diff --git a/docker-compose.yml b/docker-compose.yml
index c6bbb1c..f9bb069 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,35 +1,67 @@
version: "3.9"
services:
+ # 1. The Envoy Control Plane (Your existing service)
envoy-control-plane:
user: "1026:100"
- # Use the Dockerfile in the current directory to build the image
image: docker.jerxie.com/xds-server:latest
- # Set a custom container name for easier management
container_name: envoy-control-plane
- # Restart policy to ensure the service comes back up unless manually stopped
restart: unless-stopped
- # Mount the named volume (defined below) to the /app directory in the container
ports:
+ # Exposes the gRPC XDS service port (18000) for the Envoy proxy to connect to
- "8090:8080"
- - "18000:18000"
+ # --- REMOVED: The 18000:18000 mapping is removed as it's only for internal sidecar use. ---
+ # - "18000:18000"
volumes:
- # Ensure this is mounted read/write for the container
- - data_volume:/app/data:rw
- command: ["--nodeID", "home", "--config-dir", "/app/data/config","--db","file:/app/data/data.db?_foreign_keys=on", "--enable-cert-issuance", "webroot-path=/app/data/acme"]
+ - /volume1/docker/envoy-control-plane/data:/app/data:rw
+ command: ["--node-id", "home", "--config-dir", "/app/data/config","--db","file:/app/data/data.db?_foreign_keys=on", "--enable-cert-issuance", "webroot-path=/app/data/acme"]
+ # Add a network to ensure both services can communicate
+ networks:
+ - envoy_network
+
+ # 2. The Envoy Proxy (New service)
+ envoy-proxy:
+ user: "1026:100"
+ # Use the official Envoy Docker image
+ image: envoyproxy/envoy:v1.27.0 # Use a specific, stable version
+ container_name: envoy-proxy
+ restart: unless-stopped
+ # Expose a port where the proxy will listen for client traffic (e.g., 9901 for admin, 10000 for listener)
+ ports:
+ - "10000:10000"
+ - "10001:10001"
+ - "11111:11111"
+ volumes:
+ - /volume1/docker/envoy-control-plane/data/envoy_config:/etc/config:rw
+ # The starting command you provided
+ command:
+ - "envoy"
+ - "-c"
+ - "/etc/config/envoy.yaml"
+ # Ensure this service waits for the control plane to be up
+ depends_on:
+ - envoy-control-plane
+ # Connect to the same network as the control plane
+ networks:
+ - envoy_network
+
# Define the volumes used by the services
-volumes:
- # Define a named volume for your code
- data_volume:
- # Use the 'local' driver which supports mounting remote filesystems
- driver: local
- # Specify the options for the driver
- driver_opts:
- # Set the filesystem type to NFS
- type: "nfs"
- # IMPORTANT: YOU MUST replace YOUR_UID and YOUR_GID below with the numeric IDs
- # that own the data directory on your NFS server (e.g., 1000).
- o: "addr=192.168.68.90,rw,nfsvers=4,uid=1026,gid=100"
- # Specify the remote path (device) on the NFS server to mount
- device: ":/volume1/docker/envoy-control-plane/data"
\ No newline at end of file
+# Corrected volume definition
+#volumes:
+# data_volume:
+# driver: local
+# driver_opts:
+# type: "nfs"
+# # Keep standard NFS mount options here (addr, rw, nfsvers=4)
+# o: "addr=192.168.68.90,rw,nfsvers=4"
+# # Specify the remote path
+# device: ":/volume1/docker/envoy-control-plane/data"
+# # Define ownership options separately (optional, but often helps)
+# uid: "1026"
+# gid: "100"
+
+# Define a custom network for inter-service communication
+networks:
+ envoy_network:
+ driver: bridge
\ No newline at end of file
diff --git a/envoy.yaml b/envoy.yaml
new file mode 100644
index 0000000..7e66455
--- /dev/null
+++ b/envoy.yaml
@@ -0,0 +1,53 @@
+node:
+ id: home
+ cluster: home-cluster
+
+dynamic_resources:
+ # Dynamic discovery for clusters (CDS)
+ cds_config:
+ resource_api_version: V3
+ api_config_source:
+ api_type: GRPC
+ transport_api_version: V3
+ grpc_services:
+ - envoy_grpc:
+ cluster_name: xds_cluster
+
+ # Dynamic discovery for listeners (LDS)
+ lds_config:
+ resource_api_version: V3
+ api_config_source:
+ api_type: GRPC
+ transport_api_version: V3
+ grpc_services:
+ - envoy_grpc:
+ cluster_name: xds_cluster
+
+admin:
+ access_log_path: /dev/null
+ address:
+ socket_address:
+ address: 0.0.0.0
+ port_value: 11111
+
+static_resources:
+ clusters:
+ # xDS management server (used for CDS, LDS, and SDS)
+ - name: xds_cluster
+ connect_timeout: 1s
+ type: STRICT_DNS
+ lb_policy: ROUND_ROBIN
+ typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicit_http_config:
+ http2_protocol_options: {}
+ load_assignment:
+ cluster_name: xds_cluster
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: envoy-control-plane
+ port_value: 18000
diff --git a/internal/config/config.go b/internal/config/config.go
index bfa51c0..542a39e 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -26,7 +26,7 @@
klog.InitFlags(nil)
flag.UintVar(&cfg.Port, "port", 18000, "xDS management server port")
- flag.StringVar(&cfg.NodeID, "nodeID", "test-id", "Node ID")
+ flag.StringVar(&cfg.NodeID, "node-id", "test-id", "Node ID")
flag.UintVar(&cfg.RESTPort, "rest-port", 8080, "REST API server port")
flag.StringVar(&cfg.SnapshotFile, "snapshot-file", "", "Optional initial snapshot JSON/YAML file")
flag.StringVar(&cfg.ConfigDir, "config-dir", "data/config", "Optional directory containing multiple config files")
diff --git a/internal/pkg/rotation/rotator.go b/internal/pkg/rotation/rotator.go
new file mode 100644
index 0000000..a39d8ab
--- /dev/null
+++ b/internal/pkg/rotation/rotator.go
@@ -0,0 +1,21 @@
+package rotation
+
+import (
+ "context"
+ "fmt"
+)
+
+func NewCertRotor(ctx context.Context) (*CertRotator, error) {
+ // Implementation for creating a new CertRotator
+ return &CertRotator{}, nil
+}
+
+type CertRotator struct {
+ // Fields for CertRotator
+}
+
+func (cr *CertRotator) RotateCertificates(ctx context.Context) error {
+ // Implementation for rotating certificates
+ fmt.Println("Rotating certificates...")
+ return nil
+}
diff --git a/static/tools/cert_issuer.html b/static/tools/cert_issuer.html
index 9b60d68..8e4824a 100644
--- a/static/tools/cert_issuer.html
+++ b/static/tools/cert_issuer.html
@@ -1,5 +1,6 @@
+
@@ -12,12 +13,14 @@
--bg-light: #f8f9fa;
--border-color: #ced4da;
}
+
body {
font-family: Arial, sans-serif;
margin: 20px;
background-color: var(--bg-light);
color: #333;
}
+
.container {
max-width: 800px;
margin: auto;
@@ -26,19 +29,23 @@
border-radius: 8px;
box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
}
+
h1 {
text-align: center;
color: var(--primary);
margin-bottom: 30px;
}
+
.form-group {
margin-bottom: 20px;
}
+
label {
display: block;
margin-bottom: 5px;
font-weight: bold;
}
+
input[type="text"],
input[type="email"],
select {
@@ -48,6 +55,7 @@
border-radius: 4px;
box-sizing: border-box;
}
+
button {
background-color: var(--primary);
color: white;
@@ -58,9 +66,11 @@
font-size: 16px;
transition: background-color 0.3s;
}
+
button:hover:not(:disabled) {
background-color: #0056b3;
}
+
button:disabled {
background-color: #6c757d;
cursor: not-allowed;
@@ -74,27 +84,32 @@
font-weight: bold;
display: none;
}
+
.status-success {
background-color: #d4edda;
color: var(--success);
border: 1px solid var(--success);
}
+
.status-error {
background-color: #f8d7da;
color: var(--danger);
border: 1px solid var(--danger);
}
+
#results-area {
margin-top: 30px;
padding-top: 20px;
border-top: 1px solid var(--border-color);
}
+
.cert-item {
background-color: var(--bg-light);
padding: 15px;
margin-bottom: 15px;
border-radius: 4px;
}
+
.cert-item h3 {
margin-top: 0;
color: var(--primary);
@@ -102,6 +117,7 @@
justify-content: space-between;
align-items: center;
}
+
textarea {
width: 100%;
height: 150px;
@@ -115,23 +131,28 @@
word-wrap: normal;
overflow-x: scroll;
}
+
.action-buttons {
display: flex;
gap: 10px;
margin-top: 10px;
}
+
.action-buttons button {
padding: 8px 15px;
font-size: 14px;
}
+
.copy-btn {
background-color: #6c757d;
}
+
.copy-btn:hover {
background-color: #5a6268;
}
+
@@ -152,7 +173,7 @@
+
@@ -168,7 +189,7 @@
+
\ No newline at end of file