Closed quartje closed 8 months ago
@quartje - looks good to me!
The only mention I do have is about the certificate. Although we don't require strict security on the dev environment, it is a best practice in general to not add certificates to the code. So I am thinking you could add the certificate to the Github Actions secrets store: https://docs.github.com/en/actions/security-guides/encrypted-secrets
Then you could access that certificate during the Actions pipeline as an environment variable and "echo" it into a file inside the docker container image at build time. So it will be available in the image, but not visible in the code.
That's a nice suggestion. We need the certificate to distribute in the other containers, should we put that in a GitHub variable as well?
@quartje - yes! I would check if Github has "global" variables or secrets, that would be available to all projects. Then you could just pull it in any project and in any new project.
This adds a container that can be used in Docker compose. It's a simple Haproxy loadbalancer, with all the StepupApps as backends. It also contains a Haproxy stats page to check the loadbalancer status.
A wildcard certificate is added for *.dev.openconext.local. The cert should be imported in the trusted certificate store on all the containers that need to access other containers.
Strictly speaking, this container should be in it's own repo. However, since the selfsigned certificate should be imported on all dev containers, I am putting it here.