OpenConext / OpenConext-BaseContainers

Docker base images used by all OpenConext projects that use docker containers
Apache License 2.0
0 stars 1 forks source link

Add haproxy26 container #1

Closed quartje closed 8 months ago

quartje commented 1 year ago

This adds a container that can be used in Docker compose. It's a simple Haproxy loadbalancer, with all the StepupApps as backends. It also contains a Haproxy stats page to check the loadbalancer status.

A wildcard certificate is added for *.dev.openconext.local. The cert should be imported in the trusted certificate store on all the containers that need to access other containers.

Strictly speaking, this container should be in it's own repo. However, since the selfsigned certificate should be imported on all dev containers, I am putting it here.

danakim commented 1 year ago

@quartje - looks good to me!

The only mention I do have is about the certificate. Although we don't require strict security on the dev environment, it is a best practice in general to not add certificates to the code. So I am thinking you could add the certificate to the Github Actions secrets store: https://docs.github.com/en/actions/security-guides/encrypted-secrets

Then you could access that certificate during the Actions pipeline as an environment variable and "echo" it into a file inside the docker container image at build time. So it will be available in the image, but not visible in the code.

quartje commented 1 year ago

That's a nice suggestion. We need the certificate to distribute in the other containers, should we put that in a GitHub variable as well?

danakim commented 1 year ago

@quartje - yes! I would check if Github has "global" variables or secrets, that would be available to all projects. Then you could just pull it in any project and in any new project.