Eliminate legacy gateway container (consolidate into router-gateway)
The gateway service was a redundant deployment of the same StellaOps.Gateway.WebService binary already running as router-gateway. It served no unique purpose — all traffic is handled by router-gateway (slot 0). This removes the container, its route table entries, nginx proxy blocks, health/quota stubs, and redirects STELLAOPS_GATEWAY_URL to router.stella-ops.local so the Angular frontend resolves API base URLs through the canonical frontdoor. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
master
@@ -410,7 +410,7 @@ services:
|
||||
STELLAOPS_ROUTER_URL: "http://router.stella-ops.local"
|
||||
STELLAOPS_PLATFORM_URL: "http://platform.stella-ops.local"
|
||||
STELLAOPS_AUTHORITY_URL: "http://authority.stella-ops.local"
|
||||
STELLAOPS_GATEWAY_URL: "http://gateway.stella-ops.local"
|
||||
STELLAOPS_GATEWAY_URL: "http://router.stella-ops.local"
|
||||
STELLAOPS_ATTESTOR_URL: "http://attestor.stella-ops.local"
|
||||
STELLAOPS_EVIDENCELOCKER_URL: "http://evidencelocker.stella-ops.local"
|
||||
STELLAOPS_SCANNER_URL: "http://scanner.stella-ops.local"
|
||||
@@ -535,38 +535,7 @@ services:
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
|
||||
# --- Slot 3: Gateway -------------------------------------------------------
|
||||
gateway:
|
||||
<<: *resources-light
|
||||
image: stellaops/gateway:dev
|
||||
container_name: stellaops-gateway
|
||||
restart: unless-stopped
|
||||
depends_on: *depends-infra
|
||||
environment:
|
||||
ASPNETCORE_URLS: "http://+:80;http://+:8080"
|
||||
<<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
|
||||
ConnectionStrings__Default: *postgres-connection
|
||||
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
|
||||
Gateway__Auth__DpopEnabled: "false"
|
||||
Gateway__Auth__Authority__Issuer: "https://authority.stella-ops.local/"
|
||||
Gateway__Auth__Authority__RequireHttpsMetadata: "false"
|
||||
Router__Enabled: "${GATEWAY_ROUTER_ENABLED:-true}"
|
||||
Router__Messaging__ConsumerGroup: "gateway"
|
||||
volumes:
|
||||
- *cert-volume
|
||||
- *ca-bundle
|
||||
- *ca-bundle
|
||||
ports:
|
||||
- "127.1.0.5:80:80"
|
||||
networks:
|
||||
stellaops:
|
||||
aliases:
|
||||
- gateway.stella-ops.local
|
||||
frontdoor: {}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
|
||||
<<: *healthcheck-tcp
|
||||
labels: *release-labels
|
||||
# --- Slot 3: (removed — Gateway consolidated into Router Gateway, slot 0) ---
|
||||
|
||||
# --- Slot 4: Attestor ------------------------------------------------------
|
||||
attestor:
|
||||
|
||||
@@ -12,7 +12,6 @@
|
||||
127.1.0.2 router.stella-ops.local
|
||||
127.1.0.3 platform.stella-ops.local
|
||||
127.1.0.4 authority.stella-ops.local
|
||||
127.1.0.5 gateway.stella-ops.local
|
||||
127.1.0.6 attestor.stella-ops.local
|
||||
127.1.0.7 evidencelocker.stella-ops.local
|
||||
127.1.0.8 scanner.stella-ops.local
|
||||
|
||||
@@ -75,7 +75,6 @@
|
||||
"Microservice","/jwks","https://authority.stella-ops.local/jwks","/","200"
|
||||
"Microservice","/authority","https://authority.stella-ops.local/authority","/authority/audit/airgap","401"
|
||||
"Microservice","/console","https://authority.stella-ops.local/console","/console/filters","401"
|
||||
"Microservice","/gateway","http://gateway.stella-ops.local",,
|
||||
"Microservice","/scanner","http://scanner.stella-ops.local","/scanner/api/v1/agents","401"
|
||||
"Microservice","/policyGateway","http://policy-gateway.stella-ops.local","/policyGateway","302"
|
||||
"Microservice","/policyEngine","http://policy-engine.stella-ops.local","/policyEngine","302"
|
||||
|
||||
|
@@ -78,7 +78,6 @@
|
||||
"ReverseProxy","/console","https://authority.stella-ops.local/console","/console/vex","404"
|
||||
"ReverseProxy","/rekor","http://rekor.stella-ops.local:3322",,
|
||||
"ReverseProxy","/envsettings.json","http://platform.stella-ops.local/platform/envsettings.json","/","200"
|
||||
"ReverseProxy","/gateway","http://gateway.stella-ops.local",,
|
||||
"ReverseProxy","/scanner","http://scanner.stella-ops.local",,
|
||||
"ReverseProxy","/policyGateway","http://policy-gateway.stella-ops.local",,
|
||||
"ReverseProxy","/policyEngine","http://policy-engine.stella-ops.local",,
|
||||
|
||||
|
@@ -599,11 +599,6 @@
|
||||
"TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json",
|
||||
"PreserveAuthHeaders": true
|
||||
},
|
||||
{
|
||||
"Type": "Microservice",
|
||||
"Path": "/gateway",
|
||||
"TranslatesTo": "http://gateway.stella-ops.local"
|
||||
},
|
||||
{
|
||||
"Type": "Microservice",
|
||||
"Path": "/scanner",
|
||||
|
||||
@@ -591,11 +591,6 @@
|
||||
"Path": "/envsettings.json",
|
||||
"TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json"
|
||||
},
|
||||
{
|
||||
"Type": "ReverseProxy",
|
||||
"Path": "/gateway",
|
||||
"TranslatesTo": "http://gateway.stella-ops.local"
|
||||
},
|
||||
{
|
||||
"Type": "ReverseProxy",
|
||||
"Path": "/scanner",
|
||||
|
||||
@@ -56,17 +56,6 @@ server {
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
|
||||
# Gateway API (strips /gateway/ prefix for release-orchestrator clients)
|
||||
location /gateway/ {
|
||||
set \$gateway_upstream http://gateway.stella-ops.local;
|
||||
rewrite ^/gateway/(.*)\$ /\$1 break;
|
||||
proxy_pass \$gateway_upstream;
|
||||
proxy_set_header Host gateway.stella-ops.local;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
|
||||
# Platform service (preserves /platform/ prefix for envsettings, admin)
|
||||
location /platform/ {
|
||||
proxy_pass http://platform.stella-ops.local/platform/;
|
||||
@@ -250,7 +239,7 @@ server {
|
||||
sub_filter '"http://stella-ops.local/connect/token"' '"/connect/token"';
|
||||
sub_filter '"http://stella-ops.local/connect/logout"' '"/connect/logout"';
|
||||
sub_filter '"http://stella-ops.local"' '""';
|
||||
sub_filter '"http://gateway.stella-ops.local"' '"/gateway"';
|
||||
sub_filter '"http://router.stella-ops.local"' '""';
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
@@ -307,7 +296,7 @@ server {
|
||||
sub_filter '"http://stella-ops.local/connect/token"' '"/connect/token"';
|
||||
sub_filter '"http://stella-ops.local/connect/logout"' '"/connect/logout"';
|
||||
sub_filter '"http://stella-ops.local"' '""';
|
||||
sub_filter '"http://gateway.stella-ops.local"' '"/gateway"';
|
||||
sub_filter '"http://router.stella-ops.local"' '""';
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
|
||||
@@ -22,14 +22,6 @@ server {
|
||||
proxy_pass http://platform.stella-ops.local/api/;
|
||||
}
|
||||
|
||||
# Gateway API (strips /gateway/ prefix)
|
||||
location /gateway/ {
|
||||
set $gateway_upstream http://gateway.stella-ops.local;
|
||||
rewrite ^/gateway/(.*)$ /$1 break;
|
||||
proxy_pass $gateway_upstream;
|
||||
proxy_set_header Host gateway.stella-ops.local;
|
||||
}
|
||||
|
||||
# Platform envsettings.json with URL rewriting
|
||||
location = /platform/envsettings.json {
|
||||
proxy_pass http://platform.stella-ops.local/platform/envsettings.json;
|
||||
@@ -41,7 +33,7 @@ server {
|
||||
sub_filter '"http://stella-ops.local/connect/token"' '"/connect/token"';
|
||||
sub_filter '"http://stella-ops.local/connect/logout"' '"/connect/logout"';
|
||||
sub_filter '"http://stella-ops.local"' '""';
|
||||
sub_filter '"http://gateway.stella-ops.local"' '"/gateway"';
|
||||
sub_filter '"http://router.stella-ops.local"' '""';
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
@@ -412,7 +404,7 @@ server {
|
||||
sub_filter '"http://stella-ops.local/connect/token"' '"/connect/token"';
|
||||
sub_filter '"http://stella-ops.local/connect/logout"' '"/connect/logout"';
|
||||
sub_filter '"http://stella-ops.local"' '""';
|
||||
sub_filter '"http://gateway.stella-ops.local"' '"/gateway"';
|
||||
sub_filter '"http://router.stella-ops.local"' '""';
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
|
||||
@@ -26,17 +26,6 @@ server {
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Gateway API (strips /gateway/ prefix for release-orchestrator clients)
|
||||
location /gateway/ {
|
||||
set $gateway_upstream http://gateway.stella-ops.local;
|
||||
rewrite ^/gateway/(.*)$ /$1 break;
|
||||
proxy_pass $gateway_upstream;
|
||||
proxy_set_header Host gateway.stella-ops.local;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Platform service (preserves /platform/ prefix for envsettings, admin)
|
||||
location /platform/ {
|
||||
proxy_pass http://platform.stella-ops.local/platform/;
|
||||
@@ -215,7 +204,7 @@ server {
|
||||
proxy_set_header Accept-Encoding "";
|
||||
sub_filter_types application/json;
|
||||
sub_filter_once off;
|
||||
sub_filter '"http://gateway.stella-ops.local"' '"/gateway"';
|
||||
sub_filter '"http://router.stella-ops.local"' '""';
|
||||
sub_filter '"http://platform.stella-ops.local"' '"/platform"';
|
||||
sub_filter '"http://authority.stella-ops.local"' '"/authority"';
|
||||
sub_filter '"http://scanner.stella-ops.local"' '"/scanner"';
|
||||
|
||||
@@ -9,8 +9,7 @@ router-gateway|devops/docker/Dockerfile.hardened.template|src/Router/StellaOps.G
|
||||
platform|devops/docker/Dockerfile.hardened.template|src/Platform/StellaOps.Platform.WebService/StellaOps.Platform.WebService.csproj|StellaOps.Platform.WebService|8080
|
||||
# ── Slot 2: Authority ───────────────────────────────────────────────────────────
|
||||
authority|devops/docker/Dockerfile.hardened.template|src/Authority/StellaOps.Authority/StellaOps.Authority/StellaOps.Authority.csproj|StellaOps.Authority|8440
|
||||
# ── Slot 3: Gateway (legacy alias -> Router Gateway) ───────────────────────────
|
||||
gateway|devops/docker/Dockerfile.hardened.template|src/Router/StellaOps.Gateway.WebService/StellaOps.Gateway.WebService.csproj|StellaOps.Gateway.WebService|8080
|
||||
# ── Slot 3: (removed — Gateway consolidated into Router Gateway, slot 0) ───────
|
||||
# ── Slot 4: Attestor ────────────────────────────────────────────────────────────
|
||||
attestor|devops/docker/Dockerfile.hardened.template|src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj|StellaOps.Attestor.WebService|8442
|
||||
# ── Slot 5: Attestor TileProxy ──────────────────────────────────────────────────
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
- Image refresh:
|
||||
- `docker build ... -t stellaops/scanner-web:dev`
|
||||
- `docker build ... -t stellaops/integrations-web:dev`
|
||||
- `docker build ... -t stellaops/gateway:dev`
|
||||
- _(stellaops/gateway:dev removed — consolidated into router-gateway)_
|
||||
- `docker build ... -t stellaops/doctor-web:dev`
|
||||
- Clean bootstrap:
|
||||
- `devops/compose/scripts/router-mode-redeploy.ps1 -Mode reverseproxy`
|
||||
|
||||
@@ -30,7 +30,7 @@ Legend:
|
||||
| excititor.stella-ops.local | excititor | /excititor | D | Developer + Test Automation (Wave D) | Add API-form microservice mapping if needed; migrate root compatibility route in Wave D. | Route type revert + `EXCITITOR_ROUTER_ENABLED=false` (RMW-03). |
|
||||
| exportcenter.stella-ops.local | export | /api/v1/export, /exportcenter, /v1/audit-bundles | B | Developer + Test Automation (Wave B) | Migrate API/v1 and v1 routes first; keep root compatibility path until trust/evidence export checks pass. | Route type revert + `EXPORTCENTER_ROUTER_ENABLED=false` (RMW-03). |
|
||||
| findings.stella-ops.local | findings-ledger-web | /api/v1/findings, /findingsLedger | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + `FINDINGS_ROUTER_ENABLED=false` (RMW-03). |
|
||||
| gateway.stella-ops.local | gateway | /gateway | D | Developer + Test Automation (Wave D) | Defer root compatibility path until downstream service migration waves are complete. | Route type revert + `GATEWAY_ROUTER_ENABLED=false` (RMW-03). |
|
||||
| _(gateway.stella-ops.local — removed, consolidated into router-gateway)_ | — | — | — | — | Legacy gateway container eliminated; all traffic served by router-gateway (slot 0). | N/A |
|
||||
| integrations.stella-ops.local | integrations-web | /api/v1/integrations, /integrations | A | Developer + Test Automation (Wave A) | Migrate API prefix first, then root compatibility path. | Route type revert + `INTEGRATIONS_ROUTER_ENABLED=false` (RMW-03). |
|
||||
| issuerdirectory.stella-ops.local | issuer-directory | /issuerdirectory | B | Developer + Test Automation (Wave B) | Migrate route in trust-plane wave with issuer/auth verification checks. | Route type revert + `ISSUERDIRECTORY_ROUTER_ENABLED=false` (RMW-03). |
|
||||
| notifier.stella-ops.local | notifier-web | /api/v1/notifier, /notifier | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + `NOTIFIER_ROUTER_ENABLED=false` (RMW-03). |
|
||||
|
||||
@@ -18,7 +18,7 @@ This page focuses on deterministic slot/port allocation and may include legacy o
|
||||
| 0 | 10000 | 10001 | Router Gateway | `router.stella-ops.local` | `src/Router/StellaOps.Gateway.WebService` | `STELLAOPS_ROUTER_URL` |
|
||||
| 1 | 10010 | 10011 | Platform | `platform.stella-ops.local` | `src/Platform/StellaOps.Platform.WebService` | `STELLAOPS_PLATFORM_URL` |
|
||||
| 2 | 10020 | 10021 | Authority | `authority.stella-ops.local` | `src/Authority/StellaOps.Authority/StellaOps.Authority` | `STELLAOPS_AUTHORITY_URL` |
|
||||
| 3 | 10030 | 10031 | Gateway (deleted -- now under Router) | `gateway.stella-ops.local` | `src/Router/StellaOps.Gateway.WebService` | `STELLAOPS_GATEWAY_URL` |
|
||||
| 3 | — | — | _(removed — consolidated into Router Gateway, slot 0)_ | — | — | — |
|
||||
| 4 | 10040 | 10041 | Attestor | `attestor.stella-ops.local` | `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService` | `STELLAOPS_ATTESTOR_URL` |
|
||||
| 5 | 10050 | 10051 | Attestor TileProxy | — | `src/Attestor/StellaOps.Attestor.TileProxy` | `STELLAOPS_ATTESTOR_TILEPROXY_URL` |
|
||||
| 6 | 10060 | 10061 | Evidence Locker | `evidencelocker.stella-ops.local` | `src/EvidenceLocker/StellaOps.EvidenceLocker/StellaOps.EvidenceLocker.WebService` | `STELLAOPS_EVIDENCELOCKER_URL` |
|
||||
@@ -116,7 +116,6 @@ Add the following to your hosts file (`C:\Windows\System32\drivers\etc\hosts` on
|
||||
127.1.0.2 router.stella-ops.local
|
||||
127.1.0.3 platform.stella-ops.local
|
||||
127.1.0.4 authority.stella-ops.local
|
||||
127.1.0.5 gateway.stella-ops.local
|
||||
127.1.0.6 attestor.stella-ops.local
|
||||
127.1.0.7 evidencelocker.stella-ops.local
|
||||
127.1.0.8 scanner.stella-ops.local
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
"STELLAOPS_PLATFORM_URL": "https://platform.stella-ops.local",
|
||||
"STELLAOPS_ROUTER_URL": "https://router.stella-ops.local",
|
||||
"STELLAOPS_AUTHORITY_URL": "https://authority.stella-ops.local",
|
||||
"STELLAOPS_GATEWAY_URL": "https://gateway.stella-ops.local",
|
||||
"STELLAOPS_GATEWAY_URL": "https://router.stella-ops.local",
|
||||
"STELLAOPS_ATTESTOR_URL": "https://attestor.stella-ops.local",
|
||||
"STELLAOPS_EVIDENCELOCKER_URL": "https://evidencelocker.stella-ops.local",
|
||||
"STELLAOPS_SCANNER_URL": "https://scanner.stella-ops.local",
|
||||
|
||||
@@ -16,7 +16,6 @@ public sealed class PlatformHealthService
|
||||
private static readonly string[] ServiceNames =
|
||||
{
|
||||
"authority",
|
||||
"gateway",
|
||||
"orchestrator",
|
||||
"policy",
|
||||
"scanner",
|
||||
|
||||
@@ -16,7 +16,6 @@ public sealed class PlatformQuotaService
|
||||
{
|
||||
private static readonly PlatformQuotaDefinition[] Quotas =
|
||||
{
|
||||
new("gateway.requests", "tenant", "requests", 100000m, 23000m, "month", "gateway"),
|
||||
new("orchestrator.jobs", "tenant", "jobs", 1000m, 120m, "day", "orchestrator"),
|
||||
new("storage.evidence", "tenant", "gb", 5000m, 2400m, "month", "storage")
|
||||
};
|
||||
|
||||
@@ -152,7 +152,6 @@
|
||||
{ "Type": "ReverseProxy", "Path": "/jwks", "TranslatesTo": "http://authority.stella-ops.local/jwks", "PreserveAuthHeaders": true },
|
||||
{ "Type": "ReverseProxy", "Path": "/authority", "TranslatesTo": "http://authority.stella-ops.local/authority", "PreserveAuthHeaders": true },
|
||||
{ "Type": "ReverseProxy", "Path": "/console", "TranslatesTo": "http://authority.stella-ops.local/console", "PreserveAuthHeaders": true },
|
||||
{ "Type": "ReverseProxy", "Path": "/gateway", "TranslatesTo": "http://gateway.stella-ops.local" },
|
||||
{ "Type": "ReverseProxy", "Path": "/scanner", "TranslatesTo": "http://scanner.stella-ops.local" },
|
||||
{ "Type": "ReverseProxy", "Path": "/policyGateway", "TranslatesTo": "http://policy-gateway.stella-ops.local" },
|
||||
{ "Type": "ReverseProxy", "Path": "/policyEngine", "TranslatesTo": "http://policy-engine.stella-ops.local" },
|
||||
|
||||
@@ -8,7 +8,7 @@ public sealed class SignalsRouterEventsOptions
|
||||
/// <summary>
|
||||
/// Base URL for the StellaOps Router gateway (HTTP ingress).
|
||||
/// </summary>
|
||||
public string BaseUrl { get; set; } = "https://gateway.stella-ops.local";
|
||||
public string BaseUrl { get; set; } = "https://router.stella-ops.local";
|
||||
|
||||
/// <summary>
|
||||
/// Relative path that receives fact update envelopes.
|
||||
|
||||
@@ -39,7 +39,7 @@ describe('AppConfigService', () => {
|
||||
const config: AppConfig = {
|
||||
...minimalConfig,
|
||||
apiBaseUrls: {
|
||||
gateway: 'http://gateway.stella-ops.local',
|
||||
gateway: 'http://router.stella-ops.local',
|
||||
scanner: 'http://scanner.stella-ops.local',
|
||||
policy: 'http://policy-gateway.stella-ops.local',
|
||||
concelier: 'http://concelier.stella-ops.local',
|
||||
@@ -51,7 +51,7 @@ describe('AppConfigService', () => {
|
||||
|
||||
service.setConfigForTesting(config);
|
||||
|
||||
expect(service.config.apiBaseUrls.gateway).toBe('/gateway');
|
||||
expect(service.config.apiBaseUrls.gateway).toBe('');
|
||||
expect(service.config.apiBaseUrls.scanner).toBe('/scanner');
|
||||
expect(service.config.apiBaseUrls.policy).toBe('/policy');
|
||||
expect(service.config.apiBaseUrls.concelier).toBe('/concelier');
|
||||
|
||||
Reference in New Issue
Block a user