Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix usage of Docker Compose #139

Merged
merged 6 commits into from
Jan 23, 2025
Merged

Fix usage of Docker Compose #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7c57897
Fix GitHub PR workflow
rturner3 Jan 17, 2025
fee173e
Merge branch 'main' into fix-github-pr-workflow
rturner3 Jan 17, 2025
0d71691
Remove deprecated version property from docker-compose.yaml
rturner3 Jan 17, 2025
23db55d
Match casing of Dockerfile keywords
rturner3 Jan 17, 2025
16ceeb3
Merge branch 'main' into fix-github-pr-workflow
rturner3 Jan 18, 2025
2095105
Increase lookup window for log search
sorindumitru Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/pr_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v3
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: install minikube
Expand Down
14 changes: 7 additions & 7 deletions docker-compose/federation/1-start-spire-agents.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,21 @@ nn=$(tput sgr0)

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show

# Bootstrap trust to the SPIRE server for each agent by copying over the
# trust bundle into each agent container.
echo "${bb}Bootstrapping trust between SPIRE agents and SPIRE servers...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show |
docker-compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp tee conf/agent/bootstrap.crt
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show |
docker compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp tee conf/agent/bootstrap.crt

docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server bundle show |
docker-compose -f "${DIR}"/docker-compose.yaml exec -T stock-quotes-service tee conf/agent/bootstrap.crt
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server bundle show |
docker compose -f "${DIR}"/docker-compose.yaml exec -T stock-quotes-service tee conf/agent/bootstrap.crt

# Start up the broker-webapp SPIRE agent.
echo "${bb}Starting broker-webapp SPIRE agent...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -d broker-webapp bin/spire-agent run
docker compose -f "${DIR}"/docker-compose.yaml exec -d broker-webapp bin/spire-agent run

# Start up the stock-quotes-service SPIRE agent.
echo "${bb}Starting stock-quotes-service SPIRE agent...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -d stock-quotes-service bin/spire-agent run
docker compose -f "${DIR}"/docker-compose.yaml exec -d stock-quotes-service bin/spire-agent run
8 changes: 4 additions & 4 deletions docker-compose/federation/2-bootstrap-federation.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ nn=$(tput sgr0)
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

echo "${bb}bootstrapping bundle from broker to quotes-service server...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
/opt/spire/bin/spire-server bundle show -format spiffe > "${DIR}"/docker/spire-server-stockmarket.example/conf/broker.example.bundle
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
/opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://broker.example -path /opt/spire/conf/server/broker.example.bundle

echo "${bb}bootstrapping bundle from quotes-service to broker server...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
/opt/spire/bin/spire-server bundle show -format spiffe > "${DIR}"/docker/spire-server-broker.example/conf/stockmarket.example.bundle
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
/opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://stockmarket.example -path /opt/spire/conf/server/stockmarket.example.bundle
4 changes: 2 additions & 2 deletions docker-compose/federation/3-create-registration-entries.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ BROKER_WEBAPP_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/broker-webapp/conf/a
QUOTES_SERVICE_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/stock-quotes-service/conf/agent.crt.pem)

echo "${bb}Creating registration entry for the broker-webapp...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server entry create \
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server entry create \
-parentID spiffe://broker.example/spire/agent/x509pop/${BROKER_WEBAPP_AGENT_FINGERPRINT} \
-spiffeID spiffe://broker.example/webapp \
-selector unix:uid:0 \
-federatesWith "spiffe://stockmarket.example"

echo "${bb}Creating registration entry for the stock-quotes-service...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server entry create \
docker compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server entry create \
-parentID spiffe://stockmarket.example/spire/agent/x509pop/${QUOTES_SERVICE_AGENT_FINGERPRINT} \
-spiffeID spiffe://stockmarket.example/quotes-service \
-selector unix:uid:0 \
Expand Down
12 changes: 6 additions & 6 deletions docker-compose/federation/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ $ ./build.sh
Run the following command to start the SPIRE Servers and the applications:

```
$ docker-compose up -d
$ docker compose up -d
```

## Start SPIRE Agents
Expand Down Expand Up @@ -327,7 +327,7 @@ Open up a browser to http://localhost:8080/quotes and you should see a grid of r
To see the broker's SPIRE Server configuration you can run:

```
$ docker-compose exec spire-server-broker cat conf/server/server.conf
$ docker compose exec spire-server-broker cat conf/server/server.conf
```

You should see:
Expand Down Expand Up @@ -385,7 +385,7 @@ plugins {
To see the stock market's SPIRE Server configuration you can run:

```
$ docker-compose exec spire-server-stock cat conf/server/server.conf
$ docker compose exec spire-server-stock cat conf/server/server.conf
```

You should see:
Expand Down Expand Up @@ -445,7 +445,7 @@ plugins {
To see the broker's SPIRE Server registration entries you can run:

```
$ docker-compose exec spire-server-broker bin/spire-server entry show
$ docker compose exec spire-server-broker bin/spire-server entry show
```

You should see something like this:
Expand All @@ -464,7 +464,7 @@ FederatesWith : spiffe://stockmarket.example
To see the stock martket's SPIRE Server registration entries you can run:

```
$ docker-compose exec spire-server-stock bin/spire-server entry show
$ docker compose exec spire-server-stock bin/spire-server entry show
```

You should see something like this:
Expand All @@ -483,5 +483,5 @@ FederatesWith : spiffe://broker.example
## Cleanup

```
$ docker-compose down
$ docker compose down
```
2 changes: 1 addition & 1 deletion docker-compose/federation/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
(cd "${DIR}"/src/broker-webapp && CGO_ENABLED=0 GOOS=linux go build -v -o "${DIR}"/docker/broker-webapp/broker-webapp)
(cd "${DIR}"/src/stock-quotes-service && CGO_ENABLED=0 GOOS=linux go build -v -o "${DIR}"/docker/stock-quotes-service/stock-quotes-service)

docker-compose -f "${DIR}"/docker-compose.yaml build
docker compose -f "${DIR}"/docker-compose.yaml build
1 change: 0 additions & 1 deletion docker-compose/federation/docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: '3'
services:

spire-server-stock:
Expand Down
2 changes: 1 addition & 1 deletion docker-compose/federation/scripts/clean-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
norm=$(tput sgr0) || true
green=$(tput setaf 2) || true

docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
docker compose -f "${PARENT_DIR}"/docker-compose.yaml down

echo "${green}Cleaning completed.${norm}"
4 changes: 2 additions & 2 deletions docker-compose/federation/scripts/set-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ check-entry-is-propagated() {
# Wait one second between checks.
log "Checking registration entry is propagated..."
for ((i=1;i<=30;i++)); do
if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T $1 cat /opt/spire/agent.log 2>&1 | grep -qe "$2"; then
if docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T $1 cat /opt/spire/agent.log 2>&1 | grep -qe "$2"; then
log "${green}Entry is propagated.${nn}"
return 0
fi
Expand All @@ -40,7 +40,7 @@ log "Building"
bash "${PARENT_DIR}"/build.sh

log "Starting container"
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d
docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d

bash "${PARENT_DIR}"/1-start-spire-agents.sh

Expand Down
2 changes: 1 addition & 1 deletion docker-compose/federation/test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ clean-env
bash "${DIR}"/scripts/set-env.sh

for ((i=0;i<60;i++)); do
if docker-compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp wget localhost:8080/quotes -O - 2>&1 | grep -qe "Quotes service unavailable"; then
if docker compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp wget localhost:8080/quotes -O - 2>&1 | grep -qe "Quotes service unavailable"; then
log "Service not found, retrying..."
sleep 1
continue
Expand Down
2 changes: 1 addition & 1 deletion docker-compose/metrics/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ $ bash scripts/set-env.sh

Once the script is completed, in another terminal run the following command to review the logs from all the services:
```console
$ docker-compose logs -f -t
$ docker compose logs -f -t
```


Expand Down
1 change: 0 additions & 1 deletion docker-compose/metrics/docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: '3'
services:
graphite-statsd:
image: graphiteapp/graphite-statsd:1.1.7-6
Expand Down
2 changes: 1 addition & 1 deletion docker-compose/metrics/scripts/clean-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
norm=$(tput sgr0) || true
green=$(tput setaf 2) || true

docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
docker compose -f "${PARENT_DIR}"/docker-compose.yaml down

echo "${green}Cleaning completed.${norm}"
4 changes: 2 additions & 2 deletions docker-compose/metrics/scripts/create-workload-registration-entry.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ check-entry-is-propagated() {
# Wait one second between checks.
log "Checking registration entry is propagated..."
for ((i=1;i<=30;i++)); do
if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
if docker compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
log "${green}Entry is propagated.${nn}"
return 0
fi
Expand All @@ -43,7 +43,7 @@ check-entry-is-propagated() {

# Workload for workload-A deployment
log "creating workload-A workload registration entries..."
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server \
docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/spire/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/workload-A" \
Expand Down
2 changes: 1 addition & 1 deletion docker-compose/metrics/scripts/fetch_svid.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ set -e

echo "Will call api fetch x509 100 times in a random interval between 1 and 10 of seconds."
for ((i=0;i<100;i++)); do
docker-compose exec -u 1001 -T spire-agent \
docker compose exec -u 1001 -T spire-agent \
/opt/spire/bin/spire-agent api fetch x509 \
-socketPath /opt/spire/sockets/workload_api.sock > /dev/null
sleep $(( $RANDOM % 10 + 1 ))
Expand Down
10 changes: 5 additions & 5 deletions docker-compose/metrics/scripts/set-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,16 @@ log() {
}

log "Start StatsD-Graphite server"
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d graphite-statsd
docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d graphite-statsd

log "Start prometheus server"
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d prometheus
docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d prometheus

log "Start SPIRE Server"
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-server
docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-server

log "bootstrapping SPIRE Agent..."
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/spire/agent/bootstrap.crt
docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T spire-server /opt/spire/bin/spire-server bundle show > "${PARENT_DIR}"/spire/agent/bootstrap.crt

log "Start SPIRE Agent"
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-agent
docker compose -f "${PARENT_DIR}"/docker-compose.yaml up -d spire-agent
4 changes: 2 additions & 2 deletions docker-compose/metrics/test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ log "Checking Statsd received metrics pushed by SPIRE..."

STATSD_LOG_LINE="MetricLineReceiver connection with .* established"
for ((i=0;i<60;i++)); do
if ! docker-compose -f "${DIR}"/docker-compose.yaml logs --tail=10 -t graphite-statsd | grep -qe "${STATSD_LOG_LINE}" ; then
if ! docker compose -f "${DIR}"/docker-compose.yaml logs --tail=10 -t graphite-statsd | grep -qe "${STATSD_LOG_LINE}" ; then
sleep 1
continue
fi
Expand All @@ -43,7 +43,7 @@ fi

log "Checking that Prometheus can reach the endpoint exposed by SPIRE..."
for ((i=0;i<60;i++)); do
if ! docker-compose -f "${DIR}"/docker-compose.yaml exec -T prometheus wget -S spire-server:8088/ 2>&1 | grep -qe "200 OK" ; then
if ! docker compose -f "${DIR}"/docker-compose.yaml exec -T prometheus wget -S spire-server:8088/ 2>&1 | grep -qe "200 OK" ; then
sleep 1
continue
fi
Expand Down
12 changes: 6 additions & 6 deletions docker-compose/nested-spire/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ The Docker Compose definition for the `nestedA-server` service in the [docker-co
The `nestedA-server` must be registered on the `root-server` to obtain its identity which will be used to mint SVIDs. We achieve this by creating a registration entry in the root SPIRE Server for the `nestedA-server`.

```console
docker-compose exec -T root-server \
docker compose exec -T root-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedA" \
Expand All @@ -132,7 +132,7 @@ Ensure that the current working directory is `.../spire-tutorials/docker-compose
Once the script is completed, in another terminal run the following command to review the logs from all the services:

```console
docker-compose logs -f -t
docker compose logs -f -t
```


Expand All @@ -146,14 +146,14 @@ To test the scenario we create two workload registration entries, one entry for

```console
# Workload for nestedA deployment
docker-compose exec -T nestedA-server \
docker compose exec -T nestedA-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint nestedA/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedA/workload" \
-selector "unix:uid:1001" \

# Workload for nestedB deployment
docker-compose exec -T nestedB-server \
docker compose exec -T nestedB-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint nestedB/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedB/workload" \
Expand All @@ -177,14 +177,14 @@ The test consists of getting a JWT-SVID from the `nestedA-agent` SPIRE Agent and
Type this command to fetch the JWT-SVID on the `nestedA` SPIRE Agent and extract the token from the JWT-SVID:

```console
token=$(docker-compose exec -u 1001 -T nestedA-agent \
token=$(docker compose exec -u 1001 -T nestedA-agent \
/opt/spire/bin/spire-agent api fetch jwt -audience nested-test -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p')
```

Run the following command to validate the token from `nestedA` on the `nestedB` SPIRE Agent:

```console
docker-compose exec -u 1001 -T nestedB-agent \
docker compose exec -u 1001 -T nestedB-agent \
/opt/spire/bin/spire-agent api validate jwt -audience nested-test -svid "${token}" \
-socketPath /opt/spire/sockets/workload_api.sock
```
Expand Down
1 change: 0 additions & 1 deletion docker-compose/nested-spire/docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: '3'
services:
# Root
root-server:
Expand Down
2 changes: 1 addition & 1 deletion docker-compose/nested-spire/scripts/clean-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@ PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
norm=$(tput sgr0) || true
green=$(tput setaf 2) || true

docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
docker compose -f "${PARENT_DIR}"/docker-compose.yaml down

echo "${green}Cleaning completed.${norm}"
6 changes: 3 additions & 3 deletions docker-compose/nested-spire/scripts/create-workload-registration-entries.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ check-entry-is-propagated() {
# Wait one second between checks.
log "Checking registration entry is propagated..."
for ((i=1;i<=30;i++)); do
if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
if docker compose -f "${PARENT_DIR}"/docker-compose.yaml logs $1 | grep -qe "$2"; then
log "${green}Entry is propagated.${nn}"
return 0
fi
Expand All @@ -43,7 +43,7 @@ check-entry-is-propagated() {

# Workload for nestedA deployment
log "creating nestedA workload registration entry..."
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server \
docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedA-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/nestedA/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedA/workload" \
Expand All @@ -54,7 +54,7 @@ check-entry-is-propagated nestedA-agent spiffe://example.org/nestedA/workload

# Workload for nestedB deployment
log "creating nestedB workload registration entry..."
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server \
docker compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T nestedB-server \
/opt/spire/bin/spire-server entry create \
-parentID "spiffe://example.org/spire/agent/x509pop/$(fingerprint "${PARENT_DIR}"/nestedB/agent/agent.crt.pem)" \
-spiffeID "spiffe://example.org/nestedB/workload" \
Expand Down
Loading
Loading