Merge pull request #14837 from liggitt/nettest_tls
Auto commit by PR queue bot
This commit is contained in:
		| @@ -14,5 +14,7 @@ | ||||
|  | ||||
| FROM scratch | ||||
| MAINTAINER Daniel Smith <dbsmith@google.com> | ||||
| ADD localhost.crt localhost.crt | ||||
| ADD localhost.key localhost.key | ||||
| ADD porter porter | ||||
| ENTRYPOINT ["/porter"] | ||||
|   | ||||
| @@ -6,27 +6,24 @@ | ||||
| # `make push` will push the container-- you must supply a tag. | ||||
|  | ||||
| REPO ?= gcr.io/google_containers | ||||
| SUGGESTED_TAG = $(shell git rev-parse --verify HEAD) | ||||
|  | ||||
| porter: porter.go | ||||
| 	CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w' ./porter.go | ||||
|  | ||||
| .tag: porter | ||||
| 	md5sum porter | cut -d " " -f 1 > .tag | ||||
|  | ||||
| tag: .tag | ||||
| 	@echo "Suggest using TAG=$(shell cat .tag)" | ||||
| 	@echo "$$ make container TAG=$(shell cat .tag)" | ||||
| tag: | ||||
| 	@echo "If all relevant changes are committed, suggest using TAG=$(SUGGESTED_TAG)" | ||||
| 	@echo "$$ make container TAG=$(SUGGESTED_TAG)" | ||||
| 	@echo "or" | ||||
| 	@echo "$$ make push TAG=$(shell cat .tag)" | ||||
| 	@echo "$$ make push TAG=$(SUGGESTED_TAG)" | ||||
|  | ||||
| container: | ||||
| 	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion)) | ||||
| 	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion)) | ||||
| 	docker build -t $(REPO)/porter:$(TAG) . | ||||
|  | ||||
| push: | ||||
| 	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' to see a suggestion)) | ||||
| 	$(if $(TAG),,$(error TAG is not defined. Use 'make tag' after committing changes to see a suggestion)) | ||||
| 	gcloud docker push $(REPO)/porter:$(TAG) | ||||
|  | ||||
| clean: | ||||
| 	rm -f porter | ||||
| 	rm -f .tag | ||||
|   | ||||
| @@ -1,5 +1,12 @@ | ||||
| This directory contains go source, Dockerfile and Makefile for making a test | ||||
| container which serves requested data on ports specified in ENV variables. | ||||
|  | ||||
| The included localhost.crt is a PEM-encoded TLS cert with SAN IPs | ||||
| "127.0.0.1" and "[::1]", expiring at the last second of 2049 (the end | ||||
| of ASN.1 time), generated from src/crypto/tls: | ||||
| go run generate_cert.go  --rsa-bits 512 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h | ||||
|  | ||||
| To use a different cert/key, mount them into the pod and set the  | ||||
| CERT_FILE and KEY_FILE environment variables to the desired paths. | ||||
|  | ||||
| []() | ||||
|   | ||||
							
								
								
									
										10
									
								
								test/images/porter/localhost.crt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								test/images/porter/localhost.crt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| -----BEGIN CERTIFICATE----- | ||||
| MIIBdzCCASOgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD | ||||
| bzAeFw03MDAxMDEwMDAwMDBaFw00OTEyMzEyMzU5NTlaMBIxEDAOBgNVBAoTB0Fj | ||||
| bWUgQ28wWjALBgkqhkiG9w0BAQEDSwAwSAJBAN55NcYKZeInyTuhcCwFMhDHCmwa | ||||
| IUSdtXdcbItRB/yfXGBhiex00IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEA | ||||
| AaNoMGYwDgYDVR0PAQH/BAQDAgCkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud | ||||
| EwEB/wQFMAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAA | ||||
| AAAAAAAAAAAAAAEwCwYJKoZIhvcNAQEFA0EAAoQn/ytgqpiLcZu9XKbCJsJcvkgk | ||||
| Se6AbGXgSlq+ZCEVo0qIwSgeBqmsJxUu7NCSOwVJLYNEBO2DtIxoYVk+MA== | ||||
| -----END CERTIFICATE----- | ||||
							
								
								
									
										9
									
								
								test/images/porter/localhost.key
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								test/images/porter/localhost.key
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| -----BEGIN RSA PRIVATE KEY----- | ||||
| MIIBPAIBAAJBAN55NcYKZeInyTuhcCwFMhDHCmwaIUSdtXdcbItRB/yfXGBhiex0 | ||||
| 0IaLXQnSU+QZPRZWYqeTEbFSgihqi1PUDy8CAwEAAQJBAQdUx66rfh8sYsgfdcvV | ||||
| NoafYpnEcB5s4m/vSVe6SU7dCK6eYec9f9wpT353ljhDUHq3EbmE4foNzJngh35d | ||||
| AekCIQDhRQG5Li0Wj8TM4obOnnXUXf1jRv0UkzE9AHWLG5q3AwIhAPzSjpYUDjVW | ||||
| MCUXgckTpKCuGwbJk7424Nb8bLzf3kllAiA5mUBgjfr/WtFSJdWcPQ4Zt9KTMNKD | ||||
| EUO0ukpTwEIl6wIhAMbGqZK3zAAFdq8DD2jPx+UJXnh0rnOkZBzDtJ6/iN69AiEA | ||||
| 1Aq8MJgTaYsDQWyU/hDq5YkDJc9e9DSCvUIzqxQWMQE= | ||||
| -----END RSA PRIVATE KEY----- | ||||
| @@ -17,6 +17,22 @@ | ||||
|           { | ||||
|             "name": "SERVE_PORT_81", | ||||
|             "value": "<html><head></head><body><a href=\"/rewriteme\">rewritten link</a></body></html>" | ||||
|           }, | ||||
|           { | ||||
|             "name": "SERVE_TLS_PORT_443", | ||||
|             "value": "tls foo" | ||||
|           }, | ||||
|           { | ||||
|             "name": "SERVE_TLS_PORT_444", | ||||
|             "value": "<html><head></head><body><a href=\"/tls-rewriteme\">tls rewritten link</a></body></html>" | ||||
|           }, | ||||
|           { | ||||
|           	"name": "CERT_FILE", | ||||
|           	"value": "/localhost.crt" | ||||
|           }, | ||||
|           { | ||||
|           	"name": "KEY_FILE", | ||||
|           	"value": "/localhost.key" | ||||
|           } | ||||
|         ], | ||||
|         "ports": [ | ||||
| @@ -27,6 +43,14 @@ | ||||
|           { | ||||
|             "name": "p81", | ||||
|             "containerPort": 81 | ||||
|           }, | ||||
|           { | ||||
|             "name": "p443", | ||||
|             "containerPort": 443 | ||||
|           }, | ||||
|           { | ||||
|             "name": "p444", | ||||
|             "containerPort": 444 | ||||
|           } | ||||
|         ] | ||||
|       } | ||||
|   | ||||
| @@ -30,6 +30,7 @@ import ( | ||||
| ) | ||||
|  | ||||
| const prefix = "SERVE_PORT_" | ||||
| const tlsPrefix = "SERVE_TLS_PORT_" | ||||
|  | ||||
| func main() { | ||||
| 	for _, vk := range os.Environ() { | ||||
| @@ -43,6 +44,10 @@ func main() { | ||||
| 			port := strings.TrimPrefix(key, prefix) | ||||
| 			go servePort(port, value) | ||||
| 		} | ||||
| 		if strings.HasPrefix(key, tlsPrefix) { | ||||
| 			port := strings.TrimPrefix(key, tlsPrefix) | ||||
| 			go serveTLSPort(port, value) | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	select {} | ||||
| @@ -57,3 +62,21 @@ func servePort(port, value string) { | ||||
| 	} | ||||
| 	log.Printf("server on port %q failed: %v", port, s.ListenAndServe()) | ||||
| } | ||||
|  | ||||
| func serveTLSPort(port, value string) { | ||||
| 	s := &http.Server{ | ||||
| 		Addr: "0.0.0.0:" + port, | ||||
| 		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||||
| 			fmt.Fprint(w, value) | ||||
| 		}), | ||||
| 	} | ||||
| 	certFile := os.Getenv("CERT_FILE") | ||||
| 	if len(certFile) == 0 { | ||||
| 		certFile = "localhost.crt" | ||||
| 	} | ||||
| 	keyFile := os.Getenv("KEY_FILE") | ||||
| 	if len(keyFile) == 0 { | ||||
| 		keyFile = "localhost.key" | ||||
| 	} | ||||
| 	log.Printf("tls server on port %q with certFile=%q, keyFile=%q failed: %v", port, certFile, keyFile, s.ListenAndServeTLS(certFile, keyFile)) | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 k8s-merge-robot
					k8s-merge-robot