diff --git a/conf/docker/.env.setup b/conf/docker/.env.setup index d61d4bc..a78d536 100644 --- a/conf/docker/.env.setup +++ b/conf/docker/.env.setup @@ -162,6 +162,8 @@ MC_IAM_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN} MC_IAM_MANAGER_PUBLIC_KEYCLOAK_HOST=${MC_IAM_MANAGER_PUBLIC_HOST}/auth # === nginx HTTPS Reverse Proxy Ports (for iframe/external access — same as direct published ports) === +MC_OBSERVABILITY_FRONT_PROXY_PORT=18081 +MC_OBSERVABILITY_FRONT_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_OBSERVABILITY_FRONT_PROXY_PORT} MC_OBSERVABILITY_GRAFANA_PROXY_PORT=33002 MC_OBSERVABILITY_GRAFANA_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_OBSERVABILITY_GRAFANA_PROXY_PORT} MC_COST_OPTIMIZER_FE_PROXY_PORT=7780 diff --git a/conf/docker/conf/mc-iam-manager/.env.setup b/conf/docker/conf/mc-iam-manager/.env.setup index 2c9e02c..db67f2c 100644 --- a/conf/docker/conf/mc-iam-manager/.env.setup +++ b/conf/docker/conf/mc-iam-manager/.env.setup @@ -93,3 +93,5 @@ MC_DATA_MANAGER_PROXY_PORT=3300 MC_DATA_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_DATA_MANAGER_PROXY_PORT} MC_APPLICATION_MANAGER_PROXY_PORT=18084 MC_APPLICATION_MANAGER_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_APPLICATION_MANAGER_PROXY_PORT} +MC_OBSERVABILITY_FRONT_PROXY_PORT=18081 +MC_OBSERVABILITY_FRONT_PUBLIC_HOST=https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_OBSERVABILITY_FRONT_PROXY_PORT} diff --git a/conf/docker/conf/mc-iam-manager/0_preset_dev.sh b/conf/docker/conf/mc-iam-manager/0_preset_dev.sh index 3ba12b5..78cac1d 100755 --- a/conf/docker/conf/mc-iam-manager/0_preset_dev.sh +++ b/conf/docker/conf/mc-iam-manager/0_preset_dev.sh @@ -10,6 +10,7 @@ echo "PROJECT_ROOT: $PROJECT_ROOT" # .env file path ENV_FILE="${PROJECT_ROOT}/.env" +IAM_ENV_FILE="${SCRIPT_DIR}/.env" # Certificate output path (same structure as Let's Encrypt) @@ -134,6 +135,46 @@ echo " DATABASE_USER: $MC_IAM_MANAGER_DATABASE_USER" echo " DATABASE_HOST: $MC_IAM_MANAGER_DATABASE_HOST" echo " MC_IAM_MANAGER_PORT: $MC_IAM_MANAGER_PORT" +# ============================================================================= +# Rewrite PUBLIC_HOST variables from http:// to https:// for remote IP/domain +# ============================================================================= + +_sedi() { + if [[ "$(uname)" == "Darwin" ]]; then + sed -i '' "$@" + else + sed -i "$@" + fi +} + +rewrite_http_to_https() { + local env_file="$1" + if [ ! -f "$env_file" ]; then + return 0 + fi + echo "Rewriting http:// → https:// in ${env_file##*/conf/docker/}..." + + local vars=( + "MC_IAM_MANAGER_PUBLIC_HOST" + "MC_OBSERVABILITY_FRONT_PUBLIC_HOST" + "MC_OBSERVABILITY_GRAFANA_PUBLIC_HOST" + "MC_COST_OPTIMIZER_FE_PUBLIC_HOST" + "MC_WORKFLOW_MANAGER_PUBLIC_HOST" + "MC_DATA_MANAGER_PUBLIC_HOST" + "MC_APPLICATION_MANAGER_PUBLIC_HOST" + ) + + for var in "${vars[@]}"; do + if grep -qE "^${var}=http://" "$env_file"; then + _sedi "s|^${var}=http://|${var}=https://|" "$env_file" + echo " ✓ ${var}: http:// → https://" + fi + done +} + +rewrite_http_to_https "$ENV_FILE" +rewrite_http_to_https "$IAM_ENV_FILE" + # Define certificate directory based on PUBLIC_DOMAIN (same structure as Let's Encrypt) CERT_DIR="${CERT_PARENT_DIR}/certs/live/${MC_IAM_MANAGER_PUBLIC_DOMAIN}" diff --git a/conf/docker/conf/mc-iam-manager/0_preset_local.sh b/conf/docker/conf/mc-iam-manager/0_preset_local.sh index 986a895..0cbfd2b 100755 --- a/conf/docker/conf/mc-iam-manager/0_preset_local.sh +++ b/conf/docker/conf/mc-iam-manager/0_preset_local.sh @@ -110,6 +110,7 @@ rewrite_https_to_http() { local vars=( "MC_IAM_MANAGER_PUBLIC_HOST" + "MC_OBSERVABILITY_FRONT_PUBLIC_HOST" "MC_OBSERVABILITY_GRAFANA_PUBLIC_HOST" "MC_COST_OPTIMIZER_FE_PUBLIC_HOST" "MC_WORKFLOW_MANAGER_PUBLIC_HOST" diff --git a/conf/docker/conf/mc-iam-manager/1_setup_auto.sh b/conf/docker/conf/mc-iam-manager/1_setup_auto.sh index 7460e0e..efad4ef 100755 --- a/conf/docker/conf/mc-iam-manager/1_setup_auto.sh +++ b/conf/docker/conf/mc-iam-manager/1_setup_auto.sh @@ -466,10 +466,20 @@ register_framework_services() { update_public_service_urls() { echo "Updating framework service URLs to public-accessible addresses..." + _public_fe_scheme() { + case "${MC_IAM_MANAGER_PUBLIC_DOMAIN:-}" in + localhost|127.0.0.1|mciam.local) echo "http" ;; + *) echo "https" ;; + esac + } + + local public_scheme + public_scheme=$(_public_fe_scheme) + # mc-cost-optimizer-fe: replace the internal container URL (http://mc-cost-optimizer-fe:7780) - # with the nginx HTTPS proxy URL accessible directly from the browser. + # with the nginx proxy URL accessible directly from the browser. # /api/getapihosts returns this value as the iframe src in MCIAM_USE=true environments. - local cost_fe_public_url="${MC_COST_OPTIMIZER_FE_PUBLIC_HOST:-http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_COST_OPTIMIZER_FE_PROXY_PORT}}" + local cost_fe_public_url="${MC_COST_OPTIMIZER_FE_PUBLIC_HOST:-${public_scheme}://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:${MC_COST_OPTIMIZER_FE_PROXY_PORT}}" # mc-cost-optimizer-fe is not in the upstream api.yaml, so attempt registration first (idempotent) local reg_body @@ -605,6 +615,37 @@ update_public_service_urls() { return 1 fi + # mc-observability-fe: register and update dedicated iframe nginx HTTPS proxy URL + local obs_fe_public_url="${MC_OBSERVABILITY_FRONT_PUBLIC_HOST}" + reg_body=$(printf '{"name":"mc-observability-fe","version":"v0.0.1","baseUrl":"http://mc-observability-front:18081","authType":"none","authUser":"","authPass":"","isActive":true}') + reg_resp=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST \ + --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ + --header 'Content-Type: application/json' \ + --data "$reg_body" \ + "$MC_IAM_MANAGER_HOST/api/mcmp-apis") + reg_code=$(echo $reg_resp | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + if [ "$reg_code" = "201" ]; then + echo " ✓ mc-observability-fe registered" + elif [ "$reg_code" = "409" ]; then + echo " ✓ mc-observability-fe already registered" + else + echo " ✗ Failed to register mc-observability-fe (HTTP $reg_code)" + return 1 + fi + response=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT \ + --header "Authorization: Bearer $MC_IAM_MANAGER_PLATFORMADMIN_ACCESSTOKEN" \ + --header 'Content-Type: application/json' \ + --data "{\"base_url\": \"${obs_fe_public_url}\"}" \ + "$MC_IAM_MANAGER_HOST/api/mcmp-apis/name/mc-observability-fe") + http_code=$(echo $response | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + response_body=$(echo $response | sed -e 's/HTTPSTATUS\:.*//g') + if [ "$http_code" = "200" ]; then + echo " ✓ Updated mc-observability-fe baseurl: ${obs_fe_public_url}" + else + echo " ✗ Failed to update mc-observability-fe (HTTP $http_code): $response_body" + return 1 + fi + echo "Public service URL update completed" return 0 } diff --git a/conf/docker/conf/mc-iam-manager/nginx.template.conf b/conf/docker/conf/mc-iam-manager/nginx.template.conf index d28cc42..859386b 100644 --- a/conf/docker/conf/mc-iam-manager/nginx.template.conf +++ b/conf/docker/conf/mc-iam-manager/nginx.template.conf @@ -309,9 +309,9 @@ http { proxy_hide_header X-Frame-Options; add_header Content-Security-Policy "frame-ancestors https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; } } @@ -346,6 +346,37 @@ http { } } + # mc-observability-front HTTPS proxy (for iframe/external access) + server { + listen ${MC_OBSERVABILITY_FRONT_PORT} ssl; + server_name ${MC_IAM_MANAGER_PUBLIC_DOMAIN}; + + ssl_certificate /etc/nginx/certs/live/${MC_IAM_MANAGER_PUBLIC_DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/live/${MC_IAM_MANAGER_PUBLIC_DOMAIN}/privkey.pem; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + location / { + resolver 127.0.0.11 valid=10s; + set $upstream_obs mc-observability-front; + proxy_pass http://$upstream_obs:18081; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_hide_header X-Frame-Options; + add_header Content-Security-Policy "frame-ancestors https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 https://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + # mc-cost-optimizer-fe HTTPS proxy (for iframe/external access) server { listen ${MC_COST_OPTIMIZER_FE_PROXY_PORT} ssl; diff --git a/conf/docker/conf/mc-iam-manager/nginx.template.local.conf b/conf/docker/conf/mc-iam-manager/nginx.template.local.conf index 388471a..4b716f8 100644 --- a/conf/docker/conf/mc-iam-manager/nginx.template.local.conf +++ b/conf/docker/conf/mc-iam-manager/nginx.template.local.conf @@ -229,9 +229,9 @@ http { proxy_hide_header X-Frame-Options; add_header Content-Security-Policy "frame-ancestors http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; } } @@ -261,6 +261,32 @@ http { } } + # mc-observability-front HTTP proxy (for iframe) + server { + listen ${MC_OBSERVABILITY_FRONT_PORT}; + server_name ${MC_IAM_MANAGER_PUBLIC_DOMAIN}; + + location / { + resolver 127.0.0.11 valid=10s; + set $upstream_obs mc-observability-front; + proxy_pass http://$upstream_obs:18081; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_hide_header X-Frame-Options; + add_header Content-Security-Policy "frame-ancestors http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}:3001 http://${MC_IAM_MANAGER_PUBLIC_DOMAIN}" always; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + } + # mc-cost-optimizer-fe HTTP proxy (for iframe) server { listen ${MC_COST_OPTIMIZER_FE_PROXY_PORT}; diff --git a/conf/docker/conf/mc-web-console/api/conf/api.yaml b/conf/docker/conf/mc-web-console/api/conf/api.yaml index 2075a83..3bd4c18 100644 --- a/conf/docker/conf/mc-web-console/api/conf/api.yaml +++ b/conf/docker/conf/mc-web-console/api/conf/api.yaml @@ -75,6 +75,11 @@ services: baseurl: http://mc-application-manager:18084 auth: + mc-observability-fe: + version: v0.0.1 + baseurl: http://mc-observability-front:18081 + auth: + # sample: # baseurl: http://localhost:1323/test # auth: diff --git a/conf/docker/docker-compose.yaml b/conf/docker/docker-compose.yaml index c25fb65..9123b46 100644 --- a/conf/docker/docker-compose.yaml +++ b/conf/docker/docker-compose.yaml @@ -354,6 +354,7 @@ services: - "${MC_WORKFLOW_MANAGER_PROXY_PORT}:${MC_WORKFLOW_MANAGER_PROXY_PORT}" - "${MC_DATA_MANAGER_PROXY_PORT}:${MC_DATA_MANAGER_PROXY_PORT}" - "${MC_APPLICATION_MANAGER_PROXY_PORT}:${MC_APPLICATION_MANAGER_PROXY_PORT}" + - "${MC_OBSERVABILITY_FRONT_PORT}:${MC_OBSERVABILITY_FRONT_PORT}" environment: - DOMAIN_NAME=${MC_IAM_MANAGER_PUBLIC_DOMAIN} volumes: @@ -426,17 +427,17 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.cost.optimize.jdbc-url: ${CO_COST_DB_URL_NEW} - spring.datasource.hikari.cost.optimize.username: ${CO_MYSQL_USER} - spring.datasource.hikari.cost.optimize.password: ${CO_MYSQL_PASSWORD} + spring.datasource.hikari.cost.optimize.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL_NEW} + spring.datasource.hikari.cost.optimize.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.cost.optimize.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} tumblebug.url: ${CO_TBB_URL} tumblebug.username: ${CO_TBB_USERNAME:-default} tumblebug.password: ${CO_TBB_PW:-default} - costopti.alarmservice.url: ${CO_ALARM_URL} - costopti.assetcollector.url: ${CO_COST_ASSET_COLLECTOR_URL} - costopti.costcollector.url: ${CO_COST_COLLECTOR_URL} - costopti.costprocessor.url: ${CO_COST_PROCESSOR_URL} - costopti.costselector.url: ${CO_COST_SELECTOR_URL} + costopti.alarmservice.url: ${MC_COST_OPTIMIZER_ALARM_URL} + costopti.assetcollector.url: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + costopti.costcollector.url: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + costopti.costprocessor.url: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + costopti.costselector.url: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} ml.rightsize.base-url: ${CO_ML_SCORER_URL} llm.key.master: ${CO_LLM_KEY_MASTER} healthcheck: @@ -461,20 +462,20 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.batch.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.batch.username: ${CO_MYSQL_USER} - spring.datasource.hikari.batch.password: ${CO_MYSQL_PASSWORD} + spring.datasource.hikari.batch.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.batch.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.batch.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - unusedBatchCronSchedule: ${CO_COST_COLLECT_UNUSED_CRON_SCHEDULE} - curBatchCronSchedule: ${CO_COST_COLLECT_CUR_CRON_SCHEDULE} - aws.data.export.name: ${CO_AWS_CUR_EXPORT_NAME} - aws.data.export.path.prefix: ${CO_AWS_CUR_EXPORT_PATH_PREFIX} - AWS_ACCESS_KEY_ID: ${CO_AWS_ACCESS_KEY_ID} - AWS_SECRET_ACCESS_KEY: ${CO_AWS_SECRET_ACCESS_KEY} + unusedBatchCronSchedule: ${MC_COST_OPTIMIZER_COST_COLLECT_UNUSED_CRON_SCHEDULE} + curBatchCronSchedule: ${MC_COST_OPTIMIZER_COST_COLLECT_CUR_CRON_SCHEDULE} + aws.data.export.name: ${MC_COST_OPTIMIZER_AWS_CUR_EXPORT_NAME} + aws.data.export.path.prefix: ${MC_COST_OPTIMIZER_AWS_CUR_EXPORT_PATH_PREFIX} + AWS_ACCESS_KEY_ID: ${MC_COST_OPTIMIZER_AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${MC_COST_OPTIMIZER_AWS_SECRET_ACCESS_KEY} mc-cost-optimizer-cost-processor: restart: on-failure @@ -494,13 +495,13 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.batch.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.batch.username: ${CO_MYSQL_USER} - spring.datasource.hikari.batch.password: ${CO_MYSQL_PASSWORD} - unusedProcessCronSchedule: ${CO_COST_PROCESS_UNUSED_CRON_SCHEDULE} - abnormalProcessCronSchedule: ${CO_COST_PROCESS_ABNORMAL_CRON_SCHEDULE} - cost.selector.url: ${CO_COST_SELECTOR_URL} - opti.alarm.url: ${CO_ALARM_URL} + spring.datasource.hikari.batch.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.batch.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.batch.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + unusedProcessCronSchedule: ${MC_COST_OPTIMIZER_COST_PROCESS_UNUSED_CRON_SCHEDULE} + abnormalProcessCronSchedule: ${MC_COST_OPTIMIZER_COST_PROCESS_ABNORMAL_CRON_SCHEDULE} + cost.selector.url: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} + opti.alarm.url: ${MC_COST_OPTIMIZER_ALARM_URL} mc-cost-optimizer-cost-selector: restart: on-failure @@ -520,10 +521,10 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.cost.optimize.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.cost.optimize.username: ${CO_MYSQL_USER} - spring.datasource.hikari.cost.optimize.password: ${CO_MYSQL_PASSWORD} - opti.alarm.url: ${CO_ALARM_URL} + spring.datasource.hikari.cost.optimize.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.cost.optimize.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.cost.optimize.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + opti.alarm.url: ${MC_COST_OPTIMIZER_ALARM_URL} tumblebug.url: ${CO_TBB_URL} tumblebug.username: ${CO_TBB_USERNAME} tumblebug.password: ${CO_TBB_PW} @@ -542,15 +543,15 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.slack.jdbc-url: ${CO_SLACK_DB_URL} - spring.datasource.hikari.slack.username: ${CO_MYSQL_USER} - spring.datasource.hikari.slack.password: ${CO_MYSQL_PASSWORD} - spring.datasource.hikari.mailing.jdbc-url: ${CO_MAIL_DB_URL} - spring.datasource.hikari.mailing.username: ${CO_MYSQL_USER} - spring.datasource.hikari.mailing.password: ${CO_MYSQL_PASSWORD} - spring.datasource.hikari.history.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.history.username: ${CO_MYSQL_USER} - spring.datasource.hikari.history.password: ${CO_MYSQL_PASSWORD} + spring.datasource.hikari.slack.jdbc-url: ${MC_COST_OPTIMIZER_SLACK_DB_URL} + spring.datasource.hikari.slack.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.slack.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + spring.datasource.hikari.mailing.jdbc-url: ${MC_COST_OPTIMIZER_MAIL_DB_URL} + spring.datasource.hikari.mailing.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.mailing.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + spring.datasource.hikari.history.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.history.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.history.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} mc-cost-optimizer-asset-collector: restart: on-failure @@ -570,12 +571,12 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.hikari.batch.jdbc-url: ${CO_COST_DB_URL} - spring.datasource.hikari.batch.username: ${CO_MYSQL_USER} - spring.datasource.hikari.batch.password: ${CO_MYSQL_PASSWORD} - costopti.be.url: ${CO_API_URL} - asset.collect.url: ${CO_ASSET_MONITORING_SERVER} - assetCollectBatchCronSchedule: ${CO_ASSET_COLLECT_BATCH_CRON_SCHEDULE} + spring.datasource.hikari.batch.jdbc-url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.hikari.batch.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.hikari.batch.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} + costopti.be.url: ${MC_COST_OPTIMIZER_API_URL} + asset.collect.url: ${MC_COST_OPTIMIZER_ASSET_MONITORING_SERVER} + assetCollectBatchCronSchedule: ${MC_COST_OPTIMIZER_ASSET_COLLECT_BATCH_CRON_SCHEDULE} mc-cost-optimizer-cost-azure-collector: restart: on-failure @@ -595,27 +596,27 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - AZURE_CREDENTIAL_TENANT_ID: ${CO_AZURE_TENANT_ID} - AZURE_CREDENTIAL_CLIENT_ID: ${CO_AZURE_CLIENT_ID} - AZURE_CREDENTIAL_CLIENT_SECRET: ${CO_AZURE_CLIENT_SECRET} - AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${CO_AZURE_SUBSCRIPTION_ID} + AZURE_CREDENTIAL_TENANT_ID: ${MC_COST_OPTIMIZER_AZURE_TENANT_ID} + AZURE_CREDENTIAL_CLIENT_ID: ${MC_COST_OPTIMIZER_AZURE_CLIENT_ID} + AZURE_CREDENTIAL_CLIENT_SECRET: ${MC_COST_OPTIMIZER_AZURE_CLIENT_SECRET} + AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${MC_COST_OPTIMIZER_AZURE_SUBSCRIPTION_ID} - AZURE_SERVICE_BATCH_CRON_SCHEDULE: ${CO_AZURE_SERVICE_BATCH_CRON_SCHEDULE} - AZURE_VM_BATCH_CRON_SCHEDULE: ${CO_AZURE_VM_BATCH_CRON_SCHEDULE} + AZURE_SERVICE_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_SERVICE_BATCH_CRON_SCHEDULE} + AZURE_VM_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_VM_BATCH_CRON_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} mc-cost-optimizer-gcp-collector: restart: on-failure @@ -628,7 +629,7 @@ services: - mc-web-console-network ports: - target: 8095 - published: ${MC_COST_OPTIMIZER_GCP_COLLECTOR_PORT} + published: ${CO_GCP_COLLECTOR_PORT} protocol: tcp depends_on: - mc-cost-optimizer-db @@ -636,9 +637,9 @@ services: - ./tool/mcc:/app/tool/mcc environment: - spring.datasource.url: ${CO_COST_DB_URL} - spring.datasource.username: ${CO_MYSQL_USER} - spring.datasource.password: ${CO_MYSQL_PASSWORD} + spring.datasource.url: ${MC_COST_OPTIMIZER_COST_DB_URL} + spring.datasource.username: ${MC_COST_OPTIMIZER_MYSQL_USER} + spring.datasource.password: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} gcp.project-id: ${CO_GCP_PROJECT_ID} gcp.client-email: ${CO_GCP_CLIENT_EMAIL} @@ -647,7 +648,7 @@ services: gcp.dataset: ${CO_GCP_BQ_DATASET} gcp.table: ${CO_GCP_BQ_TABLE} gcpBillingCronSchedule: ${CO_GCP_BATCH_CRON_SCHEDULE} - costopti.alarmservice.url: ${CO_ALARM_URL} + costopti.alarmservice.url: ${MC_COST_OPTIMIZER_ALARM_URL} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} @@ -675,25 +676,25 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - NCP_CREDENTIAL_IAM_ACCESS_KEY: ${CO_NCP_IAM_ACCESS_KEY} - NCP_CREDENTIAL_IAM_SECRET_KEY: ${CO_NCP_IAM_SECRET_KEY} + NCP_CREDENTIAL_IAM_ACCESS_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_ACCESS_KEY} + NCP_CREDENTIAL_IAM_SECRET_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_SECRET_KEY} - NCP_SERVICE_BATCH_CRON_SCHEDULE: ${CO_NCP_SERVICE_BATCH_CRON_SCHEDULE} - NCP_VM_BATCH_CRON_SCHEDULE: ${CO_NCP_VM_BATCH_CRON_SCHEDULE} + NCP_SERVICE_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_NCP_SERVICE_BATCH_CRON_SCHEDULE} + NCP_VM_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_NCP_VM_BATCH_CRON_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} ##timezone setting TZ: Asia/Seoul @@ -716,26 +717,26 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - AZURE_CREDENTIAL_TENANT_ID: ${CO_AZURE_TENANT_ID} - AZURE_CREDENTIAL_CLIENT_ID: ${CO_AZURE_CLIENT_ID} - AZURE_CREDENTIAL_CLIENT_SECRET: ${CO_AZURE_CLIENT_SECRET} - AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${CO_AZURE_SUBSCRIPTION_ID} + AZURE_CREDENTIAL_TENANT_ID: ${MC_COST_OPTIMIZER_AZURE_TENANT_ID} + AZURE_CREDENTIAL_CLIENT_ID: ${MC_COST_OPTIMIZER_AZURE_CLIENT_ID} + AZURE_CREDENTIAL_CLIENT_SECRET: ${MC_COST_OPTIMIZER_AZURE_CLIENT_SECRET} + AZURE_CREDENTIAL_SUBSCRIPTION_ID: ${MC_COST_OPTIMIZER_AZURE_SUBSCRIPTION_ID} - AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${CO_AZURE_VM_RIGHTSIZER_SCHEDULE} + AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_VM_RIGHTSIZER_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} mc-cost-optimizer-ncp-vm-rightsizer: @@ -756,24 +757,24 @@ services: volumes: - ./tool/mcc:/app/tool/mcc environment: - SPRING_DATASOURCE_URL: ${CO_COST_DB_URL} - SPRING_DATASOURCE_USERNAME: ${CO_MYSQL_USER} - SPRING_DATASOURCE_PASSWORD: ${CO_MYSQL_PASSWORD} + SPRING_DATASOURCE_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + SPRING_DATASOURCE_USERNAME: ${MC_COST_OPTIMIZER_MYSQL_USER} + SPRING_DATASOURCE_PASSWORD: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} OPENBAO_ENABLED: ${CO_OPENBAO_ENABLED} OPENBAO_ADDRESS: ${CO_OPENBAO_ADDRESS} OPENBAO_TOKEN: ${CO_OPENBAO_TOKEN} - NCP_CREDENTIAL_IAM_ACCESS_KEY: ${CO_NCP_IAM_ACCESS_KEY} - NCP_CREDENTIAL_IAM_SECRET_KEY: ${CO_NCP_IAM_SECRET_KEY} + NCP_CREDENTIAL_IAM_ACCESS_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_ACCESS_KEY} + NCP_CREDENTIAL_IAM_SECRET_KEY: ${MC_COST_OPTIMIZER_NCP_IAM_SECRET_KEY} - AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${CO_AZURE_VM_RIGHTSIZER_SCHEDULE} + AZURE_RIGHTSIZER_BATCH_CRON_SCHEDULE: ${MC_COST_OPTIMIZER_AZURE_VM_RIGHTSIZER_SCHEDULE} - COSTOPTI_ALARMSERVICE_URL: ${CO_ALARM_URL} - COSTOPTI_ASSETCOLLECTOR_URL: ${CO_COST_ASSET_COLLECTOR_URL} - COSTOPTI_COSTCOLLECTOR_URL: ${CO_COST_COLLECTOR_URL} - COSTOPTI_COSTPROCESSOR_URL: ${CO_COST_PROCESSOR_URL} - COSTOPTI_COSTSELECTOR_URL: ${CO_COST_SELECTOR_URL} + COSTOPTI_ALARMSERVICE_URL: ${MC_COST_OPTIMIZER_ALARM_URL} + COSTOPTI_ASSETCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_ASSET_COLLECTOR_URL} + COSTOPTI_COSTCOLLECTOR_URL: ${MC_COST_OPTIMIZER_COST_COLLECTOR_URL} + COSTOPTI_COSTPROCESSOR_URL: ${MC_COST_OPTIMIZER_COST_PROCESSOR_URL} + COSTOPTI_COSTSELECTOR_URL: ${MC_COST_OPTIMIZER_COST_SELECTOR_URL} tumblebug.url: ${CO_TBB_URL} tumblebug.username: ${CO_TBB_USERNAME} tumblebug.password: ${CO_TBB_PW} @@ -789,16 +790,16 @@ services: - mc-web-console-network ports: - target: 8096 - published: ${MC_COST_OPTIMIZER_ML_SCORER_PORT} + published: ${CO_ML_SCORER_PORT} protocol: tcp depends_on: - mc-cost-optimizer-db volumes: - ./tool/mcc:/app/tool/mcc environment: - COST_DB_URL: ${CO_COST_DB_URL} - COST_DB_USERNM: ${CO_MYSQL_USER} - COST_DB_PW: ${CO_MYSQL_PASSWORD} + COST_DB_URL: ${MC_COST_OPTIMIZER_COST_DB_URL} + COST_DB_USERNM: ${MC_COST_OPTIMIZER_MYSQL_USER} + COST_DB_PW: ${MC_COST_OPTIMIZER_MYSQL_PASSWORD} SERVER_PORT: 8096 WINDOW_DAYS: ${CO_ML_SCORER_WINDOW_DAYS:-30} healthcheck: @@ -825,9 +826,9 @@ services: condition: service_completed_successfully environment: - ALLOW_EMPTY_PASSWORD=no - - MYSQL_ROOT_PASSWORD=${CO_MYSQL_ROOT_PASSWORD} - - MYSQL_USER=${CO_MYSQL_USER} - - MYSQL_PASSWORD=${CO_MYSQL_PASSWORD} + - MYSQL_ROOT_PASSWORD=${MC_COST_OPTIMIZER_MYSQL_ROOT_PASSWORD} + - MYSQL_USER=${MC_COST_OPTIMIZER_MYSQL_USER} + - MYSQL_PASSWORD=${MC_COST_OPTIMIZER_MYSQL_PASSWORD} command: - --skip-character-set-client-handshake ports: @@ -872,6 +873,7 @@ services: mc-application-manager-sonatype-nexus: image: sonatype/nexus3:latest container_name: mc-application-manager-sonatype-nexus + restart: unless-stopped platform: linux/amd64 networks: - mc-application-manager-network @@ -896,9 +898,16 @@ services: mc-application-manager: image: cloudbaristaorg/mc-application-manager:0.5.4 container_name: mc-application-manager + restart: unless-stopped depends_on: mc-application-manager-db: condition: service_healthy + mc-application-manager-sonatype-nexus: + condition: service_started + mc-infra-manager: + condition: service_healthy + mc-observability-rabbitmq: + condition: service_healthy networks: - mc-application-manager-network - mc-web-console-network @@ -959,6 +968,10 @@ services: image: cloudbaristaorg/mc-workflow-manager:0.5.3 container_name: mc-workflow-manager platform: linux/amd64 + restart: unless-stopped + depends_on: + mc-workflow-manager-jenkins: + condition: service_healthy networks: - mc-workflow-manager-network - mc-web-console-network @@ -1026,6 +1039,7 @@ services: mc-data-manager-db: image: mariadb:latest container_name: mc-data-manager-db + restart: always command: - --skip-character-set-client-handshake volumes: @@ -1148,17 +1162,13 @@ services: mc-observability-manager: image: cloudbaristaorg/mc-observability:edge container_name: mc-observability-manager - restart: on-failure + restart: unless-stopped networks: - mc-observability-network - mc-cost-optimizer-network - mc-infra-manager-network - mc-infra-connector-network - mc-web-console-network - ports: - - target: 18080 - published: ${MC_OBSERVABILITY_MANAGER_PORT} - protocol: tcp depends_on: mc-observability-grafana: condition: service_healthy @@ -1184,28 +1194,27 @@ services: - grafana_shared_config:/grafana_config:ro healthcheck: test: [ "CMD", "/app/tool/mcc", "rest", "get", "http://localhost:18080/api/docs" ] - <<: *default-health-check + interval: ${HEALTH_CHECK_INTERVAL:-1m} + timeout: ${HEALTH_CHECK_TIMEOUT:-5s} + retries: ${HEALTH_CHECK_RETRIES:-3} + start_period: 5m mc-observability-front: image: cloudbaristaorg/mc-observability-front:edge container_name: mc-observability-front - restart: on-failure + restart: unless-stopped networks: - mc-observability-network - mc-infra-manager-network - mc-infra-connector-network - ports: - - target: 18081 - published: ${MC_OBSERVABILITY_FRONT_PORT} - protocol: tcp depends_on: mc-observability-manager: - condition: service_healthy + condition: service_started mc-observability-infra: image: cloudbaristaorg/mc-observability-infra:edge container_name: mc-observability-infra - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1253,7 +1262,7 @@ services: mc-observability-rabbitmq: image: rabbitmq:4.1.4-management-alpine container_name: mc-observability-rabbitmq - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1291,7 +1300,7 @@ services: mc-observability-maria: image: mariadb:10.11.11 container_name: mc-observability-maria - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1330,7 +1339,7 @@ services: mc-observability-influx: image: cloudbaristaorg/mc-observability-influx:edge container_name: mc-observability-influx - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1367,7 +1376,7 @@ services: mc-observability-influx-2: image: cloudbaristaorg/mc-observability-influx:edge container_name: mc-observability-influx-2 - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1421,7 +1430,7 @@ services: mc-observability-loki: image: grafana/loki:3.4.2 container_name: mc-observability-loki - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: @@ -1505,7 +1514,7 @@ services: mc-observability-grafana: image: cloudbaristaorg/mc-observability-grafana:edge container_name: mc-observability-grafana - restart: on-failure + restart: unless-stopped networks: - mc-observability-network ports: