marge change

update dependencies nuget package
add helm folder
add github action - yarp-gateway build

.github/yarp-gateway.yaml

@@ -0,0 +1,96 @@
+name: yarp-gateway
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  # schedule:
+  #   - cron: '39 2 * * *'
+  push:
+    branches: [ "main" ]
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+#  IMAGE_NAME: ${{ github.repository }}
+  IMAGE_NAME: yuchia-wei/yarp-gateway
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Setup Docker buildx
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: ./src/Gateway
+          file: ./src/Gateway/Yrap.Gateway/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

charts/yarp-gateway/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/yarp-gateway/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 0.1.0
+description: A Helm chart for Kubernetes
+name: yarp-gateway
+type: application
+version: 0.1.0

charts/yarp-gateway/README.md

@@ -0,0 +1,93 @@
+# 文件說明
+
+此套件是依據以下範本產生後重新調整的套件，移除 istio 相關的內容；因為 yarp 可承擔 ingress 與分流等行為。
+
+* https://github.com/salesforce/helm-starter
+* https://github.com/salesforce/helm-starter-istio
+
+## Port 的設定
+
+### Service Port 額外加入的東西
+於 service 中的 port 設定因為這個套件是要開放給外部使用的，所以有加入 NodePort 的控制，另外也因為適用於分流，因此有設定 type 為 LoadBalancer
+
+### Values 檔案的設定
+
+Values 中的 Port 設定為了 OAuth 的關係，名稱必須改為 https，且 port 為 8443，TargetPort 因為是 Container 的 Port 所以不動，這樣子的設定才能讓 AppGateway 的 OAuth 正常運作，不然進到 pod 的時候會被認為是 http 連線，導致 OAuth 的轉址設定錯誤。
+
+# 原始說明
+
+## Installation
+
+```sh
+> helm template --namespace=[namespace] [chartname] | kubectl apply -f -
+```
+
+## Values.yaml
+
+All configuration for this installation is managed in `values.yaml`. Configuration
+values can be overriden individually at installation using Helm's `--set` command
+line option.
+
+### Service Identity
+
+These three values control the names of generated Kubernetes and Istio objects,
+and are used to ensure commont Kubernetes labeling. These values are used to populate
+labels that allow for selecting all components of a particular system or service.
+
+* `system`, `service`, `version` - These values describe _what_ this service and
+  what it should be named. For example: `my-website`, `web-server`, `2`.
+
+### Container Values
+
+These settings control from where and how your service's docker image is acquired.
+
+* `image.repository` - The docker repo and image to pull.
+* `image.tag` - The docker image tag to pull.
+* `image.imagePullPolicy` - Kubernetes image pull policy.
+
+### Service Account Values
+
+Istio request authorization requires that each service have a unique service account
+identity to functuion correctly.
+
+* `serviceAccount.name` - The Kubernetes service account your service will run under.
+* `serviceAccount.create` - Optionally, this chart can generate the service account.
+  If false, the service's service account must be pre-existing.
+
+### Replica Values
+
+These settings control service replicas, disruption budgets, and autoscaling.
+
+* `replicaCount` - The initial number of replicas to start after installing this
+  chart.
+* `maxUnavailable` - The maximum number of intentionally unavailable pods as
+  controlled by a `PodDisruptionBudget`.
+* `autoscaling.minReplicas` - The minimum number of replicas to run under the
+  control of a `HorizontalPodAutoscaler`.
+* `autoscaling.maxReplicas` - The maximum number of replicas to run under the
+  control of a `HorizontalPodAutoscaler`.
+* `autoscaling.targetAverageCpuUtilization` - The CPU utilization target
+  used by the `HorizontalPodAutoscaler` to make autoscale decisions.
+
+### Kubernetes Pod Values
+
+These settings configure your service's resource constraints and health check
+probes. They ensure your service is a well behaved consumer of shared Kubernetes
+resources.
+
+* `resources.*` - Kubernetes resource request and limit configuration. See
+  [Kubernetes resource documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for values.
+* `probes.*` - Kubernetes probe configuration. See [Kubernetes probe documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) for values.
+
+### ConfigMap Values
+
+These optional settings are used to populate and mount a configmap for your
+service. When the generated config map changes, the associated service is automatically
+resterted using a rolling restart. Generating the configmap from Helm chart values
+is useful because it allows you to modify config map values durring installation
+using Helm `--set` directives.
+
+* `configMap.mountPath` - The directory inside your pod to mount the config map.
+* `configMap.fileName` - The file name of the config map, when mounted in the pod.
+* `configMap.content.*` - YAML keys and values under `content` are copied verbatim
+  into the configmap's content.

charts/yarp-gateway/templates/configmap-auth-config.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.AuthSetting }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ (print .Values.service "-auth-config") | lower | quote }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.service | lower | quote }}
+    app.kubernetes.io/part-of: {{ .Values.system | quote }}
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+  namespace: {{ .Release.Namespace | quote }}
+data:
+  "AuthSetting.json": |-
+{{ toJson .Values.AuthSetting | indent 4 }}
+{{- end }}

charts/yarp-gateway/templates/configmap-otel-env.yaml

@@ -0,0 +1,37 @@
+{{- if and .Values.openTelemetry .Values.openTelemetry.enable }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ (print .Values.service "-otel-env") | lower | quote }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.service | lower | quote }}
+    app.kubernetes.io/part-of: {{ .Values.system | quote }}
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+  namespace: {{ .Release.Namespace | quote }}
+data:
+  ASPNETCORE_HOSTINGSTARTUPASSEMBLIES: "OpenTelemetry.AutoInstrumentation.AspNetCoreBootstrapper"
+  CORECLR_ENABLE_PROFILING: {{ .Values.openTelemetry.enableCLRProfiler | default "1"  | quote }}
+  CORECLR_PROFILER: '{918728DD-259F-4A6A-AC2B-B85E1B658318}'
+  # 這邊因為使用的容器會另外複製必要檔案到此位置，為自定義路徑
+  CORECLR_PROFILER_PATH: "/otel-dotnet-auto/OpenTelemetry.AutoInstrumentation.Native.so"
+  # 這個是 Otel Auto Instrumentation 中給 alpine 使用的正確路徑
+  # CORECLR_PROFILER_PATH: "/otel-dotnet-auto/linux-musl-x64/OpenTelemetry.AutoInstrumentation.Native.so"
+  DOTNET_ADDITIONAL_DEPS: "/otel-dotnet-auto/AdditionalDeps"
+  DOTNET_SHARED_STORE: "/otel-dotnet-auto/store"
+  DOTNET_STARTUP_HOOKS: "/otel-dotnet-auto/net/OpenTelemetry.AutoInstrumentation.StartupHook.dll"
+  OTEL_DOTNET_AUTO_HOME: "/otel-dotnet-auto"
+  OTEL_SERVICE_NAME: {{ .Values.service | lower | quote }}
+# 最後的 deployment.environment 設定建議由對應環境的收集器決定，同時這代表你的資料應該送給跟服務部署相同環境的收集器
+#   OTEL_RESOURCE_ATTRIBUTES: "service.version={{ .Values.image.repository }}:{{ .Values.image.tag }}, service.namespace={{ .Release.Namespace }}, deployment.environment={{ .Values.env.ASPNETCORE_ENVIRONMENT }}"
+  OTEL_RESOURCE_ATTRIBUTES: "service.version={{ .Values.image.repository }}:{{ .Values.image.tag }}, service.namespace={{ .Release.Namespace }}"
+  OTEL_EXPORTER_OTLP_ENDPOINT: {{ .Values.openTelemetry.otlpEndpoint | default "http://otel-collector.observability.svc.cluster.local:4317" | quote }}
+  OTEL_EXPORTER_OTLP_PROTOCOL: {{ .Values.openTelemetry.otlpProtocol | default "grpc" | quote }}
+  OTEL_DOTNET_AUTO_LOGS_ENABLED: {{ .Values.openTelemetry.autoLogs | default "false" | quote }}
+  OTEL_DOTNET_AUTO_LOGS_INCLUDE_FORMATTED_MESSAGE: {{ .Values.openTelemetry.autoLogsIncludeFormatted | default "true" | quote }}
+# 這邊的兩個資源應該要依據服務中的埋點設定決定
+  OTEL_DOTNET_AUTO_TRACES_ADDITIONAL_SOURCES: "yarp.gateway.observability.library"
+  OTEL_DOTNET_AUTO_METRICS_ADDITIONAL_SOURCES:  "yarp.gateway.observability.library"
+  Logging__Console__FormatterName: "Simple"
+  Logging__OpenTelemetry__IncludeScopes: "true"
+  Logging__OpenTelemetry__LogLevel__Default: "Information"
+{{- end }}

charts/yarp-gateway/templates/configmap-yarp-config.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ (print .Values.service "-yarp-config") | lower | quote }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.service | lower | quote }}
+    app.kubernetes.io/part-of: {{ .Values.system | quote }}
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+  namespace: {{ .Release.Namespace | quote }}
+data:
+  {{- if .Values.yarpConfig.RoutesSettingFile }}
+  "RoutesSetting.json": |-
+    {{ .Files.Get .Values.yarpConfig.RoutesSettingFile  | indent 4 | quote }}
+  {{- end }}
+  {{- if .Values.yarpConfig.ClustersSettingFile }}
+  "ClustersSetting.json": |-
+    {{ .Files.Get .Values.yarpConfig.ClustersSettingFile |  indent 4 | quote }}
+  {{- end }}

charts/yarp-gateway/templates/deployment.yaml

@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.service | lower | quote }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.service | lower | quote }}
+    app.kubernetes.io/part-of: {{ .Values.system | quote }}
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+{{- if ( default false .Values.useCanary ) }}
+  # ref: https://argoproj.github.io/argo-rollouts/migrating/
+  replicas: 0   # Scale down existing deployment
+{{- else }}
+  replicas: {{ .Values.replicaCount }}
+{{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+      app: {{ .Values.service | lower | quote }}
+      version: {{ .Values.version | quote }}
+  template:
+    metadata:
+      labels:
+        # Kubernetes recommended labels
+        app.kubernetes.io/name: {{ .Values.service | lower | quote }}
+        app.kubernetes.io/part-of: {{ .Values.system | quote }}
+        app.kubernetes.io/version: {{ .Values.version | quote }}
+        # Isio required labels
+        app: {{ .Values.service | lower | quote }}
+        version: {{ .Values.version | quote }}
+{{- if or .Values.configMap .Values.openTelemetry }}
+      annotations:
+{{- if ( default false .Values.openTelemetry.enable ) }}
+        checksum/otel-config: {{ include (print $.Template.BasePath "/configmap-otel-env.yaml") . | sha256sum }}
+{{- end }}
+{{- end }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.name | lower | quote }}
+      containers:
+        - name: {{ .Values.service | lower | quote }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.imagePullPolicy | quote }}
+          {{- if and .Values.openTelemetry .Values.openTelemetry.enable }}
+          envFrom:
+            - configMapRef:
+                name: {{ (print .Values.service "-otel-env") | lower | quote }}
+          {{- end }}
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          {{- if $.Values.env }}
+            {{- range $key, $value := $.Values.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+          ports:
+{{- range .Values.ports }}
+            - name: {{ .name | quote }}
+              containerPort: {{ .targetPort }}
+              protocol: {{ .protocol }}
+{{- end }}
+{{- if .Values.resources }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+{{- end }}
+{{- if .Values.probes }}
+{{ toYaml .Values.probes | indent 10 }}
+{{- end }}
+          volumeMounts:
+            - name: {{ (print .Values.service "-auth-config") | quote }}
+              mountPath: {{ "/app/Coniguration/Authentication/" | quote }}
+            - name: {{ (print .Values.service "-yarp-config") | quote }}
+              mountPath: {{ "/app/Coniguration/ReverseProxy/" | quote }}
+      volumes:
+        - name: {{ (print .Values.service "-auth-config") | quote }}
+          configMap:
+            name: {{ (print .Values.service "-auth-config") | quote }}
+        - name: {{ (print .Values.service "-yarp-config") | quote }}
+          configMap:
+            name: {{ (print .Values.service "-yarp-config") | quote }}