feat: update build-canned

Signed-off-by: dovholuknf <[email protected]>

fix: add arm64 for zero-trust

Signed-off-by: dovholuknf <[email protected]>

fix: update readme and tweak makefile per review

Signed-off-by: dovholuknf <[email protected]>

fix: remove debugging

Signed-off-by: dovholuknf <[email protected]>

fix: remove debug really this time

Signed-off-by: dovholuknf <[email protected]>

fix: remove debug really this time

Signed-off-by: dovholuknf <[email protected]>

fix: update ekuiper and selectively enable OpenZiti in it

Signed-off-by: dovholuknf <[email protected]>

Makefile

@@ -13,7 +13,7 @@
 #  *
 #  *******************************************************************************/
 
-.PHONY: help portainer portainer-down pull run pull-ui run-ui down-ui down clean get-token openziti openziti-down zero-trust zero-trust-down
+.PHONY: help portainer portainer-down pull run pull-ui run-ui down-ui down clean get-token openziti openziti-down zero-trust
 .SILENT: help get-token
 
 help:
@@ -22,7 +22,7 @@ help:
 ARGS:=$(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
 $(eval $(ARGS):;@:)
 
-OPTIONS:=" arm64 no-secty app-sample " # Must have spaces around words for `filter-out` function to work properly
+OPTIONS:=" arm64 no-secty app-sample zero-trust " # Must have spaces around words for `filter-out` function to work properly
 
 # This tool now only supports compose V2, aka "docker compose" as it has replaced to old docker-compose tool.
 DOCKER_COMPOSE=docker compose
@@ -37,11 +37,14 @@ endif
 ifeq (app-sample, $(filter app-sample,$(ARGS)))
 	APP_SAMPLE:=-with-app-sample
 endif
+ifeq (zero-trust, $(filter zero-trust,$(ARGS)))
+	ZERO_TRUST_OPTION=-zero-trust
+endif
 
 SERVICES:=$(filter-out $(OPTIONS),$(ARGS))
 
 define COMPOSE_DOWN
-	${DOCKER_COMPOSE} -p edgex -f docker-compose.yml -f docker-compose-with-app-sample.yml down $1
+	${DOCKER_COMPOSE} -p edgex -f docker-compose-with-app-sample.yml down $1
 endef
 
 # Define additional phony targets for all options to enable support for tab-completion in shell
@@ -66,23 +69,11 @@ openziti-logs:
 openziti-clean:
 	${DOCKER_COMPOSE} -p edgex -f docker-compose-openziti.yml down -v
 
-zero-trust:
-	${DOCKER_COMPOSE} -p edgex -f docker-compose-zero-trust.yml up -d
-
-zero-trust-down:
-	${DOCKER_COMPOSE} -p edgex -f docker-compose-zero-trust.yml down
-
-zero-trust-logs:
-	${DOCKER_COMPOSE} -p edgex -f docker-compose-zero-trust.yml logs -f
-
-zero-trust-clean:
-	${DOCKER_COMPOSE} -p edgex -f docker-compose-zero-trust.yml down -v
-
 pull:
-	${DOCKER_COMPOSE} -f docker-compose${NO_SECURITY}${ARM64}.yml pull ${SERVICES}
+	${DOCKER_COMPOSE} -f docker-compose${NO_SECURITY}${ZERO_TRUST_OPTION}${ARM64}.yml pull ${SERVICES}
 
 run:
-	${DOCKER_COMPOSE} -p edgex -f docker-compose${NO_SECURITY}${APP_SAMPLE}${ARM64}.yml up -d ${SERVICES}
+	${DOCKER_COMPOSE} -p edgex -f docker-compose${NO_SECURITY}${APP_SAMPLE}${ZERO_TRUST_OPTION}${ARM64}.yml up -d ${SERVICES}
 
 down:
 	$(COMPOSE_DOWN)

README.md

@@ -97,22 +97,13 @@ This folder contains the following compose files:
   - Use `make pull no-secty app-sample <service(s)>` to pull all or some images for the services in this compose file.
 
 - **docker-compose-openziti.yml**
-  Contains the services needed to bring OpenZiti online, configure it, and enable consul to perform underlay-based health checking. Used in conjunction with `docker-compose-zero-trust.yml`. This compose file should be started before starting the `docker-compose-zero-trust.yml` compose file.
+  Contains the services needed to bring OpenZiti online, configure it, and enable consul to perform underlay-based health checking. Used in conjunction with `make run (pull) zero-trust`. This compose file should be started before starting the `make run zero-trust` compose file.
 
   **Make Commands**
 
     - Use `make openziti` and `make openziti-down` to start and stop the services using this compose file.
-    - Use `make openziti-clean` to remove all stopped containers, all volumes and all networks used by the EdgeX stack. Use this command when needing to do a fresh restart. **Note** You must _also_ run the corresponding `make zero-trust-clean` command to fully clean up.
+    - Use `make openziti-clean` to remove all stopped containers, all volumes and all networks used by the EdgeX stack. Use this command when needing to do a fresh restart. **Note** You must _also_ run the corresponding `make down zero-trust` command to fully clean up.
     - Use `make openziti-logs` to follow the logs
-
-- **docker-compose-zero-trust.yml**
-  Contains the services needed to run in zero-trust secure mode. Used in conjunction with `docker-compose-openziti.yml`. Start this compose file after starting OpenZiti. When operating in zero-trust mode, no ports are available other than the OpenZiti ports. Accessing services must be done using an OpenZiti tunneler or through using an OpenZiti SDK. The `go-mod-bootstrap` library has been upgraded to support zero-trust.
-
-  **Make Commands**
-
-  - Use `make zero-trust` and `make zero-trust-down` to start and stop the services using this compose file.
-  - Use `make zero-trust-clean` to remove all stopped containers, all volumes and all networks used by the EdgeX stack. Use this command when needing to do a fresh restart. **Note** You must _also_ run the corresponding `make openziti-clean` command to fully clean up. 
-  - Use `make openziti-logs` to follow the logs
 
 ### TAF Compose files
 

compose-builder/.env

@@ -48,7 +48,7 @@ VAULT_VERSION=1.14
 CONSUL_VERSION=1.16
 # Lock on Redis 7.0 until EdgeX 4.0
 REDIS_VERSION=7.0-alpine
-KUIPER_VERSION=1.12-alpine
+KUIPER_VERSION=v1.14.0-alpha.2
 MOSQUITTO_VERSION=2.0
 NANOMQ_VERSION=0.18
 NATS_VERSION=2.9-alpine

compose-builder/Makefile

@@ -65,8 +65,10 @@ endif
 
 ifeq (zero-trust, $(filter zero-trust,$(ARGS)))
 	MAKE_ZERO_TRUST:=1
+	export ZERO_TRUST_COMPOSE=-zero-trust
 else
 	MAKE_ZERO_TRUST:=0
+	export ZERO_TRUST_COMPOSE=
 endif
 ifeq (no-cleanup, $(filter no-cleanup,$(ARGS)))
 	NO_CLEANUP:=1
@@ -1015,6 +1017,8 @@ build-canned:
 	make compose ds-rest ds-virtual no-secty arm64
 	make compose ds-rest ds-virtual asc-sample no-secty
 	make compose ds-rest ds-virtual asc-sample no-secty arm64
+	make compose ds-rest ds-virtual zero-trust
+	make compose ds-rest ds-virtual zero-trust arm64
 
 build-taf:
 	make taf-compose taf-secty
@@ -1035,7 +1039,7 @@ build-taf-nanomq:
 	make taf-compose-perf taf-perf-no-secty mqtt-bus nanomq no-secty
 
 compose: gen
-	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/docker-compose$(NO_SECURITY)$(APP_SAMPLE)$(BUS)$(NANOMQ)$(ARCH).yml
+	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/docker-compose$(NO_SECURITY)$(APP_SAMPLE)$(BUS)$(NANOMQ)$(ZERO_TRUST_COMPOSE)$(ARCH).yml
 
 taf-compose: gen
 	cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/taf/docker-compose-taf$(NO_SECURITY)$(BUS)$(NANOMQ)$(ARCH).yml
@@ -1051,9 +1055,12 @@ pull: gen
 
 gen:
 	echo MQTT_VERBOSE=${MQTT_VERBOSE}
-	${DOCKER_COMPOSE}  -p edgex $(COMPOSE_FILES) ${GEN_COMMAND} --output docker-compose.yml
+	${DOCKER_COMPOSE}  -p edgex $(COMPOSE_FILES) ${GEN_COMMAND} --output docker-compose.yml.gen
 	if [ "$(NO_CLEANUP)" = "0" ]; then rm -rf ./$(GEN_EXT_DIR); fi
-
+	echo "# Generated with: $(docker_ver)" > docker-compose.yml
+	cat docker-compose.yml.gen >> docker-compose.yml
+	rm docker-compose.yml.gen
+
 get-token:
 	sh ./get-api-gateway-token.sh
 

compose-builder/add-security-zero-trust.yml

@@ -37,6 +37,7 @@ services:
     environment:
       EDGEX_CREDENTIAL_NAME: rules-engine
       EDGEX_CREDENTIALS: /tmp/edgex/secrets/rules-engine/secrets-token.json
+      KUIPER__BASIC__ENABLEOPENZITI: true
       OPENZITI_CONTROLLER: openziti:1280
     ports: !reset null
     volumes:

compose-builder/docker-compose-base.yml

@@ -264,6 +264,7 @@ services:
     environment:
 #      KUIPER__BASIC__DEBUG: "true"
       KUIPER__BASIC__CONSOLELOG: "true"
+      KUIPER__BASIC__ENABLEOPENZITI: false
       KUIPER__BASIC__RESTPORT: 59720
       CONNECTION__EDGEX__REDISMSGBUS__PORT: 6379
       CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis