Add https to porter test image

pull/6/head
Jordan Liggitt 2015-10-01 22:31:02 -04:00
parent 1b7e52edb4
commit 1d1d7bb145
7 changed files with 82 additions and 10 deletions

View File

@ -14,5 +14,7 @@
FROM scratch
MAINTAINER Daniel Smith <dbsmith@google.com>
ADD localhost.crt localhost.crt
ADD localhost.key localhost.key
ADD porter porter
ENTRYPOINT ["/porter"]

View File

@ -6,27 +6,24 @@
# `make push` will push the container-- you must supply a tag.
REPO ?= gcr.io/google_containers
SUGGESTED_TAG = $(shell git rev-parse --verify HEAD)
porter: porter.go
CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' ./porter.go
.tag: porter
md5sum porter | cut -d " " -f 1 > .tag
tag: .tag
@echo "Suggest using TAG=$(shell cat .tag)"
@echo "$$ make container TAG=$(shell cat .tag)"
tag:
@echo "If all relevant changes are committed, suggest using TAG=$(SUGGESTED_TAG)"
@echo "$$ make container TAG=$(SUGGESTED_TAG)"
@echo "or"
@echo "$$ make push TAG=$(shell cat .tag)"
@echo "$$ make push TAG=$(SUGGESTED_TAG)"
container:
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion))
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion))
docker build -t $(REPO)/porter:$(TAG) .
push:
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion))
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion))
gcloud docker push $(REPO)/porter:$(TAG)
clean:
rm -f porter
rm -f .tag

View File

@ -1,5 +1,12 @@
This directory contains go source, Dockerfile and Makefile for making a test
container which serves requested data on ports specified in ENV variables.
The included localhost.crt is a PEM-encoded TLS cert with SAN IPs
"127.0.0.1" and "[::1]", expiring at the last second of 2049 (the end
of ASN.1 time), generated from src/crypto/tls:
go run generate_cert.go --rsa-bits 512 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
To use a different cert/key, mount them into the pod and set the
CERT_FILE and KEY_FILE environment variables to the desired paths.
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/test/images/porter/README.md?pixel)]()

View File

@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBdzCCASOgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD
bzAeFw03MDAxMDEwMDAwMDBaFw00OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAoTB0Fj
bWUgQ28wWjALBgkqhkiG9w0BAQEDSwAwSAJBAN55NcYKZeInyTuhcCwFMhDHCmwa
IUSdtXdcbItRB/yfXGBhiex00IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEA
AaNoMGYwDgYDVR0PAQH/BAQDAgCkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud
EwEB/wQFMAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAA
AAAAAAAAAAAAAAEwCwYJKoZIhvcNAQEFA0EAAoQn/ytgqpiLcZu9XKbCJsJcvkgk
Se6AbGXgSlq+ZCEVo0qIwSgeBqmsJxUu7NCSOwVJLYNEBO2DtIxoYVk+MA==
-----END CERTIFICATE-----

View File

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAN55NcYKZeInyTuhcCwFMhDHCmwaIUSdtXdcbItRB/yfXGBhiex0
0IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEAAQJBAQdUx66rfh8sYsgfdcvV
NoafYpnEcB5s4m/vSVe6SU7dCK6eYec9f9wpT353ljhDUHq3EbmE4foNzJngh35d
AekCIQDhRQG5Li0Wj8TM4obOnnXUXf1jRv0UkzE9AHWLG5q3AwIhAPzSjpYUDjVW
MCUXgckTpKCuGwbJk7424Nb8bLzf3kllAiA5mUBgjfr/WtFSJdWcPQ4Zt9KTMNKD
EUO0ukpTwEIl6wIhAMbGqZK3zAAFdq8DD2jPx+UJXnh0rnOkZBzDtJ6/iN69AiEA
1Aq8MJgTaYsDQWyU/hDq5YkDJc9e9DSCvUIzqxQWMQE=
-----END RSA PRIVATE KEY-----

View File

@ -17,6 +17,22 @@
{
"name": "SERVE_PORT_81",
"value": "<html><head></head><body><a href=\"/rewriteme\">rewritten link</a></body></html>"
},
{
"name": "SERVE_TLS_PORT_443",
"value": "tls foo"
},
{
"name": "SERVE_TLS_PORT_444",
"value": "<html><head></head><body><a href=\"/tls-rewriteme\">tls rewritten link</a></body></html>"
},
{
"name": "CERT_FILE",
"value": "/localhost.crt"
},
{
"name": "KEY_FILE",
"value": "/localhost.key"
}
],
"ports": [
@ -27,6 +43,14 @@
{
"name": "p81",
"containerPort": 81
},
{
"name": "p443",
"containerPort": 443
},
{
"name": "p444",
"containerPort": 444
}
]
}

View File

@ -30,6 +30,7 @@ import (
)
const prefix = "SERVE_PORT_"
const tlsPrefix = "SERVE_TLS_PORT_"
func main() {
for _, vk := range os.Environ() {
@ -43,6 +44,10 @@ func main() {
port := strings.TrimPrefix(key, prefix)
go servePort(port, value)
}
if strings.HasPrefix(key, tlsPrefix) {
port := strings.TrimPrefix(key, tlsPrefix)
go serveTLSPort(port, value)
}
}
select {}
@ -57,3 +62,21 @@ func servePort(port, value string) {
}
log.Printf("server on port %q failed: %v", port, s.ListenAndServe())
}
func serveTLSPort(port, value string) {
s := &http.Server{
Addr: "0.0.0.0:" + port,
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, value)
}),
}
certFile := os.Getenv("CERT_FILE")
if len(certFile) == 0 {
certFile = "localhost.crt"
}
keyFile := os.Getenv("KEY_FILE")
if len(keyFile) == 0 {
keyFile = "localhost.key"
}
log.Printf("tls server on port %q with certFile=%q, keyFile=%q failed: %v", port, certFile, keyFile, s.ListenAndServeTLS(certFile, keyFile))
}