This repository contains the code used to build a container containing the base operating system and tools that are required by all Linux resources.
The current process uses the `phusion/baseimage' docker image as the base image and will then configure the following tools and services in the container:
- Consul - Provides service discovery for the environment as well as a distributed key-value store.
- Consul-Template - Renders template files based on
information stored in the
Consul
key-value store and the Vault secret store. - OpenTelemetry - OpenTelemetry is a collection of tools, APIs, and SDKs. You use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analysis in order to understand your software's performance and behavior.
- Syslog-ng - Captures logs send to the syslog stream and stores them both locally and forwards them onto the central log storage server.
- Telegraf - Captures metrics for the resource and forwards them onto the time series database for storage and processing.
- Unbound - A local DNS resolver to allow resolving DNS requests via Consul for the environment specific requests and external DNS servers for all other requests.
- Configurations for
Consul
andUnbound
should be provided via the a mounted directory. All other services and applications should obtain their configuration viaConsul-Template
and theConsul
key-value store.
For provisoning the unbound configuration file can be mounted on the /etc/unbound.d/unbound_zones.conf
Consul can be configured by providing environment variables and mounting the Consul CA bundle on /etc/consul/conf.d/certs/bundle.crt
. The environment variables for Consul are:
CONSUL_BIND_INTERFACE
- The name of the interface for the Consul bind addressCONSUL_CLIENT_INTERFACE
- The name of the interface on which Consul should bind the clientsCONSUL_DATACENTER_NAME
- The name of the Consul datacenterCONSUL_DOMAIN_NAME
- The name of the Consul domainCONSUL_SERVER_IPS
- The semi-colon separated list of Consul server IP addressesCONSUL_ENCRYPT
- The Consul encrypt key
Logs are collected via Syslog-ng.
Metrics are collected through different means.
- Metrics for Consul are collected by Consul sending StatsD metrics to Telegraf.
- Metrics for Unbound are collected by Telegraf pulling the metrics.
- System metrics, e.g. CPU, disk, network and memory usage, are collected by Telegraf.
The build process follows the standard procedure for building Calvinverse images.
msbuild entrypoint.msbuild /t:build
The base image should never be deployed to live running infrastructure hence it will not be needing deploy information.