diff --git a/Dockerfile b/Dockerfile index 8e44b9b..486889d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ # 2. docker cp bet.nuget.build:/app/nugets ${PWD}/packages #------------------------------------------------------------------------------------------------------------------------ -FROM kdcllc/dotnet-sdk:3.1-buster as builder +FROM kdcllc/dotnet-sdk:5.0-focal as builder RUN apt-get -y update &&\ apt-get -y install git &&\ diff --git a/docker-compose.vscode.yml b/docker-compose.vscode.yml index defdb65..5dc3e48 100644 --- a/docker-compose.vscode.yml +++ b/docker-compose.vscode.yml @@ -3,9 +3,9 @@ version: '3' services: # this is for the entire solution bet.vscode: - image: kdcllc/dotnet-sdk-vscode:3.1-bionic + image: kdcllc/dotnet-sdk-vscode:5.0-focal # Azure Key Vault Authentication global tool - # dotnet tool install --global appauthentication --version 1.2.2 + # dotnet tool install --global appauthentication # run this tool first then check the configuration # docker-compose -f ./docker-compose.vscode.yml config environment: diff --git a/k8s/README.md b/k8s/README.md deleted file mode 100644 index 9dc98bc..0000000 --- a/k8s/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Kuberbetes - -[Manually create and use a volume with Azure Files share in Azure Kubernetes Service (AKS)](https://docs.microsoft.com/en-us/azure/aks/azure-files-volume) - -```bash - # install - kubectl apply -f azurefile-betazurefile-pv.yaml - - # delete - kubectl delete -f azurefile-betazurefile-pv.yaml - - - # install - kubectl apply -f azurefile-betazurefile-pvc.yaml - - # delete - kubectl delete -f azurefile-betazurefile-pvc.yaml -``` \ No newline at end of file diff --git a/k8s/azurefile-betazurefile-pv.yaml b/k8s/azurefile-betazurefile-pv.yaml deleted file mode 100644 index c456c7b..0000000 --- a/k8s/azurefile-betazurefile-pv.yaml +++ /dev/null @@ -1,25 +0,0 @@ - -# create secret with -# kubectl create secret generic betstorage-secret --from-literal=azurestorageaccountname=betstorage --from-literal=azurestorageaccountkey={key} - -apiVersion: v1 -kind: PersistentVolume -metadata: - name: betazurefile -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - storageClassName: azurefile - azureFile: - secretName: betstorage-secret - shareName: betshare - readOnly: false - mountOptions: - - dir_mode=0777 - - file_mode=0777 - - uid=1000 - - gid=1000 - - mfsymlinks - - nobrl diff --git a/k8s/azurefile-betazurefile-pvc.yaml b/k8s/azurefile-betazurefile-pvc.yaml deleted file mode 100644 index 3468406..0000000 --- a/k8s/azurefile-betazurefile-pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: betazurefile -spec: - accessModes: - - ReadWriteMany - storageClassName: azurefile - resources: - requests: - storage: 1Gi diff --git a/src/Bet.AspNetCore.Sample/Dockerfile b/src/Bet.AspNetCore.Sample/Dockerfile index ce00e34..7d1fb31 100644 --- a/src/Bet.AspNetCore.Sample/Dockerfile +++ b/src/Bet.AspNetCore.Sample/Dockerfile @@ -23,10 +23,10 @@ ARG RUNTESTS=false ARG VERBOSE=false ARG PROJECT_PATH=/src/Bet.AspNetCore.Sample/Bet.AspNetCore.Sample.csproj -FROM kdcllc/dotnet-sdk:3.1-alpine as builder +FROM kdcllc/dotnet-sdk:5.0-alpine as builder RUN dotnet publish "./src/Bet.AspNetCore.Sample/Bet.AspNetCore.Sample.csproj" -r linux-musl-x64 -o out --self-contained true /p:PublishTrimmed=true -FROM mcr.microsoft.com/dotnet/core/runtime-deps:3.1-alpine AS runtime +FROM mcr.microsoft.com/dotnet/core/runtime-deps:5.0-alpine AS runtime WORKDIR /app COPY --from=builder /app/out ./ diff --git a/src/Bet.AspNetCore.Sample/k8s/betweb/templates/betweb-pv.yaml b/src/Bet.AspNetCore.Sample/k8s/betweb/templates/betweb-pv.yaml index a437275..1bfa531 100644 --- a/src/Bet.AspNetCore.Sample/k8s/betweb/templates/betweb-pv.yaml +++ b/src/Bet.AspNetCore.Sample/k8s/betweb/templates/betweb-pv.yaml @@ -1,3 +1,6 @@ +# create secret with +# kubectl create secret generic betshare-secret --from-literal=azurestorageaccountname=betstorage --from-literal=azurestorageaccountkey={key} + apiVersion: v1 kind: PersistentVolume metadata: diff --git a/src/Bet.Extensions.AzureVault/AzureVaultKeyBuilder.cs b/src/Bet.Extensions.AzureVault/AzureVaultKeyBuilder.cs index f8defcc..f0b485a 100644 --- a/src/Bet.Extensions.AzureVault/AzureVaultKeyBuilder.cs +++ b/src/Bet.Extensions.AzureVault/AzureVaultKeyBuilder.cs @@ -3,6 +3,7 @@ using System.Linq; using Bet.AspNetCore.Options; +using Bet.Extensions; using Bet.Extensions.AzureVault; using Microsoft.Azure.KeyVault; @@ -21,13 +22,6 @@ namespace Microsoft.Extensions.Configuration /// public static class AzureVaultKeyBuilder { - internal static readonly Dictionary Enviroments = new Dictionary - { - { "Development", "dev" }, - { "Staging", "qa" }, - { "Production", "prod" } - }; - /// /// Adds Azure Key Vault with VS.NET authentication in the Development and MSI in production. /// If MSI authentication fails it falls back to Client Id and Secret pair if specified in the configuration. @@ -38,7 +32,8 @@ public static class AzureVaultKeyBuilder /// The prefix like dev,qa,prod. /// The default value for the retry is 2. /// The name of the Azure Key Vault Configuration Section. The default is 'AzureVault'. - /// + /// The reload interval for the Azure Key Vault. + /// The conversion for HostEnvironment:Prefix. The default is null. /// public static IConfigurationRoot AddAzureKeyVault( this IConfigurationBuilder builder, @@ -46,15 +41,17 @@ public static IConfigurationRoot AddAzureKeyVault( bool usePrefix = true, int tokenAuthRetry = 2, string sectionName = "AzureVault", - TimeSpan? reloadInterval = null) + TimeSpan? reloadInterval = null, + Environments? enviroments = null) { var config = builder.Build(); var options = config.Bind(sectionName); + enviroments ??= new Environments(); var prefix = string.Empty; if (usePrefix) { - Enviroments.TryGetValue(hostingEnviromentName, out prefix); + enviroments.TryGetValue(hostingEnviromentName, out prefix); } if (!string.IsNullOrWhiteSpace(options?.BaseUrl)) @@ -75,7 +72,7 @@ public static IConfigurationRoot AddAzureKeyVault( builder.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions(options?.BaseUrl) { Client = keyVaultClient, - Manager = new PrefixExcludingKeyVaultSecretManager(), + Manager = new PrefixExcludingKeyVaultSecretManager(enviroments), ReloadInterval = reloadInterval }); @@ -100,7 +97,7 @@ public static IConfigurationRoot AddAzureKeyVault( return builder.Build(); } - catch (Exception) + catch (Exception ex) { var list = builder.Sources.ToList(); var found = list.Where(x => x.GetType().FullName.Contains("AzureKeyVaultConfigurationSource")); @@ -122,7 +119,7 @@ public static IConfigurationRoot AddAzureKeyVault( // load values that are not specific to the environment. builder.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions(options?.BaseUrl, options?.ClientId, secret) { - Manager = new PrefixExcludingKeyVaultSecretManager(), + Manager = new PrefixExcludingKeyVaultSecretManager(enviroments), ReloadInterval = reloadInterval }); @@ -154,21 +151,25 @@ public static IConfigurationRoot AddAzureKeyVault( /// The default Azure Key Vaults values separated by ';'. /// The default is true. It adds prefixed values from the vault. /// The hosting environment that is matched to 'dev, stage or prod'. - /// + /// The reload interval for the Azure Key Vault. + /// The conversion for HostEnvironment:Prefix. The default is null. /// public static IConfigurationRoot AddAzureKeyVaults( this IConfigurationBuilder builder, string keyVaultEndpoints, bool usePrefix = true, string? hostingEnviromentName = null, - TimeSpan? reloadInterval = null) + TimeSpan? reloadInterval = null, + Environments? enviroments = null) { if (!string.IsNullOrEmpty(keyVaultEndpoints)) { + enviroments ??= new Environments(); + var prefix = string.Empty; if (usePrefix && hostingEnviromentName != null) { - Enviroments.TryGetValue(hostingEnviromentName, out prefix); + enviroments.TryGetValue(hostingEnviromentName, out prefix); } var azureServiceTokenProvider = new AzureServiceTokenProvider(); @@ -181,7 +182,7 @@ public static IConfigurationRoot AddAzureKeyVaults( builder.AddAzureKeyVault(new AzureKeyVaultConfigurationOptions(splitEndpoint) { Client = keyVaultClient, - Manager = new PrefixExcludingKeyVaultSecretManager(), + Manager = new PrefixExcludingKeyVaultSecretManager(enviroments), ReloadInterval = reloadInterval }); diff --git a/src/Bet.Extensions.AzureVault/PrefixExcludingKeyVaultSecretManager.cs b/src/Bet.Extensions.AzureVault/PrefixExcludingKeyVaultSecretManager.cs index a7bee87..ef21acd 100644 --- a/src/Bet.Extensions.AzureVault/PrefixExcludingKeyVaultSecretManager.cs +++ b/src/Bet.Extensions.AzureVault/PrefixExcludingKeyVaultSecretManager.cs @@ -9,6 +9,13 @@ namespace Bet.Extensions.AzureVault /// public class PrefixExcludingKeyVaultSecretManager : IKeyVaultSecretManager { + private readonly Environments _envronments; + + public PrefixExcludingKeyVaultSecretManager(Environments envronments) + { + _envronments = envronments; + } + public bool Load(SecretItem secret) { // Load a vault secret when its secret name starts with the @@ -21,7 +28,7 @@ public bool Load(SecretItem secret) { var env = secretName.Substring(0, envIndex); - return !AzureVaultKeyBuilder.Enviroments.ContainsValue(env); + return !_envronments.ContainsValue(env); } return true; diff --git a/src/Bet.Hosting.Sample/Dockerfile b/src/Bet.Hosting.Sample/Dockerfile index 92044a9..cb216a6 100644 --- a/src/Bet.Hosting.Sample/Dockerfile +++ b/src/Bet.Hosting.Sample/Dockerfile @@ -21,11 +21,11 @@ ARG RUNTESTS=false ARG VERBOSE=false ARG PROJECT_PATH=/src/Bet.Hosting.Sample/Bet.Hosting.Sample.csproj -FROM kdcllc/dotnet-sdk:3.1-alpine as builder +FROM kdcllc/dotnet-sdk:5.0-alpine as builder RUN dotnet publish "./src/Bet.Hosting.Sample/Bet.Hosting.Sample.csproj" -r linux-musl-x64 -o out --self-contained true /p:PublishTrimmed=true # https://hub.docker.com/_/microsoft-dotnet-core-aspnet/ -FROM mcr.microsoft.com/dotnet/core/runtime-deps:3.1-alpine AS runtime +FROM mcr.microsoft.com/dotnet/core/runtime-deps:5.0-alpine AS runtime WORKDIR /app COPY --from=builder /app/out ./ diff --git a/src/Bet.K8s.Web.Sample/Dockerfile b/src/Bet.K8s.Web.Sample/Dockerfile index 133bf87..9c2c988 100644 --- a/src/Bet.K8s.Web.Sample/Dockerfile +++ b/src/Bet.K8s.Web.Sample/Dockerfile @@ -24,11 +24,11 @@ ARG RUNTESTS=false ARG VERBOSE=false ARG PROJECT_PATH=/src/Bet.K8s.Web.Sample/Bet.K8s.Web.Sample.csproj -FROM kdcllc/dotnet-sdk:3.1-alpine as builder +FROM kdcllc/dotnet-sdk:5.0-alpine as builder RUN dotnet publish "./src/Bet.K8s.Web.Sample/Bet.K8s.Web.Sample.csproj" -r linux-musl-x64 -o out --self-contained true /p:PublishTrimmed=true -FROM mcr.microsoft.com/dotnet/core/runtime-deps:3.1-alpine AS runtime +FROM mcr.microsoft.com/dotnet/core/runtime-deps:5.0-alpine AS runtime WORKDIR /app COPY --from=builder /app/out ./ diff --git a/src/Bet.K8s.Web.Sample/k8s/betk8sweb/templates/betk8sweb-pv.yaml b/src/Bet.K8s.Web.Sample/k8s/betk8sweb/templates/betk8sweb-pv.yaml index 42a4ced..649a733 100644 --- a/src/Bet.K8s.Web.Sample/k8s/betk8sweb/templates/betk8sweb-pv.yaml +++ b/src/Bet.K8s.Web.Sample/k8s/betk8sweb/templates/betk8sweb-pv.yaml @@ -1,3 +1,6 @@ +# create secret with +# kubectl create secret generic betshare-secret --from-literal=azurestorageaccountname=betstorage --from-literal=azurestorageaccountkey={key} + apiVersion: v1 kind: PersistentVolume metadata: diff --git a/src/LetsEncryptWeb/Dockerfile b/src/LetsEncryptWeb/Dockerfile index ad82e14..0b2a059 100644 --- a/src/LetsEncryptWeb/Dockerfile +++ b/src/LetsEncryptWeb/Dockerfile @@ -4,12 +4,12 @@ # PUBLISH: docker push kdcllc/bet:letsencrypt # -FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base +FROM mcr.microsoft.com/dotnet/core/aspnet:5.0-buster-slim AS base WORKDIR /app EXPOSE 80 EXPOSE 443 -FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build +FROM mcr.microsoft.com/dotnet/core/sdk:5.0-buster AS build WORKDIR /src COPY ["Directory.Build.targets", "Directory.Build.targets"] COPY ["Directory.Build.props", "Directory.Build.props"]