Cadoles/bouncer
10
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 5 Wiki Activity

feat(k8s): use secret as shared source for admin private key
All checks were successful
Cadoles/bouncer/pipeline/head This commit looks good
Details

Browse Source
This commit is contained in:
wpetit
2024-03-28 15:53:40 +01:00
parent 35717429a2
commit 7de166765b
18 changed files with 351 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
misc/k8s/kustomization/base/resources/bouncer-admin/files/admin-key.json
View File

@ -1 +0,0 @@
{"d":"JuBw5OsGv3rPgVczxUgtJ6iUQ41LQu4Xpu-t8IKI_z8r-BZBlbndxidPmRlGZASLGL3rhY4qw6_ScFxakrMpCreO1RMU0kqtz--N48BXFnW5tEgr1voyyKP__bPssQNn6PgkoyAd11es7MEKlBff_DtGrcSkVRgU0zDZB-vIU0aNEIZPNw0icbYqc1u_QQNPpBU9cw6P33WHhzvfCVAkZKRszwznhiPM08n1vjpiA7e1kQ8a6OC4IFZBvohkmpmyOq1g1OLRABQ83YPCjGjCAejO-jEWkbLksp6rAl_YYpCvfBAjFV76JuZq4eh5IU82LsSfi3PGYBkhxWuLY779XQ","dp":"gljHOQowGK7fVn2DJizWtgRIDJuKpKnoX2PWNJUbm2WZwcEPZalAkxn7Y-w_reLVJZuRpfKEUMS-Tn3-CwI1ZjCHPqMPTXcoG0Pe2E-Z88jOs9lW4XSOASiiM980VIvkV1xCxDJkN3NsDFQ9j9kRGnKuMnsucCW3AKaU917hXNU","dq":"mqY19JcEBDnzS70_XkAsOKqPzemOScax66b-4N6zrsgeLVlRjHffY9uCAgBWzlxOidRdQN8q23ZJB4fqsKB2w00Iw7Jxx94IoAKGjKDT5iB48Y_kdKLAwSHRTXsqA9GG3po_H_JpP_EqX4TDBYtqQZuBD_tACP9HbLYMi_V2YU8","e":"AQAB","kty":"RSA","n":"sam0X0BGcuFwX8z3Wde8cv2o_zl6A9ghpkT0tCjw8qH3GNWrbAqzncSWdHBzoChBgAbuTOVs-ixYC0KeUhwFdc8Ul-jmKJWFaS8kIr3y4EH62-vLgMuIKfaxbsyUG6KMkJfnftge1jPO4ccddNej9msxcqTxu37dcgstutwtd6QkS9p5RrNbDBc8-Z7SQ4TuxJfP8msXRnCPJ-I44yszGdQF1Np2DXakJHVn8PBrDh3iSFwORw8jxNS4oS0OlBl5aSc0t5XkkaNcSU2a50SKts290w54fl6MPJ1sLnnznLy4uu37-nrfEUvqRLDZL9B1F82RM1dtLIIiN4gnSrMlpQ","p":"wOmFPhAT_wXWzMuwtEdYIer3-CiOWxFKpFL09eEJkJ29MIUchEaoiJaUAghqPxM48llfOVaUaLbFVxmo5U3fyjNMaP-nHMUBwojutykMK-gC2R3J4bQgFWfKbGSL7M7UsextAvpq9iiOuR0LNE-xTfCgPIxHVdPZskO3yx0DkjM","q":"68OGRb0tLRjb_PpkGctcSjEz_vvcyjzxGL-fn4_h4GCw98Xrj6Y4rZ4lfWWRSeDohSvdd-ICSlxvxkQOIOcA0H7jyJcBC0KDs4hX5BRGJNDri3QX0ry4_F1ptAdbfiFgQGqCfMRCr7L60Tfd_6tLczvny7eEBKQNGdj6dLfhgMc","qi":"DFwixyxUDf0REPLLa8hOKieRL95_AH9rbYWzStBOdSjKWra5l0reD6a4bbvAYvl0e8qCcRI6S8Nzpz0BYm4sJL7poVOnjxqvBY3Q9Ppf4Mq8lW39pOCJcqOHIvvYHsMjTC5uwp7Yg2p0GvxuUibbyNL1PXf6WZ_szVP_oSMrCXA"}

3
misc/k8s/kustomization/base/resources/bouncer-admin/files/config.yml
View File

@ -20,7 +20,7 @@ admin:
debug: false
auth:
issuer: http://127.0.0.1:8081
privateKey: /etc/bouncer/admin-key.json
privateKey: /var/lib/bouncer/admin-key.json
metrics:
enabled: true
endpoint: /.bouncer/metrics
@ -44,3 +44,4 @@ integrations:
enabled: true
writerTokenSecret: ${BOUNCER_WRITER_TOKEN_SECRET}
readerTokenSecret: ${BOUNCER_READER_TOKEN_SECRET}
privateKeySecret: ${BOUNCER_PRIVATE_KEY_SECRET}

2
misc/k8s/kustomization/base/resources/bouncer-admin/kustomization.yaml
View File

@ -10,10 +10,10 @@ configMapGenerator:
- name: bouncer-admin-config
files:
- ./files/config.yml
- ./files/admin-key.json
- name: bouncer-admin-bootstrap
- name: bouncer-admin-env
literals:
- BOUNCER_LOG_LEVEL=2
- BOUNCER_WRITER_TOKEN_SECRET=bouncer-admin-writer-token
- BOUNCER_READER_TOKEN_SECRET=bouncer-admin-reader-token
- BOUNCER_PRIVATE_KEY_SECRET=bouncer-admin-private-key

10
misc/k8s/kustomization/base/resources/bouncer-admin/resources/deployment.yaml
View File

@ -23,6 +23,10 @@ spec:
containers:
- name: bouncer-admin
image: bouncer
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
command:
[
"bouncer",
@ -46,6 +50,8 @@ spec:
name: bouncer-admin-config
- mountPath: /etc/bouncer/bootstrap.d
name: bouncer-admin-bootstrap
- mountPath: /var/lib/bouncer
name: bouncer-admin-var
volumes:
- name: bouncer-admin-config
configMap:
@ -53,3 +59,7 @@ spec:
- name: bouncer-admin-bootstrap
configMap:
name: bouncer-admin-bootstrap
- name: bouncer-admin-var
emptyDir:
sizeLimit: 10Mi
medium: Memory

4
misc/k8s/kustomization/base/resources/bouncer-server/resources/deployment.yaml
View File

@ -21,6 +21,10 @@ spec:
containers:
- name: bouncer-server
image: bouncer
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
command:
[
"bouncer",