Skip to content

Commit

Permalink
Merge pull request #4 from yaacov/use-minimal-image
Browse files Browse the repository at this point in the history
Use minimal ubi image
  • Loading branch information
yaacov authored Oct 22, 2023
2 parents 53958c6 + 3b84da3 commit 82f3b86
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 34 deletions.
7 changes: 5 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Use the official Python image as the base image
FROM registry.access.redhat.com/ubi9/python-311
# Use the official ubi minimal base image
FROM registry.access.redhat.com/ubi9/ubi-minimal

# Install python
RUN microdnf install python -y

# Set environment variables
ENV LISTEN_ADDRESS=0.0.0.0
Expand Down
42 changes: 14 additions & 28 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,10 @@ Set up a `kind` Kubernetes cluster if you want to run the server in a cluster en

### Run the Server

#### To run the getpublickey server:
#### To run the getpublickey locally:

```bash
python ./src/getpublickey.py
python ./src/getpublickey.py --help
```

#### Optional Flags:
Expand All @@ -95,42 +95,38 @@ python ./src/getpublickey.py --port 8080
python ./src/getpublickey.py --listen 192.168.1.100
```

--tls-key and --tls-cert: Point to files containing the server PEM certs. (Default are key.pem and cert.pem)
--tls-key and --tls-cert: Point to files containing the server PEM certs. (Default are tls.key and tls.crt)

```bash
python ./src/getpublickey.py --tls-key /path/to/yourkey.pem --tls-cert /path/to/yourcert.pem
python ./src/getpublickey.py --tls-key certs/tls.key --tls-cert certs/tls.crt
```

#### Generate Local Self-Signed Certificates for Testing:

```bash
openssl req -x509 -newkey rsa:4096 -keyout tls.key -out tls.crt -days 365 -nodes
mkdir certs
openssl req -x509 -newkey rsa:4096 -keyout certs/tls.key -out certs/tls.crt -days 365 -nodes
```

> [!NOTE]
> This will create a certs directory with two files: `tls.key` (the private key) and `tls.crt` (the certificate).
### Access the API

With the server up and running, you can access the API to retrieve public keys. Use the `curl` CLI utility:

```bash
curl -k -G https://127.0.0.1:8443/ --data 'url=example.com:443/boards'
curl -k -G https://127.0.0.1:8443/ --data 'url=github.com'
```

Replace the `url` parameter value with the desired server's URL from which you want to retrieve the public key.
> [!NOTE]
> Replace the `url` parameter value with the desired server's URL from which you want to retrieve the public key.

### Run Using Container

#### Generating Self-Signed Certificates for Testing

Before running the container, if you need self-signed certificates for testing, you can generate them using the following commands:

```bash
mkdir certs
openssl req -x509 -newkey rsa:4096 -keyout certs/tls.key -out certs/tls.crt -days 365 -nodes
```

This will create a certs directory with two files: `tls.key` (the private key) and `tls.crt` (the certificate).

#### Building the Container Image with Podman

To build the container image using Podman:
Expand Down Expand Up @@ -167,7 +163,7 @@ To deploy and run the `getpublickey` server on a Kubernetes cluster, follow the
Ensure you have `kubectl` installed and properly configured to communicate with your cluster.
You need permissions to create new `namespaces` and `deployments` on the cluster.

#### Deployment
#### Deploy the service on a remote Kubernetes cluster

- Log in to the cluster:
Ensure you're logged into your Kubernetes cluster with the necessary permissions.
Expand All @@ -194,7 +190,7 @@ After running the command, ensure that the deployment is successful and the pods
kubectl get pods -n konveyor-forklift
```

#### Accessing the Service
#### Accessing the Service when running inside a Kubernetes cluster

The `getpublickey` service is exposed within the cluster under the `konveyor-forklift` namespace on port 8443.

Expand All @@ -207,13 +203,3 @@ Run the following command to forward port 8443 from the service to port 8443 on
```bash
kubectl port-forward svc/getpublickey 8443:8443 -n konveyor-forklift
```

##### Access the Service:

With the port forwarding in place, you can access the service on your local machine by navigating to:

```arduino
https://localhost:8443/url=www.google.com
```

Note: Since we're using self-signed certificates, your browser might display a warning about the site's security. You can proceed to view the site.
8 changes: 4 additions & 4 deletions src/getpublickey.py
Original file line number Diff line number Diff line change
Expand Up @@ -128,13 +128,13 @@ def run_cli(url):
)
parser.add_argument(
"--tls-key",
default="key.pem",
help="Path to the TLS key file for HTTPS (default key.pem)",
default="tls.key",
help="Path to the TLS key file for HTTPS (default tls.key)",
)
parser.add_argument(
"--tls-crt",
default="cert.pem",
help="Path to the TLS certificate file for HTTPS (default cert.pem)",
default="tls.crt",
help="Path to the TLS certificate file for HTTPS (default tls.crt)",
)
parser.add_argument("--url", help="URL to use in the CLI (optional)")

Expand Down

0 comments on commit 82f3b86

Please sign in to comment.