Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use minimal ubi image #4

Merged
merged 1 commit into from
Oct 22, 2023
Merged

Use minimal ubi image #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Use the official Python image as the base image
FROM registry.access.redhat.com/ubi9/python-311
# Use the official ubi minimal base image
FROM registry.access.redhat.com/ubi9/ubi-minimal

# Install python
RUN microdnf install python -y

# Set environment variables
ENV LISTEN_ADDRESS=0.0.0.0
Expand Down
42 changes: 14 additions & 28 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,10 @@ Set up a `kind` Kubernetes cluster if you want to run the server in a cluster en

### Run the Server

#### To run the getpublickey server:
#### To run the getpublickey locally:

```bash
python ./src/getpublickey.py
python ./src/getpublickey.py --help
```

#### Optional Flags:
Expand All @@ -95,42 +95,38 @@ python ./src/getpublickey.py --port 8080
python ./src/getpublickey.py --listen 192.168.1.100
```

--tls-key and --tls-cert: Point to files containing the server PEM certs. (Default are key.pem and cert.pem)
--tls-key and --tls-cert: Point to files containing the server PEM certs. (Default are tls.key and tls.crt)

```bash
python ./src/getpublickey.py --tls-key /path/to/yourkey.pem --tls-cert /path/to/yourcert.pem
python ./src/getpublickey.py --tls-key certs/tls.key --tls-cert certs/tls.crt
```

#### Generate Local Self-Signed Certificates for Testing:

```bash
openssl req -x509 -newkey rsa:4096 -keyout tls.key -out tls.crt -days 365 -nodes
mkdir certs
openssl req -x509 -newkey rsa:4096 -keyout certs/tls.key -out certs/tls.crt -days 365 -nodes
```

> [!NOTE]
> This will create a certs directory with two files: `tls.key` (the private key) and `tls.crt` (the certificate).

### Access the API

With the server up and running, you can access the API to retrieve public keys. Use the `curl` CLI utility:

```bash
curl -k -G https://127.0.0.1:8443/ --data 'url=example.com:443/boards'
curl -k -G https://127.0.0.1:8443/ --data 'url=github.com'
```

Replace the `url` parameter value with the desired server's URL from which you want to retrieve the public key.
> [!NOTE]
> Replace the `url` parameter value with the desired server's URL from which you want to retrieve the public key.


### Run Using Container

#### Generating Self-Signed Certificates for Testing

Before running the container, if you need self-signed certificates for testing, you can generate them using the following commands:

```bash
mkdir certs
openssl req -x509 -newkey rsa:4096 -keyout certs/tls.key -out certs/tls.crt -days 365 -nodes
```

This will create a certs directory with two files: `tls.key` (the private key) and `tls.crt` (the certificate).

#### Building the Container Image with Podman

To build the container image using Podman:
Expand Down Expand Up @@ -167,7 +163,7 @@ To deploy and run the `getpublickey` server on a Kubernetes cluster, follow the
Ensure you have `kubectl` installed and properly configured to communicate with your cluster.
You need permissions to create new `namespaces` and `deployments` on the cluster.

#### Deployment
#### Deploy the service on a remote Kubernetes cluster

- Log in to the cluster:
Ensure you're logged into your Kubernetes cluster with the necessary permissions.
Expand All @@ -194,7 +190,7 @@ After running the command, ensure that the deployment is successful and the pods
kubectl get pods -n konveyor-forklift
```

#### Accessing the Service
#### Accessing the Service when running inside a Kubernetes cluster

The `getpublickey` service is exposed within the cluster under the `konveyor-forklift` namespace on port 8443.

Expand All @@ -207,13 +203,3 @@ Run the following command to forward port 8443 from the service to port 8443 on
```bash
kubectl port-forward svc/getpublickey 8443:8443 -n konveyor-forklift
```

##### Access the Service:

With the port forwarding in place, you can access the service on your local machine by navigating to:

```arduino
https://localhost:8443/url=www.google.com
```

Note: Since we're using self-signed certificates, your browser might display a warning about the site's security. You can proceed to view the site.
8 changes: 4 additions & 4 deletions src/getpublickey.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,13 +128,13 @@ def run_cli(url):
)
parser.add_argument(
"--tls-key",
default="key.pem",
help="Path to the TLS key file for HTTPS (default key.pem)",
default="tls.key",
help="Path to the TLS key file for HTTPS (default tls.key)",
)
parser.add_argument(
"--tls-crt",
default="cert.pem",
help="Path to the TLS certificate file for HTTPS (default cert.pem)",
default="tls.crt",
help="Path to the TLS certificate file for HTTPS (default tls.crt)",
)
parser.add_argument("--url", help="URL to use in the CLI (optional)")

Expand Down
Loading