Dockerize cloudcore server

cmd/cloudcore-server/Dockerfile

@@ -2,4 +2,4 @@ FROM scratch
 
 COPY cloudcore /cloudcore
 
-ENTRYPOINT ["cloudcore"]
+ENTRYPOINT ["/cloudcore"]

cmd/cloudcore-server/server/grpc.go

@@ -2,11 +2,12 @@ package server
 
 import (
 	"context"
+	"fmt"
 	"github.com/clarkmcc/brpc"
 	"github.com/clarkmcc/cloudcore/cmd/cloudcore-server/config"
 	"github.com/clarkmcc/cloudcore/cmd/cloudcore-server/database"
 	"github.com/clarkmcc/cloudcore/cmd/cloudcore-server/services"
-	"github.com/clarkmcc/cloudcore/internal/example"
+	"github.com/clarkmcc/cloudcore/internal/envtls"
 	"github.com/clarkmcc/cloudcore/internal/rpc"
 	"github.com/clarkmcc/cloudcore/internal/token"
 	"github.com/quic-go/quic-go"
@@ -39,7 +40,11 @@ func New(
 
 	lc.Append(fx.Hook{
 		OnStart: func(_ context.Context) error {
-			l, err := quic.ListenAddr(":"+strconv.Itoa(config.AgentServer.Port), example.TLSConfig(), nil)
+			cfg, err := envtls.TLSConfig()
+			if err != nil {
+				return fmt.Errorf("getting tls config: %w", err)
+			}
+			l, err := quic.ListenAddr(":"+strconv.Itoa(config.AgentServer.Port), cfg, nil)
 			if err != nil {
 				return err
 			}

deploy/helm/.helmignore

@@ -0,0 +1,3 @@
+*.md
+.git
+.gitignore

deploy/helm/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: cloudcore
+description: A Helm chart for the CloudCore application
+version: 0.1.0
+appVersion: "0.1.0"

deploy/helm/templates/deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudcore
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cloudcore
+  template:
+    metadata:
+      labels:
+        app: cloudcore
+    spec:
+      containers:
+        - name: cloudcore
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - containerPort: {{ .Values.service.agentServer.port }}
+            - containerPort: {{ .Values.service.appServer.port }}
+          env:
+            - name: AGENT_SERVER_PORT
+              value: "{{ .Values.env.agentServerPort }}"
+            - name: APP_SERVER_PORT
+              value: "{{ .Values.env.appServerPort }}"
+            - name: AUTH0_DOMAIN
+              value: "{{ .Values.env.auth0Domain }}"
+            - name: AUTH0_AUDIENCE
+              value: "{{ .Values.env.auth0Audience }}"
+            - name: LOGGING_LEVEL
+              value: "{{ .Values.env.loggingLevel }}"
+            - name: AUTH_TOKEN_SIGNING_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: cloudcore-secret
+                  key: authTokenSigningSecret
+            - name: DATABASE_CONNECTION_STRING
+              valueFrom:
+                secretKeyRef:
+                  name: cloudcore-secret
+                  key: databaseConnectionString

deploy/helm/templates/secrets.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudcore-secret
+type: Opaque
+data:
+  authTokenSigningSecret: {{ randAlphaNum 32 | b64enc | quote }}
+  databaseConnectionString: {{ .Values.env.databaseConnectionString | b64enc | quote }}

deploy/helm/templates/service.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: agent-server-service
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.service.agentServer.port }}
+      targetPort: {{ .Values.service.agentServer.port }}
+  selector:
+    app: cloudcore
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: app-server-service
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.service.appServer.port }}
+      targetPort: {{ .Values.service.appServer.port }}
+  selector:
+    app: cloudcore

deploy/helm/values.yaml

@@ -0,0 +1,19 @@
+image:
+  repository: ghcr.io/clarkmcc/cloudcore
+  pullPolicy: Always
+  tag: "latest"
+
+service:
+  agentServer:
+    port: 10000
+  appServer:
+    port: 10001
+
+env:
+  agentServerPort: 10000
+  appServerPort: 10001
+  auth0Domain: ""
+  auth0Audience: ""
+  loggingLevel: ""
+  authTokenSigningSecret: ""  # This will be set in the deployment
+  databaseConnectionString: ""  # This will be set from a secret

internal/envtls/envtls.go

@@ -0,0 +1,27 @@
+//go:build !dev
+
+package envtls
+
+import (
+	"crypto/tls"
+	"fmt"
+	"os"
+)
+
+func TLSConfig() (*tls.Config, error) {
+	c := os.Getenv("TLS_CERTIFICATE")
+	if len(c) == 0 {
+		return nil, fmt.Errorf("missing tls certificate")
+	}
+	k := os.Getenv("TLS_PRIVATE_KEY")
+	if len(k) == 0 {
+		return nil, fmt.Errorf("missing tls certificate")
+	}
+	cert, err := tls.X509KeyPair([]byte(c), []byte(k))
+	if err != nil {
+		panic(err)
+	}
+	return &tls.Config{
+		Certificates: []tls.Certificate{cert},
+	}, nil
+}

internal/envtls/envtls_dev.go

@@ -0,0 +1,12 @@
+//go:build dev
+
+package envtls
+
+import (
+	"crypto/tls"
+	"github.com/clarkmcc/cloudcore/internal/envtls/example"
+)
+
+func TLSConfig() (*tls.Config, error) {
+	return example.TLSConfig(), nil
+}