Merge pull request #14837 from liggitt/nettest_tls

Auto commit by PR queue bot

test/images/porter/Dockerfile

@@ -14,5 +14,7 @@
 
 FROM scratch
 MAINTAINER Daniel Smith <dbsmith@google.com>
+ADD localhost.crt localhost.crt
+ADD localhost.key localhost.key
 ADD porter porter
 ENTRYPOINT ["/porter"]

test/images/porter/Makefile

@@ -6,27 +6,24 @@
 # `make push` will push the container-- you must supply a tag.
 
 REPO ?= gcr.io/google_containers
+SUGGESTED_TAG = $(shell git rev-parse --verify HEAD)
 
 porter: porter.go
 	CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' ./porter.go
 
-.tag: porter
+tag:
-	md5sum porter | cut -d " " -f 1 > .tag
+	@echo "If all relevant changes are committed, suggest using TAG=$(SUGGESTED_TAG)"
-
+	@echo "$$ make container TAG=$(SUGGESTED_TAG)"
-tag: .tag
-	@echo "Suggest using TAG=$(shell cat .tag)"
-	@echo "$$ make container TAG=$(shell cat .tag)"
 	@echo "or"
-	@echo "$$ make push TAG=$(shell cat .tag)"
+	@echo "$$ make push TAG=$(SUGGESTED_TAG)"
 
 container:
-	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion))
+	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion))
 	docker build -t $(REPO)/porter:$(TAG) .
 
 push:
-	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion))
+	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion))
 	gcloud docker push $(REPO)/porter:$(TAG)
 
 clean:
 	rm -f porter
-	rm -f .tag

test/images/porter/README.md

@@ -1,5 +1,12 @@
 This directory contains go source, Dockerfile and Makefile for making a test
 container which serves requested data on ports specified in ENV variables.
 
+The included localhost.crt is a PEM-encoded TLS cert with SAN IPs
+"127.0.0.1" and "[::1]", expiring at the last second of 2049 (the end
+of ASN.1 time), generated from src/crypto/tls:
+go run generate_cert.go  --rsa-bits 512 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
+
+To use a different cert/key, mount them into the pod and set the 
+CERT_FILE and KEY_FILE environment variables to the desired paths.
 
 [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/test/images/porter/README.md?pixel)]()

test/images/porter/localhost.crt

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdzCCASOgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD
+bzAeFw03MDAxMDEwMDAwMDBaFw00OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAoTB0Fj
+bWUgQ28wWjALBgkqhkiG9w0BAQEDSwAwSAJBAN55NcYKZeInyTuhcCwFMhDHCmwa
+IUSdtXdcbItRB/yfXGBhiex00IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEA
+AaNoMGYwDgYDVR0PAQH/BAQDAgCkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud
+EwEB/wQFMAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAA
+AAAAAAAAAAAAAAEwCwYJKoZIhvcNAQEFA0EAAoQn/ytgqpiLcZu9XKbCJsJcvkgk
+Se6AbGXgSlq+ZCEVo0qIwSgeBqmsJxUu7NCSOwVJLYNEBO2DtIxoYVk+MA==
+-----END CERTIFICATE-----

test/images/porter/localhost.key

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAN55NcYKZeInyTuhcCwFMhDHCmwaIUSdtXdcbItRB/yfXGBhiex0
+0IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEAAQJBAQdUx66rfh8sYsgfdcvV
+NoafYpnEcB5s4m/vSVe6SU7dCK6eYec9f9wpT353ljhDUHq3EbmE4foNzJngh35d
+AekCIQDhRQG5Li0Wj8TM4obOnnXUXf1jRv0UkzE9AHWLG5q3AwIhAPzSjpYUDjVW
+MCUXgckTpKCuGwbJk7424Nb8bLzf3kllAiA5mUBgjfr/WtFSJdWcPQ4Zt9KTMNKD
+EUO0ukpTwEIl6wIhAMbGqZK3zAAFdq8DD2jPx+UJXnh0rnOkZBzDtJ6/iN69AiEA
+1Aq8MJgTaYsDQWyU/hDq5YkDJc9e9DSCvUIzqxQWMQE=
+-----END RSA PRIVATE KEY-----

test/images/porter/pod.json

@@ -17,6 +17,22 @@
           {
             "name": "SERVE_PORT_81",
             "value": "<html><head></head><body><a href=\"/rewriteme\">rewritten link</a></body></html>"
+          },
+          {
+            "name": "SERVE_TLS_PORT_443",
+            "value": "tls foo"
+          },
+          {
+            "name": "SERVE_TLS_PORT_444",
+            "value": "<html><head></head><body><a href=\"/tls-rewriteme\">tls rewritten link</a></body></html>"
+          },
+          {
+          	"name": "CERT_FILE",
+          	"value": "/localhost.crt"
+          },
+          {
+          	"name": "KEY_FILE",
+          	"value": "/localhost.key"
           }
         ],
         "ports": [
@@ -27,6 +43,14 @@
           {
             "name": "p81",
             "containerPort": 81
+          },
+          {
+            "name": "p443",
+            "containerPort": 443
+          },
+          {
+            "name": "p444",
+            "containerPort": 444
           }
         ]
       }

test/images/porter/porter.go

@@ -30,6 +30,7 @@ import (
 )
 
 const prefix = "SERVE_PORT_"
+const tlsPrefix = "SERVE_TLS_PORT_"
 
 func main() {
 	for _, vk := range os.Environ() {
@@ -43,6 +44,10 @@ func main() {
 			port := strings.TrimPrefix(key, prefix)
 			go servePort(port, value)
 		}
+		if strings.HasPrefix(key, tlsPrefix) {
+			port := strings.TrimPrefix(key, tlsPrefix)
+			go serveTLSPort(port, value)
+		}
 	}
 
 	select {}
@@ -57,3 +62,21 @@ func servePort(port, value string) {
 	}
 	log.Printf("server on port %q failed: %v", port, s.ListenAndServe())
 }
+
+func serveTLSPort(port, value string) {
+	s := &http.Server{
+		Addr: "0.0.0.0:" + port,
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprint(w, value)
+		}),
+	}
+	certFile := os.Getenv("CERT_FILE")
+	if len(certFile) == 0 {
+		certFile = "localhost.crt"
+	}
+	keyFile := os.Getenv("KEY_FILE")
+	if len(keyFile) == 0 {
+		keyFile = "localhost.key"
+	}
+	log.Printf("tls server on port %q with certFile=%q, keyFile=%q failed: %v", port, certFile, keyFile, s.ListenAndServeTLS(certFile, keyFile))
+}