diff --git a/.gitignore b/.gitignore index e60a357..bfcb496 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,8 @@ pip-wheel-metadata/ .venv/ venv/ .env/ +.idp_flag + # Poetry / pipenv virtual envs .poetry/ .pipenv/ diff --git a/Makefile b/Makefile index 7808522..f4fdfa3 100644 --- a/Makefile +++ b/Makefile @@ -9,14 +9,14 @@ export $(shell sed -E 's/#.*//' .env | cut -d= -f1) endif # ───────────── rest of your Makefile below ───────────── -compose = podman-compose -f dev-compose.yaml +compose = docker compose -f dev-compose.yaml # # ---------------------------------------------------------- # Helpers # ---------------------------------------------------------- create-proxy-net: - @podman network exists nginx-proxy || podman network create nginx-proxy + @docker network inspect nginx-proxy >/dev/null 2>&1 || docker network create nginx-proxy # probe external Keycloak once and cache the flag check-idp: @@ -32,7 +32,7 @@ check-idp: # Lifecycle targets # ---------------------------------------------------------- build: ## Build FastAPI image - podman build -t cmmc-fastapi:latest -f .container-images/fastapi.Dockerfile . + docker build -t cmmc-fastapi:latest -f .container-images/fastapi.Dockerfile . up: create-proxy-net check-idp ## Start stack (auto-starts Keycloak only if needed) @if [ "`cat .idp_flag`" = "1" ]; then \ @@ -44,10 +44,15 @@ up: create-proxy-net check-idp ## Start stack (auto-starts Keycloak only if need down: ## Stop stack $(compose) down +rebuild: down build up + logs: ## Tail logs $(compose) logs -f test: ## Run pytest PYTHONPATH=. pytest -q -.PHONY: build up down logs test create-proxy-net check-idp +ps: + $(compose) ps + +.PHONY: build up down logs test create-proxy-net check-idp ps rebuild diff --git a/dev-compose.yaml b/dev-compose.yaml index 5b178db..a6f8304 100644 --- a/dev-compose.yaml +++ b/dev-compose.yaml @@ -35,9 +35,9 @@ services: KEYCLOAK_URL: "${KEYCLOAK_URL:-http://keycloak:8080}" KEYCLOAK_REALM: "cmmc-platform-dev" KEYCLOAK_CLIENT_ID: "frontend" - ports: - # keep reachable only from localhost, not LAN - - "127.0.0.1:8008:8000" + # ports: + # # keep reachable only from localhost, not LAN + # - "127.0.0.1:8008:8000" networks: [internal] # ────────────────────────────── diff --git a/kong/kong.yml b/kong/kong.yml index 6e12a9f..c2f1dda 100644 --- a/kong/kong.yml +++ b/kong/kong.yml @@ -1,23 +1,18 @@ _format_version: "3.0" _transform: true -######################################################### -# Upstream — FastAPI service running in podman-compose -######################################################### services: - name: fastapi-svc - host: fastapi # container alias on the internal network + host: fastapi port: 8000 protocol: http routes: - # Public API - - name: api-root + - name: fastapi-api paths: ["/api/"] strip_path: true methods: ["GET", "POST", "PUT", "PATCH", "DELETE"] plugins: - # Enable CORS for local testing - name: cors config: origins: ["*"] @@ -26,14 +21,28 @@ services: credentials: false max_age: 3600 - # Health probe exposed at /gateway-health - - name: gateway-health - paths: ["/gateway-health"] + - name: fastapi-health + paths: ["/gateway-health", "/healthz"] strip_path: true methods: ["GET"] + - name: kong-meta + url: http://localhost:8001 + routes: + - name: root-status + paths: ["/"] + strip_path: true + methods: ["GET"] + plugins: + - name: request-termination + config: + status_code: 200 + content_type: application/json + body: '{"status":"Kong Gateway OK"}' + + + plugins: - # Global rate-limit (optional; remove if you don’t need it yet) - name: rate-limiting config: second: 25