: zstd" -run_log "Test service: localhost:9902/stats/prometheus with compression" +run_log "Test service: localhost:${PORT_ADMIN1}/stats/prometheus with compression" responds_with_header \ "content-encoding: zstd" \ - https://localhost:9902/stats/prometheus \ + "https://localhost:${PORT_ADMIN1}/stats/prometheus" \ -ki -H "Accept-Encoding: zstd"