diff --git a/test/images/porter/Dockerfile b/test/images/porter/Dockerfile index 48a47c2877..5a60ba566c 100644 --- a/test/images/porter/Dockerfile +++ b/test/images/porter/Dockerfile @@ -14,5 +14,7 @@ FROM scratch MAINTAINER Daniel Smith +ADD localhost.crt localhost.crt +ADD localhost.key localhost.key ADD porter porter ENTRYPOINT ["/porter"] diff --git a/test/images/porter/Makefile b/test/images/porter/Makefile index 0cf8b82618..99cef22dda 100644 --- a/test/images/porter/Makefile +++ b/test/images/porter/Makefile @@ -6,27 +6,24 @@ # `make push` will push the container-- you must supply a tag. REPO ?= gcr.io/google_containers +SUGGESTED_TAG = $(shell git rev-parse --verify HEAD) porter: porter.go CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' ./porter.go -.tag: porter - md5sum porter | cut -d " " -f 1 > .tag - -tag: .tag - @echo "Suggest using TAG=$(shell cat .tag)" - @echo "$$ make container TAG=$(shell cat .tag)" +tag: + @echo "If all relevant changes are committed, suggest using TAG=$(SUGGESTED_TAG)" + @echo "$$ make container TAG=$(SUGGESTED_TAG)" @echo "or" - @echo "$$ make push TAG=$(shell cat .tag)" + @echo "$$ make push TAG=$(SUGGESTED_TAG)" container: - $(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion)) + $(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion)) docker build -t $(REPO)/porter:$(TAG) . push: - $(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion)) + $(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion)) gcloud docker push $(REPO)/porter:$(TAG) clean: rm -f porter - rm -f .tag diff --git a/test/images/porter/README.md b/test/images/porter/README.md index ddcad55e2a..d56e563ba0 100644 --- a/test/images/porter/README.md +++ b/test/images/porter/README.md @@ -1,5 +1,12 @@ This directory contains go source, Dockerfile and Makefile for making a test container which serves requested data on ports specified in ENV variables. +The included localhost.crt is a PEM-encoded TLS cert with SAN IPs +"127.0.0.1" and "[::1]", expiring at the last second of 2049 (the end +of ASN.1 time), generated from src/crypto/tls: +go run generate_cert.go --rsa-bits 512 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h + +To use a different cert/key, mount them into the pod and set the +CERT_FILE and KEY_FILE environment variables to the desired paths. [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/test/images/porter/README.md?pixel)]() diff --git a/test/images/porter/localhost.crt b/test/images/porter/localhost.crt new file mode 100644 index 0000000000..a644471239 --- /dev/null +++ b/test/images/porter/localhost.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdzCCASOgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD +bzAeFw03MDAxMDEwMDAwMDBaFw00OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAoTB0Fj +bWUgQ28wWjALBgkqhkiG9w0BAQEDSwAwSAJBAN55NcYKZeInyTuhcCwFMhDHCmwa +IUSdtXdcbItRB/yfXGBhiex00IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEA +AaNoMGYwDgYDVR0PAQH/BAQDAgCkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud +EwEB/wQFMAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAA +AAAAAAAAAAAAAAEwCwYJKoZIhvcNAQEFA0EAAoQn/ytgqpiLcZu9XKbCJsJcvkgk +Se6AbGXgSlq+ZCEVo0qIwSgeBqmsJxUu7NCSOwVJLYNEBO2DtIxoYVk+MA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/test/images/porter/localhost.key b/test/images/porter/localhost.key new file mode 100644 index 0000000000..d7f2b6d6c3 --- /dev/null +++ b/test/images/porter/localhost.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAN55NcYKZeInyTuhcCwFMhDHCmwaIUSdtXdcbItRB/yfXGBhiex0 +0IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEAAQJBAQdUx66rfh8sYsgfdcvV +NoafYpnEcB5s4m/vSVe6SU7dCK6eYec9f9wpT353ljhDUHq3EbmE4foNzJngh35d +AekCIQDhRQG5Li0Wj8TM4obOnnXUXf1jRv0UkzE9AHWLG5q3AwIhAPzSjpYUDjVW +MCUXgckTpKCuGwbJk7424Nb8bLzf3kllAiA5mUBgjfr/WtFSJdWcPQ4Zt9KTMNKD +EUO0ukpTwEIl6wIhAMbGqZK3zAAFdq8DD2jPx+UJXnh0rnOkZBzDtJ6/iN69AiEA +1Aq8MJgTaYsDQWyU/hDq5YkDJc9e9DSCvUIzqxQWMQE= +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/test/images/porter/pod.json b/test/images/porter/pod.json index 1b21be5f8e..894fc76a9a 100644 --- a/test/images/porter/pod.json +++ b/test/images/porter/pod.json @@ -17,6 +17,22 @@ { "name": "SERVE_PORT_81", "value": "rewritten link" + }, + { + "name": "SERVE_TLS_PORT_443", + "value": "tls foo" + }, + { + "name": "SERVE_TLS_PORT_444", + "value": "tls rewritten link" + }, + { + "name": "CERT_FILE", + "value": "/localhost.crt" + }, + { + "name": "KEY_FILE", + "value": "/localhost.key" } ], "ports": [ @@ -27,6 +43,14 @@ { "name": "p81", "containerPort": 81 + }, + { + "name": "p443", + "containerPort": 443 + }, + { + "name": "p444", + "containerPort": 444 } ] } diff --git a/test/images/porter/porter.go b/test/images/porter/porter.go index f80704383c..0e5c73c59c 100644 --- a/test/images/porter/porter.go +++ b/test/images/porter/porter.go @@ -30,6 +30,7 @@ import ( ) const prefix = "SERVE_PORT_" +const tlsPrefix = "SERVE_TLS_PORT_" func main() { for _, vk := range os.Environ() { @@ -43,6 +44,10 @@ func main() { port := strings.TrimPrefix(key, prefix) go servePort(port, value) } + if strings.HasPrefix(key, tlsPrefix) { + port := strings.TrimPrefix(key, tlsPrefix) + go serveTLSPort(port, value) + } } select {} @@ -57,3 +62,21 @@ func servePort(port, value string) { } log.Printf("server on port %q failed: %v", port, s.ListenAndServe()) } + +func serveTLSPort(port, value string) { + s := &http.Server{ + Addr: "0.0.0.0:" + port, + Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, value) + }), + } + certFile := os.Getenv("CERT_FILE") + if len(certFile) == 0 { + certFile = "localhost.crt" + } + keyFile := os.Getenv("KEY_FILE") + if len(keyFile) == 0 { + keyFile = "localhost.key" + } + log.Printf("tls server on port %q with certFile=%q, keyFile=%q failed: %v", port, certFile, keyFile, s.ListenAndServeTLS(certFile, keyFile)) +}