feat!: Switch from Kong proxy to NGINIX proxy#345
feat!: Switch from Kong proxy to NGINIX proxy#345bnevis-i merged 4 commits intoedgexfoundry:mainfrom bnevis-i:vault-auth
Conversation
compose-builder/add-security.yml
Outdated
| - edgex-network | ||
| edgex-network: | ||
| aliases: | ||
| - edgex-kong # temp patch for edgex-ui-go |
There was a problem hiding this comment.
| - edgex-kong # temp patch for edgex-ui-go | |
| - edgex-nginx # temp patch for edgex-ui-go |
There was a problem hiding this comment.
Rejected. This is a workaround for edgexfoundry/edgex-ui-go#592 not being merged yet.
There was a problem hiding this comment.
Can we have a TODO comment added to fix this once the UI is fixed?
compose-builder/add-security.yml
Outdated
| security_opt: | ||
| - no-new-privileges:true | ||
|
|
||
| authproxy: |
There was a problem hiding this comment.
how about proxyauth or proxy-auth which is align with the microservice(binary) name ?
There was a problem hiding this comment.
Changed to proxy-auth.
BREAKING CHANGE: EdgeX 3.0 replaces the Kong reverse proxy with a generic NGINX reverse proxy. While the usage model remains the same, there is a minor change to the method by which a JWT authentication token is obtained. This commit removes Kong and Postgres and replaces with a much lighter weight NGINX and a new security-proxy-auth service. Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
lenny-goodell
left a comment
There was a problem hiding this comment.
Why is compose-builder/get-consul-acl-token.sh now empty?
compose-builder/add-security.yml
Outdated
| - edgex-network | ||
| edgex-network: | ||
| aliases: | ||
| - edgex-kong # temp patch for edgex-ui-go |
There was a problem hiding this comment.
Can we have a TODO comment added to fix this once the UI is fixed?
|
Also, I assume the ADD_PROXY_ROUTE setting in add-service-secure-template.yml is still valid place for this? |
It isn't. I just chmod'ed it to be executable. |
Ok. Strange way for the PR to show that... |
Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
Should continue to work, but haven't put a lot of effort into testing it. Consumed by same container and didn't change any of the related scripts. |
|
@lenny-intel Changes in e249f2e |
| KUIPER_VERSION=1.7-alpine | ||
| MOSQUITTO_VERSION=2.0 | ||
| NATS_VERSION=2.9-alpine | ||
| NGINX_VERSION=1.23-alpine-slim |
There was a problem hiding this comment.
Need to remove KONG_VERSION and POSTGRES_VERSION
Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
BREAKING CHANGE: EdgeX 3.0 replaces the Kong reverse proxy with a generic NGINX reverse proxy. While the usage model remains the same, there is a minor change to the method by which a JWT authentication token is obtained.
This commit removes Kong and Postgres and replaces with a much lighter weight NGINX and a new security-proxy-auth service.
PR Checklist
Please check if your PR fulfills the following requirements:
BREAKING CHANGE:describing the break)feat(security): Update docs for new proxy implementation edgex-docs#981
Testing Instructions
From edgex-compose, compose-builder directory:
Ensure that all the services are stable (stay up for 2+ minutes) then try edgex-ui:
Then browse to http://localhost:4000, paste in the token, and go to Data Center and watch for events (this will ensure that API gateway authentication is working properly.)