Skip to content

Commit

Permalink
Merge pull request #2 from yaacov/add-ci-examples
Browse files Browse the repository at this point in the history
Add ci example deployment
  • Loading branch information
yaacov authored Oct 16, 2023
2 parents bfabcd0 + 1ce5298 commit 021b557
Show file tree
Hide file tree
Showing 3 changed files with 137 additions and 5 deletions.
6 changes: 3 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
# Use the official Python image as the base image
FROM python:latest
FROM registry.access.redhat.com/ubi9/python-311

# Set environment variables
ENV LISTEN_ADDRESS=0.0.0.0
ENV LISTEN_PORT=443
ENV LISTEN_PORT=8443
ENV TLS_CERT_PATH=/var/run/secrets/getpublickey-serving-cert/tls.crt
ENV TLS_KEY_PATH=/var/run/secrets/getpublickey-serving-cert/tls.key

Expand All @@ -14,7 +14,7 @@ WORKDIR /app
COPY ./src/getpublickey.py /app/

# Expose the specified port
EXPOSE 443
EXPOSE 8443

# Command to run the server
CMD python ./getpublickey.py --listen $LISTEN_ADDRESS --port $LISTEN_PORT --tls-key $TLS_KEY_PATH --tls-crt $TLS_CERT_PATH
64 changes: 62 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -132,18 +132,78 @@ This command builds the container and tags it as `quay.io/kubev2v/getpublickey:l
Once the image is built, you can run it locally using the following command:

```bash
podman run -it -p 8443:443 -v $(pwd)/certs:/var/run/secrets/getpublickey-serving-cert:Z quay.io/kubev2v/getpublickey:latest
podman run -it -p 8443:8443 -v $(pwd)/certs:/var/run/secrets/getpublickey-serving-cert:Z quay.io/kubev2v/getpublickey:latest
```

This command:

- Maps port 8443 on the host to port 443 in the container.
- Maps port 8443 on the host to port 8443 in the container.
- Mounts the `certs` directory (with the self-signed certificates) to `/var/run/secrets/getpublickey-serving-cert` in the container.
- Uses the `:Z` option to ensure the mounted directory has the correct SELinux label.
- Runs the container image `quay.io/kubev2v/getpublickey:latest`.

After executing the command, your service should be accessible at `https://localhost:8443`.

### Running on a Kubernetes Cluster

To deploy and run the `getpublickey` server on a Kubernetes cluster, follow the steps below:

#### Prerequisites

Ensure you have `kubectl` installed and properly configured to communicate with your cluster.
You need permissions to create new `namespaces` and `deployments` on the cluster.

#### Deployment

- Log in to the cluster:
Ensure you're logged into your Kubernetes cluster with the necessary permissions.

- Deploy the Application:
Apply the provided deployment configuration:

```bash
kubectl apply -f ci/deployment.yaml
```

This command will perform the following actions:

- Create the `konveyor-forklift` namespace.
- Create a secret containing example PEM certification files.
- Deploy the `getpublickey` server.
- Create a service to expose the `getpublickey` server inside the cluster.

#### Verify Deployment:

After running the command, ensure that the deployment is successful and the pods are running:

```bash
kubectl get pods -n konveyor-forklift
```

#### Accessing the Service

The `getpublickey` service is exposed within the cluster under the `konveyor-forklift` namespace on port 8443.

To access the service from your local machine, you can use `kubectl` port-forward:

##### Port Forwarding:

Run the following command to forward port 8443 from the service to port 8443 on your local machine:

```bash
kubectl port-forward svc/getpublickey 8443:8443 -n konveyor-forklift
```

##### Access the Service:

With the port forwarding in place, you can access the service on your local machine by navigating to:

```arduino
https://localhost:8443/url=www.google.com
```

Note: Since we're using self-signed certificates, your browser might display a warning about the site's security. You can proceed to view the site.

## Contributing
We welcome contributions from the cybersecurity community! Whether you're interested in adding features, fixing bugs, or improving documentation, your contributions are valuable.

Expand Down
72 changes: 72 additions & 0 deletions ci/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
apiVersion: v1
kind: Namespace
metadata:
name: konveyor-forklift
---
apiVersion: v1
kind: Secret
metadata:
name: getpublickey-serving-cert
namespace: konveyor-forklift
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaVENDQTAyZ0F3SUJBZ0lVQnhiOG9UWjlrMm82WmlrQmtuZXYyYlhKTzg0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1FqRUxNQWtHQTFVRUJoTUNXRmd4RlRBVEJnTlZCQWNNREVSbFptRjFiSFFnUTJsMGVURWNNQm9HQTFVRQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNekV3TVRZd09ESXdNVEZhRncweU5ERXdNVFV3Ck9ESXdNVEZhTUVJeEN6QUpCZ05WQkFZVEFsaFlNUlV3RXdZRFZRUUhEQXhFWldaaGRXeDBJRU5wZEhreEhEQWEKQmdOVkJBb01FMFJsWm1GMWJIUWdRMjl0Y0dGdWVTQk1kR1F3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUUNxSlJwVGcyaFZ4WVEwTldBVUIrOXo2eGtLZFdMRTRSSzdhbUp3MVNDWkNSSnhVekJKCnQza1Q5RkVBQnN2VW9yKy9rdlVsQ1JQQWMzMjQ1aDZMb1hlMWRJUTFOMkxzdzU4MlFHaURaTGJXVG9YOWxnS0IKUmF6QmdxeDdPVis3Yy9YNnJoQ0VQc3ZhU2FJNHdrVGJ5U1ZzRUw3cDA4TlZqR1lwc0ErSFUweHBuRkg0SHpacwpMZXdkZHhVS2xPUHliSHRlazF4d3U0VEFZMHpYcXJ4NTZjYmVsaE40d3EzZzJyeE95VVlYOTc4S2dBY3h6NHBpCmdQdTNGdStVdnFpUFovRFQvdm1lMFg3MFdVMHJuNm9BMk0xSEw1Y2cyZnlqTVZzczZLTDNya1YzTnRnNng4dE4KcVhqU1BqeWtodjJ1OWhsV1g3Zi8waEtWK3BZRldicWU5eFFxQWNmTGhaZmd3M2RROEhpQVRETzVFUWxnaU5hTQpzVUxraFpCamdZNStld0p2akE4SGZpakwydjFaVFBMd010eEtLQUw4ZnR4NjF4ZWdUUWxqM21pY3EyVGtQQVZFClMxZTlpcXpQSmplUUtBNjVYeXdIQUs0d0hKOFFqVnZZYmpwWTdGenh5cTIvWlJZTVltUFAzSVBtQlNqQXBHSkUKOW9WRUsxTmlMTmtRQ3drWWFqeWlhYmJBbk5UdkZBaGZ3QTJ3MGZHZ210cmtJMENvTGpabTdpdHg2VW50TE1IbApIdFRieXlHNUp6d29aUXBQSFNlQjVXUTIyWXdoQ1BNWnpWckNLb1A1R2MxdmV5Ykp4ODNhcVpBRWw0dk0wSUY5CjM0a3dCT1hncnpkb29qY2djVlVYUUtFNnBQU1Q5SC9LVjdZa2c0aDk2SzMwVGNNdGtVdWFJTitNM1FJREFRQUIKbzFNd1VUQWRCZ05WSFE0RUZnUVVsWDV6SDZRVjN3alVYckFrOVloNWo5UXdkeDh3SHdZRFZSMGpCQmd3Rm9BVQpsWDV6SDZRVjN3alVYckFrOVloNWo5UXdkeDh3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQWdFQVhYb1doQ2h3emFGZDRpdkVSZjUvMWNDR2hNZ0hKRUhReUUyeXBjSWMzRS90TXRVdVo3c0UKY0dvYStYREdKTWtISTVmNWxtdWI3OGtMWHVoT3A4bk5JMEVINjB2SzBxRHhHaHI5aDNQdjJOTGJHK1FwNjg4MgpEVThneHFlcFFkRnlvSDhuLzhnWVc5cDVpNTFaQ1c2bzFVUE42MzdIcUE0bFRodW5uS0pvSjlMWitNdFV0U0c4CkVlK3p3TVlHODBmSFduV2pqc05ZZlRHZitWYkw2elUyRHJOSURlSGFueGZLYnlxM29NWE5aWWViL3FuWWdNbHIKVCthcWQrLzZib0FGVWlCYzY3S3ZXZmt1MTlzUDlHSzRlNC9lRXlSOW1VM1dZcTNhQ2UyZzloTTdzeFNhVTZxdwpIUXJudjBwUFQ3TVd2ZnJLVDJzUi9PUitXcU9lWkhJeW8yMktiTElHSmZZeGZVdUlVdE1SS25XYnFjZXhXdjROCjc0YU5LTWVwTEpVelRkTEdqdHNsWXBOc0lzOEYrYjlGUzJwSVBhQ0NpcVdmcGdQTW1EVVFlcjlobk5haWpYcisKdmtHUDJtSEt1TUhLT3ppNzByb3QvK1dLenJWWXVRRE8yY1BRWmhQYTkvMyt5VzFJLzBiUlFNWlIrNmFYTkwrbwpUQlhvR2RGbmR6VXRocG04bWYrMWUrNEhhKzl4a1ExVUhSbENVNWluM3ljWFAvR2pxdVlFQ2FXOWk4MHNTM2lkClNPaWRLaFVtTGJXRXhFNjdRU3BOWE45TEU2T1FVU1MwQjduVDFGV21GTjdrUzhWakxHOEJiQUFCU0xlSlgzM0wKQU8zYWc0ZjR3dkNSUjhnNmRqUkhFWWhOcFpXSm9Ga1FNdFdRMElqdFpnUlhZOE91by9GRUVzMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQ3FKUnBUZzJoVnhZUTAKTldBVUIrOXo2eGtLZFdMRTRSSzdhbUp3MVNDWkNSSnhVekJKdDNrVDlGRUFCc3ZVb3IrL2t2VWxDUlBBYzMyNAo1aDZMb1hlMWRJUTFOMkxzdzU4MlFHaURaTGJXVG9YOWxnS0JSYXpCZ3F4N09WKzdjL1g2cmhDRVBzdmFTYUk0CndrVGJ5U1ZzRUw3cDA4TlZqR1lwc0ErSFUweHBuRkg0SHpac0xld2RkeFVLbE9QeWJIdGVrMXh3dTRUQVkwelgKcXJ4NTZjYmVsaE40d3EzZzJyeE95VVlYOTc4S2dBY3h6NHBpZ1B1M0Z1K1V2cWlQWi9EVC92bWUwWDcwV1UwcgpuNm9BMk0xSEw1Y2cyZnlqTVZzczZLTDNya1YzTnRnNng4dE5xWGpTUGp5a2h2MnU5aGxXWDdmLzBoS1YrcFlGCldicWU5eFFxQWNmTGhaZmd3M2RROEhpQVRETzVFUWxnaU5hTXNVTGtoWkJqZ1k1K2V3SnZqQThIZmlqTDJ2MVoKVFBMd010eEtLQUw4ZnR4NjF4ZWdUUWxqM21pY3EyVGtQQVZFUzFlOWlxelBKamVRS0E2NVh5d0hBSzR3SEo4UQpqVnZZYmpwWTdGenh5cTIvWlJZTVltUFAzSVBtQlNqQXBHSkU5b1ZFSzFOaUxOa1FDd2tZYWp5aWFiYkFuTlR2CkZBaGZ3QTJ3MGZHZ210cmtJMENvTGpabTdpdHg2VW50TE1IbEh0VGJ5eUc1Snp3b1pRcFBIU2VCNVdRMjJZd2gKQ1BNWnpWckNLb1A1R2MxdmV5Ykp4ODNhcVpBRWw0dk0wSUY5MzRrd0JPWGdyemRvb2pjZ2NWVVhRS0U2cFBTVAo5SC9LVjdZa2c0aDk2SzMwVGNNdGtVdWFJTitNM1FJREFRQUJBb0lDQUFTQUFXSSt2Tk95bGFjMmdpNndIRi9aCjBwKzVoYjNrb0xUZTYzRHdoM0dFdStnalpjamlyQXZMRDhRTEZLT3dha0hoaG5wTzh5YkpQSVNzdkJkcXFJVTAKRlFzVFJwcUhKMVF0VlVENXVQR1NGMjU0T1RpOHVhK2tpblgzM29CUllOVndlblN2bnluMjAwT05DbnFGcDJlNQpudjJ3TnNwY2NaZElxM1hPSTRjODRJTjB6K0VCNjBJY1B0ZU9JemxBMnBmTEdLRjMvdHJYeFlDRUU0SzdSc3lSCm9PZUxhVU01TUhjays2V2I5OWJmUVZGMVJtNWZNRWtpRE5RYzlzMnBnaHB1bnFEYUNadzNnRzJzUmcxMUE4NDQKMlZacWJZbDR2MkNXQm82N3grVTU4M052NEFDb2dDUTZDOVhqZkJ6VWhYY0lzUS9OdVRySTZ6bURxMXZvOTYrRQpWWHExMzllUG5xTm51Z1J1eXhybUZZajJUQ0V3emhnTnFtQjE4R2RURWhOWGxJYTZUY1VvZmVBd1gzZDN5cmdtCmxCYmJjcVBsU0MvVGErSzVRb1VFT0dIaWljUUlMVVhwTW9uUUErdFF3ZkV5aUpBVVlwVTdkTzNVMys4MGk0djYKWmtKVUtodjN0TDgxNWk4Y0FJdGJUYmxscWFlTVdPQjZTcDhIWDB6dUhIL0Y0MTk3eVFyWGF0SjhsV2dGVXRZYQpGRlo5aVNtSjJWNUhRTmFwTzB2Vm9uWGJQOUZJSXgvZ1Nlam8vWWZLMWFsSlhYM3VBZ0FwR2pJYVdXZVhTUXRQClhkYmMxbE1VMjR4WHpEaEpZalhpbVFrTXZPOXJWTlplenpkaTJIa3hMMG9jZXZncmliQkNoVDVhT20xM0JMNjEKd3ZENGlQRU5sM2lIOTk1YldpNEJBb0lCQVFEZ2dqeWtJVzdCd25la2FzZ0NtZElHbzl3NDdBclVOTDhRQXk4OQpiL002bSt5bXh1N21YTkJIRG5wSTdMWHBudkdEVlA3WGRUSTVBNHFCTXdmd0tzZ3lUZU5YcXIrdXhZenNOOTVGCkhWUjRlNk1samwzOTJLTWdHbXF1N0dUM1ZCQzRaK0ZMRWZ4bW1IVmlyb3lLR1VLZVJTamliMlVuZkEwM0xmNm0KOHlMSzhrdFk5QU5EUVZNakI2QkM3eWZxb3F4bjlWYmdDdEhpdlJMRHJSaXFWL2k4WWt3WXBLMWxZOFAzLzkwUQpCWUV2SmpOMXJXaG9ZeGF2VkVub0VNQzdYQkYwZW5IOE9FYnhDU21ORGpJenBndm9hS2JaWGN6bjkwS2tVNFQ1ClZuSVRsWURVL3NtY25aNkc5K1VsbmZ3M2VwZXo0bHhWZG5ObVNtVm1uUGhWTW9IVkFvSUJBUURDQXI3VUZybkUKSTNkNGk0ZTVoWkVCcXZtQms0cjdGOTJlSnhTMk5RRGtiWER0a21PWXRUZ1gwVHR2TTRzaVVkV3gxb3E0SGlBUQpGYkdleU5remtsNGNocjNta2tMeVBKMG5EaGlzcVg2OGxTbEJvR3pQUGE1YjUxQWpTMmI4eTJ4WXBmMmhON1NNCksyK2VCbkY1RUlyUEdUL1MwOGRLcEJKQWZRVitSSm9qSUpEWnJqcHpMbGdqNVEwaDJrOTBnUFhuUXhpZHVDN3oKcmJUVkFWZk9LN3Y5NVNUMklhc2d4REZRZ1dNbE9ubmRRZ1crRzBscUhDMTl3bVVIamNjK3pLNnVZbWViUGJ5TQpybUpMbWRZYldyZ3J3SXE1bW1ta085RkU5dzQyU3hsZFZGWXhQNCtpS2dvcWtLUGJ3NFk3ZWJnb2FnOVdyUWRzCkh0NU9FYndaK05ycEFvSUJBR2pPSTRUelhvTHhSMnpudEVzU2g2czEzMTVyUW5yaHpMZXE1T2luVkVKdCs4RzMKYUZyOXhQVUcyeXNqNWFBVDVPYk1UTk5FRUpmeEFUMWpGemVVb1RScWk5Q25FeWlCYkZIeG1yOWsrOFBxNDdScQppNUl2Q2FlNDdVaVBibXJQUWFiMFI0WUY5Vy9uaUJUekt3UmsybWFNSHBQbU1MQ0lCcHRWeTJVZ1o0T2FMSFp3Ckl2M0lod2o1VEdVeXc4MlM5eXpvcVErWnZYVTlrbjdxVlhOZjhldnZiMXFwdFpCNVRFaC9sekVkZ0xzRCtFM2QKRDdwN1YyR3QxWHFTSjRiUGFnNllBcElkcTNCbU9KRnlxUmpYVVFQRHB2QWVDOFBWOTdSQ2tQYmMxaEF5WUp3TgovUXd4d0lsOU8rbWRvTm85VG9oWkNZV1Q4RGMyVDdQaFgwUldlYWtDZ2dFQkFJelNsVlU1RWFvTzNGOUJXRWtQCmJFdTdvTk92RnNoZmNGdWxubUVMWkJScVkvZnR0Q0ZhR05jZzVuVTNBcHpzcmFJaVNocU9zMU01aSszbmQ5RDUKUXhxTnF6VzdvS0JYNHZKQVJ5UzgrdU5EbWVpcTI1QXFBMjl1SFRzaE5pWDBPamEyZGIwWnhCR2lUYWgwb05UeApidkFZTWIyRVB6b3NrWnNCcElVY29vMHd6RE5WUmRQcEpjMFlLMG9SUG04Z1ZGMkMxRkZYS2ExeXZybUYrZ2dLCnNxLytMYkFDakVhQ1loRS9lWW5DUWthWjc3VW45VWZ5SUFzU21XYThRSTJTNEpCdm1TaVR6VktJR1kwcW9zREUKUHI1elNiNmpHRjgvbEF6dER3SFZ6Umx6YUFUalVBeXpXeUcrVDFIclFIblhSaGIvdFJhRERjb3JOYzJSRGVvRQpPbEVDZ2dFQkFKTmllWlExaEhUQ01USE5TZnI3Zmt1dllTS0tvd2ZQSUFyLzBVcEVjQlFJTEF5K2FkdmovMHZaCjRGY3VMZmtlMnpIcEx2VEJKdUc2V29MUWhnSi9xT3NkM0w5bkRYSzdNMjdaaUNnbkFwUk45QjhBNC91aVlINFAKYXBjakl1QzVCUmw1TldRU3kvNElPWSttR1pKK0FVM1o4MFZ4WWdRL3NGOEdHbFVJcjNxMi9OZHUrNXg3V1pJegpVcS95Q1pPR1lBK3MyR2R3bjEvRFRLTFJQYmxuVFcyMjJwMU9BMExyK3A5VWVVTzhxRHJHaDZzWmgvMFk4QW9uCjBPOHVnU3I3bmRVaXcrSVlNUnphWVdmV3E3akdvZWp6MGpHWmE0eHlJLzBuS1BXQnl5L2Z6b05KQW9rcWVqVjAKV2pINFFqZEl3UjJEd2tKQ0RNYUllamJXRFJtRHdVaz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: getpublickey
namespace: konveyor-forklift
labels:
app: getpublickey
spec:
replicas: 1
selector:
matchLabels:
app: getpublickey
template:
metadata:
labels:
app: getpublickey
spec:
volumes:
- name: getpublickey-serving-cert
secret:
secretName: getpublickey-serving-cert
containers:
- name: getpublickey
image: quay.io/kubev2v/getpublickey:latest
volumeMounts:
- name: getpublickey-serving-cert
mountPath: /var/run/secrets/getpublickey-serving-cert
ports:
- containerPort: 8443
protocol: TCP
imagePullPolicy: Always
command:
- python
- getpublickey.py
args:
- "--tls-key"
- "/var/run/secrets/getpublickey-serving-cert/tls.key"
- "--tls-crt"
- "/var/run/secrets/getpublickey-serving-cert/tls.crt"
---
apiVersion: v1
kind: Service
metadata:
name: getpublickey
namespace: konveyor-forklift
labels:
app: getpublickey
spec:
ports:
- name: 8443-tcp
protocol: TCP
port: 8443
targetPort: 8443
selector:
app: getpublickey
type: ClusterIP
sessionAffinity: None

0 comments on commit 021b557

Please sign in to comment.