mkit 0.5.0 → 0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc469f170acb4204c99a3c5d5b42d474e68d3541dca30920068b5b7d1c56c526
-  data.tar.gz: 97bd822d57128df2a7e3ae584af116aa09a250b41fed9f1dd362aa29bd3d49fb
+  metadata.gz: 0dab845891b079ffbf0f696676c1c3b6e25e583c02a09570582571976f8ce40d
+  data.tar.gz: 59e3174e0e09347c2e40a7f7096cfd3c9f9575a588d210c0d7dd71ccfcadf206
 SHA512:
-  metadata.gz: d03fa8ceeb3668ef280fa558ce5e5002110f98cdc8bb30fef4ab299e55b532ed6faee2ddb1203925567bec8657daddcbe7eaa9cc63440350b11aca321b8c3fec
-  data.tar.gz: 26087de2da9a6c65a3c42c92714a83419f91c7832549b04b39f5900d47d6a574e8cb180d42d62d09e5263b56eba3ea7858e2b8b0fcf6788609be30a7e8e62ddb
+  metadata.gz: a447023289277ea09120233ec72cb3b5a2de96077ee012b30fd369e21c338b487a898217d367dba7b8a86499a940944dee60ecdecbced737c00b70358e3141f4
+  data.tar.gz: b33b3276ad887b3939d2898b2d09c0a8a807a62856b761969f50e675c2e01fcd2f48abc1a49259dea60e4d12df563b0b73d4d4852880bb0e4abf2e539714074f

data/README.md

@@ -2,7 +2,9 @@
 
 This is micro kubernetes(tm) on Ruby(tm), a simple tool to deploy containers to mimic a (very) minimalistic k8 cluster with a nice REST API.
 
-It contains an internal DNS and uses HAProxy for routing/balancing/fail-over for Pods access.
+It's also a frontend for `docker`, providing an easier way for your services to be locally available, without the need to care about local `ports` availability.
+
+It contains an internal DNS and uses HAProxy as ingress for Pod access.
 The database is a simple sqlite3 db and the server is a Sinatra based application.
 
 A client is also included to access the API, e.g. `mkitc ps`.
@@ -16,91 +18,24 @@ The daemon is responsible for HAProxy pods routing configuration. It also provid
 * Docker
 * Linux (iproute2 package)
 
+**Note:** in order to have **ssl support**, you must install `openssl-dev` package (e.g. `libssl-dev` on Ubuntu) prior to install MKIt gem, due to `eventmachine` gem native extensions.
+
 ## Install
 
-This is a simple ruby gem, so to install run
+This is a simple ruby gem, so to install execute:
 ```
 # gem install mkit
 ```
 
-## Running
-
-The `daemon` requires `root` user (due to `ip` and `haproxy`), you can run it directly on the repository root...
-
-```
-# ./mkitd  --help
-Usage: mkitd [options]
-    -c config-dir                    set the config dir (default is /etc/mkit)
-    -p port                          set the port (default is 4567)
-    -b bind                          specify bind address (e.g. /tmp/app.sock)
-    -s server                        specify rack server/handler
-    -q                               turn on quiet mode (default is off)
-    -x                               turn on the mutex lock (default is off)
-    -e env                           set the environment (default is development)
-    -o addr                          set the host (default is (env == 'development' ? 'localhost' : '0.0.0.0'))
-   
-```
-
-or after the `gem install mkit-<version>.gem`. The server and client will be installed on host.
-
-```
-# mkitd
-...
- 0.65s     info: MKIt is up and running! [ec=0xbe0] [pid=45804] [2023-12-29 15:46:04 +0000]
-```
-
-There's also samples on the samples dir, for `daemontools` and `systemd`.
-
-### Accessing the API
-
-A client is provided to interact with `mkit server`.
-
-Run `mkitc help` for a list of current supported commands.
-
-```
-Usage: mkitc <command> [options]
-
-Micro k8s on Ruby - a simple tool to mimic a (very) minimalistic k8 cluster
-
-Commands:
-
-ps         show services status (alias for status)
-status     show services status
-logs       prints service logs
-start      start service
-stop       stop service
-restart    restart service
-create     create new service
-update     update service
-rm         remove service
-version    prints mkit server version
-proxy      haproxy status and control
-profile    mkit client configuration profile
-
-Run 'mkitc help <command>' for specific command information.
-```
-
-Example:
-
-```
-$ mkitc ps postgres
-+----+----------+---------------+----------+--------------+---------+
-| id |   name   |     addr      |  ports   |     pods     | status  |
-+----+----------+---------------+----------+--------------+---------+
-| 2  | postgres | 10.210.198.10 | tcp/4532 | 49b5e4c8f247 | RUNNING |
-+----+----------+---------------+----------+--------------+---------+
-```
-The service `postgres` is available on IP `10.210.198.10:5432`
-
 ## Configuration
 
 ### Server configuration
 
-On startup, configuration files on `config` directory will be copied to `/etc/mkit`.
+On startup, [the server configuration](config) will be created on `/etc/mkit`.
 
-The server is available by default on `http://localhost:4567` but you can configure server startup parameters on `/etc/mkit/mkitd_config.sh`
+The server will available by default on `https://localhost:4567` but you can configure server startup parameters on `/etc/mkit/mkitd_config.sh`
 
-Please check `samples/systemd` or `samples/daemontools` directories for more details.
+Please check [systemd](samples/systemd) or [daemontools](samples/daemontools) directories for more details.
 
 ```
 # /etc/mkit/mkitd_config.sh
@@ -110,7 +45,7 @@ Please check `samples/systemd` or `samples/daemontools` directories for more det
 OPTIONS=""
 # e.g. OPTIONS="-b 0.0.0.0"
 ```
-HAProxy config directory and control commands are defined on `mkit_config.yml`
+HAProxy config directory and control commands are defined on [mkit_config.yml](config/mkit_config.yml)
 
 ```
 # /etc/mkit/mkit_config.yml - mkit server configuration file. 
@@ -127,9 +62,13 @@ mkit:
       status:  systemctl status  haproxy
   database:
     env: development
+  clients:
+    - id: client_1_id
+    - id: client_2_id
+    - ...
 ```
 
-You must configure `haproxy` to use config directory. e.g. on Ubuntu
+You must configure `haproxy` to use config directory. for example on Ubuntu:
 
 ```
 # /etc/default/haproxy
@@ -145,19 +84,40 @@ CONFIG="/etc/haproxy/haproxy.d"
 # Add extra flags here, see haproxy(1) for a few options
 #EXTRAOPTS="-de -m 16"
 ```
+
+#### Authorization
+
+To access MKIt server API, you must add each client `id` to server configuration:
+
+```
+# /etc/mkit/mkit_config.yml - mkit server configuration file. 
+mkit:
+  my_network:
+...
+  clients:
+    - id: client_1_id
+    - id: client_2_id
+    - ...
+```
+
 ### Client configuration
 
 On `mkitc` first call, default configuration will be copied to `$HOME/.mkit` with `local`default profile set.
 
-You can add more servers and change active profile with `$mkitc profile set <profile_name>`, e.g. `$mkitc profile set server_2` 
+You must call `mkitc init` to initialize client configuration.
+
+Client identification key (`my_id`) will be generated, printed out to console and saved to the client's configuration file.
+
+You may edit the local configuration file to add more servers and change active profile with `$mkitc profile set <profile_name>`, e.g. `$mkitc profile set server_2`
 
 ```
 # ~/.mkit/mkitc_config.yml
 mkit:
   local: 
-    server.uri: http://localhost:4567
+    server.uri: https://localhost:4567
   server_2:  # you can add more servers. change the client active profile with mkitc profile command
-    server.uri: http://192.168.29.232:4567
+    server.uri: https://192.168.29.232:4567
+my_id: unique_id # this id is generated running mkitc init
 ```
 
 ### Service
@@ -171,7 +131,12 @@ service:
           #   <external_port>:[internal_port]:<tcp|http>:[round_robin (default)|leastconn]
           # to define a range on `external_port`, leave `internal_port` blank
           #   - 5000-5100::tcp:round_robin
-          # range on `internal_port` is not supported 
+          #   range on `internal_port` is not supported
+          # ssl suport
+          #   <external_port>:[internal_port]:<tcp|http>:round_robin|leastconn[:ssl[,<cert.pem>(mkit.pem default)>]]
+          #   e.g.
+          #  - 443:80:http:round_robin:ssl # uses mkitd default crt file (mkit.pem)
+          #  - 443:80:http:round_robin:ssl,/etc/pki/foo.pem # custom crt file full path
     - 5672:5672:tcp:round_robin
     - 80:15672:http:round_robin
   resources:
@@ -186,6 +151,72 @@ service:
     RABBITMQ_DEFAULT_VHOST: mkit
 ```
 
+## Running
+
+The `mkitd server daemon` requires `root` user (due to `ip` and `haproxy`).
+After installing the gem, server and client will be available on host.
+```
+# mkitd  --help
+Usage: mkitd [options]
+    -c config-dir                    set the config dir (default is /etc/mkit)
+    -p port                          set the port (default is 4567)
+    -b bind                          specify bind address (e.g. 0.0.0.0)
+    -e env                           set the environment (default is development)
+    -o addr                          alias for '-b' option
+        --no-ssl                     disable ssl - use http for local server. (default is https)
+        --ssl-key-file PATH          Path to private key (default mkit internal)
+        --ssl-cert-file PATH         Path to certificate (default mkit internal)
+```
+
+There's also samples for [systemd](samples/systemd) and [daemontools](samples/daemontools) as well for some miscellaneous [spps](samples/apps).
+
+### Accessing the API
+
+A client is provided to interact with MKIt server.
+
+Run `mkitc help` for a list of current supported commands.
+
+```
+Usage: mkitc <command> [options]
+
+Micro k8s on Ruby - a simple tool to mimic a (very) minimalistic k8 cluster
+
+Commands:
+
+init       init mkit client
+ps         show services status (alias for status)
+status     show services status
+logs       prints service logs
+start      start service
+stop       stop service
+restart    restart service
+create     create new service
+update     update service
+rm         remove service
+version    prints mkit server version
+proxy      haproxy status and control
+profile    mkit client configuration profile
+
+Run 'mkitc help <command>' for specific command information.
+```
+
+Example:
+
+```
+$ mkitc ps
++----+-------+---------------+-------------------+--------------+---------+
+| id | name  |     addr      |       ports       |     pods     | status  |
++----+-------+---------------+-------------------+--------------+---------+
+| 1  | mongo | 10.210.198.10 | tcp/27017         | 106e2b59cb11 | RUNNING |
+| 2  | nexus | 10.210.198.11 | http/80,https/443 | 68e239e5102a | RUNNING |
++----+-------+---------------+-------------------+--------------+---------+
+```
+The service `mongo` is available on IP `10.210.198.10:27017`
+The service `nexus` is available on IP `10.210.198.11:80` and on port `443` with ssl.
+
+**Note:** Don't forget to call `mkitc init` to initialize client configuration and to add the `client-id`
+to the server authorized clients list.
+
 ## Development
 
 * build the gem

data/bin/mkitc

@@ -27,6 +27,11 @@ class CommandPalette
       { short: '-v', long: '--verbose', help: 'verbose', mandatory: false, value: nil }
     ]
     [
+      {
+        cmd: 'init',
+        help: 'init mkit client',
+        request: { }
+      },
       {
         cmd: 'ps',
         args: [
@@ -170,6 +175,7 @@ class MKItClient
     @config_dir = "#{ENV['HOME']}/.mkit"
     @profile_file = "#{@config_dir}/current"
     @commands = CommandPalette.new
+    @config_file = "#{@config_dir}/mkitc_config.yml"
     create_default_config
   end
 
@@ -178,28 +184,34 @@ class MKItClient
       puts "Creating config directory on '#{@config_dir}'..."
       FileUtils.mkdir_p(@config_dir)
     end
-    FileUtils.cp("#{@root}/config/mkitc_config.yml", @config_dir) unless File.exist?("#{@config_dir}/mkitc_config.yml")
+    FileUtils.cp("#{@root}/config/mkitc_config.yml", @config_dir) unless File.exist?(@config_file)
     profile({ verb: 'set' }, { profile_name: 'local' }) unless File.exist?(@profile_file)
   end
 
-  def read_configuration
+  def read_configuration(init_call = false)
     current_profile = File.read(@profile_file)
     if current_profile.nil? || current_profile.empty?
       # force set default
       profile({ verb: 'set' }, { profile_name: 'local' })
       current_profile = 'local'
     end
-    cfg = YAML.load_file("#{@config_dir}/mkitc_config.yml")
+    cfg = YAML.load_file(@config_file)
 
     if cfg['mkit'].nil? || cfg['mkit'][current_profile.lstrip].nil?
       raise InvalidParametersException, "invalid configuration found on '~/.mkit' or profile not found"
     end
 
     @configuration = cfg['mkit'][current_profile.lstrip]
+    if !init_call && cfg['my_id'].nil?
+      raise InvalidParametersException.new("Please run 'mkitc init' to initialize mkit client.", find_command('init'))
+    end
+    @my_id = cfg['my_id']
+    cfg
   end
 
-  def client
+  def client(req)
     read_configuration
+    req['X-API-KEY'] = @my_id
     uri = URI(@configuration['server.uri'])
     case uri.scheme
     when 'https'
@@ -213,7 +225,7 @@ class MKItClient
     else
       raise InvalidParametersException, 'Invalid mkit server uri. Please check configuration'
     end
-    @client
+    @client.request(req)
   end
 
   def dict
@@ -317,7 +329,7 @@ class MKItClient
     when :delete
       req = Net::HTTP::Delete.new(uri)
     end
-    client.request(req).body
+    client(req).body
   end
 
   def attach(file)
@@ -371,6 +383,18 @@ class MKItClient
     exit 1
   end
 
+  def init(request, request_hash = nil)
+    cfg = read_configuration(true)
+    if cfg['my_id'].nil?
+      my_id = SecureRandom.uuid.gsub('-','')
+      cfg['my_id'] = my_id
+      File.write(@config_file, cfg.to_yaml)
+      puts "Please check if your api-key is on mkitd server allowed keys"
+    else
+      my_id = cfg['my_id']
+    end
+    puts "Your api-key is #{my_id}"
+  end
   def create(request, request_hash = nil)
     unless File.file?(request_hash[:file])
       raise InvalidParametersException.new('File not found.', find_command('create'))

data/bin/mkitd

@@ -9,9 +9,7 @@ def up
   require 'sinatra'
   require 'sinatra/base'
   require 'mkit'
-  # defaults
-  PARAMS_CONFIG[:bind] ||= 'localhost'
-  PARAMS_CONFIG[:port] ||= 4567
+
   MKIt.startup(options: PARAMS_CONFIG)
 
   use Rack::MethodOverride
@@ -21,26 +19,27 @@ def up
 
   # sinatra::base ignores in parameters
   # set it here or via configure...
-  Sinatra::Application.run!({ port: PARAMS_CONFIG[:port], bind: PARAMS_CONFIG[:bind] })
-  # MKIt::Server.run
+  # Sinatra::Application.run!({ port: PARAMS_CONFIG[:port], bind: PARAMS_CONFIG[:bind] })
+  Sinatra::Application.run! do |server|
+    MKIt.options(server)
+  end
+
 end
 
 if ARGV.any?
   require 'optparse'
   parser = OptionParser.new do |op|
     op.on('-c config-dir', 'set the config dir (default is /etc/mkit)') { |val| PARAMS_CONFIG[:config_dir] = val }
-    op.on('-p port',   'set the port (default is 4567)')               { |val| PARAMS_CONFIG[:port] = Integer(val) }
-    op.on('-b bind  ', 'specify bind address (e.g. /tmp/app.sock)')    { |val| PARAMS_CONFIG[:bind] = val }
-    op.on('-s server', 'specify rack server/handler')                  { |val| PARAMS_CONFIG[:server] = val }
-    op.on('-q',        'turn on quiet mode (default is off)')          {       PARAMS_CONFIG[:quiet] = true }
-    op.on('-x',        'turn on the mutex lock (default is off)')      {       PARAMS_CONFIG[:lock] = true }
-    op.on('-e env',    'set the environment (default is development)') do |val|
+    op.on('-p port', 'set the port (default is 4567)')                  { |val| PARAMS_CONFIG[:port] = Integer(val) }
+    op.on('-b bind', 'specify bind address (e.g. 0.0.0.0)')             { |val| PARAMS_CONFIG[:bind] = val }
+    op.on('-o addr', 'alias for bind option') { |val| PARAMS_CONFIG[:bind] = val } 
+    op.on('-e env',  'set the environment (default is development)') do |val|
       ENV['RACK_ENV'] = val
       PARAMS_CONFIG[:environment] = val.to_sym
     end
-    op.on('-o addr', "set the host (default is (env == 'development' ? 'localhost' : '0.0.0.0'))") do |val|
-      PARAMS_CONFIG[:bind] = val
-    end
+    op.on('--no-ssl', 'disable ssl - use http for local server. (default is https)') { PARAMS_CONFIG[:ssl] = false }
+    op.on('--ssl-key-file PATH', 'Path to private key (default mkit internal)')    { |val| PARAMS_CONFIG[:private_key_file] = val }
+    op.on('--ssl-cert-file PATH', 'Path to certificate (default mkit internal)')   { |val| PARAMS_CONFIG[:cert_chain_file] = val }
   end
   begin
     parser.parse!(ARGV.dup)

data/config/mkit_config.yml

@@ -1,3 +1,4 @@
+---
 mkit:
   my_network:
     ip: 10.210.198.1
@@ -12,4 +13,5 @@ mkit:
       bin: /usr/sbin/haproxy
   database:
     env: development
-
+  clients:
+    - add_client_id: add client's id to allow access to this server

data/config/mkitc_config.yml

@@ -1,3 +1,3 @@
 mkit:
   local:
-    server.uri: http://localhost:4567
+    server.uri: https://localhost:4567

data/db/migrate/003_service_ports_ssl.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class ServicePortsSsl< ActiveRecord::Migration[5.1]
+  def up
+    add_column :service_ports, :ssl, :string
+    add_column :service_ports, :crt, :string
+  end
+end

data/lib/mkit/app/helpers/services_helper.rb

@@ -24,9 +24,28 @@ module MKIt
     end
 
     def build_table_row(data)
-      ports = data.service_port&.each.map { |p| "#{p.mode}/#{p.external_port}" }.join(',')
+      ports = data.service_port&.each.map { |p| build_port(p) }.join(',')
       pods = data.pod.each.map { |p| p.name.to_s }.join(' ')
       [data.id, data.name, data.lease&.ip, ports, pods, data.status]
     end
+
+    def build_port(p)
+      case p.mode
+      when 'http'
+        if p.ssl?
+          "#{p.mode}s/#{p.external_port}"
+        else
+          "#{p.mode}/#{p.external_port}"
+        end
+      when 'tcp'
+        if p.ssl?
+          "s#{p.mode}/#{p.external_port}"
+        else
+          "#{p.mode}/#{p.external_port}"
+        end
+      else
+        "#{p.mode}/#{p.external_port}"
+      end
+    end
   end
 end

data/lib/mkit/app/mkit_server.rb

@@ -9,6 +9,14 @@ module MKIt
     set :show_exceptions, false
     set :raise_errors, false
 
+    before do
+      api_key = request.env['HTTP_X_API_KEY']
+      cfg = YAML.load_file(MKIt::Config.config_file)
+      if cfg.nil? || cfg['mkit'].nil? || cfg['mkit']['clients'].nil? || !cfg['mkit']['clients'].map{|h| h['id']}.include?(api_key)
+        error 401, 'Unauthorized - please add your client-id to authorized clients list'
+      end
+    end
+
     error MKIt::BaseException do |e|
       MKItLogger.debug e
       error e.error_code, e.message

data/lib/mkit/app/model/service_port.rb

@@ -4,7 +4,7 @@ require 'mkit/exceptions'
 class ServicePort < ActiveRecord::Base
   belongs_to :service
 
-  CONFIG_EXPRESSION=/^(.*?):(.*?):(tcp|http):(.*?)$/
+  CONFIG_EXPRESSION=/^(.*?):(.*?):(tcp|http):(.*?)($|:ssl$|:ssl,(.+))$/
 
   def self.create(service:, config:)
     sp = ServicePort.new(service: service, version: service.version)
@@ -18,22 +18,34 @@ class ServicePort < ActiveRecord::Base
   #     # src:dest:tcp|http:round_robin|leastconn
   #     - 5532:5432:tcp:round_robin
   #     - 5532-6000::tcp:round_robin
+  #     # ssl support:
+  #     # src:dest:tcp|http:round_robin|leastconn[:ssl[,<cert.pem>(mkit.pem default)>]]
+  #     - 443:80:tcp:round_robin:ssl # crt file is mkit.pem
+  #     - 443:80:tcp:round_robin:ssl,/etc/pki/foo.pem # crt file full path
   # model:
   #  service_ports:
   #     - external: 5432
   #       internal: 5432
   #       mode: tcp|http
   #       load_bal: round_robin
+  #       ssl: true|false
+  #       crt: full path
   def parse_config(config)
     ports = config.match(CONFIG_EXPRESSION)
     raise MKIt::InvalidPortsConfiguration.new("no match with config expression $#{CONFIG_EXPRESSION}") if ports.nil?
 
+    puts ports
     self.external_port = ports[1]
     self.internal_port = ports[2]
     self.mode = ports[3]
     self.load_bal = ports[4]
+    self.ssl = !ports[5].nil? && ports[5].start_with?(':ssl') ? 'true':'false'
+    self.crt = ports[7].nil? ? MKIt::Utils.proxy_cert : ports[7]
   end
 
+  def ssl?
+    self.ssl == 'true'
+  end
   def load_balance
     case self.load_bal
     when /^round_robin$/

data/lib/mkit/app/templates/haproxy/xapp_haproxy.cfg.erb

@@ -6,7 +6,7 @@
 # start <%=name%>-<%=port.external_port%>
 #
 frontend <%=name%>-<%=port.external_port%>-front
-  bind <%=lease.ip%>:<%=port.external_port%>
+  bind <%=lease.ip%>:<%=port.external_port%> <%=if port.ssl? then "ssl crt #{port.crt}" end%>
   mode <%=port.mode%>
   #
   use_backend <%=name%>-<%=port.external_port%>-back

data/lib/mkit/config/config.rb

@@ -6,13 +6,18 @@ require 'yaml'
 module MKIt
   module Config
     extend self
+
     def load_yml!(path)
+      @config_file = path
       @config = YAML.load(File.new(path).read).to_o
     end
+
+    def config_file
+      @config_file
+    end
     # 
     def method_missing(name,*args)
       return @config.send(name,*args)
-      super.method_missing name
     end
   end
 end

data/lib/mkit/ssl/easy_ssl.rb

@@ -0,0 +1,28 @@
+require 'openssl'
+
+module MKIt
+  class EasySSL
+    def self.create_self_certificate(cert_dir)
+      unless File.exist?("#{cert_dir}/#{MKIt::Utils::MKIT_CRT}")
+        key = OpenSSL::PKey::RSA.new 4096
+        name = OpenSSL::X509::Name.parse '/CN=MKIt/DC=server'
+        cert = OpenSSL::X509::Certificate.new
+        cert.version = 2
+        cert.serial = 0
+        cert.not_before = Time.now
+        cert.not_after = Time.now + 20 * 365 * 24 * 60 * 60
+        cert.public_key = key.public_key
+        cert.subject = name
+        cert.issuer = name
+        cert.sign key, OpenSSL::Digest.new('SHA256')
+        # my cert and key files
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_CRT}", 'w' do |io| io.write cert.to_pem end
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_KEY}", 'w' do |io| io.write key.to_pem end
+        # haproxy default ssl cert
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_PEM}", 'w' do |io| io.write cert.to_pem end
+        open "#{cert_dir}/#{MKIt::Utils::MKIT_PEM}", 'a' do |io| io.write key.to_pem end
+      end
+    end
+  end
+end
+

data/lib/mkit/utils.rb

@@ -4,6 +4,10 @@ module MKIt
   module Utils
     module_function
 
+    MKIT_CRT = 'mkit.crt'
+    MKIT_KEY = 'mkit.key'
+    MKIT_PEM = 'mkit.pem'
+
     def me
       'mkit'
     end
@@ -24,6 +28,10 @@ module MKIt
       @config_dir.nil? ? "#{self.root}/config" : @config_dir
     end
 
+    def proxy_cert
+      "#{config_dir}/#{MKIT_PEM}"
+    end
+
     def load_db_config(db_config_dir = self.config_dir)
       self.log.info "loading database configurations from '#{config_dir}'..."
       YAML::load(ERB.new(IO.read("#{db_config_dir}/database.yml")).result)

data/lib/mkit/version.rb

@@ -1,4 +1,4 @@
 module MKIt
-  VERSION = "0.5.0"
+  VERSION = "0.6.1"
 end
 

data/lib/mkit.rb

@@ -29,6 +29,7 @@ require 'mkit/docker_listener'
 require 'mkit/app/helpers/haproxy'
 require 'active_record/tasks/database_tasks'
 require 'mkit/utils'
+require 'mkit/ssl/easy_ssl'
 
 MKItLogger = Console.logger
 
@@ -40,15 +41,24 @@ module MKIt
 
   def self.configure(options:)
     @root = MKIt::Utils.root
+    @options = options
     MKItLogger.debug!
     #
     # config dir
     @config_dir = if ENV['RACK_ENV'] != 'development'
-                    options[:config_dir].nil? ? '/etc/mkit' : options[:config_dir]
+                    @options[:config_dir].nil? ? '/etc/mkit' : @options[:config_dir]
                   else
-                    options[:config_dir].nil? ? "#{@root}/config" : options[:config_dir]
+                    @options[:config_dir].nil? ? "#{@root}/config" : @options[:config_dir]
                   end
     MKIt::Utils.set_config_dir(@config_dir)
+    # defaults
+    @bind = options[:bind] ||= 'localhost'
+    @port = options[:port] ||= 4567
+    @ssl = options[:ssl].nil? ? true : options[:ssl] && true
+    @verify_peer = options[:verify_peer].nil? ? false : options[:verify_peer] && true
+    @cert_chain_file = options[:cert_chain_file] ||= "#{@config_dir}/#{MKIt::Utils::MKIT_CRT}"
+    @private_key_file = options[:private_key_file] ||= "#{@config_dir}/#{MKIt::Utils::MKIT_KEY}"
+
     # create dirs
     if ENV['RACK_ENV'] != 'development' || !options[:config_dir].nil?
       check_config_files = false
@@ -65,9 +75,11 @@ module MKIt
         exit
       end
     end
-    #
+
     # load configuration
     MKIt::Initializers.load_my_configuration
+    # cert
+    MKIt::EasySSL.create_self_certificate(@config_dir)
     #
     # run config based tasks
     FileUtils.mkdir_p(MKIt::Config.mkit.haproxy.config_dir)
@@ -92,6 +104,20 @@ module MKIt
     DatabaseTasks.root = @root
   end
 
+  def self.options(server)
+    if @ssl
+      ssl_options = {
+        private_key_file:  @private_key_file,
+        cert_chain_file: @cert_chain_file,
+        verify_peer: @verify_peer
+      }
+      server.ssl = true
+      server.ssl_options = ssl_options
+    end
+    server.backend.port = @port
+    server.backend.host = @bind
+  end
+
   def self.establish_db_connection
     ActiveRecord::Base.establish_connection(DatabaseTasks.database_configuration[DatabaseTasks.env])
     ActiveRecord::Base.connection.migration_context.migrations_paths.clear

data/mkit.gemspec

@@ -35,4 +35,5 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'sqlite3', '~> 1.5', '>= 1.5.4'
   s.add_runtime_dependency 'standalone_migrations', '~> 7.1', '>= 7.1.0'
   s.add_runtime_dependency 'thin', '~> 1.8', '>= 1.8.1'
+  s.add_runtime_dependency 'text-table', '~> 1.2', '>= 1.2.4'
 end

data/samples/apps/nexus.yml

@@ -5,6 +5,7 @@ service:
   network: bridge
   ports:
     - 80:8081:http:round_robin
+    - 443:8081:http:round_robin:ssl
   resources:
     max_replicas: 1
     min_replicas: 1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mkit
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Vasco Santos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-17 00:00:00.000000000 Z
+date: 2024-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async-dns
@@ -290,6 +290,26 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.1
+- !ruby/object:Gem::Dependency
+  name: text-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.4
 description: Micro k8s on Ruby - a simple tool to deploy containers to mimic a (very)
   minimalistic k8 cluster with a nice REST API
 email:
@@ -315,6 +335,7 @@ files:
 - config/mkitd_config.sh
 - db/migrate/001_setup.rb
 - db/migrate/002_mkit_jobs.rb
+- db/migrate/003_service_ports_ssl.rb
 - db/schema.rb
 - lib/mkit.rb
 - lib/mkit/app/controllers/mkit_controller.rb
@@ -350,13 +371,13 @@ files:
 - lib/mkit/ctypes.rb
 - lib/mkit/docker_listener.rb
 - lib/mkit/exceptions.rb
-- lib/mkit/haproxy.rb
 - lib/mkit/job_manager.rb
 - lib/mkit/mkit_dns.rb
 - lib/mkit/mkit_interface.rb
 - lib/mkit/sagas/asaga.rb
 - lib/mkit/sagas/create_pod_saga.rb
 - lib/mkit/sagas/saga_manager.rb
+- lib/mkit/ssl/easy_ssl.rb
 - lib/mkit/status.rb
 - lib/mkit/utils.rb
 - lib/mkit/version.rb

data/lib/mkit/haproxy.rb

@@ -1,48 +0,0 @@
-require 'pty'
-#
-# 
-#
-module MKIt
-  class HAProxy
-
-    def initialize
-      # configs
-      # run standalone | daemon
-      @running = false
-    end
-
-    def start
-      @thread ||= Thread.new {
-        while (@running) do
-        cmd = "/usr/sbin/haproxy -f /etc/haproxy/haproxy.d"
-        %x{#{cmd}}
-        sleep 1
-        end
-      }
-      @thread.run
-      puts "haproxy started"
-    end
-
-    def start
-      @running = true
-      @thread ||= Thread.new {
-        while (@running) do
-          %{/usr/sbin/haproxy -f /etc/haproxy/haproxy.d/}
-          sleep(1)
-        end
-      }
-      puts "proxy started"
-    end
-
-    def stop
-      puts "proxy stopped"
-    end
-
-    def status
-    end
-
-    def reload
-    end
-  end
-end
-