mirror of https://github.com/k3s-io/k3s
Add https to porter test image
parent
1b7e52edb4
commit
1d1d7bb145
|
@ -14,5 +14,7 @@
|
|||
|
||||
FROM scratch
|
||||
MAINTAINER Daniel Smith <dbsmith@google.com>
|
||||
ADD localhost.crt localhost.crt
|
||||
ADD localhost.key localhost.key
|
||||
ADD porter porter
|
||||
ENTRYPOINT ["/porter"]
|
||||
|
|
|
@ -6,27 +6,24 @@
|
|||
# `make push` will push the container-- you must supply a tag.
|
||||
|
||||
REPO ?= gcr.io/google_containers
|
||||
SUGGESTED_TAG = $(shell git rev-parse --verify HEAD)
|
||||
|
||||
porter: porter.go
|
||||
CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' ./porter.go
|
||||
|
||||
.tag: porter
|
||||
md5sum porter | cut -d " " -f 1 > .tag
|
||||
|
||||
tag: .tag
|
||||
@echo "Suggest using TAG=$(shell cat .tag)"
|
||||
@echo "$$ make container TAG=$(shell cat .tag)"
|
||||
tag:
|
||||
@echo "If all relevant changes are committed, suggest using TAG=$(SUGGESTED_TAG)"
|
||||
@echo "$$ make container TAG=$(SUGGESTED_TAG)"
|
||||
@echo "or"
|
||||
@echo "$$ make push TAG=$(shell cat .tag)"
|
||||
@echo "$$ make push TAG=$(SUGGESTED_TAG)"
|
||||
|
||||
container:
|
||||
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion))
|
||||
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion))
|
||||
docker build -t $(REPO)/porter:$(TAG) .
|
||||
|
||||
push:
|
||||
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion))
|
||||
$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion))
|
||||
gcloud docker push $(REPO)/porter:$(TAG)
|
||||
|
||||
clean:
|
||||
rm -f porter
|
||||
rm -f .tag
|
||||
|
|
|
@ -1,5 +1,12 @@
|
|||
This directory contains go source, Dockerfile and Makefile for making a test
|
||||
container which serves requested data on ports specified in ENV variables.
|
||||
|
||||
The included localhost.crt is a PEM-encoded TLS cert with SAN IPs
|
||||
"127.0.0.1" and "[::1]", expiring at the last second of 2049 (the end
|
||||
of ASN.1 time), generated from src/crypto/tls:
|
||||
go run generate_cert.go --rsa-bits 512 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
|
||||
|
||||
To use a different cert/key, mount them into the pod and set the
|
||||
CERT_FILE and KEY_FILE environment variables to the desired paths.
|
||||
|
||||
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/test/images/porter/README.md?pixel)]()
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBdzCCASOgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD
|
||||
bzAeFw03MDAxMDEwMDAwMDBaFw00OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAoTB0Fj
|
||||
bWUgQ28wWjALBgkqhkiG9w0BAQEDSwAwSAJBAN55NcYKZeInyTuhcCwFMhDHCmwa
|
||||
IUSdtXdcbItRB/yfXGBhiex00IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEA
|
||||
AaNoMGYwDgYDVR0PAQH/BAQDAgCkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAA
|
||||
AAAAAAAAAAAAAAEwCwYJKoZIhvcNAQEFA0EAAoQn/ytgqpiLcZu9XKbCJsJcvkgk
|
||||
Se6AbGXgSlq+ZCEVo0qIwSgeBqmsJxUu7NCSOwVJLYNEBO2DtIxoYVk+MA==
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIBPAIBAAJBAN55NcYKZeInyTuhcCwFMhDHCmwaIUSdtXdcbItRB/yfXGBhiex0
|
||||
0IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEAAQJBAQdUx66rfh8sYsgfdcvV
|
||||
NoafYpnEcB5s4m/vSVe6SU7dCK6eYec9f9wpT353ljhDUHq3EbmE4foNzJngh35d
|
||||
AekCIQDhRQG5Li0Wj8TM4obOnnXUXf1jRv0UkzE9AHWLG5q3AwIhAPzSjpYUDjVW
|
||||
MCUXgckTpKCuGwbJk7424Nb8bLzf3kllAiA5mUBgjfr/WtFSJdWcPQ4Zt9KTMNKD
|
||||
EUO0ukpTwEIl6wIhAMbGqZK3zAAFdq8DD2jPx+UJXnh0rnOkZBzDtJ6/iN69AiEA
|
||||
1Aq8MJgTaYsDQWyU/hDq5YkDJc9e9DSCvUIzqxQWMQE=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -17,6 +17,22 @@
|
|||
{
|
||||
"name": "SERVE_PORT_81",
|
||||
"value": "<html><head></head><body><a href=\"/rewriteme\">rewritten link</a></body></html>"
|
||||
},
|
||||
{
|
||||
"name": "SERVE_TLS_PORT_443",
|
||||
"value": "tls foo"
|
||||
},
|
||||
{
|
||||
"name": "SERVE_TLS_PORT_444",
|
||||
"value": "<html><head></head><body><a href=\"/tls-rewriteme\">tls rewritten link</a></body></html>"
|
||||
},
|
||||
{
|
||||
"name": "CERT_FILE",
|
||||
"value": "/localhost.crt"
|
||||
},
|
||||
{
|
||||
"name": "KEY_FILE",
|
||||
"value": "/localhost.key"
|
||||
}
|
||||
],
|
||||
"ports": [
|
||||
|
@ -27,6 +43,14 @@
|
|||
{
|
||||
"name": "p81",
|
||||
"containerPort": 81
|
||||
},
|
||||
{
|
||||
"name": "p443",
|
||||
"containerPort": 443
|
||||
},
|
||||
{
|
||||
"name": "p444",
|
||||
"containerPort": 444
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@ import (
|
|||
)
|
||||
|
||||
const prefix = "SERVE_PORT_"
|
||||
const tlsPrefix = "SERVE_TLS_PORT_"
|
||||
|
||||
func main() {
|
||||
for _, vk := range os.Environ() {
|
||||
|
@ -43,6 +44,10 @@ func main() {
|
|||
port := strings.TrimPrefix(key, prefix)
|
||||
go servePort(port, value)
|
||||
}
|
||||
if strings.HasPrefix(key, tlsPrefix) {
|
||||
port := strings.TrimPrefix(key, tlsPrefix)
|
||||
go serveTLSPort(port, value)
|
||||
}
|
||||
}
|
||||
|
||||
select {}
|
||||
|
@ -57,3 +62,21 @@ func servePort(port, value string) {
|
|||
}
|
||||
log.Printf("server on port %q failed: %v", port, s.ListenAndServe())
|
||||
}
|
||||
|
||||
func serveTLSPort(port, value string) {
|
||||
s := &http.Server{
|
||||
Addr: "0.0.0.0:" + port,
|
||||
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprint(w, value)
|
||||
}),
|
||||
}
|
||||
certFile := os.Getenv("CERT_FILE")
|
||||
if len(certFile) == 0 {
|
||||
certFile = "localhost.crt"
|
||||
}
|
||||
keyFile := os.Getenv("KEY_FILE")
|
||||
if len(keyFile) == 0 {
|
||||
keyFile = "localhost.key"
|
||||
}
|
||||
log.Printf("tls server on port %q with certFile=%q, keyFile=%q failed: %v", port, certFile, keyFile, s.ListenAndServeTLS(certFile, keyFile))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue