diff --git a/WORKSPACE b/WORKSPACE index f017741cb..610bcacca 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -24,3 +24,25 @@ closure_repositories( load("//java/google/registry:repositories.bzl", "domain_registry_repositories") domain_registry_repositories() + +# Setup docker bazel rules +git_repository( + name = "io_bazel_rules_docker", + remote = "https://github.com/bazelbuild/rules_docker.git", + tag = "v0.4.0", +) + +load( + "@io_bazel_rules_docker//container:container.bzl", + "container_pull", + container_repositories = "repositories", +) + +container_repositories() + +container_pull( + name = "java_base", + registry = "gcr.io", + repository = "distroless/java", + digest = "sha256:780ee786a774a25a4485f491b3e0a21f7faed01864640af7cebec63c46a0845a", +) diff --git a/java/google/registry/proxy/BUILD b/java/google/registry/proxy/BUILD index d7eb22e4b..c921dcc36 100644 --- a/java/google/registry/proxy/BUILD +++ b/java/google/registry/proxy/BUILD @@ -2,6 +2,8 @@ # This package contains the code for the binary that proxies TCP traffic from # the GCE/GKE to AppEngine. +load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_push") + package( default_visibility = ["//java/google/registry:registry_project"], ) @@ -48,3 +50,28 @@ java_binary( "@io_netty_tcnative", ], ) + +container_image( + name = "proxy_image", + base = "@java_base//image", + entrypoint = [ + "java", + "-jar", + "proxy_server_deploy.jar", + ], + files = [":proxy_server_deploy.jar"], + ports = [ + "30000", + "30001", + "30002", + ], +) + +container_push( + name = "proxy_push", + format = "Docker", + image = ":proxy_image", + registry = "gcr.io", + repository = "GCP_PROJECT/IMAGE_NAME", + tag = "bazel", +) diff --git a/java/google/registry/proxy/config/default-config.yaml b/java/google/registry/proxy/config/default-config.yaml index da9f89e59..c64ce10f2 100644 --- a/java/google/registry/proxy/config/default-config.yaml +++ b/java/google/registry/proxy/config/default-config.yaml @@ -52,7 +52,7 @@ kms: cryptoKey: your-kms-cryptoKey epp: - port: 700 + port: 30002 relayHost: registry-project-id.appspot.com relayPath: /_dr/epp @@ -122,7 +122,7 @@ epp: customQuota: [] whois: - port: 43 + port: 30001 relayHost: registry-project-id.appspot.com relayPath: /_dr/whois diff --git a/java/google/registry/proxy/kubernetes/Dockerfile b/java/google/registry/proxy/kubernetes/Dockerfile deleted file mode 100644 index 2d74bb1bb..000000000 --- a/java/google/registry/proxy/kubernetes/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2018 The Nomulus Authors. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM openjdk:8 - -WORKDIR /proxy - -COPY ./proxy_server_deploy.jar /proxy/ - -ENTRYPOINT ["java", "-jar", "proxy_server_deploy.jar"] - -# Ports used for health checking, WHOIS and EPP, respecitvely. -EXPOSE 30000 30001 30002 diff --git a/java/google/registry/proxy/kubernetes/build_image.sh b/java/google/registry/proxy/kubernetes/build_image.sh deleted file mode 100755 index eb117c8be..000000000 --- a/java/google/registry/proxy/kubernetes/build_image.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -# Copyright 2018 The Nomulus Authors. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script builds the proxy jar file with all of its dependencies included, -# then puts it in an image with a name compatible with GCR. If a "push" -# argument is given, it also uploads the image to GCR. - -function cleanup() { - rm ${WORKDIR}/${TARGET} -f -} - -trap cleanup EXIT - -PROJECT=`gcloud config list 2>&1 | grep project | awk -F'= ' '{print $2}'`; - -echo "PROJECT: ${PROJECT}" - -PACKAGE_PREFIX="" - -PACKAGE=${PACKAGE_PREFIX}"java/google/registry/proxy" - -TARGET=proxy_server_deploy.jar - -BUILD_TOOL=bazel - -WORKSPACE=`$BUILD_TOOL info workspace` - -WORKDIR=${WORKSPACE}/${PACKAGE}/kubernetes - -BINDIR=${WORKSPACE}/${BUILD_TOOL}-bin/${PACKAGE} - -$BUILD_TOOL build "//"${PACKAGE}:${TARGET} - -cp ${BINDIR}/${TARGET} ${WORKDIR}/ - -docker build -t gcr.io/${PROJECT}/proxy:latest $WORKDIR - -# Publish the image to GCR if "push" argument is given. -if [ -z $1 ] -then - exit -fi - -if [ $1 = "push" ] -then - gcloud docker -- push gcr.io/${PROJECT}/proxy:latest -else - echo "usage: $0 [push]" -fi diff --git a/java/google/registry/proxy/kubernetes/proxy-deployment.yaml b/java/google/registry/proxy/kubernetes/proxy-deployment.yaml index 651a323ea..dec081448 100644 --- a/java/google/registry/proxy/kubernetes/proxy-deployment.yaml +++ b/java/google/registry/proxy/kubernetes/proxy-deployment.yaml @@ -20,7 +20,7 @@ spec: secretName: proxy-account containers: - name: proxy - image: INSERT_YOUR_IMAGE_NAME_HERE + image: gcr.io/GCP_PROJECT/IMAGE_NAME:bazel ports: - containerPort: 30000 name: health-check @@ -41,6 +41,7 @@ spec: volumeMounts: - name: service-account mountPath: /var/secrets/google + imagePullPolicy: Always args: ["--log"] env: - name: GOOGLE_APPLICATION_CREDENTIALS