From e3446d1588fb2c6711fc9b56ca1723a1e7c49386 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 8 Aug 2023 17:38:47 -0700 Subject: [PATCH 001/173] add poc tot usage --- cmd/aro/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 6a7ece861b8..440a3747123 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -31,6 +31,7 @@ func usage() { fmt.Fprintf(flag.CommandLine.Output(), " %s rp\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), " %s operator {master,worker}\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), " %s update-versions\n", os.Args[0]) + fmt.Fprintln(flag.CommandLine.Output(), " %s poc\n", os.Args[0]) flag.PrintDefaults() } From 07398cb2a652b098025266fe9fd99dc7b2f4a438 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 8 Aug 2023 17:39:13 -0700 Subject: [PATCH 002/173] minor fix --- cmd/aro/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 440a3747123..48e0354ca90 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -31,7 +31,7 @@ func usage() { fmt.Fprintf(flag.CommandLine.Output(), " %s rp\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), " %s operator {master,worker}\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), " %s update-versions\n", os.Args[0]) - fmt.Fprintln(flag.CommandLine.Output(), " %s poc\n", os.Args[0]) + fmt.Fprintf(flag.CommandLine.Output(), " %s poc\n", os.Args[0]) flag.PrintDefaults() } From 72ee4505d80268d50ed71441be382a77b799b19b Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 8 Aug 2023 17:48:09 -0700 Subject: [PATCH 003/173] POC hello world --- cmd/aro/main.go | 3 +++ cmd/aro/poc.go | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 cmd/aro/poc.go diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 48e0354ca90..b71114b6fa2 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -80,6 +80,9 @@ func main() { case "update-versions": checkArgs(1) err = updateOCPVersions(ctx, log) + case "poc": + checkArgs(1) + err = poc(log) default: usage() os.Exit(2) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go new file mode 100644 index 00000000000..561611ec6fc --- /dev/null +++ b/cmd/aro/poc.go @@ -0,0 +1,11 @@ +package main + +import "github.com/sirupsen/logrus" + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +func poc(log *logrus.Entry) error { + log.Print("********** ARO-RP on AKS PoC **********") + return nil +} From dd0f39e82e6750875c02564f0af46bcbe876e564 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 10 Aug 2023 07:12:29 -0700 Subject: [PATCH 004/173] POC dockerfile --- Dockerfile.aro-poc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Dockerfile.aro-poc diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc new file mode 100644 index 00000000000..7f983b1fb4e --- /dev/null +++ b/Dockerfile.aro-poc @@ -0,0 +1,15 @@ +# Build container for POC usage +ARG REGISTRY +FROM ${REGISTRY}/ubi8/go-toolset:1.18.4 AS builder +ENV GOOS=linux \ + GOPATH=/go/ +WORKDIR ${GOPATH}/src/github.com/Azure/ARO-RP +USER root +COPY . ${GOPATH}/src/github.com/Azure/ARO-RP/ +RUN make aro + +FROM ${REGISTRY}/ubi8/ubi-minimal +RUN microdnf update && microdnf clean all +COPY --from=builder /go/src/github.com/Azure/ARO-RP/aro /usr/local/bin/ +ENTRYPOINT ["aro", "poc"] +USER 1000 \ No newline at end of file From 7f71c3d5a3679459c263c6be7fae2ca60a45bbcb Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 10 Aug 2023 07:24:38 -0700 Subject: [PATCH 005/173] update poc dockerfile --- Dockerfile.aro-poc | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index 7f983b1fb4e..1d933793442 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -1,15 +1,9 @@ # Build container for POC usage ARG REGISTRY -FROM ${REGISTRY}/ubi8/go-toolset:1.18.4 AS builder -ENV GOOS=linux \ - GOPATH=/go/ -WORKDIR ${GOPATH}/src/github.com/Azure/ARO-RP -USER root -COPY . ${GOPATH}/src/github.com/Azure/ARO-RP/ -RUN make aro - FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all -COPY --from=builder /go/src/github.com/Azure/ARO-RP/aro /usr/local/bin/ +RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust +COPY ./aro ./e2e.test /usr/local/bin/ ENTRYPOINT ["aro", "poc"] +EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp 8445/tcp USER 1000 \ No newline at end of file From 1ce0ed9a1f0b54a6b23bd5b18edcf6b39c05bba3 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 10 Aug 2023 08:54:57 -0700 Subject: [PATCH 006/173] no e2e needed --- Dockerfile.aro-poc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index 1d933793442..a7d3e897c17 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -3,7 +3,7 @@ ARG REGISTRY FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust -COPY ./aro ./e2e.test /usr/local/bin/ +COPY ./aro /usr/local/bin/ ENTRYPOINT ["aro", "poc"] EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp 8445/tcp USER 1000 \ No newline at end of file From 3ce3309e1519ef129243ae8aac31f233cfe56cf8 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 15 Aug 2023 16:26:11 -0700 Subject: [PATCH 007/173] save work --- Makefile | 3 + poc/pkg-0.1.0.tgz | Bin 0 -> 3755 bytes poc/pkg/.helmignore | 23 ++++++ poc/pkg/Chart.yaml | 24 ++++++ poc/pkg/templates/NOTES.txt | 22 +++++ poc/pkg/templates/_helpers.tpl | 62 ++++++++++++++ poc/pkg/templates/deployment.yaml | 61 ++++++++++++++ poc/pkg/templates/hpa.yaml | 32 ++++++++ poc/pkg/templates/ingress.yaml | 61 ++++++++++++++ poc/pkg/templates/service.yaml | 15 ++++ poc/pkg/templates/serviceaccount.yaml | 12 +++ poc/pkg/templates/tests/test-connection.yaml | 15 ++++ poc/pkg/values.yaml | 82 +++++++++++++++++++ 13 files changed, 412 insertions(+) create mode 100644 poc/pkg-0.1.0.tgz create mode 100644 poc/pkg/.helmignore create mode 100644 poc/pkg/Chart.yaml create mode 100644 poc/pkg/templates/NOTES.txt create mode 100644 poc/pkg/templates/_helpers.tpl create mode 100644 poc/pkg/templates/deployment.yaml create mode 100644 poc/pkg/templates/hpa.yaml create mode 100644 poc/pkg/templates/ingress.yaml create mode 100644 poc/pkg/templates/service.yaml create mode 100644 poc/pkg/templates/serviceaccount.yaml create mode 100644 poc/pkg/templates/tests/test-connection.yaml create mode 100644 poc/pkg/values.yaml diff --git a/Makefile b/Makefile index f62467ed10c..66efc0bdfce 100644 --- a/Makefile +++ b/Makefile @@ -252,3 +252,6 @@ vendor: hack/update-go-module-dependencies.sh .PHONY: admin.kubeconfig aks.kubeconfig aro az clean client deploy dev-config.yaml discoverycache generate image-aro image-aro-multistage image-fluentbit image-proxy lint-go runlocal-rp proxy publish-image-aro publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor build-all validate-go unit-test-go coverage-go validate-fips + +poc-pkg: + helm package poc/pkg \ No newline at end of file diff --git a/poc/pkg-0.1.0.tgz b/poc/pkg-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..094e1e2eca79f96f2428e19a389cbeb9754e0f53 GIT binary patch literal 3755 zcmV;c4pi|UiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+%Z`(MN{j6Ux=jK6Qu9oFAO?m=)KrZd=6KtCrO|}mfi$y_8 zW1Aa_)RL4Fubcbr2aM|6sho|6shgw|@`>yL&GV9t7j@!T$aO2)+$F&5hyf>dk^7kK^0I11b#kz_jWiFG9g-H3^U5m0KCSC5s9!Ql9DMy1zNxq zAtg#-43ujDE0Iain52woRKDj)v}WN*WL$?Z_B@)9Iffp9#8fD%g>;^$#B-{@ck(5j+qne^}atDZ|NQ>(s9KL;P zuO*WBJ!h*ALg@dd4An|$OloqL89!7ff*XML?Vl9N5XLzxR(^(p^KwTlQyS&*#2i*3 zbqFs5&!c=UQCX&t8`X$Im=UH7)`$_MP72ZVZJVKdUOHBvicyZww{t7)=mKh{h9t7M z%_0o`g;3gZVgzD7giaTRcuA6!q0dA_n0*eA61~WQ-2`(Zgi(3Nft=a3ADih3a>sps z<|88-<}}D|!w{5JD!1eY>7iyS->ZtvhXv_AEWED^M^bi`P?NN^QVkvX=ag)quuY@#{inL_D1vq+c{K)KNo zh03tXBlllwWsVI94#<~O3T`B%;DYJ}Fse1nk5<9TGf-KyFy!A+PR(}uMio~ggIK@? z;f2VR`DKd<- zkj`jn!Hns1%KFQ%o=0Xg%Bf!2$KTtVfB7)+U+JAkC-2YRocj7w-ztr5@!#{{c`N>V zzPG=3AOGFO82j)8Is;OBUxS}MyoKq?*fE|vc!glB4dJm0z4dwsbO!!M_vTP|r(9#< z>dHb$!siG(#;`;9ssn8ezJUd(pndCr+}(xN>3VGl?X>4=W?qwr74yH{5*6!4o8+%WlSu=b6G_YGF{OYp1D zb0)3^Ma-rQCdwn0#RvlvqZcvP0DQQ*deUO+c+z6Zpj3Z~HL5YOTq#X-rhF2|W*gAn z%RgKVECbO(*o_NEqn(_MaHka028q8FB>peLj1QI9NgV);i3;IZLqb-d$vFan8D1FY zkm>yW#hm6kN;sb6Zzg0(C^LuDuLU&lv&bMK94?5C7A{P->oh@gO$#1<@eZqH1jCCh z`}U~Xx6?NtJ{}+SY@J1P6N=Z9g5j_*_Apql2kUjNc8@8K@e+#tWi{ayItRfMt5v>L zEvG<(tDar277-dYTbpUuxl#4XX!-`aH+ld1)5+nxH!V@6BEIP%XD}dX>Ng{3Gx1eh zjFkwVb!Sknv=P;-HYFpWjjEKOCNa^(;?BkB7IyUhZp6R03;kPMVS$A5P**6Yzz z@6BauUx!<{BKtDydrwEXxsGv0dBY$Mt0(sL+IOWSYx@fOT~C<7XV5a^5$r#=moz!e zW;1#TgW;eRnt7J9BbS3BB?aTpR`7d97@bj!jlHov``*9M;kNMFP%!)}m|{eXc~T<5 zTDiilbViZI3W!Aaa*KI-jVgFNU0Er-J~=h8CIB#&^NH^r&p!3w5^zY` zPSEk$xcP<5rIKZ>!sUqG{Al%GHV#~ECyi$0lo`i3`1b(}J`KKHbwrW~?zmI^+_`6ty#=zwSBsJ5IPAoc z`9ge0s`*Ui8Ird-I=^-@@?{;CX?OFi8$y-!K@%KwrhJCqGoi7y%r2IMa5BeuI9-K} zDC0CwdiRN`Nbg)LsP+nnz2sfGdvoa6Go=U}!%kFm-RW!_>i(qurlr)Y6(^glO%u$| zYXL2D|9I1@#*rUr5MGyO!7E->!?LD#eVW08+?u*Vk~J-LXjVFk z&%h~eBsuRw|H zxt5m={HTr0jCY%uT_*($YKmZQ`Bi5HTwR5o$C}LHb35*DglvO0l}W8Hql2$%+Gz4; z(@f3v76Mynoi-lS!%U3*Ak9|#~tcrhb%niLc?Q)$r9y}NKzsZ z2LJhL?2lg#g8}$QwGLqa$83s4bN3Ha=a)~OR0)7Qr|@_|)Q`C8(5=0C!{C|*+(8ZH z&L^`!x*U3}0vSC{^_ZeneNIdScJd1H7fguLT#6Kv70-g;HbXVtm~-56S4>$Rf#tX4v) z>PI(|s?WW_M&pCb7;ardgSn#V-cYi=i5(VgTTRJss|9~kcVxA0mq=*#J2qz*r>AJ$ zzvi^;e8F+4M)jS5f{n9!)83|yaAQiMbL4S5KeElj-H6j}dZ_jdj^@~8BAUbIXF7KQ zc$Q32y7`6s>rAhgy?VJixd9J3Xqgq;Lar_Eo;doxkoNy}G~@pwNW0VcKX~!{MYsR! zKL2wkqw)RkqV$*dOWb|-Mwc#RWAksVhA_;N`oDM3ssA55zyJRCos1i`{j^`g+J+(rzk$8Drc8TlZ(^-A+~Nz_ z|G@yMss9?4c7KPF;2a|(rLQ&vTmAowcK+{RH@MIL-O1=x>xqbaba`;S^B=a3&EP9^ zx}&0lqCIsX#Q7iuL#vD$+Km`RPr=0;b-f=YglVQ$Q*l`~aMw$jQ;yZxOC2i#BW05%j5su@qPXGZpK5H5Uo+V zpBHh504^5DVVY4EQ$B~3MCW9Vs{Bb9m8CWc2em-PV9vzU_0Um1e+Cj6(R7J6Cseyn zc=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "pkg.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/poc/pkg/templates/service.yaml b/poc/pkg/templates/service.yaml new file mode 100644 index 00000000000..5d6098ec207 --- /dev/null +++ b/poc/pkg/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pkg.fullname" . }} + labels: + {{- include "pkg.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pkg.selectorLabels" . | nindent 4 }} diff --git a/poc/pkg/templates/serviceaccount.yaml b/poc/pkg/templates/serviceaccount.yaml new file mode 100644 index 00000000000..9fee42ca189 --- /dev/null +++ b/poc/pkg/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pkg.serviceAccountName" . }} + labels: + {{- include "pkg.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/poc/pkg/templates/tests/test-connection.yaml b/poc/pkg/templates/tests/test-connection.yaml new file mode 100644 index 00000000000..ba311934b6b --- /dev/null +++ b/poc/pkg/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "pkg.fullname" . }}-test-connection" + labels: + {{- include "pkg.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "pkg.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml new file mode 100644 index 00000000000..7dd516e4430 --- /dev/null +++ b/poc/pkg/values.yaml @@ -0,0 +1,82 @@ +# Default values for pkg. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 66c8812399f8e204b4bd6bdd17be09986008383e Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Wed, 16 Aug 2023 14:55:04 -0700 Subject: [PATCH 008/173] fix helm --- poc/pkg/templates/deployment.yaml | 2 +- poc/pkg/values.yaml | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 462c63a5e67..8b722fb5334 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.pocImage }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 7dd516e4430..b354ea1e84e 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -5,10 +5,7 @@ replicaCount: 1 image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" + pocImage: "" imagePullSecrets: [] nameOverride: "" @@ -21,7 +18,7 @@ serviceAccount: annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: "" + name: "aro-rp-poc" podAnnotations: {} From 3676abd7cc722e3ecf4eda3f013c0cda4d5f0526 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 17 Aug 2023 01:56:18 -0700 Subject: [PATCH 009/173] save work --- poc/pkg/templates/NOTES.txt | 23 +---------------------- poc/pkg/templates/deployment.yaml | 2 +- poc/pkg/values.yaml | 5 ++++- 3 files changed, 6 insertions(+), 24 deletions(-) diff --git a/poc/pkg/templates/NOTES.txt b/poc/pkg/templates/NOTES.txt index 2f2f72a0a15..a808eb9b5de 100644 --- a/poc/pkg/templates/NOTES.txt +++ b/poc/pkg/templates/NOTES.txt @@ -1,22 +1 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pkg.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pkg.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pkg.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pkg.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} +ARO-RP on AKS POC \ No newline at end of file diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 8b722fb5334..462c63a5e67 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.pocImage }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index b354ea1e84e..2f3ef94dd7e 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -5,7 +5,10 @@ replicaCount: 1 image: - pocImage: "" + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" imagePullSecrets: [] nameOverride: "" From ae907a2621ed28dcfa70013058092ce3632747c3 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 17 Aug 2023 01:57:13 -0700 Subject: [PATCH 010/173] remove tgz --- poc/pkg-0.1.0.tgz | Bin 3755 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 poc/pkg-0.1.0.tgz diff --git a/poc/pkg-0.1.0.tgz b/poc/pkg-0.1.0.tgz deleted file mode 100644 index 094e1e2eca79f96f2428e19a389cbeb9754e0f53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3755 zcmV;c4pi|UiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+%Z`(MN{j6Ux=jK6Qu9oFAO?m=)KrZd=6KtCrO|}mfi$y_8 zW1Aa_)RL4Fubcbr2aM|6sho|6shgw|@`>yL&GV9t7j@!T$aO2)+$F&5hyf>dk^7kK^0I11b#kz_jWiFG9g-H3^U5m0KCSC5s9!Ql9DMy1zNxq zAtg#-43ujDE0Iain52woRKDj)v}WN*WL$?Z_B@)9Iffp9#8fD%g>;^$#B-{@ck(5j+qne^}atDZ|NQ>(s9KL;P zuO*WBJ!h*ALg@dd4An|$OloqL89!7ff*XML?Vl9N5XLzxR(^(p^KwTlQyS&*#2i*3 zbqFs5&!c=UQCX&t8`X$Im=UH7)`$_MP72ZVZJVKdUOHBvicyZww{t7)=mKh{h9t7M z%_0o`g;3gZVgzD7giaTRcuA6!q0dA_n0*eA61~WQ-2`(Zgi(3Nft=a3ADih3a>sps z<|88-<}}D|!w{5JD!1eY>7iyS->ZtvhXv_AEWED^M^bi`P?NN^QVkvX=ag)quuY@#{inL_D1vq+c{K)KNo zh03tXBlllwWsVI94#<~O3T`B%;DYJ}Fse1nk5<9TGf-KyFy!A+PR(}uMio~ggIK@? z;f2VR`DKd<- zkj`jn!Hns1%KFQ%o=0Xg%Bf!2$KTtVfB7)+U+JAkC-2YRocj7w-ztr5@!#{{c`N>V zzPG=3AOGFO82j)8Is;OBUxS}MyoKq?*fE|vc!glB4dJm0z4dwsbO!!M_vTP|r(9#< z>dHb$!siG(#;`;9ssn8ezJUd(pndCr+}(xN>3VGl?X>4=W?qwr74yH{5*6!4o8+%WlSu=b6G_YGF{OYp1D zb0)3^Ma-rQCdwn0#RvlvqZcvP0DQQ*deUO+c+z6Zpj3Z~HL5YOTq#X-rhF2|W*gAn z%RgKVECbO(*o_NEqn(_MaHka028q8FB>peLj1QI9NgV);i3;IZLqb-d$vFan8D1FY zkm>yW#hm6kN;sb6Zzg0(C^LuDuLU&lv&bMK94?5C7A{P->oh@gO$#1<@eZqH1jCCh z`}U~Xx6?NtJ{}+SY@J1P6N=Z9g5j_*_Apql2kUjNc8@8K@e+#tWi{ayItRfMt5v>L zEvG<(tDar277-dYTbpUuxl#4XX!-`aH+ld1)5+nxH!V@6BEIP%XD}dX>Ng{3Gx1eh zjFkwVb!Sknv=P;-HYFpWjjEKOCNa^(;?BkB7IyUhZp6R03;kPMVS$A5P**6Yzz z@6BauUx!<{BKtDydrwEXxsGv0dBY$Mt0(sL+IOWSYx@fOT~C<7XV5a^5$r#=moz!e zW;1#TgW;eRnt7J9BbS3BB?aTpR`7d97@bj!jlHov``*9M;kNMFP%!)}m|{eXc~T<5 zTDiilbViZI3W!Aaa*KI-jVgFNU0Er-J~=h8CIB#&^NH^r&p!3w5^zY` zPSEk$xcP<5rIKZ>!sUqG{Al%GHV#~ECyi$0lo`i3`1b(}J`KKHbwrW~?zmI^+_`6ty#=zwSBsJ5IPAoc z`9ge0s`*Ui8Ird-I=^-@@?{;CX?OFi8$y-!K@%KwrhJCqGoi7y%r2IMa5BeuI9-K} zDC0CwdiRN`Nbg)LsP+nnz2sfGdvoa6Go=U}!%kFm-RW!_>i(qurlr)Y6(^glO%u$| zYXL2D|9I1@#*rUr5MGyO!7E->!?LD#eVW08+?u*Vk~J-LXjVFk z&%h~eBsuRw|H zxt5m={HTr0jCY%uT_*($YKmZQ`Bi5HTwR5o$C}LHb35*DglvO0l}W8Hql2$%+Gz4; z(@f3v76Mynoi-lS!%U3*Ak9|#~tcrhb%niLc?Q)$r9y}NKzsZ z2LJhL?2lg#g8}$QwGLqa$83s4bN3Ha=a)~OR0)7Qr|@_|)Q`C8(5=0C!{C|*+(8ZH z&L^`!x*U3}0vSC{^_ZeneNIdScJd1H7fguLT#6Kv70-g;HbXVtm~-56S4>$Rf#tX4v) z>PI(|s?WW_M&pCb7;ardgSn#V-cYi=i5(VgTTRJss|9~kcVxA0mq=*#J2qz*r>AJ$ zzvi^;e8F+4M)jS5f{n9!)83|yaAQiMbL4S5KeElj-H6j}dZ_jdj^@~8BAUbIXF7KQ zc$Q32y7`6s>rAhgy?VJixd9J3Xqgq;Lar_Eo;doxkoNy}G~@pwNW0VcKX~!{MYsR! zKL2wkqw)RkqV$*dOWb|-Mwc#RWAksVhA_;N`oDM3ssA55zyJRCos1i`{j^`g+J+(rzk$8Drc8TlZ(^-A+~Nz_ z|G@yMss9?4c7KPF;2a|(rLQ&vTmAowcK+{RH@MIL-O1=x>xqbaba`;S^B=a3&EP9^ zx}&0lqCIsX#Q7iuL#vD$+Km`RPr=0;b-f=YglVQ$Q*l`~aMw$jQ;yZxOC2i#BW05%j5su@qPXGZpK5H5Uo+V zpBHh504^5DVVY4EQ$B~3MCW9Vs{Bb9m8CWc2em-PV9vzU_0Um1e+Cj6(R7J6Cseyn zc Date: Thu, 17 Aug 2023 02:14:02 -0700 Subject: [PATCH 011/173] service account --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 2f3ef94dd7e..7dd516e4430 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -21,7 +21,7 @@ serviceAccount: annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: "aro-rp-poc" + name: "" podAnnotations: {} From 4b42aee21f68ecf45f582341aed52e594d6f693c Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 15:00:56 -0700 Subject: [PATCH 012/173] save work --- Dockerfile.aro-poc-dev | 19 ++++++++++ Makefile | 5 ++- cmd/aro/main.go | 23 ++++++------ poc/hack/build-deploy.sh | 76 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 110 insertions(+), 13 deletions(-) create mode 100644 Dockerfile.aro-poc-dev create mode 100755 poc/hack/build-deploy.sh diff --git a/Dockerfile.aro-poc-dev b/Dockerfile.aro-poc-dev new file mode 100644 index 00000000000..6e03fd92b56 --- /dev/null +++ b/Dockerfile.aro-poc-dev @@ -0,0 +1,19 @@ +ARG REGISTRY + +# Build ARO binary +FROM golang:1.19-alpine +ADD . /ARO-RP +WORKDIR /ARO-RP +RUN go mod tidy +RUN go mod vendor +RUN apk update && apk add --no-cache gnupg && apk add --no-cache gcompat +RUN GOOS=linux GOARCH=amd64 go build -o aro ./cmd/aro + +# Package binary into container image +FROM ${REGISTRY}/ubi8/ubi-minimal +RUN microdnf update && microdnf clean all +RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust +COPY --from=0 /ARO-RP/aro /usr/local/bin/ +ENTRYPOINT ["aro", "poc"] +EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp 8445/tcp +USER 1000 \ No newline at end of file diff --git a/Makefile b/Makefile index 66efc0bdfce..35fc1485f5e 100644 --- a/Makefile +++ b/Makefile @@ -254,4 +254,7 @@ vendor: .PHONY: admin.kubeconfig aks.kubeconfig aro az clean client deploy dev-config.yaml discoverycache generate image-aro image-aro-multistage image-fluentbit image-proxy lint-go runlocal-rp proxy publish-image-aro publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor build-all validate-go unit-test-go coverage-go validate-fips poc-pkg: - helm package poc/pkg \ No newline at end of file + helm package poc/pkg + +poc-build-deploy: + poc/hack/build-deploy.sh $(alias) \ No newline at end of file diff --git a/cmd/aro/main.go b/cmd/aro/main.go index b71114b6fa2..5eba3c4a022 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -4,7 +4,6 @@ package main // Licensed under the Apache License 2.0. import ( - "context" "flag" "fmt" "math/rand" @@ -41,8 +40,8 @@ func main() { flag.Usage = usage flag.Parse() - ctx := context.Background() - audit := utillog.GetAuditEntry() + // sctx := context.Background() + // audit := utillog.GetAuditEntry() log := utillog.GetLogger() go func() { @@ -55,31 +54,31 @@ func main() { switch strings.ToLower(flag.Arg(0)) { case "dbtoken": checkArgs(1) - err = dbtoken(ctx, log) + // err = dbtoken(ctx, log) case "deploy": checkArgs(3) - err = deploy(ctx, log) + // err = deploy(ctx, log) case "gateway": checkArgs(1) - err = gateway(ctx, log) + // serr = gateway(ctx, log) case "mirror": checkMinArgs(1) - err = mirror(ctx, log) + // err = mirror(ctx, log) case "monitor": checkArgs(1) - err = monitor(ctx, log) + // err = monitor(ctx, log) case "rp": checkArgs(1) - err = rp(ctx, log, audit) + // err = rp(ctx, log, audit) case "portal": checkArgs(1) - err = portal(ctx, log, audit) + // err = portal(ctx, log, audit) case "operator": checkArgs(2) - err = operator(ctx, log) + // err = operator(ctx, log) case "update-versions": checkArgs(1) - err = updateOCPVersions(ctx, log) + // err = updateOCPVersions(ctx, log) case "poc": checkArgs(1) err = poc(log) diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh new file mode 100755 index 00000000000..c04b499e72e --- /dev/null +++ b/poc/hack/build-deploy.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +ACR_NAME="aropocsvc.azurecr.io" +CLUSTER_NAME="aro-rp-aks-poc" +DOCKERFILE="Dockerfile.aro-poc-dev" +REGISTRY="REGISTRY=registry.access.redhat.com" +RESOURCE_GROUP="rp-aks-poc" +SUB="0cc1cafa-578f-4fa5-8d6b-ddfd8d82e6ea" + +azure_login() { + accountShow=$(az account show) + if [ -z "$accountShow" ]; then + az login + fi + az account set --subscription "$SUB" +} + +build_container() { + docker build --file "$DOCKERFILE" --tag "$DOCKERTAG" --build-arg="$REGISTRY" . +} + +build_pkg() { + helm package poc/pkg +} + +clean() { + rm -f ./aro > /dev/null 2>&1 + docker rmi $DOCKERTAG:latest > /dev/null 2>&1 + rm -f ./pkg-*.tgz > /dev/null 2>&1 +} + +deploy_pkg() { + local namespace="$1-dev" + local release="$1-dev" + + helm_list=$(helm list -q -f $release --namespace $namespace) + if [[ $helm_list == *"$release"* ]]; then + helm uninstall $release --namespace $namespace + fi + + helm install $release ./pkg-0.1.0.tgz \ + --set image.repository=$DOCKERTAG \ + --set image.tag=latest \ + --namespace $namespace \ + --create-namespace +} + +get_kubeconfig() { + az aks get-credentials --resource-group "$RESOURCE_GROUP" --name "$CLUSTER_NAME" --admin +} + +push_container() { + az acr login --name "$ACR_NAME" + docker push "$DOCKERTAG:latest" +} + +# Begin script execution +alias="$1" +if [ -z "$alias" ]; then + echo "Usage: $0 " + exit 1 +fi + +DOCKERTAG="$ACR_NAME/dev/$alias" + +# Build stage +build_container +build_pkg + +# Deploy stage +azure_login +push_container +get_kubeconfig +deploy_pkg $alias + +clean \ No newline at end of file From f03034869973f6ff87ecd16241cb2e01a43ac759 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 15:57:23 -0700 Subject: [PATCH 013/173] save work --- Dockerfile.aro-poc-dev | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.aro-poc-dev b/Dockerfile.aro-poc-dev index 6e03fd92b56..e5d8163c2e1 100644 --- a/Dockerfile.aro-poc-dev +++ b/Dockerfile.aro-poc-dev @@ -6,7 +6,7 @@ ADD . /ARO-RP WORKDIR /ARO-RP RUN go mod tidy RUN go mod vendor -RUN apk update && apk add --no-cache gnupg && apk add --no-cache gcompat +RUN apk update && apk add --no-cache gpgme-dev build-base pkgconf linux-headers btrfs-progs-dev lvm2-dev RUN GOOS=linux GOARCH=amd64 go build -o aro ./cmd/aro # Package binary into container image From e8baee21a138f046ccbfb2325aef0172a1d13dbd Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 16:44:09 -0700 Subject: [PATCH 014/173] save work --- Dockerfile.aro-poc-dev | 19 ------------------- poc/hack/build-deploy.sh | 3 ++- poc/pkg/values.yaml | 2 +- 3 files changed, 3 insertions(+), 21 deletions(-) delete mode 100644 Dockerfile.aro-poc-dev diff --git a/Dockerfile.aro-poc-dev b/Dockerfile.aro-poc-dev deleted file mode 100644 index e5d8163c2e1..00000000000 --- a/Dockerfile.aro-poc-dev +++ /dev/null @@ -1,19 +0,0 @@ -ARG REGISTRY - -# Build ARO binary -FROM golang:1.19-alpine -ADD . /ARO-RP -WORKDIR /ARO-RP -RUN go mod tidy -RUN go mod vendor -RUN apk update && apk add --no-cache gpgme-dev build-base pkgconf linux-headers btrfs-progs-dev lvm2-dev -RUN GOOS=linux GOARCH=amd64 go build -o aro ./cmd/aro - -# Package binary into container image -FROM ${REGISTRY}/ubi8/ubi-minimal -RUN microdnf update && microdnf clean all -RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust -COPY --from=0 /ARO-RP/aro /usr/local/bin/ -ENTRYPOINT ["aro", "poc"] -EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp 8445/tcp -USER 1000 \ No newline at end of file diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index c04b499e72e..6b0f25c75ae 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -2,7 +2,7 @@ ACR_NAME="aropocsvc.azurecr.io" CLUSTER_NAME="aro-rp-aks-poc" -DOCKERFILE="Dockerfile.aro-poc-dev" +DOCKERFILE="Dockerfile.aro-poc" REGISTRY="REGISTRY=registry.access.redhat.com" RESOURCE_GROUP="rp-aks-poc" SUB="0cc1cafa-578f-4fa5-8d6b-ddfd8d82e6ea" @@ -16,6 +16,7 @@ azure_login() { } build_container() { + env GOOS=linux GOARCH=amd64 go build -o aro ./cmd/aro docker build --file "$DOCKERFILE" --tag "$DOCKERTAG" --build-arg="$REGISTRY" . } diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 7dd516e4430..7d14ff1d1f4 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: nginx - pullPolicy: IfNotPresent + pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "" From 538625ab9c344c1e40bbe9ba9451265bc7dd683a Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 16:46:03 -0700 Subject: [PATCH 015/173] nit fix --- cmd/aro/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 5eba3c4a022..0aed9da17c4 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -40,7 +40,7 @@ func main() { flag.Usage = usage flag.Parse() - // sctx := context.Background() + // ctx := context.Background() // audit := utillog.GetAuditEntry() log := utillog.GetLogger() From 987b50dbc95e96feffd47a9e12b5b482026bd6ec Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 16:47:35 -0700 Subject: [PATCH 016/173] nit fix --- cmd/aro/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 0aed9da17c4..d4d9cbb846d 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -60,7 +60,7 @@ func main() { // err = deploy(ctx, log) case "gateway": checkArgs(1) - // serr = gateway(ctx, log) + // err = gateway(ctx, log) case "mirror": checkMinArgs(1) // err = mirror(ctx, log) From fca0ccabdd61f9cef0b425166cbfbe39fbdc786b Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 16:54:29 -0700 Subject: [PATCH 017/173] Add README --- poc/hack/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 poc/hack/README.md diff --git a/poc/hack/README.md b/poc/hack/README.md new file mode 100644 index 00000000000..ef8f9dbbf7a --- /dev/null +++ b/poc/hack/README.md @@ -0,0 +1,8 @@ +# Scripts for ARO-RP on AKS POC + +## build-deploy.sh +- Used to build and deploy ARO-RP from local environment +- Run this via the Makefile. +- In the root ARO-RP directory, run `make alias=*your_alias* poc-build-deploy` +- This will upload your local RP image to the ACR as `dev/*your_alias*:latest` +- This will create a namespaces `*your_alias*-dev` where the local RP build will be deployed \ No newline at end of file From 095053b90d98766dc84905e7fad1c1edb59e17f3 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 16:55:14 -0700 Subject: [PATCH 018/173] readme --- poc/hack/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/hack/README.md b/poc/hack/README.md index ef8f9dbbf7a..50022381b0e 100644 --- a/poc/hack/README.md +++ b/poc/hack/README.md @@ -1,7 +1,7 @@ # Scripts for ARO-RP on AKS POC ## build-deploy.sh -- Used to build and deploy ARO-RP from local environment +- Used to build and deploy ARO-RP from local environment to the test AKS cluster - Run this via the Makefile. - In the root ARO-RP directory, run `make alias=*your_alias* poc-build-deploy` - This will upload your local RP image to the ACR as `dev/*your_alias*:latest` From 70e0a833dd98c3af17b70b753b19b5c8eb30f81c Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 21 Aug 2023 17:11:33 -0700 Subject: [PATCH 019/173] pipefail --- poc/hack/build-deploy.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index 6b0f25c75ae..6a880769763 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -1,5 +1,7 @@ #!/bin/bash +set -euxo pipefail + ACR_NAME="aropocsvc.azurecr.io" CLUSTER_NAME="aro-rp-aks-poc" DOCKERFILE="Dockerfile.aro-poc" From 21a8c30b62c2d79665453b4ad168c603318cd6b9 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 18 Aug 2023 08:39:28 -0700 Subject: [PATCH 020/173] add gateway --- poc/pkg/templates/istio-gateway.yaml | 18 ++++++++++++++++++ poc/pkg/templates/istio-virtualService.yaml | 18 ++++++++++++++++++ poc/pkg/values.yaml | 13 +++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 poc/pkg/templates/istio-gateway.yaml create mode 100644 poc/pkg/templates/istio-virtualService.yaml diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml new file mode 100644 index 00000000000..c28d2fc423f --- /dev/null +++ b/poc/pkg/templates/istio-gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Values.istio.gateway.name }} +spec: + selector: + istio: {{ .Values.name }} + servers: + - port: + number: 443 + name: http + protocol: HTTPS + # TODO jonachang: need to create credential + # tls: + # mode: SIMPLE + # credentialName: + hosts: + - {{ .Values.istio.gateway.host }} \ No newline at end of file diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml new file mode 100644 index 00000000000..333457effde --- /dev/null +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.istio.virtualService.host }} +spec: + hosts: + - {{ .Values.istio.gateway.host }} + gateways: + - {{ .Values.istio.gateway.name }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .Values.istio.gateway.host }} + port: + number: {{ .Values.istio.virtualService.port }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 7d14ff1d1f4..0b82e6f4896 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -80,3 +80,16 @@ nodeSelector: {} tolerations: [] affinity: {} + +# Use for Istio service mesh +istio: + name: aks-istio-ingressgateway-internal + gateway: + name: rpGatewayPoc + #TODO jonachang: need to specify the host once we have the domain name + host: "*" + virtualService: + name: rpVirtualServicePoc + port: 80 + #TODO jonachang: need to specify the host once we have the domain name + host: "*" \ No newline at end of file From b864c04e2001d35bbb34b5fb0f6f52d1aabf80b9 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 18 Aug 2023 09:21:44 -0700 Subject: [PATCH 021/173] add namespace --- poc/pkg/templates/istio-gateway.yaml | 3 ++- poc/pkg/templates/istio-virtualService.yaml | 1 + poc/pkg/templates/istio.yaml | 6 ++++++ poc/pkg/values.yaml | 1 + 4 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 poc/pkg/templates/istio.yaml diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index c28d2fc423f..6d7f077b304 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -1,7 +1,8 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: - name: {{ .Values.istio.gateway.name }} + name: {{ .Values.istio.gateway.name }} + namespace: {{ .Values.istio.namespace }} spec: selector: istio: {{ .Values.name }} diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml index 333457effde..840bd94bcb4 100644 --- a/poc/pkg/templates/istio-virtualService.yaml +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -2,6 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: {{ .Values.istio.virtualService.host }} + namespace: {{ .Values.istio.namespace }} spec: hosts: - {{ .Values.istio.gateway.host }} diff --git a/poc/pkg/templates/istio.yaml b/poc/pkg/templates/istio.yaml new file mode 100644 index 00000000000..08189987fb6 --- /dev/null +++ b/poc/pkg/templates/istio.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.istio.namespace }} + labels: + istio.io/rev: asm-1-17 \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 0b82e6f4896..dc79a07daa6 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -84,6 +84,7 @@ affinity: {} # Use for Istio service mesh istio: name: aks-istio-ingressgateway-internal + namespace: rp-poc gateway: name: rpGatewayPoc #TODO jonachang: need to specify the host once we have the domain name From f75850a7ab18ad7bf21eb81448f0570b6cdc971b Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 18 Aug 2023 09:50:48 -0700 Subject: [PATCH 022/173] add label --- poc/pkg/templates/istio.yaml | 3 ++- poc/pkg/values.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/istio.yaml b/poc/pkg/templates/istio.yaml index 08189987fb6..4f58e34ada3 100644 --- a/poc/pkg/templates/istio.yaml +++ b/poc/pkg/templates/istio.yaml @@ -3,4 +3,5 @@ kind: Namespace metadata: name: {{ .Values.istio.namespace }} labels: - istio.io/rev: asm-1-17 \ No newline at end of file + istio.io/rev: asm-1-17 + istio-injection: enabled \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index dc79a07daa6..19a82f39af8 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -84,7 +84,7 @@ affinity: {} # Use for Istio service mesh istio: name: aks-istio-ingressgateway-internal - namespace: rp-poc + namespace: aro-rp-poc gateway: name: rpGatewayPoc #TODO jonachang: need to specify the host once we have the domain name From ebafe37c38e697d1c847db36ebc79f4468847bdd Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 21 Aug 2023 11:41:30 -0700 Subject: [PATCH 023/173] add credential --- poc/pkg/templates/istio-credential.yaml | 85 +++++++++++++++++++++++++ poc/pkg/values.yaml | 4 +- 2 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 poc/pkg/templates/istio-credential.yaml diff --git a/poc/pkg/templates/istio-credential.yaml b/poc/pkg/templates/istio-credential.yaml new file mode 100644 index 00000000000..feb8b2b2a7e --- /dev/null +++ b/poc/pkg/templates/istio-credential.yaml @@ -0,0 +1,85 @@ +apiVersion: v1 +data: + tls.crt: MIIFCTCCAvGgAwIBAgIUMwjRIYLxhIAc50lf/aw7sxaGNKUwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJam9uYWNoYW5nMB4XDTIzMDgyMTE4MDAwM1oXDTI0MDgx +MTE4MDAwM1owFDESMBAGA1UEAwwJam9uYWNoYW5nMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAonwaL1LaQH7+y3dN45d8YIFkooTU9J9OZOJ3BomIlVh9 +JZ277DTclh2KKppKjgKJkyAdwoNysuCKx7UiiRgkGaGtjSOaawHVfHSMw0AgaU/M +BDGwh26BmIq+SaFK950TtEipR1un3vokErShaZfCpbyjT63xnIZGn5dEOUkgNRsp +Vi4TmbVcW9ZQTARxsAJJefOnwAdd+l2tvm4X9EpGjBEqSHupFdDn55qG5+VoSkkZ +KvAKL/BoFkNMD13fhtig9mFugt2SW7dgRIgK5o2N9xuYpxlqpmiIanZtq35zbG5X +XGHNAJ8aLO5qBbv7KGdHkFfz7rCQif/EyUfwXC6tgg7B41yb19Dc10auhcFaEeeW +QBDaMgqhOwnYiQ6FbIolvv1JIr9W89QYUs3RMYoOH9t0+5leTfBT27dxnHHlh9Kb +NhCPvPUmzTGByKLpdYryXRdm1CE1CociMl2l4pUd/iEccBNgfqGbd8LfQZhEWAFz +Hk+hlyrMA1wcwYd/S2nPQS/4kHA9+eCvMStD22KXW6bv4xYIgkVSzvrj8iTQJGfy +vUlm2jmhXM/WFOq/GEogT4nvpbfNlquCGyGv9lY+jWCHJMRmYnZCsRFf04W6zT3x +ewikGiQp6ne2GXjGPFsi5i7omS2uylTbqa4xbMF8JwSvWnWZ93rRFjjj3/dyVvEC +AwEAAaNTMFEwHQYDVR0OBBYEFGZZOC56hrTrWbGtcBvDGml/UccIMB8GA1UdIwQY +MBaAFGZZOC56hrTrWbGtcBvDGml/UccIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBABmT5JB0CmryOEzUG3bWTkBds+MgZPvUesBoRDFtnJ4uDpsi +hvkGacBWzFdpGJGmXnFlAXuLP5c0VEjAX5oKqkfhMHfNpkmJUHQFnf+yy5yACOvr +PuKmKVVTgfuOYta0qbSQoXl8PwoGziDs9/8ZQ3RolywLjiUB3xQuFs+2/ZzhO/x7 +KJlna21aXiof1zuBszDbRycfRiJxVuBsujiUUl0vFUv0t82urTS+ILKgszXgyTQp +kGQEy24W2HEk95hE+rKz/DzwvbNeeVaoP69BPeE4Hy6OGxk1sK2XG/vplqvZMQtt +D6c51ss923atSZYq+RxSwSMurDunDpNXu6n5VlBJ7DQBts90IhTc00s5j/lUNK9V +5nBvopsLu8bSpFGSLgFC33SzNnizw3uFiatrQWguNN3XBcM2/G6CNEPFIjX2iUXO +8fLd0U29MnJsJ3B6NLGdyZSAVgDyfFfnDelWAYg4J2EPpDATx0I8Xvwf294xh50K +durfZvfoYkxeeBBqPKFwOh1MrxfPf7tBZnL4l4vQJwbjuAlpCDo9WgpWvJ9uZO96 +RQQ9bptvOt3u5hVuObkE20EukEgkj75xyVoqGo4b/zaCH88zILHXtPWKDohECpd0 +NUHOEt5JFgqn3hvEPuYqfSjqIdFniTEC/TR1aeYmXdDrLr/3L8YRXVyRjHcQ + tls.key: MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCifBovUtpAfv7L +d03jl3xggWSihNT0n05k4ncGiYiVWH0lnbvsNNyWHYoqmkqOAomTIB3Cg3Ky4IrH +tSKJGCQZoa2NI5prAdV8dIzDQCBpT8wEMbCHboGYir5JoUr3nRO0SKlHW6fe+iQS +tKFpl8KlvKNPrfGchkafl0Q5SSA1GylWLhOZtVxb1lBMBHGwAkl586fAB136Xa2+ +bhf0SkaMESpIe6kV0Ofnmobn5WhKSRkq8Aov8GgWQ0wPXd+G2KD2YW6C3ZJbt2BE +iArmjY33G5inGWqmaIhqdm2rfnNsbldcYc0Anxos7moFu/soZ0eQV/PusJCJ/8TJ +R/BcLq2CDsHjXJvX0NzXRq6FwVoR55ZAENoyCqE7CdiJDoVsiiW+/Ukiv1bz1BhS +zdExig4f23T7mV5N8FPbt3GcceWH0ps2EI+89SbNMYHIoul1ivJdF2bUITUKhyIy +XaXilR3+IRxwE2B+oZt3wt9BmERYAXMeT6GXKswDXBzBh39Lac9BL/iQcD354K8x +K0PbYpdbpu/jFgiCRVLO+uPyJNAkZ/K9SWbaOaFcz9YU6r8YSiBPie+lt82Wq4Ib +Ia/2Vj6NYIckxGZidkKxEV/ThbrNPfF7CKQaJCnqd7YZeMY8WyLmLuiZLa7KVNup +rjFswXwnBK9adZn3etEWOOPf93JW8QIDAQABAoICAAVgFwZjaOk3iAq5ygDm5vM3 +qBAsMZamBB088AR3hq9UJhAHDPS/jV/qsTBIsThd/FY6qGA9hvGgNfzbAxlwebGM +YmhqUMrw03vnFZszkxN+im0zhcVaXZQh3FY3mwyN9e90GO1EYXH0TppF9gRaqMBO +i4y1Tg7oQLnwqVcHrdIOOs0JLdZR+zDBmA1iCYpfgGy18PQ6HrzUwsOG14RjT2Dz +g/6xzgkZaB/Gr/l+69u4/iUfCXWGwmkObGTrmySWNri36s3XluZ6pXTW8p0V6B70 +7TmqQKDOWtuLpjrzAJd3w77Ai/fCsEZRU9oYEenru+n1l3/rd8rxhCtHOmCZwkrf +E7wltPiugC0sOFM7LsFGydecyqKvP533AdlB6ZDkYzHBqK73t+17+DSyCcbH3ozB +ppPiR6r5IpOx2fk+pEFQChbQQdSTwBuv+Msr3zDnD5W/yb3QGJK3EFQ73aexSkDA +b/RqvVf6U7LkbkgSQ+3neBfIskQrG2D3S/HdC/4WFzh28DBInnU3u31OGMEoAjJW +FGeQEgrlYddjMS7efS/+HTvmuJdKrCrzsr40kpEDxl9/rrZHg6jZ48UP5LegjKla +Ic5czEzMnOHFftNNuPaZZeGtTX4d7dXbzvWBE+ghLQliEW4FxIQhru0RcxjNwwLy +tVL6YTk6WyWPDMRHk1YNAoIBAQDErAeHdzTE1hkE+ciitYOVLgaj70D7sT0kMrPg +oj61KG3foqWliTOmP1nD2u7hcrumKGLwiOa8GJAjpwMt1vAWQslLDCj9YGuFOGdE +z0S9/be/ViL9wkds7YP+h/2jnlnJobzKL79tTRuea8WIF3dxuUZaCQehYaNf5J8F +RV905fpuKe40ZMiX8qCz2Gh3iXI1hqMlsGn+A/EYEY6Qr9VuESVj/4WrgferlDzf +2arF3WT87dE8bErXPWieG8KpAfG89dITfKwzqVPM20J44ERfv5oteWiNO/0QOZX8 +xMy6wUDyRh1hbtL7VAtnxbtYPbmq/eEAuhDx47CdJgrBLHxVAoIBAQDTf/gk0CZ4 +69S/5SN2/XaLsYGIWXNIqn8BlyStJ9EI07hwzbZzWupU24EtIFzr7hE5VEI6caRK +A8trUFh6vzr7dszeiZKxd/yiGtmlTz7pDx3/jmJGX8Ujzo2Q1dyIYl3zWAmBHEkm +p+2Mra/kibcKWPiI+1WDdKFlJwQcCD0KELg8/PB/j7fkklKaCLh/Ku9AOshuw9wC +jUAYb8N3CgybgPsHpo7h/qGf6wlDiTrsWGyZm56FJTY1BnbzdL/M9wXJqXp+1pbQ +5pDGj+rJOVhKx7CzqLKx+n94xbAITE4Ykii1tqsBMqgcOqzViKehuyHRxwjwvcoR +vrzY2FTWGowtAoIBAH43VQGoDBKCwD3EO/HIAbEcf6B3rEGbBn0TmQMBvLKwRosu +K5ZnzeDUaTxbZdEDu8+vvYdWpJV0QhTPWyfw99WheOOT4z5wwbAWeZfcWOaBTIob +soseQo5yg7I2/h0iQ8c16B3ttLFlueLakUN8o+g1GiQwBViZe6rP4woT8mXoLebD +PB8dyupRCLdCnBCTAdu+Ezfd1rfxOanToqXSYmunz1I0q0ldOGBB2yth2snvAp+b +1Bst+H3X6CsH785c9BHrxK1C5pSlB6XB1RAUBW1ZXo3ui52QMSFXg51bg3QbEB4r +xzE/WWF4F3W6nTfNLTnCgsLfpn5GPJMt1dsRPJ0CggEBAJ5ayUNe6f9Nq8xF1wjn +e9PaAr9BIjT9Gvzo2pgfIL64LveevoWeQ6dndk+AVLJ9XD4NXUz++2BDeRIPZT/6 +YEIZUAkq/j+MNAZ3jg/cxqCfJfnK9L/2QtetdodD6MvgwrFJcExQDmE4CH91KCY4 +Cmlf9i4x6HP1ZkYjMUt/y5v2qstXIwaPZ8Nm3xvffawRTHNNz/ZHBTqP4baqL7K4 +PnpL1yiCR6bkDMV8qEH9xLVi+2UDhGvyUaTgAz4DYvwm1BmKoGHJb8BXcXyKEuO4 +4OeUnjPWEn15remSMlv0LeDtxjdP3reV4xLHx9JVcBWC1C6KFKKTp3Ej26eMSfDI +jb0CggEAMjNJDZtx9CVultEPJvPkdAoF2vhnKAs7YFal1pWSTdjZxI2FRmGOzukp +8HJS3Ah+6k8cERNKj+wKeKUiNqw4D3dvGdjKpQhEZ1MCg6p6no7q0l6zQClGbaM+ ++IdaCVI8El4qKBMBqGTO/8vQWtLXb/GdHsrt8esm/4dq+ferrz8NdwzS0qhdCyZM +AmUWLdqC4Yezmb4unZrxm/OUic6mEP7YjIz3a4dpSGVPFvhaxA+GEbVFai7hgo2H +yBpddr0b4fYMtNCF1FeF7IRCyMgTVD3CJ0F2B/fPOswpqPnYAXe9dlZJqKe82DTe +EKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== +kind: Secret +metadata: + creationTimestamp: null + name: {{ .Values.istio.credential.name }} + namespace: {{ .Values.istio.namespace }} +type: kubernetes.io/tls \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 19a82f39af8..122c4d1e7b2 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -93,4 +93,6 @@ istio: name: rpVirtualServicePoc port: 80 #TODO jonachang: need to specify the host once we have the domain name - host: "*" \ No newline at end of file + host: "*" + credential: + name: rpCredentialPoc \ No newline at end of file From 8a16478ec78c832c648c6edc8ffc6b64ff12829a Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 21 Aug 2023 13:43:06 -0700 Subject: [PATCH 024/173] add pkg --- pkg-0.1.0.tgz | Bin 0 -> 7941 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 pkg-0.1.0.tgz diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4be9654344949e2082ac3bbf8d2cb7baa7b357ef GIT binary patch literal 7941 zcmV+gANt@QiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYKldCwgFg&066};7RV|vVkgfLLrc zBNpSHet!EC81Gee>h$#K(=*R4eW;=!l}e?QsZ?f46>Lp{vp^V?GvGRZ`dtc1l4QMF zJ^m(1^6@uG)$4zvs?`SBsMaZ}_9v2}8uj|0aPs#d=f1=!0^y&?-`v(?=l(+q2<$lw zk?nggcv8VY5M2JG%2d5fVmd@xXa~{p9fNnEMU#V0+<^Q{s zA8;NTAa)|Wm<30n4z^|)`vF%h8{sy>0ls4Ty=TJ@T@Xc3#|_(oIRFne2ZRt$KxhNi zfe4R$T!nZ55P~{xdy$W4ejMTvbOQ%O5S1}3gh#c&`LP$h;1q`0E->K>hT|a&d}K#{ zn7!bhX?uGN$Aj2$M!sWf*$XZi13wyt5J4}(aQp{+n7}Z!^}JmR;zvAq1WY`&d<1d* z)G@pGTC8gbvKYbg5mqvA&yR2fBOG}8iIyY# z!WjMy2L&P<;U@H8m{W|$$o9-5;xlh9V~yc>u_8Qy(0>kt=fKyVFf8zO=7G-q-4tqZ zXh#|6dlB467y1n(hJGBp;1!Z2b6&p7)3CYM)|b$!{`NX zk{D)tW(d)dDCp%vqQBqWPBY$j(wN% z>MryO>QA#@%URg$2%?-+Pb+?h5z40x?t3`&5z#O~N$4g&N|jE>*k zya5kt5Frp|e>?U+gsy+=J;b#*bTV8G!I3vc1Vj8US62U}d_wBl*D=z9_$U?b>2DXh zMr zi$cY4`~+G^YJn~c#Ny@X2!Z22C_{dTZ+s8r)6;yxJqY#Nxs(rlE_S%@X%J5#Zh_Nu z(0v!!-Vrf&7S0#^>8D(uBz73Zz?oh(;gy2<-M2F#7rlu8j$~;e)S(yIz_}-hySyLy z+8=Fr{hO5B{=Zmf#9*ih({i+rzG)jD?f=Qjqy0};YoGT2cPY$d_&gcqOB5qd@zId` zqY3&f-?iM!|356~1TaM9DENl1fDh!Krm08&UzM&?pYs1b%FjO&KViZ?I2yqZd&Q#( zTgHAOe)$Fa`RC`{bhbT+KLuN}oWnig&(|+UqqMl|@et8#+3|K?nMCR5LQ=qqDwasC%aK?&Yr}E(mQeGVrJWLeKw&o*r-& zjeh;qdi(Ki!rhEyE*U5Hbv}y6(L7C!0?Gj@blw@!BgAz$AG>kO;o|w^oWlQ!hcIw} z2JxrT6aMs%r(Z8RzU%s4K^=OVy5d_wo&_DZj4a|v@eBU*&-tF#iS_%Al#8bBzoFB< zsCPnFzL^=PZZQ|PTmB6MLHXWUafuK7{PP=C{)z8mKY|b4e2v8g9x$Q)tY!tG^DH@S zLf&N4c~kdAMm_fM`OW5wea0hq3V|-aO|k8v2zVO2r}tKD-kP0{iu!G*-g{lS^;Qnv z(>C{D<&!V)LEZm&*U_u?D*yF8Jl<{3Zshxn@#*yN^i>F6$?zY&n*QgNd;3p^f#YW` z^uB30_#^wTS|=auzZyl-pZ4GPD7W!n5Cn)wC~Rwc`U}oq<^txz2ClVtYF;llu<|-5W#swMMGxG#1j{FXV9`=|@%!Z} z^aOnyWGcXJv;>Zy^?5;`3nIO+hQA~K zWRX7D1mzsxeGA7{LO=2~-+93mZglg_u@mS)ghrvS!h0(6)pY*#tPbSKa#u)JmC=I>wGxj6pSRNh6PZYN5sdzIZ14B~(R1+0yiDD}f_u7tMD z!ZA->eYNj2SN*2VsW1XJZ9Z0k`v`jZBf5tzm{P3hQo+WzjgRY0{tec~TfUGtM*Rr+ z%AfPjexv%zPxasp`#@5Dn~)TZpU`sGywuyh{i`-#JJ#M&Cy{evMs&;T5O^khANHK2 z`mj|y)jEE;-TXfvX}ygV-PU?=C|$Eq^Gesh-!wMv{s?0Se%OaQ;?AkIc}vG+wpS$P zyZvh?9};ix+Btr^cX^x>b940h)1yP=cJ`bTcE2!N{`@PZ%e7oHfzM2cmhDH7J^7pFxZP@Egss>*{ z13ITvp1fioH228wH|*%oK-&M>@?ifTbC9q3v)^VT@MZg-s*v?Z|4*Iz%>Vj6O z{QMo+=gmEK^YY7xB#DzY%z!nwJ8Nr;t(0V$vCzgCX2>ySlgR-%Q|1^`V0-);A)ol&e!!FJGuH?+E7S>%?8Vz329IGPBK_G8Txx396J@p3} ziaB}TnA!Hk+=@VqHq#*hX=iS9ru~#;OfVz*7|V;PRjISCv@1#@R2_K4|rp)vGQM%PPD zB}&}tvLyuKh81?xP8_s#-mBGiVy!gyr`zoslM_bn5v$;QDwSl z=;lN+<(gj^wD$2T*gLzxwI$%Kqa9s4sA6r2Eyd1&={7-cSlh8`(vU^HvuzuPM#znA zgAlTrkuJGWHY%J=&LYWPIQ;z1d8)D zyYEz-YB19YThKIiU>ZA7)tfzIytae|(>`FGZOL-7u+LDbmacSSTJc8XDN)^am{tjL zNq-vgm5RJv)YYWAUrFY6K0PGirfDnVu4rUfGIQL@#Sanwe3&2ISav=V2I zqV7O-ulC!`ZaPgC-eTRN!%2Iy+0cZZ%@cvcm{edGFi`q!A?=J;{Cq+VS#~9~#r1l~ z)#_HLgbP)SG&bQy*CA$_CiU57E-$*2j#pTp1ZsH=*P~w(x6-KE!dm}T4>)iiQ0Y?x)umv>vk>UWGmuywn$&baLvr7Wvu3^z@S_>DD}mI&7&64T#xCA?__CjW6xN6KaSg|R3X*}Ye?)HnA~+dP@%xm z_6_O~v*^I9lT0%vc6UFISrl*V*~}r6_ADWzW+e`lX-VqICORz5Oc@8*RvZgirMjqe zgl(&438hdz5d0xc)B%KZ;E(Dpb_9iLC#w&|{gy&^U)O3BLaho7 zqUn0ID^2#(blQ(YKKA%vu#D?oZSJt$20vya)FLHI(MS^2HiR=9$gMe6^Vq}>P%mz( z)1WO*duE%X>FHtM*@u*l+ct>8@xqJ;1A577{R$!0xq&chOPgiIo-K!1)9C5stkUXx zUDT!7`k*K3*?P*%O+GW)hQ~u^!K}<`w<3%Jo>BIs)LbU1QE658R*jS~Jr0d^V)(1= z9zvGgjpTMZw5Wc#H%3MyV%J`;>Qs|)H&r(=;{+VFM@lf3g6;g<|g1Ox^YWr;N??k_<5(mI_n$3gM>nx+uLgsx--~ye*2D8pkh-%%o zx$|f%5k~Q9XG}LcNpE|$B5;H|?_48$e@g5;W<)zd_K zWzQEK((%*;4F=hwv+{TDb~j{vSCLqnGif=iN?`|!rgB&0#%mu`22w2u8GYW=r2{|a z*g$EfLSN-NsxPkWu-5fwA?;0u@1ut6w_^hNYZ8v<#3)8xu1hqPE;b=pt+%UiJnC$g-DF7)4$H}|-cINK zq*hxq!obhCozUQPyUY7?WZR1pG27Y+r5-5OnqmiC*xP2+sL)Eoo!17<_DGFrQPbd} zLk6fKNTp_Lst)?Aj^xJf%yHDZgY7tVOqaKx?r*!X9fpU8~B?JtmVQbrtAp5EGlWX>*f#Z&->)S$Du} z*M!`fE>tiCZSBxn&FW!uHMQB14NFectSoj_NyQ{UROXxdU?pkWy|}jZt-KfJgkq`T zU}Ur#oID0y&fDpY)f)C!%|+I8d$GOlfrdOE!~qs=+9+M79xJzizV>Js35(%yWVGn+ zqB)j$X3Vh1Da_2xcDmkx;g+_UT`eUb>rWoluvCLqv9a`g&42 z@T|*FHn$24Q_QI5Xk71vhgph-B2}GilnQ^qOrpL&nA7TV(m4d8ydp^oPI{=fknsyKleQ(%l8_{48kHC5j#YkCJ^@hGw z56OZRN~YBtJGQW>w)fK53S)Aj?Kguo?PXXr@6}hzw!X*~BfdZBY^l|N@g$TwI5IJRQ>SE+HvHYfv6Z1aqCCD5H!LlTU0Lj< z_7F71F0%>JenchAVvL*~&uv;OF>VhNen@AA+>3JAJ5i+8$)Xa21c#hY-5voi>w(zEW;|f?%T`ejyqIDi?){%W$pS7 z61@^b2rFS#ABU}ZEKKJcqPhr81BMQNFt7>;+w?+dHgut>3gL3Ju%XzL1I7@WEnQL! zIX&#=qke_#R;$9qNNRor7xrLCkmKQc*~Iq!te(#JY+_NC8uc1;Ci3=bv>K`Ij(`Fa zTl~J-;PkE;vc1lJeqyj<5ayQT)>W+Dni93?ph7G`53NLLu^dP{ugN;uH0rhliELQu zL0umfaWJb?g-B{2!iFW(=7Ln$z(mHFW)#laRy{d{4ILezy_WYnk=bJ8I?ACD@Ozrr zxLtACoNW$%WlZUrv~uXff^pf7uywJZROyF+*xITlFGjXhq87X^x1DY});OM&g`U|Y zMl7*u7~8EQ1FmNga@=Bu$coce%3+%svr?M_nlm%i9HCC&H!NZ&8uirSZ6!ntFj3(-%bBZoUxdOj9?o|URK20xLHb)mA(kNb8>7cqeW(eY$yYJtBRKYJnc0vkghkrprbg9SI*NL2Cx$(+oei3P$)rSk zoU(I!4eQ~kn)*u9UHUz!^4N%N>RB92xSq~=ET=GfToMk3PKCyP2t38#EvG9t_70Rp z?np-;iY!~nBCCSDgb7M2MzJU=b?9ZCL!CymrnT5kxR)ue7EB$szGSHhGh-Ljdg;@# zU8{`y)ArJ=QL0IgRe`OB*#008i$%NIrWbWjF$O)w<4n{u0-WgHr?P}AXMMPFhDmxS{r4)?T&4Ekr6T<-M zMCl9$2V&h}mEEYSf?cm6SFw>7^r+0{CUteo_vg)>&}r>^bGuZT@s^lmGoYBvp~|n4 z)TLNg_Qg(DZL&*knaM&ttYXz6oOzqkLhz_s2;FJlNyr}Lqy0u7(IK2y_r1=()tzhX zf}^;)+?Hh}poLAP4*OGsm#~d`_oz-n~b(PsqSR9&+bHJNHml2BI+$wLex7bjG7R+L{;CF z3>b!o=0HymQ*vkNT(<6Gj5}NO^c`1S!Go(-V{aYqU1B)1wYn>e8moZhO1I`0sx|MKO!a>AN82 z@f42jdy4Hs6ahDQ!M)gVZo`|GNEC`}zkK7#^)9i5n~Nk~Rk(c1L5p;jSGUUi(Jsr+ z@(s&d{{PdBBHt_v=%f1|>h;I_A8Iw~)Bpcn$~);8g*G@QWB@0y0DV$Qr+a1Yw95oW2WG2P8oLej-lW)HPYiSvWi&lq zr}f_DG^ewWSKW%^ry7^+hU1k+z7AjTsnj3!gv-lor6SUMxx40aE!VqjJf;r(^2;|K z|F`7-{#u{kt_D7m{{~fkkpBkxdH>7zDZf(w?{9T_JHzUJ`aVpi(=7fqX2@9=T*TyK zA-P_Q^-+bZ0y!t)JQwEy&+-_D_DyO|2n~CGKC~11@%gmhGp<7v*ggQRzcT)B$p1G#0rHXjS1OO^f2(BmbN&A=7`Tyeb{(GL@iY_Un52psAOE&4v8RCsmzUtba$3qy8isA(R75d@}*ED>ylNb+u z_=X2E{vS+`zL)<9qNw=!tofc-*k-?34Scx%*B;ORH7exi`M>W{-W2PRufHM7PhVdA zpC6{p({GUJS0eg!zMjtV{q55Wp0{{&Inf>w>($ z|NWO7^e_K&zK|j`QU3DF{e5}g>^NcyVLr2>^Cc+*n85JgPi^G#U(T6po1P!S-=&RT zZ~s@Q&-)*~Px%2KfhdAu@$W^7Nr0yo^l&w{9o_a!JOJ7jm=In5B@Bv#qZN)L3px&N zI=))?%xus68y-RjM0Ns?XTomY15d|(z&&Ul<9dGvE`hb;<_CotZdp5ar{}3kCoL!NF0BjUsxuQ|2Y4N z5|6kdQh~OOgX2H7LD)}alm^&OWfg3(pURP&Kl`C=Vn6*K><4@fLfelKF7X1w%0cLF vpcY|eTZe!sz(aq7l@p}-Iwb!6r2Vseme2B8uI2v*00960&$_#P0CE5TDNXjF literal 0 HcmV?d00001 From 9942b5baaa8459cb95843f621831d1180b8072a1 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 21 Aug 2023 13:58:16 -0700 Subject: [PATCH 025/173] make tar --- pkg-0.1.0.tgz | Bin 7941 -> 7941 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz index 4be9654344949e2082ac3bbf8d2cb7baa7b357ef..29272d45f9c9f401180c2bd46d851106c44fc22b 100644 GIT binary patch delta 7899 zcmV<19wgy~K7~GzJ%4lSxUn#t&-@j9J-L<1C>B?3uF6}*O%z4#qSjltQXmN~5;t)b zHJRtPKSfcy?c+02 zx%A^$0G5*Yn{3g83zr>O?%_{N(s#tb}+7SxS71QrM8-D15IEFfE*bXcJc&IrbglGyv8>kM9 z(AY;+hz1~vppM#J?4!A#glG)izyUFgst6Loqgvqn#EV~00zqsSnD7Nb(GUiHWXFD( zzo4FJdwT>$gT!%0zGG|o3o01{KOTiJf?kZE=nv>Hg@0ja>qWa3M2~pT7?@~g`4L3* zQ^)M`bE&hg3a*Nv1@H^{^mL+OlsL{5Y9WlH7xcgX=cv%mO&r0D#BpA|L?RfbwgwqZ zJ9gqNctpf_o*y4| z=#jZV*MEy&MSmX9At(y2urKJ(zZ~l;7DNk@QQvs0R)H*uVD$(q8K~#SXar*vc>0N! zBm2Sx{tX2sB0EA&=)tg{7)>JEGmnVRyt#}uf}-V$@B~8tISifyUwcB3z}J}vI*WHx zs3oBt=bZ1wa35djHzG0gli&p|jvd=DDn|fC_0SK_&(A2+>m8p% z2=t-nrulsJ)chv~D4F#1<^UEgZ!b%1)%LLyzUr~=RZd<5 z#(z%q474Neq7wyv%a7tCB?Uu@KVC|yc!qo61`ez`z6PA*cN7gkY@LA13dM^T6uZ1B zL6l?PrJ}kEy^{LV?AHp`IHfEdhv6BGj^b5z`L5~b*ojVKbtUtMbJK58iG(onlTd@# z$-aPS5+%TKax{dR@4C>_k5fAK(dbB1et*#lm)gg<9{Z>RK?>2h(0QQHd7AG^OE#Q|nC1-_R)0tfKk8?b*d}Rturb{RGv0Gy~pUPj0FuUfJ8Y6h+^0{LJ>uBY$?s z_6iW7Z<6Tv-7OmMpa!D|g!$i&{STq*AA1i`EeV|*RYP#(jS<5T{mYfrf2p33y7qO9 zv>-W3g?swjh3-*_6J)b*pSrk9VDz;$5Rk-vqyfkF%r^zcwY^EXj6}r}f}$?i-@L%_ zqizpP7;~f9EVdo{aGaPU7;42NHGknzIE%JRu>P_A_aPC_*Wna8P>cPrR9dm`6iToZ z*8lz=1ObL&dv=_cpMOASQ8{0vD7O8J;&owUp@?0)d%37cu#KLNubxlhZGsqPAb+;K z7>3?aCJV?Y09pZlQK$%toHCcIKGzx#G3yp;VOov%@i%Sbqy0ZlKHC2jUH`QIze`~z z!{^DUSfUttijIcdA5G9_`G2nEUjF}KK_`G=RE>jg=nD8i{wa!h^#9RRgZz~L?@@mK z8T$zl_QBBze%LD>P1q{(6ZXq5$j?7N7pAlALG&run$-gC34OkPIU3c~(v@7;_h@xq zx|MD>%;-Oh4V9;%b?W$NyVJxl>^=JQ{Dhux6*l`XzaYqwGOpZ%f`3a3#WpiXcL{Kc z?X_O)=Z`d3kp(PqAK~Mog@XPFRiOrw2%?ei!W(yG*;B)Yjvk>Pgr!LfPupudLVr|C z`-2}$3)o_xTbLz(ts;_vhR`X@{St}hdoi%Rlg)qHCC6xHJ5I5?Pojd(VoOmFf1>tH zrk?lESH{}Lg^!QUhkrA_-u?bHymq1so?59XD|3kOOh)k(>ovhJDAyO+O` zxFEE>*g&8DD|-H~=;;Ah+343#t+yZVCfv|zD4`snLg$?kJwjZE z^RXMZ94?JfTnjc>49CFYrO#|9IEYtM;n?^*ub^ZO?Ax`;77F^zigm2wutXAHACX z=aqZ=Pltiy=PvZVX*l>J`;V^U5B6V;Am~r~?|YQn_%8^82ulfMYkT?&%3tOJ;=&l{ zAO=^5)uWQTk^Mpr(UUeU{Vzw=atrNT7K(qOp6%(-i&46$SAQ5-MV*r}^8EOs2X0(~ z)ssK4Y$?3>{R$O&g1!whm0&ko0!7dIyrjW(EJi1!H#|FI zJUV{QB;E%?N)$!84FX(z?M3a_Ujf&-Yq@!?cGth6ICmZTm0h|ZK99(oU3iR|T^oND zPx~!BdA(%4o_~OEEo;?V6!&qXH_5pU%tJKlZ8}dzFAVRZBp3O(HSR8TzDUbE^hECx zLy-5F%SbBvbR!7ISJi7|75(Lxmsg)-V50wgwEOQ&wx`EdMmKTUSNN_$+k5%~KfIj^ zw+yr5IJo<8!{3pAvPd6nf@*>9zJ+5ep&$F2@4TQ2H-EbM=GZCpU=)o)UxoKn6s?Q! zVJOfyB3|glhy6fs2!U?@j@ZxfmyagPHLUgaG2ex5)0R_Rdj~8-;g{ zn|#xDZo)HHsN0y$zt-9xy`XuB^ZaccFT~rhwIDn?z1v`J|(M6PU{46zrb9zV#xnMLv`5$uP3x6T~e~}qwlEU}m$5+t*4V)nN`v06< z^ljIGkMcipvhf)Iq4D~s{{J53L5$85;H>-4p20sC3UF`=5WK4yFVIn{6-Ijj{HD!* z<8TC?{;Ks$UL5+P=f~)e5p+`+a=sgY5TZ~2|KEu!(R{|A&?v1@2?$6_3$9Y{`^zMVCr8 zzHNM5XYy~bHs11uyfNxW$XEWHclI0fD}O)LgE#C0N%?I;QZ{}<%U$zQZ};}E+I;O; zdql_~mx<|9qtNHdb_7>%pOP%|b0IUH^X5*tq*6 zOdR-OAMS`dr`i@R9h2E!kyz~Zubq5IyuEAZ`0d{1aZb!F&=*gS4w2j0b57X(!hdY} z^RJjL*K*ASK9g~5<_%Kr2BIt~(6-RiAN?aAX}GVV^tF2^y3JO+E$^v_`*QTpyn2hG zUgD}SEbE__zgN|7!(MMvHTVh|qH{{+$t(6jbC3Lf!;bz8r2Vfg5BC2t2l<*m`)xJ? zU$*}V60bk{f9k|%{@3>@cjrF|CorRysrp!pJ%c@;TP}lK5y=ko0nfkBuSjKVFs+Z-C0{(Y=31q%Z!CK z!Z1UQF`G;Qz?m|~m;&Q_8R!u`Fzz%eIi(Nin%-PV?XB-CvsSk?To1bx>${ROw^~Sd zO*R_5qB#~R%RwM-Ou4(w89nm{d6aPSzA>}yiMbVl7;mOS0J6^9=uG<=&X{0^^%0gA zGmEUVuC%L6L0fLsa3vP(V1Gg+9+moAA)H!ZZE%5_Z zBlj@YZ*K>Eo}dgXw#}B?PRy8`E*iQykxaSflY`biSp|D%7r3?rynl7PqiP3LtSynH z*cmY0Cg=@oJ625_vZ!~qZR5}gxv_0vLOwIHC0CD4v%%6tt`aR?BXE#dS{n!uE|4+H zgTA@5hMBjr$Mv=<`A(V=T`6oWnyv9_7EzP_${%)GFOR}dr(9+mwSP}3V-wEM0W{JAUI#M`wr>Q!A!?&LDSfQY3xK*Z}yDw+7cE_`+#(| z70b!PK0{<$w$iaF>5axyjNW#bRt0ite;V^7DK8gwHKq3}$=uGThcw(YZDrgQjT}j5 zj!SM_YuU#Z?coj+1>aO?FAY><;Or7k%*C|jtSXxY*Xi~r?tjW#bJ3)2;Pj$?P^diu zGkYuA~-#kxg>llEq_p)ft4rvisC znZPh$p!C~9))}w(`2-)b>`G{h>-CVU)vZto7pfR*Y|4wSgUvKe>a)#4UUVrNuaG_q zm@fh|C9seQEPs}b+kK|bGDh_yQWwgW)uT$^ zT#wQjj97odw_~qMCwvguh?QV`6vr^Ms9(jXj$=c-o$& zc-$nDP?=Vwo@_>krI{<^0NILTAt&ht*%7v_nk7_1`GE0(#C@*-x`+KMDE7nje2&1;NS(5f_IYgR9Pse9utM7HAE`P<=2R%{G*HdP0^10DAJRUj=W@XY{ zQWyn1qwI01xlA*IY|(qGhRcYagvL5G{MB|3ALy{FfaCqv!VDH^x0S4itvWIpk6UUGr^A>^YSug%s#}4?g=8z3+fAdk&*%P5^l244 z0DrF2Y#yXuXBm$cGVfag7w9-Ln01CiTU`J>F{;;GO_uX~vgv5!(+anR`EiBoj*FShzg{~SX3BBXEHllmUo0DpFLBJ6vklfy zXK}z7X`_eeIJI%8y=g9{wlz?253g-$Pk$5bl|5f{aK}^AXfVhZot3|Hx4R+ZyNbk8 zoJq+!ErlHpb^;NI7u;l4vyK6Fj+7!*j7|%vay&{q_Pp%eq zj#_usm}CXSW!amfduT4}T8J$*$hc=KiEsTQkDI&$*q@;B>po`}4@Q7Zq%_ zwNpYp5Ue#t4!W?nP1+zSrQyzNgJyfA#+0aOaM8hoh!mtsvo%!*{Z&Wu6Nj+VuHGiq znWW5QE0=O)36{1qp(@g3p9v&e@z*hx#VytqCM#yyhe};s%2CEI*#m1)t$!ZST5J!q z#~M%7Xt}vZWPGHq0$mLfY|}PvZZhu;E6FJD4w&s4lUvh;3WlJq9a^hdJ#4O~HaoIm z#fh8bVn<6VA_0t?Z|Z}Uq;2=&+Sa%7UYKKwrG|r%(Qa_^7<4&rr#Dt>*k3gldC%=7 z_PPfe@_dj4NVsW7*)sE3xqk)pwMW5NSPX|FqeXQW&9THYV}?CWVPqB$@Q zDzkSosEU1LJuZ4Q>}u|>64l$+&)7JqEv;*bzl%MPvt zLAzy6z^=~@5u45l#ccTFo|oxlKz}5yrX7Ss-y3$?Mm!iKBd}gWF;x+Cb;`@`%mRJoKUt*atFN6&2=m$k0tgTSdY&%{J=RFf_ z8aUsG6nxtcM<(KL>Vzy(hQC`lwlZ`_gvXOf!_vaUm4C%vW)DGA>@u4m>&HaOEXI-3 zscSdA(cMs7UE>-y?J?loGmGD#q4E~GZ4?~~aY zaARn#z`&?=n{8w=Z{al~NMuOk>%P5g?zjUfT9mz%2y54OBGIcbn6MI7^>NsmC&F~T z!RSS38hPmLTB`D?6y`!y*Z0BrU{J`w%uP zp*9z!x&|gP!ZhP>*0$>DA#CW;0orSMuVc9_#;&6r8Ueqju#MXlm(AJc;FDuQ&!v?^ z9Ttqsc7&~q1QoI$0&Humn!Fg^a z8GlArlC?4p+02-g+8j`vnXBd~>I8nn!giuj&m7)X!e}ApYqwT!ca;^vdg?*%Vf|LN z?CzF9g$UF!QVV!-Qwh7nxh3x#++o*~_Z6>2?^Q-p1bVf#Z6e-9Y=38J!`)$S%g{>l z&Sal$vQ+aYNE#kiWLsH?eik1&+@Y!YSby|+R^~FE5{6huVpKsh>MRusqRM)>;*R@l z+LN=1A0>!fTYCq{&w#R5*Sf$b%}ScC^hMB}<6}!1Epj7kwH6i}4i)-P%QBT&z_p<* zhJaNhUqvE6f@8myn+=J?EZiP9HKNW^aolS=3G9LGY|!*8CL!A6jGfzSSPw^Z=6@?q zcj@<_$|EDTspm;B;d(mfv7Ex_NkupqIuRQCA@CG`x16rr#5)iYzQY}TD6%Y>#}*lR zDHBvwgkYn%(xH}hF6uOzHLb;V!o5szwP5P7^(9M8m>Ihu)=QsC>>4@lPuokgMyMt= zRt1(0k^Moy7K=9BrWSQiF$O)w+8?C{v zxo;EM#zSCh1embJN*kpmrU#!4Ohf9`>0Sz9>M!89u6z2n!pwW!){>_O%h{n)Az2c~ov)-z_i!#0)vfLT);6VvuP&gdGR-0ETEIEJzA>wLYRnpxQHYJb9h%)0{3 zby|eXt!RXE9iwH_`+8?YthcL8e->kTEhTqRyp%F9S~mwSwNDKLWD}(`7#y&5hgEhX zS_QjaL#C0D7xakS<|cJ@%lGHaozQ9Rdvm)&&Ui~q^BGV~=0NkSG;;~om3^_(Rh#Tm zTjsKm3~7WO!kM=jEd-CKg@4eU_MH^(K|bDZ^br-pIlb?7_O0$*V;3C3)#bJXE}te>3Rv>v-Sd=7|#vqi#Cd>WtqeQ_GW?sIh7ThX@u^Mc=IV64{=( z;_#4c1EksMPASH!)VEDdm<;4iC6l2%vj@A3<|#cD^^F{iEn!XcIe)Vr)IGnk!=3tJ z%sHY8`W2)i>42L{O~IjeGTUc&qB6vq>39+MmMSLdohXc(Fmf?k-&G74hKJ@r&kj?3 zXX#wN?jwvlTlDlDN3Y<)Rq4cAhkF+r&TOsj3ZuqqBONF}>%mlM@Ge*NG3w9%K#VlbD7O9TjVIT;#1d{Ul6Y0&@~r?Z(^+2KDu44wyDUG;H!N@Y|4%oH ze6uW|kM4h{*B|eHsMW|%|NnO>@1$dt+TfUw0i3`B)JZ9w?v=UIO7AJ3^EA3@p08Iu zmvqj%9Q5+moZG5b+z|}Z(@~7)yCCg3FiX=EavSKqNwL4480aX%GfqPG=#n zx)nuFH7?l=$2KdCd>y`^Q>j1d3741GN@b+?a(B(;TCR85cuXDm<(F?f{%^_u{k1;7 zT@8FB{|$nEkpBk$lSv#cf0yS0&+?dr_DyO|2n~CGKC~11$@#S3GpfTVw!Jd3_X2-S z{P}>|w{uHwa!S6))YCbre`WmNkpFLf0^}q4C&|b2zcgO^T>rmId5Hg)Qa(6~-`5EE zovhv`R9>`52-6o7MD8>3Of;^ao^5XfwK5m}lyUq=^W%S8xtIUwe_Jj2cjY7buTizv z_dk7}|N1WFP5J-g^8S0C-ij|Nqz|VC;!8H^%^Bj8o&WL4;PODt=<#IjTL*>j_6GO6 zk6(3wp8gNXqI^^SPxr`tD>d+u{L_tB_kT3#Py7G7l&`w>=kXB6qoO#0e}%sI!Zi)w z>?FoRAHLy%jQe2cT>op2=l>cc@p=C5yOcM@dgSYG z$nw*d7ysvnY4h|OWcrneKAo?pvwVO1^nw;`U95)3i&)Ngiex5?Z||ddLDeM6ReyiE zz{Pbz(cl06O9A?q|2bbs5t>o)^2_~wdEe|fVhUj~v*Pn5e<=f)!tmcuZ4~lfEtqSY zo*%;BrHx;2|C8kB{SV)#{D6)?9K*2u_afyaKr;(^sG8W0ZhIyg0Bs9Q7+wA)Oq2vi zD;$k1=s2k9_-g4hvpw@~Xb2q;+bKMr3A=d@JRSJ~^`Lo_YxKv`mj?B6@&5n*T1AJR zlcTY>VDD|)_A{A)cBsl(4n+W--8f5|UQ&k09*`$_v}75OZm<+EJN{|x{D|NoZ7?F9gG F002-zuQ>n! delta 7858 zcmV;j9!=qeK7~GzJ%5v{II=K2pZOKM)pKKd+EWIM*NT`og3TD?-FUrmV?uyfY&Ihn z*`k!#}_aW!L#3%ycpMS{T+}2~~{zD1~>^TgP z?RzhHQo%qFT>hlWRJ}}MIz(D%2hs5zgLk0g;#xjqaKjIAIaXol!3ZME11@~QgRO~0 zSpZ*f5Co2`fxIG?oRN}cs!U>kbgw_lx#aSn04Ij%_fr5L$bXe?P!IB7sZ>7Y|GShQ za2^^Ub|So(1%F4O4z^|)`vF%h8{sy>0ls4Ty=TJ@T@Xc3#|_(oIRFne2ZRt$KxhNi zfe4R$T!nZ55P~{xdy$W4ejMTvbOQ%O5S1}3gh#c&`LP$h;1q`0E->K>hT|a&d}K#{ zn7!bhX?uGN$Aj2$M!sWf*$XZi13wyt5J4}(aQp{+n18@9wDr7Q3*tvScmzy5wR{9| z{nRnL_+03$tAZ9!SWGSGH}n2a0DY9c>0N! zBm2S_{tX8OA{*f*^kA4%jK|3K%p>A6Z!Tkv;drqkJb}=E4uj{w*Pbve@O9>a&ivgJ zYH?^s8RvTu+(#Gs4J3ws9K7Hak|c9pzYV5=0Dq{qV@Ebb#R%ZI9{R!g`59+=z2kET zfj;z{Y~uS-+jbzzPz2o@j)$?wpn>n@0FSR{2!<~>bt2`+$-ISPz2lr1MKF{``Ly-J z=ml?*7-oBB2+@%!=;cD9zu*RNP>xk|078R;Nl$MMVBYffvc#5cpE%(wAM0M_Y$ zj(wN%>MryO>QA#@%UR>)_&T=l4nIGf2kEg)9>&Z>E*eiM)6{6@nj-T3|dBpD6UVjb( z^i7P8-`%_c4{8u05N3Zn_CJKKf9yTPwK#M#Tn)jIH%0_Q{4ZBl|D}9F>e|;a(t`LX z74GS87rI9!PF0$H`_#o<4AIxtz(5@NNCS@TnQsb?YkQMo8A16Hg5xgO-@G8nqizpP z7;&T7EV3Q@aGaPU7;5<>HQ`Y>^MAGru>P_A_aQOQ*Wna8P>cMqP+F1iiHzzCWv4PvS-_iVCWrX zGKWL~&~osLLd9_W1X@UHfi4Wh;^pWFf#W|YLw<;Fd=KQ)(|o}_2=&{!lz$I=E_S%@ zX%J5#Zh_Nu(0v!!-Vrf&7S0#^>8D(uBz73Zz?oh(;gy2<-M2F#7rlu8j$~;e)S(yI zz_}-hySyLy+8=Fr{hO5B{=Zmf#9*ih({i+rzG)jD?f=Qjqy0};YoGT2cPY$d_&gcq zOB5qd@zId`qY3&f-?iM!|9?L$=maoC1JE+3zHU}w%0boe^d+mgC9(D z*nFRxn-t_n9eSI(;#)zU1#2C*j4a|v@eBU*&-tF# ziS_%Al#8bBzoFB)p85%To#Id;-2m4(2MYDUN1MW@;WDF z58Su}%O`(e(NcKv`{gS11brK1D!^{E1dgBec|o5GBF*aEe-Qiz$*b@3MNx3~;fB8>|74Lq*aYPq-+c?mRzg4WHQ#x`6>fC%&9M{cL4-!3uflsO z^43N8FckP35ik7W!+sz*gh01{N9^bL%SV&t8rFJyf113K;oHE*73?nD@mpl~ReR?s z$&JE0$4$OzJ2&B(E7Wbw=3i^=k6y38b-B0ytN{EDX+R&?e^jGFzw-Y#KJCBnQXaN_ z?^s!PR^k;ND=ToxEM-Fa##N`S@;^zmD<;mH#0pz7W#?7nxBcDSR(}dN5sdzIZ14B~(R1kxP*d>{6lr24Q`e>>GWe!1QJKObqmjTPP2dT=ORvrzL&*T3I1 zHtzliV+VfNhdbiVskV7b$7HrwB<8#QYbPHPZ|~YUe!F*hoD*|%^!d}HL*#b$oD+7x zFkAloE2hh}Tr+{sWE`7$gOt00D2fWSE%fw9|Hwxg?yD$$?H)q6*^0O2Jr!|Ze~$i{ zS8s9Li(M6lMg8;g_p17B*y~NI246t~I;T{gykZ|T_sH)z?C8%x+W*?}VE-R;kgxf( z-)1B5W&5A1ko8CZPo4VA|N1`V?))c(oz11lL1iu1FMUaBa|*{XiD)vZ#4@Hd>!+KE zwCe3GiP37LV-O&1pgj-=@+{@Yf2*$SuO%zd2FzIKVeFVm+q^LCvy8}4Gl5CdE^u4% zYBBIvi<;MGt4m&y4t?It`ifBP^Gw>O{QMo+=gmEK^YY7xB#DzY%z!nwJ8Nr;t(0V$ zvCzgCX2>ySlgR-%Q|1^`V0-);A)ol&ef5R@#`mW^6 ztrpf@R~ijo(HyHH%RwM-Ou4(w7(Mj|8Hzc1-wv1-zgMZL3a8;3^7jctPvvYC-Cxq4)p4Yo>Ue=61DHHrkWrL}Fw+TJ&@^^n8aq+dn>}N^wuA-K zK46_~$#Sx=&rqqBf39?5TJc8XDN)^am{tjLNq-vgm5RJv)YYWAUrFY6K0PGirfDnV zu4rUfGIQL@#Sanwe3&2ISav=V2IqV7O-ulC!`e{MQW7T#jrqQgmhv)Ryu zp3M`1!UdU8Wco#rU@#e>bG7SUXf z>51=TX>ViCSb9H>+o)6_)(2}y>>HTebv#g^z|!^&f9epk=)kL!Ofx2ScR!C=6mRU= z%psHZEFq(2B@UHoN$SZaIxNjh83))_91B^cx~O!7ZL4MprBFT){2@)$0fcklkLoRU z1choRs}IHfmO^r6DH2KG?2>hV97Pyk*J>0(tqKjI>3X#*P4?4t+K)p%_V{41jO$)) z?y%hke?Mj;)FLHI(MS^2HiR=9$gMe6^Vq}>P%mz()1WO*duE%X>FHtM*@u*l+ct>8 z@xqJ;1A577{R$!0xq&chOPgiIo-K!1)9C5stkUXxUDT!7`k*K3*?P*%O+GW)hQ~u^ z!K}<`w<3%Jo>BIs)LbU1QE658R*jS~Jr0d^e`5Hn?H)pw-HqgSI<%;MxHm>dBVyNH zuj*8jaW_>rG2;Xr@3$6aut>VCcs*>@vB`McQiCWNMs!@W=J8P73Kdd_w}QFdG-~^7 z?(amusuBmlb(+nC)axvx(L&~ZOW*>X#0Im@P>5>Xwz>0YD-lNVYG+J0J4tVQwjywZ ze=?x}T)9h~4|^d&_nNE8a-K~#9c_GC;kGb4u5jIPK9l*^YX`$jIc}P!rn&X=WrOi0 zju~^d!TQN83K%14^e~;IHx9iw&BfHV1`6qswQbeYM0;h=7ah{^)C3I%*`l-ZckXsK zWPDeVSei3wIjc%x2aBe1SLDWPA5;cXe=P_Zecsfi13%{2Kxw8zU*$TgFRtvc*7av0 z?M;T{RCYRxx&ce}c#1`GJ8+t^lgNWnXo#A%1%^Y8Ytt!1iJ7zLS;KWS->a0v_Sue@ zGFzwCtQ!nV(e)*$lrYsY$mtgJg=rwc`gTqZ4bSyeuePw{>14ZWGJet&&Bd5Ze@9Eb zBvxd;vRc$Rdfio{3M*hX6S|ufO^Y?#6Bj!dNY+kwE1}^Hkm~5#N+TI>@1ut6w_^hN zYZ8v<#3)8xu1hqPE;b=pt+%UiJnC$g-DF7)4$H}|-cINKq*hxq!obhCozUQPyUY7? zWZR1pG27Y+r5-5OnqmiC*xP2+f2hz(!=2X#&Gtx*Xi?MPqC*C#B1olXYpM?VtB&Ny z4rM1@yTi}23^kE>5bJI z_E*hC)^mHYz3zdAJRigX7H--oU8Wu@w}8I(Xc!5L;c#TM=(_Nu-U znUB^yC0NnmpoY794yyki*B!IH_Zku*doOt zC9IYmQVD`~%bb8+pB-X$HKP=>;g5S>x|?gAP?v^7M0R`ndQv*@f2_+;Hn$24Q_QI5 zXk71vhgph-B2}GilnQ^qOrpL&nAd;|# za)XXaRHMXCGfq=Gw0~f+AQ;(`dRUW!;l5&QOM%cHbCxr*9V)Dv3Qtdoj?NL)Mf+e? znmj9c-i(fEYAE&vpV@R5SX+c+!3>?1u5bF&1~jHbsiP!r+|}if3lAu)lG{Mw_fCrl z!*$23Z`Rf3Y*gz(b0a$dleC(45DtBB*l8QlU=WYMdJV-$SyuIizEls%f)z@p)f+pu zu&B28(%1@Pe{!PjH-j|oWmq)t)mO^4zQ`6MzCY<~snvk-C6*cULdd|5eozF;+6pDj zwxiW>-ZR0bLGlfxklTJZGBJNsr(}^f{N2K_m7zPLJiZb)EG>*(S?s0u5H!UuvkB6E zL?z5(jGP|NZCWcaZVyFWzz*cJMW~RN+r3u0)lp+Le=1o-W#c(s*H;g6uhEK>Nen@A zA+>3JAJ5i+8$)Xa21c#hY-5voi>w(zEW;|f?%T`ejyqIDi?){%W$pS761@^b2rFS# zABU}ZEKKJcqPhr81BMQNFt7>;+w?+dHgut>3gL3Ju%XzL1I7@WEnQL!IX&#=qke_# zR;$9qe@JS61Q+&TNRZ>7YU^K@Y7&X|WtgJFm$)*);051c_`|=|No|7I84E zRE0=tAHs$u)aHUz*T6)^m}V5t+EzU|gbf`Xf1tgV_d1c;V&po?p%L(Vn%KBqaoL=0 z4t`}!>6x^0=);0>*^aPvv7l7xhk)4HswOW+wp5}Pye_w$ZaUUDo|J{2*(63Rv1u6F zts?`jXAyGTVur|y(^kr1n;ElGn**9NGu0fSPT)5zVka8))ZuL7kLb73Wp}p>N>reZv0A{3n^M>v&MkT0;10WRx3eMX0W}woOGl#P)Zl zHryTNwhXN}>rD3PCQUSdf+gW$RcR{=(NCizhdWhzJ{EnRmARCsg(1e_9v#xLHb)mA(kNb8>7cqeW(eY$yYJtBRKYJnc0vkghkrprbg9SI*NL2Cx$(+oei3P$)rSkoU(I! z4eQ~kn)*u9UHUz!^4N%N>RB92xSq~=ET=GfToMk3PKCyP2t38#EvG9t_70Rpf9^;} zABrqn$s((Qyo3o#Dn_v=Ds|{(okN{Qv!=D!PPmsTt`ff5Q{~-+NKwEPca5P#p6uWGXk$Bj=KGb($QqpB{|a+Sf*P8 z*=zvoMr*KZ?%Pzl@i5pL0VZs*f6_*2iOIpQ1g0VN>eXHXVd5{~xUPHpw#3YP-PV$? z4wkb+sZ?QkIFUwcg{WgIL0Zq4?T*-#`U7T7Z%jhl?>M7tcyg;pRK^jEbYJJ|{lrYe zc2^VjW8M|2T&G3J+^ULku4A<9>b~9?QS0q$)1O5|R!b^76fLC`jMmM8e@pKZ!vN_- z=?n%3V%=et-KeU9U9TZmv5^<_sLbXjb#=@4=gpnaY3+M+yHuI+mY8HSpqR{|%CC~t zrC3+?#ZFgkvP*55$wEA=V$~s>d7IHf@Tgh{-D%%R$R6aQ{YD?rA)HtDz0SVXoonoZ zqqw@_oz-n~b(PsqSR9&+bHJNHml2BI+$we?rtdD2$pAxkOdp zl?)h$hvq;}4^why>0Gw%V~jgn^zO_edPu5OW7UraT$^gcc0-zQS>IIVJk52f&&04J~jeNsxNdu8sl z(tFD1JdLiJ=j&C^C7tsw2fes8=eFtggQRzcT)B$p1G#0rHXjS1OO^f2(BmbN&A= zj_6GO6k6(3wzWN`MMfs-upYD`KkfhTQoicipT|QO zkBZ_1{uTP-3)eJ!vy&JPefWk4GX5V-e~`YH{|KU}`1!2)o>$mrzgZ1@xc=83&;KyfX&A<9dGvE`hb;<_CotZdp5 zar{}3kCoL!NF0BjUsxuQ|2Y4N5|6kdQh~OOgX2H7LD)}alm^&OWfg3(pURP&Kl`C= zVn6*K><4@fLfelKF7X1w%0cLFpcY|eTZe!sz(aq7l@p}-Iwb!6r2Vse6qe8OS+3>( Q1^@v6|IfO+eE@O*08`q_iU0rr From 27a9b6a6ad5e2f07feac50ef3432f2b25d816b60 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 21 Aug 2023 15:18:14 -0700 Subject: [PATCH 026/173] remove values --- pkg-0.1.0.tgz | Bin 7941 -> 7887 bytes poc/pkg/templates/istio-credential.yaml | 4 ++-- poc/pkg/templates/istio-gateway.yaml | 15 +++++++-------- poc/pkg/templates/istio-virtualService.yaml | 12 ++++++------ poc/pkg/templates/istio.yaml | 2 +- 5 files changed, 16 insertions(+), 17 deletions(-) diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz index 29272d45f9c9f401180c2bd46d851106c44fc22b..8d40f5a36383b94b7c9afe6ef6699ea64687a5a3 100644 GIT binary patch literal 7887 zcmV;=9x&k_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvldCxL;QY;}VC&5n$UQfS%J+oW-qlyx#%v7RGrBW$Xur&$J0w^kHz;*ugyA+Zn$$GVV z{7sVN{cn=0*Z)LSs|~VIrz(}&pGb;o)N6mj$=`>a+Y*NnKz|~CGp+m1{g)IF*mHR+qQ}r^5=`hrg9Yn`E2Jb+}#kG9I;D(QIIaVR^U<5oRN}cs!U>kbgw_kx#aqv04Ijw?`HtMp#N36LEY(pCI9uI|KFi} z!g*+b*op9B6daX0*qUYR6Rucxh}$6!@Dq9H*5#y06f$jfFPa#WCPWK zAs+d-3h@AhA=Gi(i+nuuV}wW04IB``u#8~{9?b&h$6oY;Qy6Buz=SUtjw2ZOp&j`s zd%-=^_VyT#2eIRfe8<+Z7hEz1el$WbgkFT<_$PdrK!j{Pr)xp{hzE~=iKmtyLR>#} z%r0IRHtS;G${3ylzu-?#Cmu$z<4mE3U=+UK|M=(8pq)t^!Hn2(-c({CM2W3IM$?X6 zI&wA*pk^C34Dr;0kp&SB@Dm&k3P3!x{MgZRd1(lO2XhV;} z1-hR9%KLMN4#RP9fqlV$`sLVOu^^tajQhr;RyndbgykcwWZ<43;USE0;OQq`j^aZx z{2LAmM0SXq(1R%F7>`5SGmnVRvU&a17>*Y+!V^ILGYXyqUwgu^z}J~OKJ&UM)M8{u z8RvTu+()nc8=;8&IC#M;BuVD7ehj980I0TOM>Y(LFM#7Z@`Lm9GtTsS$7ckAKJ=Vy z;`>qCc3_x=5p=I4j$)4q2fmjB+*i*+h+c5&#L7{UIfY`r&f;UMF zvpo~R@W>SOawXAUa057Dj#YC&7!C>{Jw5z@Ipyu^6kE1^;)Jh!Y8mG{u<7arr!=ri?UA`gx9690XTV2@vbSC|XOANu#kC6s1gM9(_k3%~0@$kq~_G%SgTOY@IO>Q0Y z(H@5ol?ww2oY2Q@FV~h3hB>RAR{Ta$m=7D=_i*SXHuAk(LLr{ok%c>U6gj7%b!O#n zco=I|PQGt@cK$ibxl(3+jO#w00`I0LSIuIt=xtP}qVG6d5&oBpsQ*$vA$9G`H`0Rms1@$%Zx^~p zBTiMCef!kKT@1soZGnL}@b#(*-=)! z{)ErMV!TLUWc#m%*M*^lV|HHm@@gW%Hhex-J)hLu1QAR@_H26*MBY&+bI33NS`Pkd zP%#`offkxtphJOJRE~}iIQ~f)@^kNAw9L#Utof&zxi}>%zmWH4Xy~qa6Elb>M{m9q; zXvgb6q~!kpt9M2WhKevPNBiiT()iN)pRC;b|8%wX;s1Y^!c2zGlTkiJG4d224Y@y> zp^x%i%dP(Z%Yse-QCNU2U~86hxF`Ji^5*DNmy1wx?%(6(c@b8+UNGZ7=L;%N!|U|% z(RQb?Vc2{8>G=si;mUpXUw*-`BWGN(1_iGa@?~a*?_%KO%WFMf&mVa%V+&Z|KEg*i zg`EEoSD^;t5aOZl!mDs)(Nn{QjvnFw!NR45r{%RB;yayZVy3W}L#;`ByxC&C}2*pd6q==bbNlgt&ap`)*uIxOhGVr|_R~1Oo?X z5PvE?;ZOg1`t_>gyRPpQ+=Y+1E8Z3CS(nz|-I@zt?K>Xms8i>c>I7_quW&tsJ~( zZEnHJr&!>fx&Ps&qZjK{{_A^qyz8D_>Gv7q)9K;qs}Q`=;Xisd{qHNc{+|v5$Io2o zebepWFZqAfI(g^+)hM#^;s1S)a=rfxf*>Rk3ftPA{(|$bV*ztv1auIAOTg;h$X)4v zu7~)^nilbwqiMN@c3vlnpK;Ijbm&ERHE)+YSb3Y1G4lNA)ec;R1k0y*U_lAJ#{F^= zdV;>*WGcX}tOSmq?RmkU3nI||a&n(_74i9tJnX{#uGxk7oBg!k(v!DS*4qL2 zXj&^@qqyBSddSY@!`$sgJ?8V|^g?vAOY*88*UsH*o6qv{4nN_$%utnE%*9SB{&b}X z$ExyWXBGeDmzOuMBVgh`-~0VHF5A;RmC@C{>>GTSP1{@k0v}xug=>LXQ54*~xRUS4 zKY65gK0!IhcT3?&1^JP$`OXWjaHFetj-5achT#bLD!k<)r!K;~Pk}$!@xotY*mn#g z2z2{*#D3m?`O;vyY->FpCU123dSl}PcC+2_TXgpgz4I=~mBBmjn|xC`SKBiesOvqO ze~;Q9Jzsz8a_j$D0r(x#fWF}WQH=`yCjQ^}@c+I`xm)(V<7M4=i5Czeshpg}j*sj^ zZm*q@uQMkIh`zt)c%-Ww_jD)FD6l;8ar62&elCuGHJ3L#&{tE_wE(YRPK~a2so!gK zfjKpT5wf*wfjs_PpWp938?)zAvdZK%Phhtb%*84ea?pbKwWc6&Jp&b}uIOF80|`XH zgjX-$?ef=gerNK(D2dN(>HnL;D3TPumps0L|8EckxwZf2J^uBtmjJ*irtpIWLK$Xn z=w21*q7PSgHh_EZEl3N z%_1;QU1GKGkgI-Eaw?3#70vr5a34W0e++M73!xMShqvGZ{m$-lwdcoYkH@YRoy zZ{j)ctT(D};#7ChurFxJZ&Q+j_z5j{$xFRn+rOdtHn8@NIffKW9)av-=dh!2!2cmqN4qI`g_y-dfV$ESA(zM zAv~v4o}yx3Aa^hC2Y&R&M%w?k<<9><<{)44XTQxt;Pd`JRUxVBo&R5_Y9IdpcPTgL zKPl|&E=5jQ)^hvOm!vkQa2%6}CX-4mV@k7rx|v9;-rkZJtwuTq0n$de2jW1UrTlo+ zmHoA3CE9=)3q6b-GijR_rhS$X8EPglY1##DD_$)I{%TS4`fPQ{E7GCQn^|8Gs(qeG z`;?#8k$v9WV^@`*M zFzz%;8LbbhHNCl#+FRdOX02{(xE^+C)^{amZnd!Py3%Oyiso1qSq=huW6Ira#^|X( z$ikSD_l=otPt2_d#Aq`e0+4p*MrYbjNyY>-qK~n>m|B%O>q@)Q6tv}5jZ`AR4klFW z(TTqm(9{BJgA3GbqtxlWC#^-VrVGQ_)*MX20Gr!Y#Z~9pqO~3?%w!)j-7YkSUdrft z$*Dw%TV1w$UTDf+uK2(r)a~9Y_sLIV>7Bu z7Y*HpP((J9dx5?}*>a-06em!e zui1U4;#7l~PS}E`u>;fCiK^c08RNAjESUBI>ugJwlc7FCrCPeuiD|_fji*F)+hJNI z$R+)0#8)cva#2^4>V74e+xhg6piR?O#$D0Kuw>@Am5pmH`^2I>+!3PSn@ZJ70@WBe zyO~ql42G;f;oFhdt;T#1+L)DWMWC^Z zLt78TuIMhkw!ljRh~|1sPkbj!dmDSk())4T4oekceXxeazJbYI#{(4# zEN$PQ4lx@Zcy*F##>DRK=P?_`8+$f$$fP|>$f#L~kuohwJ=qKoOEXi(0k###LRP6R zDji|ls#!t_$p?Zzq=`C!a1Q)Yy~U28Q0-*(p}5~tpsrGOTR~XEu;qbFAjEi64Z$ zxT#Kqwm9vXZH}g=hk<7wQaWziAVTAX84m{ZlGXYZLacKGVbqp3%Zfc)4zZ@u)5%$- z)%Ut#muBmOo~UQ*DKj_u%xD`P51j?GGOOK+Fba4^*^^RpnWRRgRoz=PQpWTc8SBLG zSKB>=EV~=Y?R02SeY7`5Mk8X^Ua#s@lW{jyH!_h_`~d-85?ZZ0_$wzp4@kz;&9&Xe$v$@oHyGH#^bX>R>|+F*Q%W5%3quzoU&0>(%hJxnL*jYIEEb1}88fkJv@ZCmv; z(O%i}MTc}eH3%!J?_$6}j=+2bFv(A1ZZmDTgV)WDl%Gw|YQpu|2{bYdl@6%FR6{lOuH%=xPuXo3?3llX-7gibq*@ zz--rq+?p;_Fa&Mw&|1yvsJWWj?8t^CCu&v}yQ-vO5+Ew`O?|MEwC!G8+xk}C3v)uT zR5TbF?FJ{0L6`G(dSkVQ{Z(_3_1s=;uX~^&&j)dUp-nqXm#N3fEugPG8b-omI2;)* zy1QtOC7u~G>~RP)bF-bUH(ZDv=?Ox~>}eHz=bOxRxomu1OjlbO)gt~KjgOoty$ ziOrnYg$gT$ilr0nRedKiEh`btfpJioy^}&!>|-m}+RgeXCF#U#ufxN3KPcHQd9buO zSgyww-Cogdnhjd8MT$d8SS>rG5(Mp*IRU#qJH+g2Mk!{)ANRa;H`h8ymxjZT?Dq8a zq;%j}m!WKK6&R+NQO(h~-a&_18V*IOI@u@{{(zZ8eSa{wYrqmBBAima6;}y+W^l`e zn7Z4cDk{j$ri%fx>3T>nop@ajmdc_Tkn=j*AhCwx?#41dTtsm%*q{T`)#+T^%~?PHxaqiE5PiX~t=4hxQLF76c=EQb#o@815^^wiF2MF=wgcu|8E& zHcm?Y5YY$T<7*2dQ|YnTm1&_pZqNYkr(2%ERARDA=0<(i=xx=lIUSd153+_7ZpTQh z@br}E=p0d9v=3IL$+ME@&FGk>hGJjvnN4?rwM94uPg0s`a3`ksW|ZT1`6$hrT!Lw2f#mh(}<(hGL{Ft9nCU zs)uC33MJF(jU8K9RNH%LY@wK(X#33|O?w#@&3pBgvaK(&#fa}uI$LTrV0?*X#=L+S z*wGJ)Kv`R%q}g_~8qRwr*fdDK5h~=ik47fuZ|amR(uTiVIJPo$N0i4`;)bQ6*p@u4m?MGC?EXJYJ}8hfr*SU%?QofRy{eOh8`ZEy_WYnk=bJ8I?ACD@Ozrr zxLtACoNW$%WlZUrv~uXff^pf7uywJZROur?Y;9GO7b9CLQ43y|+fFwfYaCC?LeFdx zBbL}SjP2Hu0oSt#Ic_n-(2CPm%3+%svr?M_nlm%i9EF|0Z&<`mH0r6t+X@O7Vzzc` z^>$ZTQLLvP^d8Y~rOWPa8I-6%9b>hC7dIu;9nLLz-{20rp1d!4t?FK7Bt@vMwzf@0 zyO8bgOl`P3%xxK3an_ma(@mOa{sc?VVO41>3(-%bql7zEdOj9?o|URK20xLHb)mA(kNb8>7cqeW(eY$yc$^58>FaWoARF5Ef~Vn;KPT=_u;8of!7Ob~b4GC6f~E zamvo^HLRmiHT9LIyYzcd<*^al)U!C4a6O&#SWaQ|xFj45okGTb2t38#EvG9t_70Rp z?np-;iY!~nBC8U52@{l5jAFy6)S;JkF6=a#HLb;V&|apvS}=9k`jVw4%#2-7>!nY} zcC9k*PuokgMyVz}Rt2_-u>Ch>c_4=1B8$(g3W zGTj=;W&>C^T7zA4-=@-yhr!keFsQ{!8>J;C2fq@ShSaN9dkKVzzkuVq?&;eSGw*d< zOTIc-&JLwgh2`Ny8m$$gj;#b~J!7^zVpHl5m^HmI32ndQjIQCytsYSsM=;WTov-&3 zGezyLChW(&D^$5oi;}rj72{mTXxY_$y)&ZL+tsE&i-@e2RCZyslu|HSHwP}gPYeU3 z6Qwg49Ef#?Rd%DQ3U^N&46Muhbq5H zQkP;~*%v!qwaG5EWhM*pu!>cOaOQ1B3&Epm2)fh0laM{gNBfOFq7j@|_r1=()tzhX zf}^;)+?Hh}poLAP4*OGsm#~d`lrYoZ47&U}+PAoQ>_oz-n~b(PE^~0ERL>2T)SV__WHa|ewsdFR-N~?7;T4Dp@>taRYoa6=Z= z<0%~5_Y~WOVFcXZ1@~gd!QQ#z;N43jiaeD!*TwwNvB;0|{mY~H|LI1NZ4NJ{hIcy)rje>77ew9-E%mJk6Wr^5Qz2uet^& zgeW;3xp=%rt>-YNKAV2PZ`99@W>i_MnP7gAy9$)cPoK9+gs=G5R=VY1Z;@sX@^I~LQrO+T~*!%P08sx|4Q+dz04#UXyiUizO z`0LxF9;bPntxNO2=F5Ivd7%H_`~=9C^q*?f?(=`i8ug+7-=o~^{})<5IIHUe1;4p_ z?mBz&)np);yx<^opQ&f6ae4J@dmE?~iSMWM;y=3cALUN}!*4a^-;^)<|MVOEr|Tc* zzrIU(sQ>Rz@4xfut>`s{^zPI^^qNh2b%yxl|9|;paB-k!bbqq;(Lv#xHN)*90Q9jiF(>*fZ$_#wb|8Kmx|D!>F`2XLfeATr-_lGd<4aEukE9}K*u4(vYCo%5& z@C^@S{6Cl=eXIWw45Q-bv*vqV;jaB=Gw{XvzjlBAuTlAk|9zkGP_0M4{y>+XK0oLzx?xjAq6tSyz=w?eR<#QIATIDA6e1)l9T~VAo|ZU8@c|MbK%;i=Og&L(D?QK ze}($E|Kay@bzE9gmG~6!tv08j)R+y zuNJX5+cW=$Bj|w0PT=uO*i}97bnFxELG!5B_zy*l4(i3^{lETN#)qDh;l6ilnX`lk z5FP)0K^ZIa(|=7PA3^LBe!AFl&P{RMMj=)H!hQpXUn8B=R5UKf}Z$ zE{Ig1ZR6nhPi;c%$8wkk*pFouY_T89k()pJ$TqPb{}1*Fp95t3afnO25Mt#3`5UN3 tSlQMgAPR8gZ?JL_YQ7GM|2%E~C?Dmce3VQ1zX1RM|Nqd;8%O|h003IL_#glP literal 7941 zcmV+gANt@QiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYKbL+UVFr3f)6?{FpmB}a;S8cA!Tg6QjMeU;2Tengm2`&;h zaTPV0=eIvaQM>KqGnq4IlII#9Y?^E|8Vz)#(cOT9t%-3K2;*uFT<1@}OTlp*uhaDL zH;&_vzj2~o{}Vye4ZJ}&8dU91I6*WTjX$CI??cXgNun5pf5LxrTaTUl4=Et9=P-!0Wv;!R%)ruK|8h(h%i3&px#xO!W;KCO)*qTV3 z2k-?2LEzXLC@Lc987W>RsyOmT_xiJ(OCkR$a1t2(ehT0N`KPG{@gV;sNqx%ycPT%h zJTyS!#ArDSjzS%5%_{N(s#tb}+7SxS71QrM8-D15IEFfE*bXcJc&IrbglGyv8>kM9 z(AY;+hz1~vppM#J?4!A#glG)izyUFgst6Loqgvqn#EV~00zqsSnD7Nb(GUiHWXFD( zzo4FJdwT>$gT!%0zGG|o3o01{KOTiJf?kZE=nv>Hg<)vxMY|S6k9g1+m}qAC5k&P< z$L#WRsk5#Mu8N=q@C*9%bfRIDIL;JmA&jFJ^uPb-sL;+$9KnplabCSdA{eH&1{qB| zcIimjG=Q3I*f2sf3&s`w|jUhqo`A&8-lpr@x7G!7GZM8tTWA0Kt- zk-0$Ei(f^59?&5u3a+p(=+D0#>nj#S3zAXac&k={EQw(C2rC(==f`LSV-$G$iIyY# z!UX;e1tlUoLQUwwu%H-CBHJ^Mh|j#aj5UIy<%;kGLjO4oo&#TdLXg1MnFl(HcT=b( zp&jR(@5OK*U+6a?G4zw*1toDDFL?bnm<9r%+KwIDFe*m?MfK1R&d<*%)9W3dLkRSt z=j0RLkK48bqdbbCd&BWC@tA1fdj-Jb>sbWD7nC@Wa^z&uLb={?P7=j1lt#t0^~3lD zZQ=-Gdu9luBT>*RghYQq4d6rtR?PuXG$@($^yUB-EpIPNY}NL$6Ta%P?p01+1IAAD z474Neq7wyv%a7tCB?Uu@KVC|yc!qo61`ez`z6PA*cN7gkY@LA13dM^T6uZ1BL6l?P zrJ}kEy^{LV?AHp`IHfEdhv6BGj^b5z`L5~b*ojVKbtUtMbJK58iG(onlTd@#$-aPS z5+%TKax{dR@4C>_k5fAK(dbB1e$fh-+Q+#b`=|p!3emXGd7#jFn(sxL?I$H!n&lT_ zQ)tIxwkHt`tEGYjPUNGuS4c|)qk>dVD}RS^R7@Mx_fY7icIbNrhaxnyV+(ccICf4` z>rBeu&?wQYqWQk<*~M^H3!%*Y1l4^s1KwRvZmK0-+1t1jMc;A!%=XM9cE|P#5TI|8 z==j|&8t|Y7qX>lg-;Vtcq3a)e4^b@%og7s|aO8~QHc{|vu~fexJzL4wKWis#D1g!$M(!O1;@3$Nx6(f#S(&|F4*6^!11GQ4^0?z zquDIB9s6*cm?Ic!#UwT1Q8hxQ6>w> zC;(akeo?3hik?7ANiETZfmpsA9U)Nk2W7|)(T(qcVtSe{s0X2bJC}-qFT@V@Jq@B6 zL@jWd4!Z9G+dCpg&cgYEKK)ealhh951US>HCcIKGzx#G3yp;VOov%@i%Sbqy0ZlKHC2jUH`QIze`~z!{^DUSfUtt zijIcdA5G9_`L5+&{{LY?CxBs8je~FK3iv?&DT;XX|It)~{FMLiQGWgz`w0>D!O;kQ z*ef1Q*edc9_RBBG&p$sGrnBuq^eNby)dKDbeZGD<8r9X(m0Z~OXmwt?m2Nl8=s$}M zm8YR~>iB58)5I|BJ^J+ggr0B}Hv2EXAjpw2uH1uyOAEy|Ge>s`aEk4i}29gM(k?+DAcV*dA!-kF?p&*2%NefTgYdb=JR7?AVA506_VxL=> zC4a3Vl7WWMDa`#6iRODTu)UMbf7&I-Xl6T3vAa*Ag3e+~Q4oKk_D!aq_t00y+Qx;C zkIsiPzux`+HN1AB3!Xn8>3;e9*AM2E#tR2ZB-KgDp0e(l&bybtlDHtWz1TpX{wsR^ zujuIkSJ~*-Pp!8f?J`;V^U5B6V;Am~r~?|YQn_%8^82ulfMYkT?&%3tOJ;=&l{AO=^5 z)uWQTk^Mpr(UUeU{Vzw=atrNT7K(qOp6%(-i&46$R~T4Dos%;1{P>~=Zd`)ZlRvO* zDZKdo3Ke>Sz6~;!U^iLHzHo> z#fSYsa0r2J|Bl$t@t2P#%QdX^_B44V!?%HrE7)DQV&A-;#AH80G>vC`ZSpoPR(ttj&|A+=jJ^KG^_^18%UCP6@?;R`a&Pu$3U@3Vr z7CU}u9}0c#jC`FrLBR0)TaL$em19hI0*w;OTQ+X-{*|4JqF+trT?G1OX}V?L4a}+1 zZIt@GN>`XuB^ZaccFT~rhwIDn?z1v`J|(M6PU{46zrb9zV#xnMLv`5$uP3nBe~kr`!@!uR6GSJ3|roFMo5|D0U(ZP$R0@;`C1 z@fiQ1@%pF!{~qN*jLs9_tozTN!9N!YaBvC`ysH^6&{3)tMtcGLrpPN^|{+xIA8}utb)q^+e14;R9LQ*z-gn%^Z$IL^)^;?TkFB0bj?C7Dqa76)7ZHCBTO9lVIS^@JEz(f zEgh5DUXfVr_OG3MNW8sk=lJd3<#A5TEzlQFj}DRB*>g_V{laYd^RJjL*K*ASK9g~5 z<_%Kr2BIt~(6-RiAN?aAX}GVV^tF2^y3JO+E$^v_`*QTpyn2hGUgD}SEbE__zgN|7 z!(MMvHTVh|qH{{+$t(6jbC3Lf!;bz8r2Vfg5BC2t2l<*m`)xJ?U$*}V60bk{f9k|% z{@3>@cjrF|g*L)4Lyj?4Z3yA;qiP3LtSynH*cmY0Cg=@oJ625_vZ!~q zZR5}gxv_0vLOwIHC0CD4v%%6tt`aR?BXE#dS{n!uE|4+HgTA@5hMBjr$Mv=<`A(V= zT`6oWnyv9_7EzP_${%)GFOR}dr(9+mwSP}3iIVe zcL`1)IA62-4(ZUrOvh|N)7XJ&>_k;>_Kfk`5*AGRfONJM%gMt&Lu6XE(y=M&jmA@q z-gcN)1#)SB8uKJ6FBf$+rS~hz+|H+mG~6_8W!x2w97$)6OKx0i*~b>`;SLi8-&ANX z4OC;`>=I7Q#kA$DDw_q@>Gmh?%3E{Mq;25zqJB`QJpwa(E863r?m<#qZp2YLvTJt3 zcc)~MJBqpk^j__^o84@hF1*FMMTL|0X0xF%J)frnhcKDIFkqnc+d|eEulV@{AF}L9 zXp8IhkgL_LPze{R7;9|Gi>`ysG)?NW%|c#uDI2elJ`0#H0y8DBkO?f7joW>u&oV~y zBG$-RuGuleo2JAvtgFV`6vr^Ms9(jXj$=c-o$&c-$nDP?=Vwo@_>krI{<^0NILT zAt&ht*%7v_nk7_1`GE0dVR(!klJ>;5>75x%a~ zh$w226o{wm)vhwxPqS%13Hik1gTXSXd$qa4b{qVdjiVMWS&D|^QEh`cvw_^2BQ=jr z{UGWkO?4Wy#c9uMa}+f_3_SagQAyhdaX4O>$zVV&S*=fEVx1cZqqekJlJ;ylM4CoV z$7f`#?{%Xt#nuNsQP0;?W^VGi(Kb9DItylH(p^#*1w5ndajCgXGlOi=d#i@ah@OPT zIyL;&b`K%T?nZJu8(Ks^+#4gK5wmNrM>}*n?q=#HVVr>D{no+^7HPMYtcR^SG8vCs zY7nQxm`ZBaJQ=E6fy9MmE126&qqfiI{!a916*~Z~(`+83US}DP7BcT!0vG5wGMIIS zLR{;%&7DVCsW3`bJ7c=pNqXC}6@kN)2?5~BUFv+;3o)wKTuqkqe6s0iyC?=%)eec7-q_G(=0R1tzRq~j4yG_n6nMmPiJw!7-^%2=s2};sJ&?}rnWUua1XC- zX-^aFl|5f{aK}^AXfVhZot3|Hx4R+ZyNbk8oJq+!ErlHEUT6fi$WCg@#LU*&GD6wXH;$r6l$=c~I z85-UoQXO4eX*lEU{ixyk?F5VbH4evfY?MS@u8TF5E;7Mbt+yjNKI&|i-E@f$4$H}| z-p=O!q*hxq!obhDozUQPyUY9Y$hH?1Y__#iLOl?yHAN1(u(wUxAStEc&TE5ad!)vc zsA+J~!Gnktq)M|jRR{f5NAeSgu+y&ICe@jw%w#KR5^U2pZEiB}4J*kg z?+%#l8k1Yog$jnCtsPpcSv_p7rZzjWVa17?Kj_YuH~k7kSU^CHA@p8uEOQ1W34PN7*v-Sh)rCwMW5NSPX|F zqeXQW&9THYV}?CWVPqB$@QDzkSosEU1LJu zZ4Q>}u|>64l$+&)7Hr|-kPueO4z2`2yJb$muFnn;o6ZTvZ204zm+j_SC)B0kFv7b% zeLblhc-CbIn_C5jDdt3TG_H5T!z_!2B0*0!3dtW36RYnJ=5`HOObjunQg0 z%-|wnJ(;!ql>ogksd$7#VWHj(_ZAm-hAy|xwxNLtjm(Khc4BgPG;H@9y{IkbI@I!= zoQ`S~#pn)OU-R45p~LRv1{GI`Munf|oThdt|G*+aFtR80uqFk=J!xz!fzTdvmO38m zQzc`Qw9=14>cD$^ZGq(~H5R)vCA7y43c&qz%QJ|IO?K(rsLvX`t-3X*;|k?L){vs@ zI21{qnqnQD!{|l(V3AFpl{{}oB@{6f`-0DGx(lQ&!m(h6&Pvxe{b>UlQ>@ZaQa9=9 za>#{;D5UXiAn<#qg@xg|W7aoox;Y!wdeGd+4nQQWrX7Ss-y3$?Mm!iKBd}gWF;x+Cb;`@`%mRJoKUt*at zFN6&2=m$k0tgTSdY&%{J=RFf_8aUsG6nxtcM<(KL>Vzy(hQC`lwlZ`_gvXOf!_vaU zmBn6W4?$DxGMgal$3)63#*x$GxlL;&Chei93&;VVwlEc9bGz5dwtCc9jVcyKZal~9 z`szXMHCnMUNg!x0q&B7Rli3<@V`#0wz^HYbZDcZU;WZ;jWJu%dzP)VjxC1F#l)aP) zYu9%o(W@|+uo71FaoCzC!gRjD=tXE6Fm(8Xfsi0FtBKv+`&t`l+u?S0zdyP30dwVrrjZ}As zL4ipueor?zy=#VSud|<@7_1nWxy89PjnrFHtTr8x*b?-jl_)Ki18L_qStp;y-IgHX z4J$jS>%$@mW+W}dQu`1#ETJ|Rq`C$sGQu?DaMrf!=^I8nn!giuj&m7)X!e}Ap zYqwT!ca;^vdg?*%Vf|LN?CzF9g$UF!QVV!-Qwh7nxh3x#++o*~_Z6>2?^Q-p1bVf# zZ6e-9Y=38J!`)$S%g{>l&Sal$vQ+aYNE#kiWLsH?eik1&+@Y!YSoC>T<}#iVhFC{p zR6#T9EENi(%6hosj{9udle38*C5T*Gdk4tRfU;NDy1*yRN}8_pMbMq&V@nw=awBWC z78V>175Y%iGL>1twV^GBfK?=4MIt|fW51T04T;1o+#WYIqRvur+-o}t?1AlU(DW-N zA==}No!e_z4@Y$7D@}Ll_n^unBetpMNigAhI_I&R!stmwI2bw+8v7ye6o0pzuH3{s z5E8z_9epUWESbj^8F?uaR8)juqqx$cmUS-bG@3Q7#dgBIOmMYe>ag`COH7y{(xCi8xzy^JI?4Dp4{qTkTEhTqRyp%F9S~mwSwNDKL zWD}(`7#y&5hgEhXS_QjaL#C0D7xakS<|cJ@%lGHaozQ9Rdvm)&&Ui~q^BGV~=0NkS zG;;~om3^_(Rh#TmTjsKm3~7WO!kM=jEd-CKh0vY$ofPjuKHhKi5f#EYz3+AQt?pc7 z7aYOW<+dy<0VQn6I_yskUP3nNk;6=XGwAZ`c;DjYi4zN>ZaUiPjNc|x%afU?v1$W{ z2o_UC->ml%*`B!K@Q`c+q}l0CDaNYQw@po$4CGBElc7Ab2fK{sDLobSjU0?EVNLWo zvmVqvzp=xe`eDpDq6+#Iq$25nn@df>p?5OdXLq79#G2`N5%-oVChDCijGHiWFb!o=0ML5Q+#LXT)yrjj5}NO^c_d9;K5bt#9N1Z7aPuOt?mk=#%d!SC_wAMRGg36 zsRi~-MHJL|8`urY^vMpAvw^OMxJnzVemvmXL>smn(uB+VrZVR#u8X%x7Bfb}C<}HY zZ^bNOOLx}YoeY~KuRuhQ$D-C>WAvy(_h+L+qj{K4+i}lsd%MB-?|(lWwGYyTlT1E|Pdv;qt8jEz?@1$dt+TfUw0i3`B)JZ9w?v=UIO7AJ3 z^EA3@p08Iumvqj%9Q5+moZG5b+z|}Z(@~7)yCCg3FiX=EavSKqNwL4480aX%GfqPG=#nx)nuFH7?l=$19C|9loGbsXyuomzUQ{Wu*6Vcg^Kmu6NmZOda^;mv21& zZ^{4twLZUH4SXd34T64<{|5ef|I7C&zf%71Z*_V*!|HzeK1`<5EdDiS$XOR$#N=Zk zxn7I)QH84lIVa&fm*)Y`@|cA7O=?aE4SRn+v=jQt`Ly3Ns>3L@y)v=)0)I{X`GDHD zb4zY=O1{X{(>bVrW&Gce|8IT*gC4e9tRwv)`-+K3xB6kLUjyB=LFv@4J*Y#d_rHZ^-h~mlyx% zhiUWl8)W*Gh(4XKr?Y&2`}BeqZC$K}$BS6bcZy^tjBoFwc|p}A%2j`VxxmGBLDAp; z{!0P+m;X6mND-P*@$$?4eR<#PIARK6F|*?HB`E`#!tmcuZ4~lfEtqSYo*%;BrHx;2 z|C8kB{SV)#{D6)?9K*2u_afyaKr;(^sG8W0ZhIyg0Bs9Q7+wA)Oq2viD;$k1=s2k9 z_-g4hvpw@~Xb2q;+bKMr3A=d@JRSJ~^`Lo_YxKv`mj?B6@&5n*T1AJRlcTUJ0*Rnv~KTeIQ~GcRWdZV2RRvq*r)umL&wgl|$WQ+V`2n4S(DsuEm3SdSszK;) vpcW%lTZaHE!9#z8RMSZFb%_1@N&9E{ET84GT+9Cr00960mc{J_0CE5TiYLB6 diff --git a/poc/pkg/templates/istio-credential.yaml b/poc/pkg/templates/istio-credential.yaml index feb8b2b2a7e..d4aad974224 100644 --- a/poc/pkg/templates/istio-credential.yaml +++ b/poc/pkg/templates/istio-credential.yaml @@ -80,6 +80,6 @@ EKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== kind: Secret metadata: creationTimestamp: null - name: {{ .Values.istio.credential.name }} - namespace: {{ .Values.istio.namespace }} + name: rpCredentialPoc + namespace: aro-rp-poc type: kubernetes.io/tls \ No newline at end of file diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 6d7f077b304..b23eafe614c 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -1,19 +1,18 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: - name: {{ .Values.istio.gateway.name }} - namespace: {{ .Values.istio.namespace }} + name: rpGatewayPoc + namespace: aro-rp-poc spec: selector: - istio: {{ .Values.name }} + istio: aks-istio-ingressgateway-internal servers: - port: number: 443 name: http protocol: HTTPS - # TODO jonachang: need to create credential - # tls: - # mode: SIMPLE - # credentialName: + tls: + mode: SIMPLE + credentialName:rpCredentialPoc hosts: - - {{ .Values.istio.gateway.host }} \ No newline at end of file + - "*" \ No newline at end of file diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml index 840bd94bcb4..6cda1b20956 100644 --- a/poc/pkg/templates/istio-virtualService.yaml +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -1,19 +1,19 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: {{ .Values.istio.virtualService.host }} - namespace: {{ .Values.istio.namespace }} + name: rpVirtualServicePoc + namespace: aro-rp-poc spec: hosts: - - {{ .Values.istio.gateway.host }} + - "*" gateways: - - {{ .Values.istio.gateway.name }} + - rpGatewayPoc http: - match: - uri: prefix: / route: - destination: - host: {{ .Values.istio.gateway.host }} + host: "*" port: - number: {{ .Values.istio.virtualService.port }} \ No newline at end of file + number: 80 \ No newline at end of file diff --git a/poc/pkg/templates/istio.yaml b/poc/pkg/templates/istio.yaml index 4f58e34ada3..8ebb7cbc0af 100644 --- a/poc/pkg/templates/istio.yaml +++ b/poc/pkg/templates/istio.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Namespace metadata: - name: {{ .Values.istio.namespace }} + name: aro-rp-poc labels: istio.io/rev: asm-1-17 istio-injection: enabled \ No newline at end of file From 90231467d618f8d24bd687275663a16953e31f47 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 10:23:07 -0700 Subject: [PATCH 027/173] use value.yaml --- poc/pkg/templates/istio-credential.yaml | 4 ++-- poc/pkg/templates/istio-gateway.yaml | 10 +++++----- poc/pkg/templates/istio-virtualService.yaml | 12 ++++++------ poc/pkg/templates/istio.yaml | 2 +- poc/pkg/values.yaml | 5 ++--- 5 files changed, 16 insertions(+), 17 deletions(-) diff --git a/poc/pkg/templates/istio-credential.yaml b/poc/pkg/templates/istio-credential.yaml index d4aad974224..feb8b2b2a7e 100644 --- a/poc/pkg/templates/istio-credential.yaml +++ b/poc/pkg/templates/istio-credential.yaml @@ -80,6 +80,6 @@ EKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== kind: Secret metadata: creationTimestamp: null - name: rpCredentialPoc - namespace: aro-rp-poc + name: {{ .Values.istio.credential.name }} + namespace: {{ .Values.istio.namespace }} type: kubernetes.io/tls \ No newline at end of file diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index b23eafe614c..0083a34b37d 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -1,11 +1,11 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: - name: rpGatewayPoc - namespace: aro-rp-poc + name: {{ .Values.istio.gateway.name }} + namespace: {{ .Values.istio.namespace }} spec: selector: - istio: aks-istio-ingressgateway-internal + istio: {{ .Values.istio.name }} servers: - port: number: 443 @@ -13,6 +13,6 @@ spec: protocol: HTTPS tls: mode: SIMPLE - credentialName:rpCredentialPoc + credentialName: {{ .Values.istio.credential.name }} hosts: - - "*" \ No newline at end of file + - {{ .Values.istio.gateway.host }} \ No newline at end of file diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml index 6cda1b20956..c2112a2bc9e 100644 --- a/poc/pkg/templates/istio-virtualService.yaml +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -1,19 +1,19 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: rpVirtualServicePoc - namespace: aro-rp-poc + name: {{ .Values.istio.virtualService.name }} + namespace: {{ .Values.istio.namespace }} spec: hosts: - - "*" + - {{ .Values.istio.gateway.host }} gateways: - - rpGatewayPoc + - {{ .Values.istio.gateway.name }} http: - match: - uri: prefix: / route: - destination: - host: "*" + host: {{ .Values.istio.virtualService.service }} port: - number: 80 \ No newline at end of file + number: {{ .Values.istio.virtualService.port }} \ No newline at end of file diff --git a/poc/pkg/templates/istio.yaml b/poc/pkg/templates/istio.yaml index 8ebb7cbc0af..4f58e34ada3 100644 --- a/poc/pkg/templates/istio.yaml +++ b/poc/pkg/templates/istio.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Namespace metadata: - name: aro-rp-poc + name: {{ .Values.istio.namespace }} labels: istio.io/rev: asm-1-17 istio-injection: enabled \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 122c4d1e7b2..7edd10c8e2e 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -88,11 +88,10 @@ istio: gateway: name: rpGatewayPoc #TODO jonachang: need to specify the host once we have the domain name - host: "*" + host: "aro-istio-poc.westus3.cloudapp.azure.com" virtualService: name: rpVirtualServicePoc port: 80 - #TODO jonachang: need to specify the host once we have the domain name - host: "*" + service: aro-rp-poc-pkg credential: name: rpCredentialPoc \ No newline at end of file From f81bd1dd2ca5a359925a81757fcee093e5cd5b7f Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 11:06:20 -0700 Subject: [PATCH 028/173] fix credential --- poc/pkg/templates/istio-credential.yaml | 79 +------------------------ 1 file changed, 2 insertions(+), 77 deletions(-) diff --git a/poc/pkg/templates/istio-credential.yaml b/poc/pkg/templates/istio-credential.yaml index feb8b2b2a7e..049090b98c5 100644 --- a/poc/pkg/templates/istio-credential.yaml +++ b/poc/pkg/templates/istio-credential.yaml @@ -1,82 +1,7 @@ apiVersion: v1 data: - tls.crt: MIIFCTCCAvGgAwIBAgIUMwjRIYLxhIAc50lf/aw7sxaGNKUwDQYJKoZIhvcNAQEL -BQAwFDESMBAGA1UEAwwJam9uYWNoYW5nMB4XDTIzMDgyMTE4MDAwM1oXDTI0MDgx -MTE4MDAwM1owFDESMBAGA1UEAwwJam9uYWNoYW5nMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAonwaL1LaQH7+y3dN45d8YIFkooTU9J9OZOJ3BomIlVh9 -JZ277DTclh2KKppKjgKJkyAdwoNysuCKx7UiiRgkGaGtjSOaawHVfHSMw0AgaU/M -BDGwh26BmIq+SaFK950TtEipR1un3vokErShaZfCpbyjT63xnIZGn5dEOUkgNRsp -Vi4TmbVcW9ZQTARxsAJJefOnwAdd+l2tvm4X9EpGjBEqSHupFdDn55qG5+VoSkkZ -KvAKL/BoFkNMD13fhtig9mFugt2SW7dgRIgK5o2N9xuYpxlqpmiIanZtq35zbG5X -XGHNAJ8aLO5qBbv7KGdHkFfz7rCQif/EyUfwXC6tgg7B41yb19Dc10auhcFaEeeW -QBDaMgqhOwnYiQ6FbIolvv1JIr9W89QYUs3RMYoOH9t0+5leTfBT27dxnHHlh9Kb -NhCPvPUmzTGByKLpdYryXRdm1CE1CociMl2l4pUd/iEccBNgfqGbd8LfQZhEWAFz -Hk+hlyrMA1wcwYd/S2nPQS/4kHA9+eCvMStD22KXW6bv4xYIgkVSzvrj8iTQJGfy -vUlm2jmhXM/WFOq/GEogT4nvpbfNlquCGyGv9lY+jWCHJMRmYnZCsRFf04W6zT3x -ewikGiQp6ne2GXjGPFsi5i7omS2uylTbqa4xbMF8JwSvWnWZ93rRFjjj3/dyVvEC -AwEAAaNTMFEwHQYDVR0OBBYEFGZZOC56hrTrWbGtcBvDGml/UccIMB8GA1UdIwQY -MBaAFGZZOC56hrTrWbGtcBvDGml/UccIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggIBABmT5JB0CmryOEzUG3bWTkBds+MgZPvUesBoRDFtnJ4uDpsi -hvkGacBWzFdpGJGmXnFlAXuLP5c0VEjAX5oKqkfhMHfNpkmJUHQFnf+yy5yACOvr -PuKmKVVTgfuOYta0qbSQoXl8PwoGziDs9/8ZQ3RolywLjiUB3xQuFs+2/ZzhO/x7 -KJlna21aXiof1zuBszDbRycfRiJxVuBsujiUUl0vFUv0t82urTS+ILKgszXgyTQp -kGQEy24W2HEk95hE+rKz/DzwvbNeeVaoP69BPeE4Hy6OGxk1sK2XG/vplqvZMQtt -D6c51ss923atSZYq+RxSwSMurDunDpNXu6n5VlBJ7DQBts90IhTc00s5j/lUNK9V -5nBvopsLu8bSpFGSLgFC33SzNnizw3uFiatrQWguNN3XBcM2/G6CNEPFIjX2iUXO -8fLd0U29MnJsJ3B6NLGdyZSAVgDyfFfnDelWAYg4J2EPpDATx0I8Xvwf294xh50K -durfZvfoYkxeeBBqPKFwOh1MrxfPf7tBZnL4l4vQJwbjuAlpCDo9WgpWvJ9uZO96 -RQQ9bptvOt3u5hVuObkE20EukEgkj75xyVoqGo4b/zaCH88zILHXtPWKDohECpd0 -NUHOEt5JFgqn3hvEPuYqfSjqIdFniTEC/TR1aeYmXdDrLr/3L8YRXVyRjHcQ - tls.key: MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCifBovUtpAfv7L -d03jl3xggWSihNT0n05k4ncGiYiVWH0lnbvsNNyWHYoqmkqOAomTIB3Cg3Ky4IrH -tSKJGCQZoa2NI5prAdV8dIzDQCBpT8wEMbCHboGYir5JoUr3nRO0SKlHW6fe+iQS -tKFpl8KlvKNPrfGchkafl0Q5SSA1GylWLhOZtVxb1lBMBHGwAkl586fAB136Xa2+ -bhf0SkaMESpIe6kV0Ofnmobn5WhKSRkq8Aov8GgWQ0wPXd+G2KD2YW6C3ZJbt2BE -iArmjY33G5inGWqmaIhqdm2rfnNsbldcYc0Anxos7moFu/soZ0eQV/PusJCJ/8TJ -R/BcLq2CDsHjXJvX0NzXRq6FwVoR55ZAENoyCqE7CdiJDoVsiiW+/Ukiv1bz1BhS -zdExig4f23T7mV5N8FPbt3GcceWH0ps2EI+89SbNMYHIoul1ivJdF2bUITUKhyIy -XaXilR3+IRxwE2B+oZt3wt9BmERYAXMeT6GXKswDXBzBh39Lac9BL/iQcD354K8x -K0PbYpdbpu/jFgiCRVLO+uPyJNAkZ/K9SWbaOaFcz9YU6r8YSiBPie+lt82Wq4Ib -Ia/2Vj6NYIckxGZidkKxEV/ThbrNPfF7CKQaJCnqd7YZeMY8WyLmLuiZLa7KVNup -rjFswXwnBK9adZn3etEWOOPf93JW8QIDAQABAoICAAVgFwZjaOk3iAq5ygDm5vM3 -qBAsMZamBB088AR3hq9UJhAHDPS/jV/qsTBIsThd/FY6qGA9hvGgNfzbAxlwebGM -YmhqUMrw03vnFZszkxN+im0zhcVaXZQh3FY3mwyN9e90GO1EYXH0TppF9gRaqMBO -i4y1Tg7oQLnwqVcHrdIOOs0JLdZR+zDBmA1iCYpfgGy18PQ6HrzUwsOG14RjT2Dz -g/6xzgkZaB/Gr/l+69u4/iUfCXWGwmkObGTrmySWNri36s3XluZ6pXTW8p0V6B70 -7TmqQKDOWtuLpjrzAJd3w77Ai/fCsEZRU9oYEenru+n1l3/rd8rxhCtHOmCZwkrf -E7wltPiugC0sOFM7LsFGydecyqKvP533AdlB6ZDkYzHBqK73t+17+DSyCcbH3ozB -ppPiR6r5IpOx2fk+pEFQChbQQdSTwBuv+Msr3zDnD5W/yb3QGJK3EFQ73aexSkDA -b/RqvVf6U7LkbkgSQ+3neBfIskQrG2D3S/HdC/4WFzh28DBInnU3u31OGMEoAjJW -FGeQEgrlYddjMS7efS/+HTvmuJdKrCrzsr40kpEDxl9/rrZHg6jZ48UP5LegjKla -Ic5czEzMnOHFftNNuPaZZeGtTX4d7dXbzvWBE+ghLQliEW4FxIQhru0RcxjNwwLy -tVL6YTk6WyWPDMRHk1YNAoIBAQDErAeHdzTE1hkE+ciitYOVLgaj70D7sT0kMrPg -oj61KG3foqWliTOmP1nD2u7hcrumKGLwiOa8GJAjpwMt1vAWQslLDCj9YGuFOGdE -z0S9/be/ViL9wkds7YP+h/2jnlnJobzKL79tTRuea8WIF3dxuUZaCQehYaNf5J8F -RV905fpuKe40ZMiX8qCz2Gh3iXI1hqMlsGn+A/EYEY6Qr9VuESVj/4WrgferlDzf -2arF3WT87dE8bErXPWieG8KpAfG89dITfKwzqVPM20J44ERfv5oteWiNO/0QOZX8 -xMy6wUDyRh1hbtL7VAtnxbtYPbmq/eEAuhDx47CdJgrBLHxVAoIBAQDTf/gk0CZ4 -69S/5SN2/XaLsYGIWXNIqn8BlyStJ9EI07hwzbZzWupU24EtIFzr7hE5VEI6caRK -A8trUFh6vzr7dszeiZKxd/yiGtmlTz7pDx3/jmJGX8Ujzo2Q1dyIYl3zWAmBHEkm -p+2Mra/kibcKWPiI+1WDdKFlJwQcCD0KELg8/PB/j7fkklKaCLh/Ku9AOshuw9wC -jUAYb8N3CgybgPsHpo7h/qGf6wlDiTrsWGyZm56FJTY1BnbzdL/M9wXJqXp+1pbQ -5pDGj+rJOVhKx7CzqLKx+n94xbAITE4Ykii1tqsBMqgcOqzViKehuyHRxwjwvcoR -vrzY2FTWGowtAoIBAH43VQGoDBKCwD3EO/HIAbEcf6B3rEGbBn0TmQMBvLKwRosu -K5ZnzeDUaTxbZdEDu8+vvYdWpJV0QhTPWyfw99WheOOT4z5wwbAWeZfcWOaBTIob -soseQo5yg7I2/h0iQ8c16B3ttLFlueLakUN8o+g1GiQwBViZe6rP4woT8mXoLebD -PB8dyupRCLdCnBCTAdu+Ezfd1rfxOanToqXSYmunz1I0q0ldOGBB2yth2snvAp+b -1Bst+H3X6CsH785c9BHrxK1C5pSlB6XB1RAUBW1ZXo3ui52QMSFXg51bg3QbEB4r -xzE/WWF4F3W6nTfNLTnCgsLfpn5GPJMt1dsRPJ0CggEBAJ5ayUNe6f9Nq8xF1wjn -e9PaAr9BIjT9Gvzo2pgfIL64LveevoWeQ6dndk+AVLJ9XD4NXUz++2BDeRIPZT/6 -YEIZUAkq/j+MNAZ3jg/cxqCfJfnK9L/2QtetdodD6MvgwrFJcExQDmE4CH91KCY4 -Cmlf9i4x6HP1ZkYjMUt/y5v2qstXIwaPZ8Nm3xvffawRTHNNz/ZHBTqP4baqL7K4 -PnpL1yiCR6bkDMV8qEH9xLVi+2UDhGvyUaTgAz4DYvwm1BmKoGHJb8BXcXyKEuO4 -4OeUnjPWEn15remSMlv0LeDtxjdP3reV4xLHx9JVcBWC1C6KFKKTp3Ej26eMSfDI -jb0CggEAMjNJDZtx9CVultEPJvPkdAoF2vhnKAs7YFal1pWSTdjZxI2FRmGOzukp -8HJS3Ah+6k8cERNKj+wKeKUiNqw4D3dvGdjKpQhEZ1MCg6p6no7q0l6zQClGbaM+ -+IdaCVI8El4qKBMBqGTO/8vQWtLXb/GdHsrt8esm/4dq+ferrz8NdwzS0qhdCyZM -AmUWLdqC4Yezmb4unZrxm/OUic6mEP7YjIz3a4dpSGVPFvhaxA+GEbVFai7hgo2H -yBpddr0b4fYMtNCF1FeF7IRCyMgTVD3CJ0F2B/fPOswpqPnYAXe9dlZJqKe82DTe -EKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== + tls.crt: MIIFCTCCAvGgAwIBAgIUMwjRIYLxhIAc50lf/aw7sxaGNKUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJam9uYWNoYW5nMB4XDTIzMDgyMTE4MDAwM1oXDTI0MDgxMTE4MDAwM1owFDESMBAGA1UEAwwJam9uYWNoYW5nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAonwaL1LaQH7+y3dN45d8YIFkooTU9J9OZOJ3BomIlVh9JZ277DTclh2KKppKjgKJkyAdwoNysuCKx7UiiRgkGaGtjSOaawHVfHSMw0AgaU/MBDGwh26BmIq+SaFK950TtEipR1un3vokErShaZfCpbyjT63xnIZGn5dEOUkgNRspVi4TmbVcW9ZQTARxsAJJefOnwAdd+l2tvm4X9EpGjBEqSHupFdDn55qG5+VoSkkZKvAKL/BoFkNMD13fhtig9mFugt2SW7dgRIgK5o2N9xuYpxlqpmiIanZtq35zbG5XXGHNAJ8aLO5qBbv7KGdHkFfz7rCQif/EyUfwXC6tgg7B41yb19Dc10auhcFaEeeWQBDaMgqhOwnYiQ6FbIolvv1JIr9W89QYUs3RMYoOH9t0+5leTfBT27dxnHHlh9KbNhCPvPUmzTGByKLpdYryXRdm1CE1CociMl2l4pUd/iEccBNgfqGbd8LfQZhEWAFzHk+hlyrMA1wcwYd/S2nPQS/4kHA9+eCvMStD22KXW6bv4xYIgkVSzvrj8iTQJGfyvUlm2jmhXM/WFOq/GEogT4nvpbfNlquCGyGv9lY+jWCHJMRmYnZCsRFf04W6zT3xewikGiQp6ne2GXjGPFsi5i7omS2uylTbqa4xbMF8JwSvWnWZ93rRFjjj3/dyVvECAwEAAaNTMFEwHQYDVR0OBBYEFGZZOC56hrTrWbGtcBvDGml/UccIMB8GA1UdIwQYMBaAFGZZOC56hrTrWbGtcBvDGml/UccIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABmT5JB0CmryOEzUG3bWTkBds+MgZPvUesBoRDFtnJ4uDpsihvkGacBWzFdpGJGmXnFlAXuLP5c0VEjAX5oKqkfhMHfNpkmJUHQFnf+yy5yACOvrPuKmKVVTgfuOYta0qbSQoXl8PwoGziDs9/8ZQ3RolywLjiUB3xQuFs+2/ZzhO/xKJlna21aXiof1zuBszDbRycfRiJxVuBsujiUUl0vFUv0t82urTS+ILKgszXgyTQpkGQEy24W2HEk95hE+rKz/DzwvbNeeVaoP69BPeE4Hy6OGxk1sK2XG/vplqvZMQttD6c51ss923atSZYq+RxSwSMurDunDpNXu6n5VlBJ7DQBts90IhTc00s5j/lUNK9V5nBvopsLu8bSpFGSLgFC33SzNnizw3uFiatrQWguNN3XBcM2/G6CNEPFIjX2iUXO8fLd0U29MnJsJ3B6NLGdyZSAVgDyfFfnDelWAYg4J2EPpDATx0I8Xvwf294xh50KdurfZvfoYkxeeBBqPKFwOh1MrxfPf7tBZnL4l4vQJwbjuAlpCDo9WgpWvJ9uZO96RQQ9bptvOt3u5hVuObkE20EukEgkj75xyVoqGo4b/zaCH88zILHXtPWKDohECpd0NUHOEt5JFgqn3hvEPuYqfSjqIdFniTEC/TR1aeYmXdDrLr/3L8YRXVyRjHcQ + tls.key: MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCifBovUtpAfv7Ld03jl3xggWSihNT0n05k4ncGiYiVWH0lnbvsNNyWHYoqmkqOAomTIB3Cg3Ky4IrHtSKJGCQZoa2NI5prAdV8dIzDQCBpT8wEMbCHboGYir5JoUr3nRO0SKlHW6fe+iQStKFpl8KlvKNPrfGchkafl0Q5SSA1GylWLhOZtVxb1lBMBHGwAkl586fAB136Xa2+bhf0SkaMESpIe6kV0Ofnmobn5WhKSRkq8Aov8GgWQ0wPXd+G2KD2YW6C3ZJbt2BEiArmjY33G5inGWqmaIhqdm2rfnNsbldcYc0Anxos7moFu/soZ0eQV/PusJCJ/8TJR/BcLq2CDsHjXJvX0NzXRq6FwVoR55ZAENoyCqE7CdiJDoVsiiW+/Ukiv1bz1BhSzdExig4f23T7mV5N8FPbt3GcceWH0ps2EI+89SbNMYHIoul1ivJdF2bUITUKhyIyXaXilR3+IRxwE2B+oZt3wt9BmERYAXMeT6GXKswDXBzBh39Lac9BL/iQcD354K8xK0PbYpdbpu/jFgiCRVLO+uPyJNAkZ/K9SWbaOaFcz9YU6r8YSiBPie+lt82Wq4IbIa/2Vj6NYIckxGZidkKxEV/ThbrNPfF7CKQaJCnqd7YZeMY8WyLmLuiZLa7KVNuprjFswXwnBK9adZn3etEWOOPf93JW8QIDAQABAoICAAVgFwZjaOk3iAq5ygDm5vM3qBAsMZamBB088AR3hq9UJhAHDPS/jV/qsTBIsThd/FY6qGA9hvGgNfzbAxlwebGMYmhqUMrw03vnFZszkxN+im0zhcVaXZQh3FY3mwyN9e90GO1EYXH0TppF9gRaqMBOi4y1Tg7oQLnwqVcHrdIOOs0JLdZR+zDBmA1iCYpfgGy18PQ6HrzUwsOG14RjT2Dzg/6xzgkZaB/Gr/l+69u4/iUfCXWGwmkObGTrmySWNri36s3XluZ6pXTW8p0V6B707TmqQKDOWtuLpjrzAJd3w77Ai/fCsEZRU9oYEenru+n1l3/rd8rxhCtHOmCZwkrfE7wltPiugC0sOFM7LsFGydecyqKvP533AdlB6ZDkYzHBqK73t+17+DSyCcbH3ozBppPiR6r5IpOx2fk+pEFQChbQQdSTwBuv+Msr3zDnD5W/yb3QGJK3EFQ73aexSkDAb/RqvVf6U7LkbkgSQ+3neBfIskQrG2D3S/HdC/4WFzh28DBInnU3u31OGMEoAjJWFGeQEgrlYddjMS7efS/+HTvmuJdKrCrzsr40kpEDxl9/rrZHg6jZ48UP5LegjKlaIc5czEzMnOHFftNNuPaZZeGtTX4d7dXbzvWBE+ghLQliEW4FxIQhru0RcxjNwwLytVL6YTk6WyWPDMRHk1YNAoIBAQDErAeHdzTE1hkE+ciitYOVLgaj70D7sT0kMrPgoj61KG3foqWliTOmP1nD2u7hcrumKGLwiOa8GJAjpwMt1vAWQslLDCj9YGuFOGdEz0S9/be/ViL9wkds7YP+h/2jnlnJobzKL79tTRuea8WIF3dxuUZaCQehYaNf5J8FRV905fpuKe40ZMiX8qCz2Gh3iXI1hqMlsGn+A/EYEY6Qr9VuESVj/4WrgferlDzf2arF3WT87dE8bErXPWieG8KpAfG89dITfKwzqVPM20J44ERfv5oteWiNO/0QOZX8xMy6wUDyRh1hbtL7VAtnxbtYPbmq/eEAuhDx47CdJgrBLHxVAoIBAQDTf/gk0CZ469S/5SN2/XaLsYGIWXNIqn8BlyStJ9EI07hwzbZzWupU24EtIFzr7hE5VEI6caRKA8trUFh6vzr7dszeiZKxd/yiGtmlTz7pDx3/jmJGX8Ujzo2Q1dyIYl3zWAmBHEkmp+2Mra/kibcKWPiI+1WDdKFlJwQcCD0KELg8/PB/j7fkklKaCLh/Ku9AOshuw9wCjUAYb8N3CgybgPsHpo7h/qGf6wlDiTrsWGyZm56FJTY1BnbzdL/M9wXJqXp+1pbQ5pDGj+rJOVhKx7CzqLKx+n94xbAITE4Ykii1tqsBMqgcOqzViKehuyHRxwjwvcoRvrzY2FTWGowtAoIBAH43VQGoDBKCwD3EO/HIAbEcf6B3rEGbBn0TmQMBvLKwRosuK5ZnzeDUaTxbZdEDu8+vvYdWpJV0QhTPWyfw99WheOOT4z5wwbAWeZfcWOaBTIobsoseQo5yg7I2/h0iQ8c16B3ttLFlueLakUN8o+g1GiQwBViZe6rP4woT8mXoLebDPB8dyupRCLdCnBCTAdu+Ezfd1rfxOanToqXSYmunz1I0q0ldOGBB2yth2snvAp+b1Bst+H3X6CsH785c9BHrxK1C5pSlB6XB1RAUBW1ZXo3ui52QMSFXg51bg3QbEB4rxzE/WWF4F3W6nTfNLTnCgsLfpn5GPJMt1dsRPJ0CggEBAJ5ayUNe6f9Nq8xF1wjne9PaAr9BIjT9Gvzo2pgfIL64LveevoWeQ6dndk+AVLJ9XD4NXUz++2BDeRIPZT/6YEIZUAkq/j+MNAZ3jg/cxqCfJfnK9L/2QtetdodD6MvgwrFJcExQDmE4CH91KCY4Cmlf9i4x6HP1ZkYjMUt/y5v2qstXIwaPZ8Nm3xvffawRTHNNz/ZHBTqP4baqL7K4PnpL1yiCR6bkDMV8qEH9xLVi+2UDhGvyUaTgAz4DYvwm1BmKoGHJb8BXcXyKEuO44OeUnjPWEn15remSMlv0LeDtxjdP3reV4xLHx9JVcBWC1C6KFKKTp3Ej26eMSfDIjb0CggEAMjNJDZtx9CVultEPJvPkdAoF2vhnKAs7YFal1pWSTdjZxI2FRmGOzukp8HJS3Ah+6k8cERNKj+wKeKUiNqw4D3dvGdjKpQhEZ1MCg6p6no7q0l6zQClGbaM++IdaCVI8El4qKBMBqGTO/8vQWtLXb/GdHsrt8esm/4dq+ferrz8NdwzS0qhdCyZMAmUWLdqC4Yezmb4unZrxm/OUic6mEP7YjIz3a4dpSGVPFvhaxA+GEbVFai7hgo2HyBpddr0b4fYMtNCF1FeF7IRCyMgTVD3CJ0F2B/fPOswpqPnYAXe9dlZJqKe82DTeEKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== kind: Secret metadata: creationTimestamp: null From c470593c4d7d3382d30040d82b61a9046dd2270d Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 11:53:05 -0700 Subject: [PATCH 029/173] remove namesapce --- poc/pkg/templates/istio.yaml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 poc/pkg/templates/istio.yaml diff --git a/poc/pkg/templates/istio.yaml b/poc/pkg/templates/istio.yaml deleted file mode 100644 index 4f58e34ada3..00000000000 --- a/poc/pkg/templates/istio.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.istio.namespace }} - labels: - istio.io/rev: asm-1-17 - istio-injection: enabled \ No newline at end of file From 8aa1e51fbe0768c8808e171ad1257fa6cbc3b634 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 12:59:15 -0700 Subject: [PATCH 030/173] edit crt and key --- poc/pkg/templates/istio-credential.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/istio-credential.yaml b/poc/pkg/templates/istio-credential.yaml index 049090b98c5..436f1c3747b 100644 --- a/poc/pkg/templates/istio-credential.yaml +++ b/poc/pkg/templates/istio-credential.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - tls.crt: MIIFCTCCAvGgAwIBAgIUMwjRIYLxhIAc50lf/aw7sxaGNKUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJam9uYWNoYW5nMB4XDTIzMDgyMTE4MDAwM1oXDTI0MDgxMTE4MDAwM1owFDESMBAGA1UEAwwJam9uYWNoYW5nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAonwaL1LaQH7+y3dN45d8YIFkooTU9J9OZOJ3BomIlVh9JZ277DTclh2KKppKjgKJkyAdwoNysuCKx7UiiRgkGaGtjSOaawHVfHSMw0AgaU/MBDGwh26BmIq+SaFK950TtEipR1un3vokErShaZfCpbyjT63xnIZGn5dEOUkgNRspVi4TmbVcW9ZQTARxsAJJefOnwAdd+l2tvm4X9EpGjBEqSHupFdDn55qG5+VoSkkZKvAKL/BoFkNMD13fhtig9mFugt2SW7dgRIgK5o2N9xuYpxlqpmiIanZtq35zbG5XXGHNAJ8aLO5qBbv7KGdHkFfz7rCQif/EyUfwXC6tgg7B41yb19Dc10auhcFaEeeWQBDaMgqhOwnYiQ6FbIolvv1JIr9W89QYUs3RMYoOH9t0+5leTfBT27dxnHHlh9KbNhCPvPUmzTGByKLpdYryXRdm1CE1CociMl2l4pUd/iEccBNgfqGbd8LfQZhEWAFzHk+hlyrMA1wcwYd/S2nPQS/4kHA9+eCvMStD22KXW6bv4xYIgkVSzvrj8iTQJGfyvUlm2jmhXM/WFOq/GEogT4nvpbfNlquCGyGv9lY+jWCHJMRmYnZCsRFf04W6zT3xewikGiQp6ne2GXjGPFsi5i7omS2uylTbqa4xbMF8JwSvWnWZ93rRFjjj3/dyVvECAwEAAaNTMFEwHQYDVR0OBBYEFGZZOC56hrTrWbGtcBvDGml/UccIMB8GA1UdIwQYMBaAFGZZOC56hrTrWbGtcBvDGml/UccIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABmT5JB0CmryOEzUG3bWTkBds+MgZPvUesBoRDFtnJ4uDpsihvkGacBWzFdpGJGmXnFlAXuLP5c0VEjAX5oKqkfhMHfNpkmJUHQFnf+yy5yACOvrPuKmKVVTgfuOYta0qbSQoXl8PwoGziDs9/8ZQ3RolywLjiUB3xQuFs+2/ZzhO/xKJlna21aXiof1zuBszDbRycfRiJxVuBsujiUUl0vFUv0t82urTS+ILKgszXgyTQpkGQEy24W2HEk95hE+rKz/DzwvbNeeVaoP69BPeE4Hy6OGxk1sK2XG/vplqvZMQttD6c51ss923atSZYq+RxSwSMurDunDpNXu6n5VlBJ7DQBts90IhTc00s5j/lUNK9V5nBvopsLu8bSpFGSLgFC33SzNnizw3uFiatrQWguNN3XBcM2/G6CNEPFIjX2iUXO8fLd0U29MnJsJ3B6NLGdyZSAVgDyfFfnDelWAYg4J2EPpDATx0I8Xvwf294xh50KdurfZvfoYkxeeBBqPKFwOh1MrxfPf7tBZnL4l4vQJwbjuAlpCDo9WgpWvJ9uZO96RQQ9bptvOt3u5hVuObkE20EukEgkj75xyVoqGo4b/zaCH88zILHXtPWKDohECpd0NUHOEt5JFgqn3hvEPuYqfSjqIdFniTEC/TR1aeYmXdDrLr/3L8YRXVyRjHcQ + tls.crt: MIIFCTCCAvGgAwIBAgIUMwjRIYLxhIAc50lf/aw7sxaGNKUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJam9uYWNoYW5nMB4XDTIzMDgyMTE4MDAwM1oXDTI0MDgxMTE4MDAwM1owFDESMBAGA1UEAwwJam9uYWNoYW5nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAonwaL1LaQH7+y3dN45d8YIFkooTU9J9OZOJ3BomIlVh9JZ277DTclh2KKppKjgKJkyAdwoNysuCKx7UiiRgkGaGtjSOaawHVfHSMw0AgaU/MBDGwh26BmIq+SaFK950TtEipR1un3vokErShaZfCpbyjT63xnIZGn5dEOUkgNRspVi4TmbVcW9ZQTARxsAJJefOnwAdd+l2tvm4X9EpGjBEqSHupFdDn55qG5+VoSkkZKvAKL/BoFkNMD13fhtig9mFugt2SW7dgRIgK5o2N9xuYpxlqpmiIanZtq35zbG5XXGHNAJ8aLO5qBbv7KGdHkFfz7rCQif/EyUfwXC6tgg7B41yb19Dc10auhcFaEeeWQBDaMgqhOwnYiQ6FbIolvv1JIr9W89QYUs3RMYoOH9t0+5leTfBT27dxnHHlh9KbNhCPvPUmzTGByKLpdYryXRdm1CE1CociMl2l4pUd/iEccBNgfqGbd8LfQZhEWAFzHk+hlyrMA1wcwYd/S2nPQS/4kHA9+eCvMStD22KXW6bv4xYIgkVSzvrj8iTQJGfyvUlm2jmhXM/WFOq/GEogT4nvpbfNlquCGyGv9lY+jWCHJMRmYnZCsRFf04W6zT3xewikGiQp6ne2GXjGPFsi5i7omS2uylTbqa4xbMF8JwSvWnWZ93rRFjjj3/dyVvECAwEAAaNTMFEwHQYDVR0OBBYEFGZZOC56hrTrWbGtcBvDGml/UccIMB8GA1UdIwQYMBaAFGZZOC56hrTrWbGtcBvDGml/UccIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABmT5JB0CmryOEzUG3bWTkBds+MgZPvUesBoRDFtnJ4uDpsihvkGacBWzFdpGJGmXnFlAXuLP5c0VEjAX5oKqkfhMHfNpkmJUHQFnf+yy5yACOvrPuKmKVVTgfuOYta0qbSQoXl8PwoGziDs9/8ZQ3RolywLjiUB3xQuFs+2/ZzhO/x7KJlna21aXiof1zuBszDbRycfRiJxVuBsujiUUl0vFUv0t82urTS+ILKgszXgyTQpkGQEy24W2HEk95hE+rKz/DzwvbNeeVaoP69BPeE4Hy6OGxk1sK2XG/vplqvZMQttD6c51ss923atSZYq+RxSwSMurDunDpNXu6n5VlBJ7DQBts90IhTc00s5j/lUNK9V5nBvopsLu8bSpFGSLgFC33SzNnizw3uFiatrQWguNN3XBcM2/G6CNEPFIjX2iUXO8fLd0U29MnJsJ3B6NLGdyZSAVgDyfFfnDelWAYg4J2EPpDATx0I8Xvwf294xh50KdurfZvfoYkxeeBBqPKFwOh1MrxfPf7tBZnL4l4vQJwbjuAlpCDo9WgpWvJ9uZO96RQQ9bptvOt3u5hVuObkE20EukEgkj75xyVoqGo4b/zaCH88zILHXtPWKDohECpd0NUHOEt5JFgqn3hvEPuYqfSjqIdFniTEC/TR1aeYmXdDrLr/3L8YRXVyRjHcQ tls.key: MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCifBovUtpAfv7Ld03jl3xggWSihNT0n05k4ncGiYiVWH0lnbvsNNyWHYoqmkqOAomTIB3Cg3Ky4IrHtSKJGCQZoa2NI5prAdV8dIzDQCBpT8wEMbCHboGYir5JoUr3nRO0SKlHW6fe+iQStKFpl8KlvKNPrfGchkafl0Q5SSA1GylWLhOZtVxb1lBMBHGwAkl586fAB136Xa2+bhf0SkaMESpIe6kV0Ofnmobn5WhKSRkq8Aov8GgWQ0wPXd+G2KD2YW6C3ZJbt2BEiArmjY33G5inGWqmaIhqdm2rfnNsbldcYc0Anxos7moFu/soZ0eQV/PusJCJ/8TJR/BcLq2CDsHjXJvX0NzXRq6FwVoR55ZAENoyCqE7CdiJDoVsiiW+/Ukiv1bz1BhSzdExig4f23T7mV5N8FPbt3GcceWH0ps2EI+89SbNMYHIoul1ivJdF2bUITUKhyIyXaXilR3+IRxwE2B+oZt3wt9BmERYAXMeT6GXKswDXBzBh39Lac9BL/iQcD354K8xK0PbYpdbpu/jFgiCRVLO+uPyJNAkZ/K9SWbaOaFcz9YU6r8YSiBPie+lt82Wq4IbIa/2Vj6NYIckxGZidkKxEV/ThbrNPfF7CKQaJCnqd7YZeMY8WyLmLuiZLa7KVNuprjFswXwnBK9adZn3etEWOOPf93JW8QIDAQABAoICAAVgFwZjaOk3iAq5ygDm5vM3qBAsMZamBB088AR3hq9UJhAHDPS/jV/qsTBIsThd/FY6qGA9hvGgNfzbAxlwebGMYmhqUMrw03vnFZszkxN+im0zhcVaXZQh3FY3mwyN9e90GO1EYXH0TppF9gRaqMBOi4y1Tg7oQLnwqVcHrdIOOs0JLdZR+zDBmA1iCYpfgGy18PQ6HrzUwsOG14RjT2Dzg/6xzgkZaB/Gr/l+69u4/iUfCXWGwmkObGTrmySWNri36s3XluZ6pXTW8p0V6B707TmqQKDOWtuLpjrzAJd3w77Ai/fCsEZRU9oYEenru+n1l3/rd8rxhCtHOmCZwkrfE7wltPiugC0sOFM7LsFGydecyqKvP533AdlB6ZDkYzHBqK73t+17+DSyCcbH3ozBppPiR6r5IpOx2fk+pEFQChbQQdSTwBuv+Msr3zDnD5W/yb3QGJK3EFQ73aexSkDAb/RqvVf6U7LkbkgSQ+3neBfIskQrG2D3S/HdC/4WFzh28DBInnU3u31OGMEoAjJWFGeQEgrlYddjMS7efS/+HTvmuJdKrCrzsr40kpEDxl9/rrZHg6jZ48UP5LegjKlaIc5czEzMnOHFftNNuPaZZeGtTX4d7dXbzvWBE+ghLQliEW4FxIQhru0RcxjNwwLytVL6YTk6WyWPDMRHk1YNAoIBAQDErAeHdzTE1hkE+ciitYOVLgaj70D7sT0kMrPgoj61KG3foqWliTOmP1nD2u7hcrumKGLwiOa8GJAjpwMt1vAWQslLDCj9YGuFOGdEz0S9/be/ViL9wkds7YP+h/2jnlnJobzKL79tTRuea8WIF3dxuUZaCQehYaNf5J8FRV905fpuKe40ZMiX8qCz2Gh3iXI1hqMlsGn+A/EYEY6Qr9VuESVj/4WrgferlDzf2arF3WT87dE8bErXPWieG8KpAfG89dITfKwzqVPM20J44ERfv5oteWiNO/0QOZX8xMy6wUDyRh1hbtL7VAtnxbtYPbmq/eEAuhDx47CdJgrBLHxVAoIBAQDTf/gk0CZ469S/5SN2/XaLsYGIWXNIqn8BlyStJ9EI07hwzbZzWupU24EtIFzr7hE5VEI6caRKA8trUFh6vzr7dszeiZKxd/yiGtmlTz7pDx3/jmJGX8Ujzo2Q1dyIYl3zWAmBHEkmp+2Mra/kibcKWPiI+1WDdKFlJwQcCD0KELg8/PB/j7fkklKaCLh/Ku9AOshuw9wCjUAYb8N3CgybgPsHpo7h/qGf6wlDiTrsWGyZm56FJTY1BnbzdL/M9wXJqXp+1pbQ5pDGj+rJOVhKx7CzqLKx+n94xbAITE4Ykii1tqsBMqgcOqzViKehuyHRxwjwvcoRvrzY2FTWGowtAoIBAH43VQGoDBKCwD3EO/HIAbEcf6B3rEGbBn0TmQMBvLKwRosuK5ZnzeDUaTxbZdEDu8+vvYdWpJV0QhTPWyfw99WheOOT4z5wwbAWeZfcWOaBTIobsoseQo5yg7I2/h0iQ8c16B3ttLFlueLakUN8o+g1GiQwBViZe6rP4woT8mXoLebDPB8dyupRCLdCnBCTAdu+Ezfd1rfxOanToqXSYmunz1I0q0ldOGBB2yth2snvAp+b1Bst+H3X6CsH785c9BHrxK1C5pSlB6XB1RAUBW1ZXo3ui52QMSFXg51bg3QbEB4rxzE/WWF4F3W6nTfNLTnCgsLfpn5GPJMt1dsRPJ0CggEBAJ5ayUNe6f9Nq8xF1wjne9PaAr9BIjT9Gvzo2pgfIL64LveevoWeQ6dndk+AVLJ9XD4NXUz++2BDeRIPZT/6YEIZUAkq/j+MNAZ3jg/cxqCfJfnK9L/2QtetdodD6MvgwrFJcExQDmE4CH91KCY4Cmlf9i4x6HP1ZkYjMUt/y5v2qstXIwaPZ8Nm3xvffawRTHNNz/ZHBTqP4baqL7K4PnpL1yiCR6bkDMV8qEH9xLVi+2UDhGvyUaTgAz4DYvwm1BmKoGHJb8BXcXyKEuO44OeUnjPWEn15remSMlv0LeDtxjdP3reV4xLHx9JVcBWC1C6KFKKTp3Ej26eMSfDIjb0CggEAMjNJDZtx9CVultEPJvPkdAoF2vhnKAs7YFal1pWSTdjZxI2FRmGOzukp8HJS3Ah+6k8cERNKj+wKeKUiNqw4D3dvGdjKpQhEZ1MCg6p6no7q0l6zQClGbaM++IdaCVI8El4qKBMBqGTO/8vQWtLXb/GdHsrt8esm/4dq+ferrz8NdwzS0qhdCyZMAmUWLdqC4Yezmb4unZrxm/OUic6mEP7YjIz3a4dpSGVPFvhaxA+GEbVFai7hgo2HyBpddr0b4fYMtNCF1FeF7IRCyMgTVD3CJ0F2B/fPOswpqPnYAXe9dlZJqKe82DTeEKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== kind: Secret metadata: From 54ea5e92713c233d0bdfe6e4fee65aa68c15098a Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 13:33:53 -0700 Subject: [PATCH 031/173] rename secret --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 7edd10c8e2e..c50adb06458 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -94,4 +94,4 @@ istio: port: 80 service: aro-rp-poc-pkg credential: - name: rpCredentialPoc \ No newline at end of file + name: rp-poc-secret \ No newline at end of file From d474ecd525222b487b93e7881a7e1a4865b82eb6 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 14:10:32 -0700 Subject: [PATCH 032/173] change name --- poc/pkg/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index c50adb06458..8b47c6545ec 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -86,11 +86,11 @@ istio: name: aks-istio-ingressgateway-internal namespace: aro-rp-poc gateway: - name: rpGatewayPoc + name: rp-poc-gateway #TODO jonachang: need to specify the host once we have the domain name host: "aro-istio-poc.westus3.cloudapp.azure.com" virtualService: - name: rpVirtualServicePoc + name: rp-poc-virtualservice port: 80 service: aro-rp-poc-pkg credential: From d71a2cc869de9abfd79550ea5a52e667afe268b4 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 15:02:37 -0700 Subject: [PATCH 033/173] add comments --- poc/pkg/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 8b47c6545ec..9382a1695ef 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -92,6 +92,7 @@ istio: virtualService: name: rp-poc-virtualservice port: 80 + #TODO jonachang: need to update to the sample app name once created service: aro-rp-poc-pkg credential: name: rp-poc-secret \ No newline at end of file From 0ed0120fedbbee146b876951517340d0ae7a6584 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 15:58:26 -0700 Subject: [PATCH 034/173] remove secret crt and key --- poc/pkg/templates/istio-credential.yaml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 poc/pkg/templates/istio-credential.yaml diff --git a/poc/pkg/templates/istio-credential.yaml b/poc/pkg/templates/istio-credential.yaml deleted file mode 100644 index 436f1c3747b..00000000000 --- a/poc/pkg/templates/istio-credential.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - tls.crt: MIIFCTCCAvGgAwIBAgIUMwjRIYLxhIAc50lf/aw7sxaGNKUwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJam9uYWNoYW5nMB4XDTIzMDgyMTE4MDAwM1oXDTI0MDgxMTE4MDAwM1owFDESMBAGA1UEAwwJam9uYWNoYW5nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAonwaL1LaQH7+y3dN45d8YIFkooTU9J9OZOJ3BomIlVh9JZ277DTclh2KKppKjgKJkyAdwoNysuCKx7UiiRgkGaGtjSOaawHVfHSMw0AgaU/MBDGwh26BmIq+SaFK950TtEipR1un3vokErShaZfCpbyjT63xnIZGn5dEOUkgNRspVi4TmbVcW9ZQTARxsAJJefOnwAdd+l2tvm4X9EpGjBEqSHupFdDn55qG5+VoSkkZKvAKL/BoFkNMD13fhtig9mFugt2SW7dgRIgK5o2N9xuYpxlqpmiIanZtq35zbG5XXGHNAJ8aLO5qBbv7KGdHkFfz7rCQif/EyUfwXC6tgg7B41yb19Dc10auhcFaEeeWQBDaMgqhOwnYiQ6FbIolvv1JIr9W89QYUs3RMYoOH9t0+5leTfBT27dxnHHlh9KbNhCPvPUmzTGByKLpdYryXRdm1CE1CociMl2l4pUd/iEccBNgfqGbd8LfQZhEWAFzHk+hlyrMA1wcwYd/S2nPQS/4kHA9+eCvMStD22KXW6bv4xYIgkVSzvrj8iTQJGfyvUlm2jmhXM/WFOq/GEogT4nvpbfNlquCGyGv9lY+jWCHJMRmYnZCsRFf04W6zT3xewikGiQp6ne2GXjGPFsi5i7omS2uylTbqa4xbMF8JwSvWnWZ93rRFjjj3/dyVvECAwEAAaNTMFEwHQYDVR0OBBYEFGZZOC56hrTrWbGtcBvDGml/UccIMB8GA1UdIwQYMBaAFGZZOC56hrTrWbGtcBvDGml/UccIMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBABmT5JB0CmryOEzUG3bWTkBds+MgZPvUesBoRDFtnJ4uDpsihvkGacBWzFdpGJGmXnFlAXuLP5c0VEjAX5oKqkfhMHfNpkmJUHQFnf+yy5yACOvrPuKmKVVTgfuOYta0qbSQoXl8PwoGziDs9/8ZQ3RolywLjiUB3xQuFs+2/ZzhO/x7KJlna21aXiof1zuBszDbRycfRiJxVuBsujiUUl0vFUv0t82urTS+ILKgszXgyTQpkGQEy24W2HEk95hE+rKz/DzwvbNeeVaoP69BPeE4Hy6OGxk1sK2XG/vplqvZMQttD6c51ss923atSZYq+RxSwSMurDunDpNXu6n5VlBJ7DQBts90IhTc00s5j/lUNK9V5nBvopsLu8bSpFGSLgFC33SzNnizw3uFiatrQWguNN3XBcM2/G6CNEPFIjX2iUXO8fLd0U29MnJsJ3B6NLGdyZSAVgDyfFfnDelWAYg4J2EPpDATx0I8Xvwf294xh50KdurfZvfoYkxeeBBqPKFwOh1MrxfPf7tBZnL4l4vQJwbjuAlpCDo9WgpWvJ9uZO96RQQ9bptvOt3u5hVuObkE20EukEgkj75xyVoqGo4b/zaCH88zILHXtPWKDohECpd0NUHOEt5JFgqn3hvEPuYqfSjqIdFniTEC/TR1aeYmXdDrLr/3L8YRXVyRjHcQ - tls.key: MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCifBovUtpAfv7Ld03jl3xggWSihNT0n05k4ncGiYiVWH0lnbvsNNyWHYoqmkqOAomTIB3Cg3Ky4IrHtSKJGCQZoa2NI5prAdV8dIzDQCBpT8wEMbCHboGYir5JoUr3nRO0SKlHW6fe+iQStKFpl8KlvKNPrfGchkafl0Q5SSA1GylWLhOZtVxb1lBMBHGwAkl586fAB136Xa2+bhf0SkaMESpIe6kV0Ofnmobn5WhKSRkq8Aov8GgWQ0wPXd+G2KD2YW6C3ZJbt2BEiArmjY33G5inGWqmaIhqdm2rfnNsbldcYc0Anxos7moFu/soZ0eQV/PusJCJ/8TJR/BcLq2CDsHjXJvX0NzXRq6FwVoR55ZAENoyCqE7CdiJDoVsiiW+/Ukiv1bz1BhSzdExig4f23T7mV5N8FPbt3GcceWH0ps2EI+89SbNMYHIoul1ivJdF2bUITUKhyIyXaXilR3+IRxwE2B+oZt3wt9BmERYAXMeT6GXKswDXBzBh39Lac9BL/iQcD354K8xK0PbYpdbpu/jFgiCRVLO+uPyJNAkZ/K9SWbaOaFcz9YU6r8YSiBPie+lt82Wq4IbIa/2Vj6NYIckxGZidkKxEV/ThbrNPfF7CKQaJCnqd7YZeMY8WyLmLuiZLa7KVNuprjFswXwnBK9adZn3etEWOOPf93JW8QIDAQABAoICAAVgFwZjaOk3iAq5ygDm5vM3qBAsMZamBB088AR3hq9UJhAHDPS/jV/qsTBIsThd/FY6qGA9hvGgNfzbAxlwebGMYmhqUMrw03vnFZszkxN+im0zhcVaXZQh3FY3mwyN9e90GO1EYXH0TppF9gRaqMBOi4y1Tg7oQLnwqVcHrdIOOs0JLdZR+zDBmA1iCYpfgGy18PQ6HrzUwsOG14RjT2Dzg/6xzgkZaB/Gr/l+69u4/iUfCXWGwmkObGTrmySWNri36s3XluZ6pXTW8p0V6B707TmqQKDOWtuLpjrzAJd3w77Ai/fCsEZRU9oYEenru+n1l3/rd8rxhCtHOmCZwkrfE7wltPiugC0sOFM7LsFGydecyqKvP533AdlB6ZDkYzHBqK73t+17+DSyCcbH3ozBppPiR6r5IpOx2fk+pEFQChbQQdSTwBuv+Msr3zDnD5W/yb3QGJK3EFQ73aexSkDAb/RqvVf6U7LkbkgSQ+3neBfIskQrG2D3S/HdC/4WFzh28DBInnU3u31OGMEoAjJWFGeQEgrlYddjMS7efS/+HTvmuJdKrCrzsr40kpEDxl9/rrZHg6jZ48UP5LegjKlaIc5czEzMnOHFftNNuPaZZeGtTX4d7dXbzvWBE+ghLQliEW4FxIQhru0RcxjNwwLytVL6YTk6WyWPDMRHk1YNAoIBAQDErAeHdzTE1hkE+ciitYOVLgaj70D7sT0kMrPgoj61KG3foqWliTOmP1nD2u7hcrumKGLwiOa8GJAjpwMt1vAWQslLDCj9YGuFOGdEz0S9/be/ViL9wkds7YP+h/2jnlnJobzKL79tTRuea8WIF3dxuUZaCQehYaNf5J8FRV905fpuKe40ZMiX8qCz2Gh3iXI1hqMlsGn+A/EYEY6Qr9VuESVj/4WrgferlDzf2arF3WT87dE8bErXPWieG8KpAfG89dITfKwzqVPM20J44ERfv5oteWiNO/0QOZX8xMy6wUDyRh1hbtL7VAtnxbtYPbmq/eEAuhDx47CdJgrBLHxVAoIBAQDTf/gk0CZ469S/5SN2/XaLsYGIWXNIqn8BlyStJ9EI07hwzbZzWupU24EtIFzr7hE5VEI6caRKA8trUFh6vzr7dszeiZKxd/yiGtmlTz7pDx3/jmJGX8Ujzo2Q1dyIYl3zWAmBHEkmp+2Mra/kibcKWPiI+1WDdKFlJwQcCD0KELg8/PB/j7fkklKaCLh/Ku9AOshuw9wCjUAYb8N3CgybgPsHpo7h/qGf6wlDiTrsWGyZm56FJTY1BnbzdL/M9wXJqXp+1pbQ5pDGj+rJOVhKx7CzqLKx+n94xbAITE4Ykii1tqsBMqgcOqzViKehuyHRxwjwvcoRvrzY2FTWGowtAoIBAH43VQGoDBKCwD3EO/HIAbEcf6B3rEGbBn0TmQMBvLKwRosuK5ZnzeDUaTxbZdEDu8+vvYdWpJV0QhTPWyfw99WheOOT4z5wwbAWeZfcWOaBTIobsoseQo5yg7I2/h0iQ8c16B3ttLFlueLakUN8o+g1GiQwBViZe6rP4woT8mXoLebDPB8dyupRCLdCnBCTAdu+Ezfd1rfxOanToqXSYmunz1I0q0ldOGBB2yth2snvAp+b1Bst+H3X6CsH785c9BHrxK1C5pSlB6XB1RAUBW1ZXo3ui52QMSFXg51bg3QbEB4rxzE/WWF4F3W6nTfNLTnCgsLfpn5GPJMt1dsRPJ0CggEBAJ5ayUNe6f9Nq8xF1wjne9PaAr9BIjT9Gvzo2pgfIL64LveevoWeQ6dndk+AVLJ9XD4NXUz++2BDeRIPZT/6YEIZUAkq/j+MNAZ3jg/cxqCfJfnK9L/2QtetdodD6MvgwrFJcExQDmE4CH91KCY4Cmlf9i4x6HP1ZkYjMUt/y5v2qstXIwaPZ8Nm3xvffawRTHNNz/ZHBTqP4baqL7K4PnpL1yiCR6bkDMV8qEH9xLVi+2UDhGvyUaTgAz4DYvwm1BmKoGHJb8BXcXyKEuO44OeUnjPWEn15remSMlv0LeDtxjdP3reV4xLHx9JVcBWC1C6KFKKTp3Ej26eMSfDIjb0CggEAMjNJDZtx9CVultEPJvPkdAoF2vhnKAs7YFal1pWSTdjZxI2FRmGOzukp8HJS3Ah+6k8cERNKj+wKeKUiNqw4D3dvGdjKpQhEZ1MCg6p6no7q0l6zQClGbaM++IdaCVI8El4qKBMBqGTO/8vQWtLXb/GdHsrt8esm/4dq+ferrz8NdwzS0qhdCyZMAmUWLdqC4Yezmb4unZrxm/OUic6mEP7YjIz3a4dpSGVPFvhaxA+GEbVFai7hgo2HyBpddr0b4fYMtNCF1FeF7IRCyMgTVD3CJ0F2B/fPOswpqPnYAXe9dlZJqKe82DTeEKQGcMZ/4P+4MUPz78zSSFtLiFnqNQ== -kind: Secret -metadata: - creationTimestamp: null - name: {{ .Values.istio.credential.name }} - namespace: {{ .Values.istio.namespace }} -type: kubernetes.io/tls \ No newline at end of file From 429bf08965b556900ba0760069f4aa7d11db3c66 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 15:59:25 -0700 Subject: [PATCH 035/173] git add comment --- poc/pkg/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 9382a1695ef..8654a525a9a 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -95,4 +95,5 @@ istio: #TODO jonachang: need to update to the sample app name once created service: aro-rp-poc-pkg credential: + #TODO jonachang: need to add a secret in other PR name: rp-poc-secret \ No newline at end of file From 735633132a385f73759a1d60e0067ee0eb9786ee Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 16:43:46 -0700 Subject: [PATCH 036/173] remove unused file --- pkg-0.1.0.tgz | Bin 7887 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 pkg-0.1.0.tgz diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz deleted file mode 100644 index 8d40f5a36383b94b7c9afe6ef6699ea64687a5a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7887 zcmV;=9x&k_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvldCxL;QY;}VC&5n$UQfS%J+oW-qlyx#%v7RGrBW$Xur&$J0w^kHz;*ugyA+Zn$$GVV z{7sVN{cn=0*Z)LSs|~VIrz(}&pGb;o)N6mj$=`>a+Y*NnKz|~CGp+m1{g)IF*mHR+qQ}r^5=`hrg9Yn`E2Jb+}#kG9I;D(QIIaVR^U<5oRN}cs!U>kbgw_kx#aqv04Ijw?`HtMp#N36LEY(pCI9uI|KFi} z!g*+b*op9B6daX0*qUYR6Rucxh}$6!@Dq9H*5#y06f$jfFPa#WCPWK zAs+d-3h@AhA=Gi(i+nuuV}wW04IB``u#8~{9?b&h$6oY;Qy6Buz=SUtjw2ZOp&j`s zd%-=^_VyT#2eIRfe8<+Z7hEz1el$WbgkFT<_$PdrK!j{Pr)xp{hzE~=iKmtyLR>#} z%r0IRHtS;G${3ylzu-?#Cmu$z<4mE3U=+UK|M=(8pq)t^!Hn2(-c({CM2W3IM$?X6 zI&wA*pk^C34Dr;0kp&SB@Dm&k3P3!x{MgZRd1(lO2XhV;} z1-hR9%KLMN4#RP9fqlV$`sLVOu^^tajQhr;RyndbgykcwWZ<43;USE0;OQq`j^aZx z{2LAmM0SXq(1R%F7>`5SGmnVRvU&a17>*Y+!V^ILGYXyqUwgu^z}J~OKJ&UM)M8{u z8RvTu+()nc8=;8&IC#M;BuVD7ehj980I0TOM>Y(LFM#7Z@`Lm9GtTsS$7ckAKJ=Vy z;`>qCc3_x=5p=I4j$)4q2fmjB+*i*+h+c5&#L7{UIfY`r&f;UMF zvpo~R@W>SOawXAUa057Dj#YC&7!C>{Jw5z@Ipyu^6kE1^;)Jh!Y8mG{u<7arr!=ri?UA`gx9690XTV2@vbSC|XOANu#kC6s1gM9(_k3%~0@$kq~_G%SgTOY@IO>Q0Y z(H@5ol?ww2oY2Q@FV~h3hB>RAR{Ta$m=7D=_i*SXHuAk(LLr{ok%c>U6gj7%b!O#n zco=I|PQGt@cK$ibxl(3+jO#w00`I0LSIuIt=xtP}qVG6d5&oBpsQ*$vA$9G`H`0Rms1@$%Zx^~p zBTiMCef!kKT@1soZGnL}@b#(*-=)! z{)ErMV!TLUWc#m%*M*^lV|HHm@@gW%Hhex-J)hLu1QAR@_H26*MBY&+bI33NS`Pkd zP%#`offkxtphJOJRE~}iIQ~f)@^kNAw9L#Utof&zxi}>%zmWH4Xy~qa6Elb>M{m9q; zXvgb6q~!kpt9M2WhKevPNBiiT()iN)pRC;b|8%wX;s1Y^!c2zGlTkiJG4d224Y@y> zp^x%i%dP(Z%Yse-QCNU2U~86hxF`Ji^5*DNmy1wx?%(6(c@b8+UNGZ7=L;%N!|U|% z(RQb?Vc2{8>G=si;mUpXUw*-`BWGN(1_iGa@?~a*?_%KO%WFMf&mVa%V+&Z|KEg*i zg`EEoSD^;t5aOZl!mDs)(Nn{QjvnFw!NR45r{%RB;yayZVy3W}L#;`ByxC&C}2*pd6q==bbNlgt&ap`)*uIxOhGVr|_R~1Oo?X z5PvE?;ZOg1`t_>gyRPpQ+=Y+1E8Z3CS(nz|-I@zt?K>Xms8i>c>I7_quW&tsJ~( zZEnHJr&!>fx&Ps&qZjK{{_A^qyz8D_>Gv7q)9K;qs}Q`=;Xisd{qHNc{+|v5$Io2o zebepWFZqAfI(g^+)hM#^;s1S)a=rfxf*>Rk3ftPA{(|$bV*ztv1auIAOTg;h$X)4v zu7~)^nilbwqiMN@c3vlnpK;Ijbm&ERHE)+YSb3Y1G4lNA)ec;R1k0y*U_lAJ#{F^= zdV;>*WGcX}tOSmq?RmkU3nI||a&n(_74i9tJnX{#uGxk7oBg!k(v!DS*4qL2 zXj&^@qqyBSddSY@!`$sgJ?8V|^g?vAOY*88*UsH*o6qv{4nN_$%utnE%*9SB{&b}X z$ExyWXBGeDmzOuMBVgh`-~0VHF5A;RmC@C{>>GTSP1{@k0v}xug=>LXQ54*~xRUS4 zKY65gK0!IhcT3?&1^JP$`OXWjaHFetj-5achT#bLD!k<)r!K;~Pk}$!@xotY*mn#g z2z2{*#D3m?`O;vyY->FpCU123dSl}PcC+2_TXgpgz4I=~mBBmjn|xC`SKBiesOvqO ze~;Q9Jzsz8a_j$D0r(x#fWF}WQH=`yCjQ^}@c+I`xm)(V<7M4=i5Czeshpg}j*sj^ zZm*q@uQMkIh`zt)c%-Ww_jD)FD6l;8ar62&elCuGHJ3L#&{tE_wE(YRPK~a2so!gK zfjKpT5wf*wfjs_PpWp938?)zAvdZK%Phhtb%*84ea?pbKwWc6&Jp&b}uIOF80|`XH zgjX-$?ef=gerNK(D2dN(>HnL;D3TPumps0L|8EckxwZf2J^uBtmjJ*irtpIWLK$Xn z=w21*q7PSgHh_EZEl3N z%_1;QU1GKGkgI-Eaw?3#70vr5a34W0e++M73!xMShqvGZ{m$-lwdcoYkH@YRoy zZ{j)ctT(D};#7ChurFxJZ&Q+j_z5j{$xFRn+rOdtHn8@NIffKW9)av-=dh!2!2cmqN4qI`g_y-dfV$ESA(zM zAv~v4o}yx3Aa^hC2Y&R&M%w?k<<9><<{)44XTQxt;Pd`JRUxVBo&R5_Y9IdpcPTgL zKPl|&E=5jQ)^hvOm!vkQa2%6}CX-4mV@k7rx|v9;-rkZJtwuTq0n$de2jW1UrTlo+ zmHoA3CE9=)3q6b-GijR_rhS$X8EPglY1##DD_$)I{%TS4`fPQ{E7GCQn^|8Gs(qeG z`;?#8k$v9WV^@`*M zFzz%;8LbbhHNCl#+FRdOX02{(xE^+C)^{amZnd!Py3%Oyiso1qSq=huW6Ira#^|X( z$ikSD_l=otPt2_d#Aq`e0+4p*MrYbjNyY>-qK~n>m|B%O>q@)Q6tv}5jZ`AR4klFW z(TTqm(9{BJgA3GbqtxlWC#^-VrVGQ_)*MX20Gr!Y#Z~9pqO~3?%w!)j-7YkSUdrft z$*Dw%TV1w$UTDf+uK2(r)a~9Y_sLIV>7Bu z7Y*HpP((J9dx5?}*>a-06em!e zui1U4;#7l~PS}E`u>;fCiK^c08RNAjESUBI>ugJwlc7FCrCPeuiD|_fji*F)+hJNI z$R+)0#8)cva#2^4>V74e+xhg6piR?O#$D0Kuw>@Am5pmH`^2I>+!3PSn@ZJ70@WBe zyO~ql42G;f;oFhdt;T#1+L)DWMWC^Z zLt78TuIMhkw!ljRh~|1sPkbj!dmDSk())4T4oekceXxeazJbYI#{(4# zEN$PQ4lx@Zcy*F##>DRK=P?_`8+$f$$fP|>$f#L~kuohwJ=qKoOEXi(0k###LRP6R zDji|ls#!t_$p?Zzq=`C!a1Q)Yy~U28Q0-*(p}5~tpsrGOTR~XEu;qbFAjEi64Z$ zxT#Kqwm9vXZH}g=hk<7wQaWziAVTAX84m{ZlGXYZLacKGVbqp3%Zfc)4zZ@u)5%$- z)%Ut#muBmOo~UQ*DKj_u%xD`P51j?GGOOK+Fba4^*^^RpnWRRgRoz=PQpWTc8SBLG zSKB>=EV~=Y?R02SeY7`5Mk8X^Ua#s@lW{jyH!_h_`~d-85?ZZ0_$wzp4@kz;&9&Xe$v$@oHyGH#^bX>R>|+F*Q%W5%3quzoU&0>(%hJxnL*jYIEEb1}88fkJv@ZCmv; z(O%i}MTc}eH3%!J?_$6}j=+2bFv(A1ZZmDTgV)WDl%Gw|YQpu|2{bYdl@6%FR6{lOuH%=xPuXo3?3llX-7gibq*@ zz--rq+?p;_Fa&Mw&|1yvsJWWj?8t^CCu&v}yQ-vO5+Ew`O?|MEwC!G8+xk}C3v)uT zR5TbF?FJ{0L6`G(dSkVQ{Z(_3_1s=;uX~^&&j)dUp-nqXm#N3fEugPG8b-omI2;)* zy1QtOC7u~G>~RP)bF-bUH(ZDv=?Ox~>}eHz=bOxRxomu1OjlbO)gt~KjgOoty$ ziOrnYg$gT$ilr0nRedKiEh`btfpJioy^}&!>|-m}+RgeXCF#U#ufxN3KPcHQd9buO zSgyww-Cogdnhjd8MT$d8SS>rG5(Mp*IRU#qJH+g2Mk!{)ANRa;H`h8ymxjZT?Dq8a zq;%j}m!WKK6&R+NQO(h~-a&_18V*IOI@u@{{(zZ8eSa{wYrqmBBAima6;}y+W^l`e zn7Z4cDk{j$ri%fx>3T>nop@ajmdc_Tkn=j*AhCwx?#41dTtsm%*q{T`)#+T^%~?PHxaqiE5PiX~t=4hxQLF76c=EQb#o@815^^wiF2MF=wgcu|8E& zHcm?Y5YY$T<7*2dQ|YnTm1&_pZqNYkr(2%ERARDA=0<(i=xx=lIUSd153+_7ZpTQh z@br}E=p0d9v=3IL$+ME@&FGk>hGJjvnN4?rwM94uPg0s`a3`ksW|ZT1`6$hrT!Lw2f#mh(}<(hGL{Ft9nCU zs)uC33MJF(jU8K9RNH%LY@wK(X#33|O?w#@&3pBgvaK(&#fa}uI$LTrV0?*X#=L+S z*wGJ)Kv`R%q}g_~8qRwr*fdDK5h~=ik47fuZ|amR(uTiVIJPo$N0i4`;)bQ6*p@u4m?MGC?EXJYJ}8hfr*SU%?QofRy{eOh8`ZEy_WYnk=bJ8I?ACD@Ozrr zxLtACoNW$%WlZUrv~uXff^pf7uywJZROur?Y;9GO7b9CLQ43y|+fFwfYaCC?LeFdx zBbL}SjP2Hu0oSt#Ic_n-(2CPm%3+%svr?M_nlm%i9EF|0Z&<`mH0r6t+X@O7Vzzc` z^>$ZTQLLvP^d8Y~rOWPa8I-6%9b>hC7dIu;9nLLz-{20rp1d!4t?FK7Bt@vMwzf@0 zyO8bgOl`P3%xxK3an_ma(@mOa{sc?VVO41>3(-%bql7zEdOj9?o|URK20xLHb)mA(kNb8>7cqeW(eY$yc$^58>FaWoARF5Ef~Vn;KPT=_u;8of!7Ob~b4GC6f~E zamvo^HLRmiHT9LIyYzcd<*^al)U!C4a6O&#SWaQ|xFj45okGTb2t38#EvG9t_70Rp z?np-;iY!~nBC8U52@{l5jAFy6)S;JkF6=a#HLb;V&|apvS}=9k`jVw4%#2-7>!nY} zcC9k*PuokgMyVz}Rt2_-u>Ch>c_4=1B8$(g3W zGTj=;W&>C^T7zA4-=@-yhr!keFsQ{!8>J;C2fq@ShSaN9dkKVzzkuVq?&;eSGw*d< zOTIc-&JLwgh2`Ny8m$$gj;#b~J!7^zVpHl5m^HmI32ndQjIQCytsYSsM=;WTov-&3 zGezyLChW(&D^$5oi;}rj72{mTXxY_$y)&ZL+tsE&i-@e2RCZyslu|HSHwP}gPYeU3 z6Qwg49Ef#?Rd%DQ3U^N&46Muhbq5H zQkP;~*%v!qwaG5EWhM*pu!>cOaOQ1B3&Epm2)fh0laM{gNBfOFq7j@|_r1=()tzhX zf}^;)+?Hh}poLAP4*OGsm#~d`lrYoZ47&U}+PAoQ>_oz-n~b(PE^~0ERL>2T)SV__WHa|ewsdFR-N~?7;T4Dp@>taRYoa6=Z= z<0%~5_Y~WOVFcXZ1@~gd!QQ#z;N43jiaeD!*TwwNvB;0|{mY~H|LI1NZ4NJ{hIcy)rje>77ew9-E%mJk6Wr^5Qz2uet^& zgeW;3xp=%rt>-YNKAV2PZ`99@W>i_MnP7gAy9$)cPoK9+gs=G5R=VY1Z;@sX@^I~LQrO+T~*!%P08sx|4Q+dz04#UXyiUizO z`0LxF9;bPntxNO2=F5Ivd7%H_`~=9C^q*?f?(=`i8ug+7-=o~^{})<5IIHUe1;4p_ z?mBz&)np);yx<^opQ&f6ae4J@dmE?~iSMWM;y=3cALUN}!*4a^-;^)<|MVOEr|Tc* zzrIU(sQ>Rz@4xfut>`s{^zPI^^qNh2b%yxl|9|;paB-k!bbqq;(Lv#xHN)*90Q9jiF(>*fZ$_#wb|8Kmx|D!>F`2XLfeATr-_lGd<4aEukE9}K*u4(vYCo%5& z@C^@S{6Cl=eXIWw45Q-bv*vqV;jaB=Gw{XvzjlBAuTlAk|9zkGP_0M4{y>+XK0oLzx?xjAq6tSyz=w?eR<#QIATIDA6e1)l9T~VAo|ZU8@c|MbK%;i=Og&L(D?QK ze}($E|Kay@bzE9gmG~6!tv08j)R+y zuNJX5+cW=$Bj|w0PT=uO*i}97bnFxELG!5B_zy*l4(i3^{lETN#)qDh;l6ilnX`lk z5FP)0K^ZIa(|=7PA3^LBe!AFl&P{RMMj=)H!hQpXUn8B=R5UKf}Z$ zE{Ig1ZR6nhPi;c%$8wkk*pFouY_T89k()pJ$TqPb{}1*Fp95t3afnO25Mt#3`5UN3 tSlQMgAPR8gZ?JL_YQ7GM|2%E~C?Dmce3VQ1zX1RM|Nqd;8%O|h003IL_#glP From 0d91b171270be3a156b10deff924252828be1a8c Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 20:14:27 -0700 Subject: [PATCH 037/173] remove tls secret --- poc/pkg/templates/istio-gateway.yaml | 3 ++- poc/pkg/values.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 0083a34b37d..5523e096722 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -13,6 +13,7 @@ spec: protocol: HTTPS tls: mode: SIMPLE - credentialName: {{ .Values.istio.credential.name }} + # TODO jonathan: Add TLS cert when we have one + # credentialName: {{ .Values.istio.credential.name }} hosts: - {{ .Values.istio.gateway.host }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 8654a525a9a..cf2e08ebe6d 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -96,4 +96,4 @@ istio: service: aro-rp-poc-pkg credential: #TODO jonachang: need to add a secret in other PR - name: rp-poc-secret \ No newline at end of file + # name: rp-poc-secret \ No newline at end of file From 705d7dfad6a446164b81f0c85b299587b05c2d65 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 22 Aug 2023 20:22:37 -0700 Subject: [PATCH 038/173] change to poc port --- poc/pkg/templates/istio-gateway.yaml | 8 ++++---- poc/pkg/values.yaml | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 5523e096722..48d29027c51 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -8,12 +8,12 @@ spec: istio: {{ .Values.istio.name }} servers: - port: - number: 443 + number: {{ .Values.istio.gateway.port }} name: http protocol: HTTPS - tls: - mode: SIMPLE - # TODO jonathan: Add TLS cert when we have one + # TODO jonathan: Add TLS cert when we have one + # tls: + # mode: SIMPLE # credentialName: {{ .Values.istio.credential.name }} hosts: - {{ .Values.istio.gateway.host }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index cf2e08ebe6d..724d1e15635 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -83,12 +83,14 @@ affinity: {} # Use for Istio service mesh istio: - name: aks-istio-ingressgateway-internal + name: aks-istio-ingressgateway-external namespace: aro-rp-poc gateway: name: rp-poc-gateway #TODO jonachang: need to specify the host once we have the domain name - host: "aro-istio-poc.westus3.cloudapp.azure.com" + host: "*" + #TODO jonachang: change back to 443 when we have TLS + port: 80 virtualService: name: rp-poc-virtualservice port: 80 From c1e1848e53de8466dfd33e23347d6077c4de8373 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 23 Aug 2023 08:26:33 -0700 Subject: [PATCH 039/173] fix helm lint --- poc/pkg/templates/istio-gateway.yaml | 4 ---- poc/pkg/values.yaml | 7 +++---- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 48d29027c51..ff0cd5acf0a 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -11,9 +11,5 @@ spec: number: {{ .Values.istio.gateway.port }} name: http protocol: HTTPS - # TODO jonathan: Add TLS cert when we have one - # tls: - # mode: SIMPLE - # credentialName: {{ .Values.istio.credential.name }} hosts: - {{ .Values.istio.gateway.host }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 724d1e15635..0058533cf43 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -82,13 +82,14 @@ tolerations: [] affinity: {} # Use for Istio service mesh +#TODO jonachang: need to add a secret in other PR istio: name: aks-istio-ingressgateway-external namespace: aro-rp-poc gateway: name: rp-poc-gateway #TODO jonachang: need to specify the host once we have the domain name - host: "*" + host: "aro-istio-poc.westus3.cloudapp.azure.com" #TODO jonachang: change back to 443 when we have TLS port: 80 virtualService: @@ -96,6 +97,4 @@ istio: port: 80 #TODO jonachang: need to update to the sample app name once created service: aro-rp-poc-pkg - credential: - #TODO jonachang: need to add a secret in other PR - # name: rp-poc-secret \ No newline at end of file + \ No newline at end of file From 7f2475fddbbf78b4f6974adb3959b161511a8b60 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 24 Aug 2023 09:45:23 -0700 Subject: [PATCH 040/173] Only expose port 8080 --- Dockerfile.aro-poc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index a7d3e897c17..e5eec322b8e 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -5,5 +5,5 @@ RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ ENTRYPOINT ["aro", "poc"] -EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp 8445/tcp +EXPOSE 8080/tcp USER 1000 \ No newline at end of file From 758cd5d2f34da83d54e62090393b668ad4c2d8a7 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 24 Aug 2023 11:24:12 -0700 Subject: [PATCH 041/173] save work --- Dockerfile.aro-poc | 2 +- cmd/aro/main.go | 9 +-- cmd/aro/poc.go | 33 ++++++++++- pkg/poc/frontend.go | 61 +++++++++++++++++++++ poc/pkg/templates/istio-gateway.yaml | 1 - poc/pkg/templates/istio-virtualService.yaml | 1 - poc/pkg/values.yaml | 1 - 7 files changed, 97 insertions(+), 11 deletions(-) create mode 100644 pkg/poc/frontend.go diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index e5eec322b8e..ba4bd997cbe 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -4,6 +4,6 @@ FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ -ENTRYPOINT ["aro", "poc"] +ENTRYPOINT ["aro", "poc", "8080"] EXPOSE 8080/tcp USER 1000 \ No newline at end of file diff --git a/cmd/aro/main.go b/cmd/aro/main.go index d4d9cbb846d..5923e6bb77e 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -4,6 +4,7 @@ package main // Licensed under the Apache License 2.0. import ( + "context" "flag" "fmt" "math/rand" @@ -30,7 +31,7 @@ func usage() { fmt.Fprintf(flag.CommandLine.Output(), " %s rp\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), " %s operator {master,worker}\n", os.Args[0]) fmt.Fprintf(flag.CommandLine.Output(), " %s update-versions\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s poc\n", os.Args[0]) + fmt.Fprintf(flag.CommandLine.Output(), " %s poc port\n", os.Args[0]) flag.PrintDefaults() } @@ -40,7 +41,7 @@ func main() { flag.Usage = usage flag.Parse() - // ctx := context.Background() + ctx := context.Background() // audit := utillog.GetAuditEntry() log := utillog.GetLogger() @@ -80,8 +81,8 @@ func main() { checkArgs(1) // err = updateOCPVersions(ctx, log) case "poc": - checkArgs(1) - err = poc(log) + checkArgs(2) + err = rpPoc(ctx, log) default: usage() os.Exit(2) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index 561611ec6fc..b51c2b04201 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -1,11 +1,38 @@ package main -import "github.com/sirupsen/logrus" +import ( + "context" + "flag" + "os" + "os/signal" + "syscall" + + "github.com/Azure/ARO-RP/pkg/poc" + "github.com/sirupsen/logrus" +) // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. -func poc(log *logrus.Entry) error { +func rpPoc(ctx context.Context, log *logrus.Entry) error { log.Print("********** ARO-RP on AKS PoC **********") - return nil + + ctx, shutdown := context.WithCancel(ctx) + defer shutdown() + go handleSigterm(log, shutdown) + + port := flag.Arg(1) + frontEnd := poc.NewFrontend(log, port) + + return frontEnd.Run(ctx) +} + +func handleSigterm(log *logrus.Entry, shutdown context.CancelFunc) { + signals := make(chan os.Signal, 1) + signal.Notify(signals, syscall.SIGTERM) + <-signals + + log.Print("received SIGTERM. Terminating...") + + shutdown() } diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go new file mode 100644 index 00000000000..bb88f1fec6e --- /dev/null +++ b/pkg/poc/frontend.go @@ -0,0 +1,61 @@ +package poc + +import ( + "context" + "log" + "net/http" + "time" + + "github.com/go-chi/chi/v5" + "github.com/sirupsen/logrus" +) + +// Copyright (c) Microsoft Corporation. +// Licensed under the Apache License 2.0. + +type frontend struct { + logger *logrus.Entry + port string +} + +func NewFrontend(logger *logrus.Entry, port string) frontend { + return frontend{ + logger: logger, + port: port, + } +} + +func (f *frontend) Run(ctx context.Context) error { + router := f.getRouter() + server := &http.Server{ + Addr: ":" + f.port, + Handler: router, + ErrorLog: log.New(f.logger.Writer(), "", 0), + } + + go func() { + f.logger.Info("Starting http server...") + if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { + f.logger.Fatalf("Server listen/serve error: %s", err) + } + }() + + <-ctx.Done() + + f.logger.Info("Stopping http server") + err := server.Shutdown(context.Background()) + if err != nil { + f.logger.Errorf("Server shutdown error: %s", err) + } + + return err +} + +func (f *frontend) getRouter() chi.Router { + r := chi.NewRouter() + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + f.logger.Infof("Received request: %s", time.Now().String()) + w.Write([]byte("****** ARO-RP on AKS PoC ******")) + }) + return r +} diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index ff0cd5acf0a..70bc085f4de 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -2,7 +2,6 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: {{ .Values.istio.gateway.name }} - namespace: {{ .Values.istio.namespace }} spec: selector: istio: {{ .Values.istio.name }} diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml index c2112a2bc9e..c222690d4e0 100644 --- a/poc/pkg/templates/istio-virtualService.yaml +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -2,7 +2,6 @@ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: {{ .Values.istio.virtualService.name }} - namespace: {{ .Values.istio.namespace }} spec: hosts: - {{ .Values.istio.gateway.host }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 0058533cf43..3a3e433eefb 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -85,7 +85,6 @@ affinity: {} #TODO jonachang: need to add a secret in other PR istio: name: aks-istio-ingressgateway-external - namespace: aro-rp-poc gateway: name: rp-poc-gateway #TODO jonachang: need to specify the host once we have the domain name From adfe2dcc2ce9f5ce95f3cefa3da69f3f0bfddeeb Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Wed, 6 Sep 2023 09:37:23 -0700 Subject: [PATCH 042/173] Make protocl HTTP for now --- poc/pkg/templates/istio-gateway.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 70bc085f4de..9b468091eb0 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -9,6 +9,6 @@ spec: - port: number: {{ .Values.istio.gateway.port }} name: http - protocol: HTTPS + protocol: HTTP hosts: - {{ .Values.istio.gateway.host }} \ No newline at end of file From cfb0293ab2517d180c77323458f37a2550fa1a76 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Wed, 6 Sep 2023 10:10:25 -0700 Subject: [PATCH 043/173] remove unused ingress --- Dockerfile.aro-poc | 4 +-- poc/pkg/templates/ingress.yaml | 61 ---------------------------------- poc/pkg/values.yaml | 17 ---------- 3 files changed, 2 insertions(+), 80 deletions(-) delete mode 100644 poc/pkg/templates/ingress.yaml diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index ba4bd997cbe..69f82f1d949 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -4,6 +4,6 @@ FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ -ENTRYPOINT ["aro", "poc", "8080"] -EXPOSE 8080/tcp +ENTRYPOINT ["aro", "poc", "80"] +EXPOSE 80/tcp USER 1000 \ No newline at end of file diff --git a/poc/pkg/templates/ingress.yaml b/poc/pkg/templates/ingress.yaml deleted file mode 100644 index 11eafefc984..00000000000 --- a/poc/pkg/templates/ingress.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "pkg.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "pkg.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3a3e433eefb..2031c96e742 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -40,22 +40,6 @@ service: type: ClusterIP port: 80 -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -87,7 +71,6 @@ istio: name: aks-istio-ingressgateway-external gateway: name: rp-poc-gateway - #TODO jonachang: need to specify the host once we have the domain name host: "aro-istio-poc.westus3.cloudapp.azure.com" #TODO jonachang: change back to 443 when we have TLS port: 80 From 96eafd1d2edeccf3a463acfe40a123e65058bf9c Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Wed, 6 Sep 2023 10:56:57 -0700 Subject: [PATCH 044/173] update service --- poc/pkg/templates/service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/service.yaml b/poc/pkg/templates/service.yaml index 5d6098ec207..56942a1cdff 100644 --- a/poc/pkg/templates/service.yaml +++ b/poc/pkg/templates/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "pkg.fullname" . }} + name: {{ .Values.service.name }} labels: {{- include "pkg.labels" . | nindent 4 }} spec: From 7dad5b35b69300ccd318cd509e9d529266fcec14 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Wed, 6 Sep 2023 11:48:10 -0700 Subject: [PATCH 045/173] save work --- poc/pkg/templates/istio-gateway.yaml | 2 +- poc/pkg/templates/istio-virtualService.yaml | 6 +++--- poc/pkg/values.yaml | 8 ++------ 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 9b468091eb0..23d068c9e07 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -11,4 +11,4 @@ spec: name: http protocol: HTTP hosts: - - {{ .Values.istio.gateway.host }} \ No newline at end of file + - {{ .Values.service.name }} \ No newline at end of file diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml index c222690d4e0..4ff3c9ac32f 100644 --- a/poc/pkg/templates/istio-virtualService.yaml +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -4,7 +4,7 @@ metadata: name: {{ .Values.istio.virtualService.name }} spec: hosts: - - {{ .Values.istio.gateway.host }} + - {{ .Values.service.name }} gateways: - {{ .Values.istio.gateway.name }} http: @@ -13,6 +13,6 @@ spec: prefix: / route: - destination: - host: {{ .Values.istio.virtualService.service }} + host: {{ .Values.service.name }} port: - number: {{ .Values.istio.virtualService.port }} \ No newline at end of file + number: {{ .Values.service.port }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 2031c96e742..aaa2bf6a119 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -37,6 +37,7 @@ securityContext: {} # runAsUser: 1000 service: + name: rp-poc-svc type: ClusterIP port: 80 @@ -71,12 +72,7 @@ istio: name: aks-istio-ingressgateway-external gateway: name: rp-poc-gateway - host: "aro-istio-poc.westus3.cloudapp.azure.com" #TODO jonachang: change back to 443 when we have TLS port: 80 virtualService: - name: rp-poc-virtualservice - port: 80 - #TODO jonachang: need to update to the sample app name once created - service: aro-rp-poc-pkg - \ No newline at end of file + name: rp-poc-virtualservice \ No newline at end of file From 4dd79010a51196064301bd3cd3c47476bcc9e420 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Wed, 6 Sep 2023 17:28:03 -0700 Subject: [PATCH 046/173] Fix probe port --- poc/pkg/templates/deployment.yaml | 4 ++-- poc/pkg/values.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 462c63a5e67..c52cfda78a5 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -40,11 +40,11 @@ spec: livenessProbe: httpGet: path: / - port: http + port: {{ .Values.image.probePort }} readinessProbe: httpGet: path: / - port: http + port: {{ .Values.image.probePort }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index aaa2bf6a119..f1db4f7d0ff 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -7,6 +7,7 @@ replicaCount: 1 image: repository: nginx pullPolicy: Always + probePort: 8080 # Overrides the image tag whose default is the chart appVersion. tag: "" From 07e94348cb2c12097316287d5e1096937d1a71ac Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 7 Sep 2023 08:42:46 -0700 Subject: [PATCH 047/173] save work --- Dockerfile.aro-poc | 4 ++-- poc/pkg/templates/deployment.yaml | 8 -------- poc/pkg/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index 69f82f1d949..ba4bd997cbe 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -4,6 +4,6 @@ FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ -ENTRYPOINT ["aro", "poc", "80"] -EXPOSE 80/tcp +ENTRYPOINT ["aro", "poc", "8080"] +EXPOSE 8080/tcp USER 1000 \ No newline at end of file diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index c52cfda78a5..5ed9a9773e6 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -37,14 +37,6 @@ spec: - name: http containerPort: {{ .Values.service.port }} protocol: TCP - livenessProbe: - httpGet: - path: / - port: {{ .Values.image.probePort }} - readinessProbe: - httpGet: - path: / - port: {{ .Values.image.probePort }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index f1db4f7d0ff..3d19cb2ac5e 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -40,7 +40,7 @@ securityContext: {} service: name: rp-poc-svc type: ClusterIP - port: 80 + port: 8080 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -74,6 +74,6 @@ istio: gateway: name: rp-poc-gateway #TODO jonachang: change back to 443 when we have TLS - port: 80 + port: 8080 virtualService: name: rp-poc-virtualservice \ No newline at end of file From 34b2dbca1b4f6dc8d2c5c3e1e4045eb3612ff623 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 7 Sep 2023 09:13:34 -0700 Subject: [PATCH 048/173] sidecar injection --- poc/pkg/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 5ed9a9773e6..219db79b9df 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -16,6 +16,7 @@ spec: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} + sidecar.istio.io/inject: "true" {{- end }} labels: {{- include "pkg.selectorLabels" . | nindent 8 }} From 3933b2f654495ca249a2c5ed026ea25892f8c26a Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 7 Sep 2023 10:11:52 -0700 Subject: [PATCH 049/173] save work --- poc/hack/build-deploy.sh | 9 +++++++-- poc/pkg/templates/deployment.yaml | 1 - poc/pkg/templates/istio-gateway.yaml | 2 +- poc/pkg/templates/istio-virtualService.yaml | 2 +- poc/pkg/values.yaml | 4 ++-- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index 6a880769763..abffcee114c 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -41,11 +41,16 @@ deploy_pkg() { helm uninstall $release --namespace $namespace fi + kubectl delete namespace $namespace > /dev/null 2>&1 + kubectl create namespace $namespace + + # Enable automatic sidecar injection + kubectl label namespace $namespace istio.io/rev=asm-1-17 + helm install $release ./pkg-0.1.0.tgz \ --set image.repository=$DOCKERTAG \ --set image.tag=latest \ - --namespace $namespace \ - --create-namespace + --namespace $namespace } get_kubeconfig() { diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 219db79b9df..5ed9a9773e6 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -16,7 +16,6 @@ spec: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} - sidecar.istio.io/inject: "true" {{- end }} labels: {{- include "pkg.selectorLabels" . | nindent 8 }} diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 23d068c9e07..b78da217060 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -11,4 +11,4 @@ spec: name: http protocol: HTTP hosts: - - {{ .Values.service.name }} \ No newline at end of file + - "*" \ No newline at end of file diff --git a/poc/pkg/templates/istio-virtualService.yaml b/poc/pkg/templates/istio-virtualService.yaml index 4ff3c9ac32f..e062cd99cef 100644 --- a/poc/pkg/templates/istio-virtualService.yaml +++ b/poc/pkg/templates/istio-virtualService.yaml @@ -4,7 +4,7 @@ metadata: name: {{ .Values.istio.virtualService.name }} spec: hosts: - - {{ .Values.service.name }} + - "*" gateways: - {{ .Values.istio.gateway.name }} http: diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3d19cb2ac5e..89cc597c7c0 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -74,6 +74,6 @@ istio: gateway: name: rp-poc-gateway #TODO jonachang: change back to 443 when we have TLS - port: 8080 + port: 80 virtualService: - name: rp-poc-virtualservice \ No newline at end of file + name: rp-poc-virtualservice From 1aefd36c04ea4a210bb9397818a1d5fee3f26da4 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 7 Sep 2023 14:14:02 -0700 Subject: [PATCH 050/173] save work --- pkg/poc/frontend.go | 4 ++++ poc/hack/build-deploy.sh | 4 ++-- poc/pkg/templates/deployment.yaml | 8 ++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index bb88f1fec6e..e7914bb38b3 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -57,5 +57,9 @@ func (f *frontend) getRouter() chi.Router { f.logger.Infof("Received request: %s", time.Now().String()) w.Write([]byte("****** ARO-RP on AKS PoC ******")) }) + r.Get("/healthz/ready", func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(200) + w.Write([]byte("ok")) + }) return r } diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index abffcee114c..c6976e0a2c9 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -41,10 +41,10 @@ deploy_pkg() { helm uninstall $release --namespace $namespace fi - kubectl delete namespace $namespace > /dev/null 2>&1 - kubectl create namespace $namespace + kubectl create namespace $namespace --dry-run=client -o yaml | kubectl apply -f - # Enable automatic sidecar injection + # https://learn.microsoft.com/en-us/azure/aks/istio-deploy-addon kubectl label namespace $namespace istio.io/rev=asm-1-17 helm install $release ./pkg-0.1.0.tgz \ diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 5ed9a9773e6..c52cfda78a5 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -37,6 +37,14 @@ spec: - name: http containerPort: {{ .Values.service.port }} protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.image.probePort }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.image.probePort }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} From ada5228af85330602597b7109d38e7f3b9fddcf7 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 7 Sep 2023 14:26:13 -0700 Subject: [PATCH 051/173] save work --- pkg/poc/frontend.go | 2 +- poc/pkg/templates/deployment.yaml | 10 +++++----- poc/pkg/values.yaml | 3 +-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index e7914bb38b3..07d352b8516 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -57,7 +57,7 @@ func (f *frontend) getRouter() chi.Router { f.logger.Infof("Received request: %s", time.Now().String()) w.Write([]byte("****** ARO-RP on AKS PoC ******")) }) - r.Get("/healthz/ready", func(w http.ResponseWriter, r *http.Request) { + r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) w.Write([]byte("ok")) }) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index c52cfda78a5..fb942768519 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -35,16 +35,16 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http - containerPort: {{ .Values.service.port }} + containerPort: {{ .Values.image.containerPort }} protocol: TCP livenessProbe: httpGet: - path: / - port: {{ .Values.image.probePort }} + path: /healthz + port: http readinessProbe: httpGet: - path: / - port: {{ .Values.image.probePort }} + path: /healthz + port: http resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 89cc597c7c0..71f9bfaecbf 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -5,9 +5,8 @@ replicaCount: 1 image: - repository: nginx pullPolicy: Always - probePort: 8080 + containerPort: 8080 # Overrides the image tag whose default is the chart appVersion. tag: "" From 8cd1b870880b442a7ec471a38c197fb6ea91ec91 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 7 Sep 2023 14:26:54 -0700 Subject: [PATCH 052/173] nix --- poc/hack/build-deploy.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index c6976e0a2c9..638ed74355c 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -41,6 +41,7 @@ deploy_pkg() { helm uninstall $release --namespace $namespace fi + # Create namespace if it doesn't exist kubectl create namespace $namespace --dry-run=client -o yaml | kubectl apply -f - # Enable automatic sidecar injection From a7eb141cc1b05a82a9279fee5ee1982167865737 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 20 Sep 2023 14:58:14 -0700 Subject: [PATCH 053/173] first draft --- poc/pkg/templates/tls-secretProvider.yaml | 24 +++++++++++++++++++++++ poc/pkg/values.yaml | 11 ++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 poc/pkg/templates/tls-secretProvider.yaml diff --git a/poc/pkg/templates/tls-secretProvider.yaml b/poc/pkg/templates/tls-secretProvider.yaml new file mode 100644 index 00000000000..89f918062dc --- /dev/null +++ b/poc/pkg/templates/tls-secretProvider.yaml @@ -0,0 +1,24 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: {{ .Values.keyVault.name }} +spec: + provider: azure + secretObjects: + - secretName: {{ .Values.keyVault.tlsCertificateName }} + type: "kubernetes.io/tls" + data: + - objectName: {{ .Values.keyVault.tlsCertificateName }} + key: tls.key + - objectName: {{ .Values.keyVault.tlsCertificateName }} + key: tls.crt + parameters: + keyvaultName: {{ .Values.keyVault.name }} # The name of the Azure Key Vault + useVMManagedIdentity: "true" + userAssignedIdentityID: {{ .Values.AKSCluster.userAssignedIdentityId }} + objects: | + array: + - | + objectName: {{ .Values.keyVault.tlsCertificateName }} + objectType: secret + tenantId: {{ .Values.AKSCluster.tenantId }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 71f9bfaecbf..256b7d75439 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -75,4 +75,13 @@ istio: #TODO jonachang: change back to 443 when we have TLS port: 80 virtualService: - name: rp-poc-virtualservice + name: rp-poc-virtualservice + +AKSCluster: + tlsSecretName: tls-secret + userAssignedIdentityId: 43bf6984-5163-4565-bb2f-04f5a5d68d78 + tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 + +keyVault: + name: aro-rp-aks-kv + tlsCertificateName: aks-rp-certificate From 68f3433da4f810d0bf9e366a9c83f5894029b3aa Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 20 Sep 2023 18:40:58 -0700 Subject: [PATCH 054/173] x --- poc/pkg/templates/tls-secretProvider.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/tls-secretProvider.yaml b/poc/pkg/templates/tls-secretProvider.yaml index 89f918062dc..bdaca5b9e56 100644 --- a/poc/pkg/templates/tls-secretProvider.yaml +++ b/poc/pkg/templates/tls-secretProvider.yaml @@ -13,7 +13,7 @@ spec: - objectName: {{ .Values.keyVault.tlsCertificateName }} key: tls.crt parameters: - keyvaultName: {{ .Values.keyVault.name }} # The name of the Azure Key Vault + keyvaultName: {{ .Values.keyVault.name }} useVMManagedIdentity: "true" userAssignedIdentityID: {{ .Values.AKSCluster.userAssignedIdentityId }} objects: | From 96d4adb08eaf8098c610c8b7abdda3579eb499e1 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 20 Sep 2023 18:52:47 -0700 Subject: [PATCH 055/173] change secret name --- poc/pkg/templates/tls-secretProvider.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/tls-secretProvider.yaml b/poc/pkg/templates/tls-secretProvider.yaml index bdaca5b9e56..fde1980593a 100644 --- a/poc/pkg/templates/tls-secretProvider.yaml +++ b/poc/pkg/templates/tls-secretProvider.yaml @@ -1,7 +1,7 @@ apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 kind: SecretProviderClass metadata: - name: {{ .Values.keyVault.name }} + name: {{ .Values.keyVault.tlsCertificateName }} spec: provider: azure secretObjects: From 56a306f8e5aea71143b452899a69c113767ec126 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 21 Sep 2023 09:37:54 -0700 Subject: [PATCH 056/173] rename secret provider --- poc/pkg/templates/tls-secretProvider.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/tls-secretProvider.yaml b/poc/pkg/templates/tls-secretProvider.yaml index fde1980593a..bdaca5b9e56 100644 --- a/poc/pkg/templates/tls-secretProvider.yaml +++ b/poc/pkg/templates/tls-secretProvider.yaml @@ -1,7 +1,7 @@ apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 kind: SecretProviderClass metadata: - name: {{ .Values.keyVault.tlsCertificateName }} + name: {{ .Values.keyVault.name }} spec: provider: azure secretObjects: From 15e433d27b400fb0ea9605431acebd975048f698 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 21 Sep 2023 15:11:43 -0700 Subject: [PATCH 057/173] add tls pod --- poc/pkg/templates/tls-pod.yaml | 22 ++++++++++++++++++++++ poc/pkg/values.yaml | 1 + 2 files changed, 23 insertions(+) create mode 100644 poc/pkg/templates/tls-pod.yaml diff --git a/poc/pkg/templates/tls-pod.yaml b/poc/pkg/templates/tls-pod.yaml new file mode 100644 index 00000000000..906f0ee3393 --- /dev/null +++ b/poc/pkg/templates/tls-pod.yaml @@ -0,0 +1,22 @@ +kind: Pod +apiVersion: v1 +metadata: + name: {{ .Values.AKSCluster.tlsPod }} +spec: + containers: + - name: {{ .Values.AKSCluster.tlsPod }} + image: mcr.microsoft.com/azuredocs/aks-helloworld:v1 + command: + - "/bin/sleep" + - "10000" + volumeMounts: + - name: secrets-store-inline + mountPath: "/mnt/secrets-store" + readOnly: true + volumes: + - name: secrets-store-inline + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.keyVault.name }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 256b7d75439..325d92c7929 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -79,6 +79,7 @@ istio: AKSCluster: tlsSecretName: tls-secret + tlsPod: tls-pod userAssignedIdentityId: 43bf6984-5163-4565-bb2f-04f5a5d68d78 tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From 758ec44d6f604c105ae88f0ec3caf1d4c93e623b Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 21 Sep 2023 16:07:31 -0700 Subject: [PATCH 058/173] change clientid --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 325d92c7929..578c4a4f748 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -80,7 +80,7 @@ istio: AKSCluster: tlsSecretName: tls-secret tlsPod: tls-pod - userAssignedIdentityId: 43bf6984-5163-4565-bb2f-04f5a5d68d78 + userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 keyVault: From ec34df2883b7d8e6e77e359852dce01abb744c55 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 21 Sep 2023 17:43:47 -0700 Subject: [PATCH 059/173] change pod name --- poc/pkg/templates/tls-pod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/tls-pod.yaml b/poc/pkg/templates/tls-pod.yaml index 906f0ee3393..307ed9e5cf6 100644 --- a/poc/pkg/templates/tls-pod.yaml +++ b/poc/pkg/templates/tls-pod.yaml @@ -4,7 +4,7 @@ metadata: name: {{ .Values.AKSCluster.tlsPod }} spec: containers: - - name: {{ .Values.AKSCluster.tlsPod }} + - name: tlspod image: mcr.microsoft.com/azuredocs/aks-helloworld:v1 command: - "/bin/sleep" From e1e6949ef27cddd9355e148d30fccc1e0f2ff90a Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 22 Sep 2023 09:36:54 -0700 Subject: [PATCH 060/173] change contianer name --- poc/pkg/templates/tls-pod.yaml | 2 +- poc/pkg/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/poc/pkg/templates/tls-pod.yaml b/poc/pkg/templates/tls-pod.yaml index 307ed9e5cf6..59ae0a302d6 100644 --- a/poc/pkg/templates/tls-pod.yaml +++ b/poc/pkg/templates/tls-pod.yaml @@ -4,7 +4,7 @@ metadata: name: {{ .Values.AKSCluster.tlsPod }} spec: containers: - - name: tlspod + - name: {{ .Values.AKSCluster.tlsContainer }} image: mcr.microsoft.com/azuredocs/aks-helloworld:v1 command: - "/bin/sleep" diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 578c4a4f748..5a8e60ca2e7 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -80,6 +80,7 @@ istio: AKSCluster: tlsSecretName: tls-secret tlsPod: tls-pod + tlsContainer: tls-container userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From 51efa35f63928c5148a0834159430155ceaa0bbd Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 26 Sep 2023 15:27:09 -0700 Subject: [PATCH 061/173] rename to aks pod --- poc/pkg/templates/{tls-pod.yaml => akspod.yaml} | 0 poc/pkg/values.yaml | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename poc/pkg/templates/{tls-pod.yaml => akspod.yaml} (100%) diff --git a/poc/pkg/templates/tls-pod.yaml b/poc/pkg/templates/akspod.yaml similarity index 100% rename from poc/pkg/templates/tls-pod.yaml rename to poc/pkg/templates/akspod.yaml diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 5a8e60ca2e7..f3611059687 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -79,8 +79,8 @@ istio: AKSCluster: tlsSecretName: tls-secret - tlsPod: tls-pod - tlsContainer: tls-container + tlsPod: aks-pod + tlsContainer: aks-container userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From cc00a41740a17565797e16f8240db4ba8f5dc73d Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 27 Sep 2023 00:02:16 -0700 Subject: [PATCH 062/173] change value --- poc/pkg/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index f3611059687..dca1fee74c2 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -79,8 +79,8 @@ istio: AKSCluster: tlsSecretName: tls-secret - tlsPod: aks-pod - tlsContainer: aks-container + tlsPod: rp-pod + tlsContainer: rp-container userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From 14028f6e86187cc212ec52534738f6756896e95a Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 27 Sep 2023 04:13:14 -0700 Subject: [PATCH 063/173] move to deployment --- poc/pkg/templates/deployment.yaml | 11 +++++++++++ poc/pkg/values.yaml | 3 +-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index fb942768519..07e3c2722df 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,6 +47,17 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Values.AKSCluster.volumeName }} + mountPath: "/mnt/secrets-store" + readOnly: true + volumes: + - name: {{ .Values.keyVault.volumeName }} + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.keyVault.name }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index dca1fee74c2..08311465377 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -79,8 +79,7 @@ istio: AKSCluster: tlsSecretName: tls-secret - tlsPod: rp-pod - tlsContainer: rp-container + volumeName: secrets-store-inline userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From bb98daf95380620eab8b25b76ec3ced85b9ce705 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 27 Sep 2023 13:56:09 -0700 Subject: [PATCH 064/173] fix format --- poc/pkg/templates/akspod.yaml | 22 ---------------------- poc/pkg/templates/deployment.yaml | 20 ++++++++++---------- 2 files changed, 10 insertions(+), 32 deletions(-) delete mode 100644 poc/pkg/templates/akspod.yaml diff --git a/poc/pkg/templates/akspod.yaml b/poc/pkg/templates/akspod.yaml deleted file mode 100644 index 59ae0a302d6..00000000000 --- a/poc/pkg/templates/akspod.yaml +++ /dev/null @@ -1,22 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: {{ .Values.AKSCluster.tlsPod }} -spec: - containers: - - name: {{ .Values.AKSCluster.tlsContainer }} - image: mcr.microsoft.com/azuredocs/aks-helloworld:v1 - command: - - "/bin/sleep" - - "10000" - volumeMounts: - - name: secrets-store-inline - mountPath: "/mnt/secrets-store" - readOnly: true - volumes: - - name: secrets-store-inline - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: {{ .Values.keyVault.name }} \ No newline at end of file diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 07e3c2722df..2e67fa6d9d6 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,17 +47,17 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: + volumeMounts: + - name: {{ .Values.AKSCluster.volumeName }} + mountPath: "/mnt/secrets-store" + readOnly: true + - volumes: - name: {{ .Values.AKSCluster.volumeName }} - mountPath: "/mnt/secrets-store" - readOnly: true - volumes: - - name: {{ .Values.keyVault.volumeName }} - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: {{ .Values.keyVault.name }} + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.keyVault.name }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} From 1c37e900d1598a45709466fe2e734f6835e5ce21 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 27 Sep 2023 14:33:39 -0700 Subject: [PATCH 065/173] move volumes --- poc/pkg/templates/deployment.yaml | 20 ++++++++++---------- poc/pkg/values.yaml | 1 - 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 2e67fa6d9d6..13170c45582 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -48,16 +48,16 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - name: {{ .Values.AKSCluster.volumeName }} - mountPath: "/mnt/secrets-store" - readOnly: true - - volumes: - - name: {{ .Values.AKSCluster.volumeName }} - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: {{ .Values.keyVault.name }} + - name: secrets-store-inline + mountPath: "/mnt/secrets-store" + readOnly: true + volumes: + - name: secrets-store-inline + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.keyVault.name }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 08311465377..33ed3f7dd1d 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -79,7 +79,6 @@ istio: AKSCluster: tlsSecretName: tls-secret - volumeName: secrets-store-inline userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From a5f356175ae3fb3d832f4246784b173b3ef9beb4 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 29 Sep 2023 15:11:28 -0700 Subject: [PATCH 066/173] create sync pod --- poc/pkg/templates/istio-gateway.yaml | 3 +++ poc/pkg/templates/tls-cert-pod.yaml | 23 +++++++++++++++++++++++ poc/pkg/values.yaml | 4 ++++ 3 files changed, 30 insertions(+) create mode 100644 poc/pkg/templates/tls-cert-pod.yaml diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index b78da217060..7bcac825a23 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -10,5 +10,8 @@ spec: number: {{ .Values.istio.gateway.port }} name: http protocol: HTTP + tls: + mode: SIMPLE + credentialName: {{ .Values.keyVault.tlsCertificateName }} hosts: - "*" \ No newline at end of file diff --git a/poc/pkg/templates/tls-cert-pod.yaml b/poc/pkg/templates/tls-cert-pod.yaml new file mode 100644 index 00000000000..f2c3b2ca58f --- /dev/null +++ b/poc/pkg/templates/tls-cert-pod.yaml @@ -0,0 +1,23 @@ +kind: Pod +apiVersion: v1 +metadata: + name: {{ .Values.AKSCluster.certSyncPod}} + namespace: {{ .Values.AKSCluster.istoSystemNamespace }} +spec: + containers: + - name: {{ .Values.AKSCluster.certSyncContainer }} + image: {{ .Values.AKSCluster.certSyncPodImage }} + command: + - "/bin/sleep" + - "10000" + volumeMounts: + - name: secrets-store-inline + mountPath: "/mnt/secrets-store" + readOnly: true + volumes: + - name: secrets-store-inline + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.keyVault.name }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 33ed3f7dd1d..fd7e9c221ab 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -79,6 +79,10 @@ istio: AKSCluster: tlsSecretName: tls-secret + certSyncPod: tls-sync-pod + certSyncPodImage: mcr.microsoft.com/azuredocs/aks-helloworld:v1 + certSyncContainer: tls-sync-container + istoSystemNamespace: aks-istio-system userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From c32e0ca9d93ff714c67cdd0c8e7a9753c906f7d1 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 2 Oct 2023 10:12:27 -0700 Subject: [PATCH 067/173] remove namespace --- poc/hack/build-deploy.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index 638ed74355c..b60d2a0a98a 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -50,8 +50,7 @@ deploy_pkg() { helm install $release ./pkg-0.1.0.tgz \ --set image.repository=$DOCKERTAG \ - --set image.tag=latest \ - --namespace $namespace + --set image.tag=latest } get_kubeconfig() { From 39a5b0edc0188d9fe296fc191214edb4474312ce Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 2 Oct 2023 10:50:07 -0700 Subject: [PATCH 068/173] add secret provider to istio-ststem --- poc/hack/build-deploy.sh | 3 ++- poc/pkg/templates/tls-secretProvider.yaml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/poc/hack/build-deploy.sh b/poc/hack/build-deploy.sh index b60d2a0a98a..638ed74355c 100755 --- a/poc/hack/build-deploy.sh +++ b/poc/hack/build-deploy.sh @@ -50,7 +50,8 @@ deploy_pkg() { helm install $release ./pkg-0.1.0.tgz \ --set image.repository=$DOCKERTAG \ - --set image.tag=latest + --set image.tag=latest \ + --namespace $namespace } get_kubeconfig() { diff --git a/poc/pkg/templates/tls-secretProvider.yaml b/poc/pkg/templates/tls-secretProvider.yaml index bdaca5b9e56..e553a28d576 100644 --- a/poc/pkg/templates/tls-secretProvider.yaml +++ b/poc/pkg/templates/tls-secretProvider.yaml @@ -2,6 +2,7 @@ apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 kind: SecretProviderClass metadata: name: {{ .Values.keyVault.name }} + namespace: {{ .Values.AKSCluster.istoSystemNamespace }} spec: provider: azure secretObjects: From 78dffd14351989cbb216c0f94e98e951b4e883ac Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 2 Oct 2023 12:10:52 -0700 Subject: [PATCH 069/173] update tls mode and change port --- poc/pkg/templates/istio-gateway.yaml | 2 +- poc/pkg/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 7bcac825a23..6e51b868420 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -11,7 +11,7 @@ spec: name: http protocol: HTTP tls: - mode: SIMPLE + mode: {{ .Values.istio.gateway.tlsMode }} credentialName: {{ .Values.keyVault.tlsCertificateName }} hosts: - "*" \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index fd7e9c221ab..affd5d68839 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -67,13 +67,13 @@ tolerations: [] affinity: {} # Use for Istio service mesh -#TODO jonachang: need to add a secret in other PR istio: name: aks-istio-ingressgateway-external gateway: name: rp-poc-gateway - #TODO jonachang: change back to 443 when we have TLS - port: 80 + port: 443 + # TLS Mode: https://istio.io/latest/docs/reference/config/networking/gateway/#ServerTLSSettings-TLSmode + tlsMode: SIMPLE virtualService: name: rp-poc-virtualservice From 2876fe0ae3be2caf7989d1a1703e91dfb30cf54a Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 2 Oct 2023 13:30:46 -0700 Subject: [PATCH 070/173] change to deployment --- poc/pkg/templates/tls-cert-deployment.yaml | 43 ++++++++++++++++++++++ poc/pkg/templates/tls-cert-pod.yaml | 23 ------------ poc/pkg/values.yaml | 9 +++-- 3 files changed, 48 insertions(+), 27 deletions(-) create mode 100644 poc/pkg/templates/tls-cert-deployment.yaml delete mode 100644 poc/pkg/templates/tls-cert-pod.yaml diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml new file mode 100644 index 00000000000..e4832b62f56 --- /dev/null +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.istio.tlsDeployment.name}} + namespace: {{ .Values.AKSCluster.istoSystemNamespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.istio.tlsDeployment.name}} + template: + metadata: + labels: + app: {{ .Values.istio.tlsDeployment.name}} + spec: + containers: + - name: {{ .Values.istio.tlsDeployment.container}} + image: {{ .Values.istio.tlsDeployment.image }} + ports: + - containerPort: {{ .Values.istio.tlsDeployment.port }} + volumeMounts: + - name: secrets-store-inline + mountPath: "/mnt/secrets-store" + readOnly: true + volumes: + - name: secrets-store-inline + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.keyVault.name }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.istio.tlsDeployment.name}} + namespace: {{ .Values.AKSCluster.istoSystemNamespace }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.istio.tlsDeployment.port }} + selector: + app: {{ .Values.istio.tlsDeployment.name}} \ No newline at end of file diff --git a/poc/pkg/templates/tls-cert-pod.yaml b/poc/pkg/templates/tls-cert-pod.yaml deleted file mode 100644 index f2c3b2ca58f..00000000000 --- a/poc/pkg/templates/tls-cert-pod.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: {{ .Values.AKSCluster.certSyncPod}} - namespace: {{ .Values.AKSCluster.istoSystemNamespace }} -spec: - containers: - - name: {{ .Values.AKSCluster.certSyncContainer }} - image: {{ .Values.AKSCluster.certSyncPodImage }} - command: - - "/bin/sleep" - - "10000" - volumeMounts: - - name: secrets-store-inline - mountPath: "/mnt/secrets-store" - readOnly: true - volumes: - - name: secrets-store-inline - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: {{ .Values.keyVault.name }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index affd5d68839..3ee3267beeb 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -76,12 +76,13 @@ istio: tlsMode: SIMPLE virtualService: name: rp-poc-virtualservice + tlsDeployment: + name: tls-sync-deployment + image: mcr.microsoft.com/azuredocs/aks-helloworld:v1 + container: tls-sync-container + port: 80 AKSCluster: - tlsSecretName: tls-secret - certSyncPod: tls-sync-pod - certSyncPodImage: mcr.microsoft.com/azuredocs/aks-helloworld:v1 - certSyncContainer: tls-sync-container istoSystemNamespace: aks-istio-system userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From 716736d4f34a0052bd0b53513b44c64f35c50a13 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 2 Oct 2023 15:56:23 -0700 Subject: [PATCH 071/173] change value --- poc/pkg/templates/tls-cert-deployment.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index e4832b62f56..cbdc7ed5b47 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -1,23 +1,26 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.istio.tlsDeployment.name}} + name: {{ .Values.istio.tlsDeployment.name }} namespace: {{ .Values.AKSCluster.istoSystemNamespace }} spec: replicas: 1 selector: matchLabels: - app: {{ .Values.istio.tlsDeployment.name}} + app: {{ .Values.istio.tlsDeployment.name }} template: metadata: labels: - app: {{ .Values.istio.tlsDeployment.name}} + app: {{ .Values.istio.tlsDeployment.name }} spec: containers: - - name: {{ .Values.istio.tlsDeployment.container}} + - name: {{ .Values.istio.tlsDeployment.container }} image: {{ .Values.istio.tlsDeployment.image }} ports: - containerPort: {{ .Values.istio.tlsDeployment.port }} + env: + - name: TITLE + value: "Hello world for TLS cert deployment" volumeMounts: - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -33,11 +36,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: {{ .Values.istio.tlsDeployment.name}} + name: {{ .Values.istio.tlsDeployment.name }} namespace: {{ .Values.AKSCluster.istoSystemNamespace }} spec: type: ClusterIP ports: - port: {{ .Values.istio.tlsDeployment.port }} selector: - app: {{ .Values.istio.tlsDeployment.name}} \ No newline at end of file + app: {{ .Values.istio.tlsDeployment.name }} \ No newline at end of file From 9d54560d8c212bc7e65937d79dc35a6bdb19194b Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 3 Oct 2023 08:53:28 -0700 Subject: [PATCH 072/173] redu --- poc/pkg/templates/tls-cert-deployment.yaml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index cbdc7ed5b47..3a4aa67e0a1 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -1,26 +1,25 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.istio.tlsDeployment.name }} - namespace: {{ .Values.AKSCluster.istoSystemNamespace }} + name: {{ .Values.istio.tlsDeployment.name }} spec: replicas: 1 selector: matchLabels: - app: {{ .Values.istio.tlsDeployment.name }} + app: {{ .Values.istio.tlsDeployment.name }} template: metadata: labels: - app: {{ .Values.istio.tlsDeployment.name }} + app: {{ .Values.istio.tlsDeployment.name }} spec: containers: - - name: {{ .Values.istio.tlsDeployment.container }} + - name: {{ .Values.istio.tlsDeployment.name }} image: {{ .Values.istio.tlsDeployment.image }} ports: - - containerPort: {{ .Values.istio.tlsDeployment.port }} + - containerPort: 80 env: - name: TITLE - value: "Hello world for TLS cert deployment" + value: "Welcome TLS certificate sync deployment" volumeMounts: - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -36,11 +35,10 @@ spec: apiVersion: v1 kind: Service metadata: - name: {{ .Values.istio.tlsDeployment.name }} - namespace: {{ .Values.AKSCluster.istoSystemNamespace }} + name: {{ .Values.istio.tlsDeployment.name }} spec: type: ClusterIP ports: - - port: {{ .Values.istio.tlsDeployment.port }} + - port: 80 selector: - app: {{ .Values.istio.tlsDeployment.name }} \ No newline at end of file + app: {{ .Values.istio.tlsDeployment.name }} \ No newline at end of file From 45c8c574fe6047497795d52b318b1aba1dca0642 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 3 Oct 2023 09:36:07 -0700 Subject: [PATCH 073/173] remove space --- poc/pkg/templates/tls-cert-deployment.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index 3a4aa67e0a1..5882043ec79 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -1,7 +1,8 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Values.istio.tlsDeployment.name }} + name: {{ .Values.istio.tlsDeployment.name }} + namespace: {{ .Values.AKSCluster.istoSystemNamespace }} spec: replicas: 1 selector: @@ -35,10 +36,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: {{ .Values.istio.tlsDeployment.name }} + name: {{ .Values.istio.tlsDeployment.name }} + namespace: {{ .Values.AKSCluster.istoSystemNamespace }} spec: type: ClusterIP ports: - - port: 80 + - port: 80 selector: app: {{ .Values.istio.tlsDeployment.name }} \ No newline at end of file From 45df1a10995cacf218be7209397424f9fc18f828 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 3 Oct 2023 10:53:40 -0700 Subject: [PATCH 074/173] add port --- poc/pkg/templates/tls-cert-deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index 5882043ec79..7f37867a699 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -17,7 +17,7 @@ spec: - name: {{ .Values.istio.tlsDeployment.name }} image: {{ .Values.istio.tlsDeployment.image }} ports: - - containerPort: 80 + - containerPort: {{ .Values.istio.tlsDeployment.port }} env: - name: TITLE value: "Welcome TLS certificate sync deployment" @@ -41,6 +41,6 @@ metadata: spec: type: ClusterIP ports: - - port: 80 + - port: {{ .Values.istio.tlsDeployment.port }} selector: app: {{ .Values.istio.tlsDeployment.name }} \ No newline at end of file From ce7eec9260076e6184b9754ae67f39f14a2f4638 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 4 Oct 2023 11:09:47 -0700 Subject: [PATCH 075/173] remove unused volume --- poc/pkg/templates/deployment.yaml | 11 ----------- poc/pkg/templates/tls-cert-deployment.yaml | 14 +------------- poc/pkg/values.yaml | 1 - 3 files changed, 1 insertion(+), 25 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 13170c45582..fb942768519 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,17 +47,6 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: secrets-store-inline - mountPath: "/mnt/secrets-store" - readOnly: true - volumes: - - name: secrets-store-inline - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: {{ .Values.keyVault.name }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index 7f37867a699..11229ba43b2 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -31,16 +31,4 @@ spec: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: - secretProviderClass: {{ .Values.keyVault.name }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.istio.tlsDeployment.name }} - namespace: {{ .Values.AKSCluster.istoSystemNamespace }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.istio.tlsDeployment.port }} - selector: - app: {{ .Values.istio.tlsDeployment.name }} \ No newline at end of file + secretProviderClass: {{ .Values.keyVault.name }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3ee3267beeb..d42184f264b 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -84,7 +84,6 @@ istio: AKSCluster: istoSystemNamespace: aks-istio-system - userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 keyVault: From adfe1e2e9dc0e93a362a7aaf2478a7e6a7e1e39b Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 4 Oct 2023 14:47:14 -0700 Subject: [PATCH 076/173] add value back --- poc/pkg/templates/deployment.yaml | 2 +- poc/pkg/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index fb942768519..6a038d4f4d3 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -58,4 +58,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index d42184f264b..59775288294 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -84,6 +84,7 @@ istio: AKSCluster: istoSystemNamespace: aks-istio-system + userAssignedIdentityId: "" tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 keyVault: From b4293f18b8cd8cc0d516d361d504d0f515df4b6e Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 4 Oct 2023 14:48:12 -0700 Subject: [PATCH 077/173] change deployment --- poc/pkg/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 6a038d4f4d3..fb942768519 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -58,4 +58,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} From 879e24d43604aeb9df447cd0b5239e2c5f735dd6 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 5 Oct 2023 00:20:52 -0700 Subject: [PATCH 078/173] add user assign identity back --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 59775288294..3ee3267beeb 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -84,7 +84,7 @@ istio: AKSCluster: istoSystemNamespace: aks-istio-system - userAssignedIdentityId: "" + userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 keyVault: From 906d5f80b7ea7568d0e1f73be928ff03f787f165 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 5 Oct 2023 00:51:12 -0700 Subject: [PATCH 079/173] remove id --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3ee3267beeb..59775288294 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -84,7 +84,7 @@ istio: AKSCluster: istoSystemNamespace: aks-istio-system - userAssignedIdentityId: 5dca7b9c-5304-4ea5-8b66-4f75d14ed09b + userAssignedIdentityId: "" tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 keyVault: From 350fe1734e2857ab9c933f7c2317cd3ffcae3a74 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 9 Oct 2023 14:16:08 -0700 Subject: [PATCH 080/173] remove port --- poc/pkg/templates/tls-cert-deployment.yaml | 2 -- poc/pkg/values.yaml | 1 - 2 files changed, 3 deletions(-) diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index 11229ba43b2..80d39610588 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -16,8 +16,6 @@ spec: containers: - name: {{ .Values.istio.tlsDeployment.name }} image: {{ .Values.istio.tlsDeployment.image }} - ports: - - containerPort: {{ .Values.istio.tlsDeployment.port }} env: - name: TITLE value: "Welcome TLS certificate sync deployment" diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 59775288294..9e20ba5704d 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -80,7 +80,6 @@ istio: name: tls-sync-deployment image: mcr.microsoft.com/azuredocs/aks-helloworld:v1 container: tls-sync-container - port: 80 AKSCluster: istoSystemNamespace: aks-istio-system From 440f680d15cf80e48f1eb4e4eee805d64c9602f2 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 10 Oct 2023 15:36:18 -0700 Subject: [PATCH 081/173] https gateway --- poc/pkg/templates/istio-gateway.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/istio-gateway.yaml b/poc/pkg/templates/istio-gateway.yaml index 6e51b868420..a3e5c1da22e 100644 --- a/poc/pkg/templates/istio-gateway.yaml +++ b/poc/pkg/templates/istio-gateway.yaml @@ -8,8 +8,8 @@ spec: servers: - port: number: {{ .Values.istio.gateway.port }} - name: http - protocol: HTTP + name: https + protocol: HTTPS tls: mode: {{ .Values.istio.gateway.tlsMode }} credentialName: {{ .Values.keyVault.tlsCertificateName }} From e5381a7abe24ea1142b62f415db5f41695732e8a Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 10 Oct 2023 17:23:21 -0700 Subject: [PATCH 082/173] Update namespace for secret --- poc/pkg/templates/tls-cert-deployment.yaml | 2 +- poc/pkg/templates/tls-secretProvider.yaml | 2 +- poc/pkg/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/poc/pkg/templates/tls-cert-deployment.yaml b/poc/pkg/templates/tls-cert-deployment.yaml index 80d39610588..b0bd32bf69d 100644 --- a/poc/pkg/templates/tls-cert-deployment.yaml +++ b/poc/pkg/templates/tls-cert-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Values.istio.tlsDeployment.name }} - namespace: {{ .Values.AKSCluster.istoSystemNamespace }} + namespace: {{ .Values.AKSCluster.istoIngressNamespace }} spec: replicas: 1 selector: diff --git a/poc/pkg/templates/tls-secretProvider.yaml b/poc/pkg/templates/tls-secretProvider.yaml index e553a28d576..6e0b26f2cb7 100644 --- a/poc/pkg/templates/tls-secretProvider.yaml +++ b/poc/pkg/templates/tls-secretProvider.yaml @@ -2,7 +2,7 @@ apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 kind: SecretProviderClass metadata: name: {{ .Values.keyVault.name }} - namespace: {{ .Values.AKSCluster.istoSystemNamespace }} + namespace: {{ .Values.AKSCluster.istoIngressNamespace }} spec: provider: azure secretObjects: diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 9e20ba5704d..a3fbbd573c8 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -82,7 +82,7 @@ istio: container: tls-sync-container AKSCluster: - istoSystemNamespace: aks-istio-system + istoIngressNamespace: aks-istio-ingress userAssignedIdentityId: "" tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From 8cafacbaf4da6c0af8b7d7cdabf71977a0d758e6 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 10 Oct 2023 17:24:06 -0700 Subject: [PATCH 083/173] nit --- poc/pkg/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index a3fbbd573c8..3a685379ba9 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -82,6 +82,7 @@ istio: container: tls-sync-container AKSCluster: + # AKS Istio addon requires the TLS cert secret to be in this namespace istoIngressNamespace: aks-istio-ingress userAssignedIdentityId: "" tenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 From 8fed6defa7f4b1573484839664f23f7aa915d707 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 12 Oct 2023 11:18:17 -0700 Subject: [PATCH 084/173] add test message --- cmd/aro/poc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index b51c2b04201..e2e1a916566 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -15,7 +15,7 @@ import ( // Licensed under the Apache License 2.0. func rpPoc(ctx context.Context, log *logrus.Entry) error { - log.Print("********** ARO-RP on AKS PoC **********") + log.Print("********** ARO-RP on AKS PoC Testing**********") ctx, shutdown := context.WithCancel(ctx) defer shutdown() From 0dd58087a64fd70e5eb93fddd34306c4a4ce9a25 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 12 Oct 2023 15:31:34 -0700 Subject: [PATCH 085/173] add mise --- cmd/aro/poc.go | 65 +++++++++++++++++++++++++++ poc/pkg/templates/deployment.yaml | 19 ++++++++ poc/pkg/templates/mise-configMap.yaml | 56 +++++++++++++++++++++++ 3 files changed, 140 insertions(+) create mode 100644 poc/pkg/templates/mise-configMap.yaml diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index e2e1a916566..92759010d52 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -1,10 +1,15 @@ package main import ( + "bytes" "context" "flag" + "fmt" + "log" + "net/http" "os" "os/signal" + "strings" "syscall" "github.com/Azure/ARO-RP/pkg/poc" @@ -16,6 +21,8 @@ import ( func rpPoc(ctx context.Context, log *logrus.Entry) error { log.Print("********** ARO-RP on AKS PoC Testing**********") + // Start Mise Authorization + http.HandleFunc("/", handler) ctx, shutdown := context.WithCancel(ctx) defer shutdown() @@ -36,3 +43,61 @@ func handleSigterm(log *logrus.Entry, shutdown context.CancelFunc) { shutdown() } + +type MiseRequestData struct { + MiseURL string + OriginalURI string + OriginalMethod string + Token string +} + +func handler(w http.ResponseWriter, r *http.Request) { + ctx := context.Background() + t := extractToken(r.Header) + m := MiseRequestData{ + MiseURL: "http://localhost:5000/ValidateRequest", + OriginalURI: "https://server/endpoint", + OriginalMethod: r.Method, + Token: t, + } + req, err := createMiseHTTPRequest(ctx, m) + if err != nil { + log.Fatal(err) + } + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + log.Fatal(err) + } + defer resp.Body.Close() + + log.Default().Println("Response status: ", resp.Status) + + w.WriteHeader(resp.StatusCode) + switch resp.StatusCode { + case http.StatusOK: + fmt.Fprintln(w, "Authorized") + default: + fmt.Fprintln(w, "Unauthorized") + } + +} + +func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) + if err != nil { + log.Fatal(err) + return nil, err + } + req.Header.Set("Original-URI", data.OriginalURI) + req.Header.Set("Original-Method", data.OriginalMethod) + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) + return req, nil +} + +func extractToken(h http.Header) string { + auth := h.Get("Authorization") + token := strings.TrimPrefix(auth, "Bearer ") + return strings.TrimSpace(token) +} diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index fb942768519..5d9f1205f52 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,6 +47,25 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} + - name: mise + image: spicypadthai.azurecr.io/mise-sidecar:dev + env: + - name: MISE_APPSETTINGS_LOCATION + value: "/etc/mise/appsettings.json" + ports: + - containerPort: 5000 + name: http + volumeMounts: + - name: config + mountPath: /etc/mise + readOnly: true + volumes: + - name: config + configMap: + name: miseconfig + items: + - key: appsettings.json + path: appsettings.json {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml new file mode 100644 index 00000000000..8b2195d12b5 --- /dev/null +++ b/poc/pkg/templates/mise-configMap.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +data: + appsettings.json: | + { + "Version": "1", + "HeartbeatIntervalMs": 5000, + "AzureAd": { + "Instance": "https://login.microsoftonline.com/", + "ClientId": "704c7dfd-4ed1-4732-95c0-04a44b0895a0", + "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "InboundPolicies": [ + { + "Label": "nont-policy", + "Authority": "https://login.microsoftonline.com/704c7dfd-4ed1-4732-95c0-04a44b0895a0/v2.0", + "AuthenticationSchemes": [ + "Bearer" + ], + "ValidAudiences": [ + "https://management.azure.com/" + ], + "ValidApplicationIds": [ + "704c7dfd-4ed1-4732-95c0-04a44b0895a0" + ] + } + ], + "MinimumDataClassificationCategory": "SystemMetadata", + "Logging": { + "LogLevel": "Information" + }, + "Modules": { + "TrV2": { + "ModuleType": "TrV2Module", + "Enabled": true + } + } + }, + "AllowedHosts": "*", + "Kestrel": { + "Endpoints": { + "Http": { + "Url": "http://0.0.0.0:5000" + } + } + }, + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft": "Information", + "Microsoft.Hosting.Lifetime": "Information" + } + } + } +kind: ConfigMap +metadata: + creationTimestamp: null + name: miseconfig \ No newline at end of file From 3704f70686f822aa585df5f6211fb75ea3180065 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 13 Oct 2023 11:07:47 -0700 Subject: [PATCH 086/173] change image --- poc/pkg/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 5d9f1205f52..7b20b7dc5c1 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} - name: mise - image: spicypadthai.azurecr.io/mise-sidecar:dev + image: jonathan34c.azurecr.io/mise-sidecar:dev env: - name: MISE_APPSETTINGS_LOCATION value: "/etc/mise/appsettings.json" From 0be84cff7bb12f5f8a9e8756dcb4f30e2af47bff Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 10:19:11 -0700 Subject: [PATCH 087/173] update mise image --- poc/pkg/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 7b20b7dc5c1..6e77ac4d479 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} - name: mise - image: jonathan34c.azurecr.io/mise-sidecar:dev + image: jonachang.azurecr.io/mise-sidecar:latest env: - name: MISE_APPSETTINGS_LOCATION value: "/etc/mise/appsettings.json" From 677c176111d6a84f3f731b7e5ef72d5516b513a0 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 11:01:14 -0700 Subject: [PATCH 088/173] change svc --- poc/pkg/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 6e77ac4d479..4cbb024db36 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} - name: mise - image: jonachang.azurecr.io/mise-sidecar:latest + image: aropocsvc.azurecr.io/mise-sidecar:dev env: - name: MISE_APPSETTINGS_LOCATION value: "/etc/mise/appsettings.json" From 85706d147afedb1fbd60f46ab0bc3c6a520f0902 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 12:22:50 -0700 Subject: [PATCH 089/173] change structuree --- poc/pkg/templates/deployment.yaml | 19 -------- poc/pkg/templates/mise-configMap.yaml | 65 ++++++++------------------ poc/pkg/templates/mise-deployment.yaml | 48 +++++++++++++++++++ 3 files changed, 68 insertions(+), 64 deletions(-) create mode 100644 poc/pkg/templates/mise-deployment.yaml diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 4cbb024db36..fb942768519 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,25 +47,6 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} - - name: mise - image: aropocsvc.azurecr.io/mise-sidecar:dev - env: - - name: MISE_APPSETTINGS_LOCATION - value: "/etc/mise/appsettings.json" - ports: - - containerPort: 5000 - name: http - volumeMounts: - - name: config - mountPath: /etc/mise - readOnly: true - volumes: - - name: config - configMap: - name: miseconfig - items: - - key: appsettings.json - path: appsettings.json {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 8b2195d12b5..00ee1b60e61 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -2,53 +2,28 @@ apiVersion: v1 data: appsettings.json: | { - "Version": "1", - "HeartbeatIntervalMs": 5000, - "AzureAd": { - "Instance": "https://login.microsoftonline.com/", - "ClientId": "704c7dfd-4ed1-4732-95c0-04a44b0895a0", - "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "InboundPolicies": [ - { - "Label": "nont-policy", - "Authority": "https://login.microsoftonline.com/704c7dfd-4ed1-4732-95c0-04a44b0895a0/v2.0", - "AuthenticationSchemes": [ - "Bearer" - ], - "ValidAudiences": [ - "https://management.azure.com/" - ], - "ValidApplicationIds": [ - "704c7dfd-4ed1-4732-95c0-04a44b0895a0" - ] - } - ], - "MinimumDataClassificationCategory": "SystemMetadata", - "Logging": { - "LogLevel": "Information" - }, - "Modules": { - "TrV2": { - "ModuleType": "TrV2Module", - "Enabled": true - } - } - }, - "AllowedHosts": "*", - "Kestrel": { - "Endpoints": { - "Http": { - "Url": "http://0.0.0.0:5000" - } - } - }, - "Logging": { - "LogLevel": { - "Default": "Information", - "Microsoft": "Information", - "Microsoft.Hosting.Lifetime": "Information" + "Version": "1", + "AzureAd": { + "Instance": "https://login.microsoftonline.com", + "ClientId": "704c7dfd-4ed1-4732-95c0-04a44b0895a0", + "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "InboundPolicies": [ + { + "Label": "my-inbound-policy", + "AuthenticationSchemes": [ "Bearer"], + "ValidAudiences" : [ + "https://management.azure.com/" + ] + }], + }, + "AllowedHosts": "*", + "Kestrel": { + "Endpoints": { + "Http": { + "Url": "http://0.0.0.0:5000" } } + } } kind: ConfigMap metadata: diff --git a/poc/pkg/templates/mise-deployment.yaml b/poc/pkg/templates/mise-deployment.yaml new file mode 100644 index 00000000000..710ffc72406 --- /dev/null +++ b/poc/pkg/templates/mise-deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mise-auth +spec: + replicas: 1 + selector: + matchLabels: + app: mise-auth + template: + metadata: + labels: + app: mise-auth + spec: + containers: + - name: mise + image: aropocsvc.azurecr.io/mise-sidecar:dev + env: + - name: MISE_APPSETTINGS_LOCATION + value: "/app/etc/appsettings.json" + ports: + - containerPort: 5000 + name: http-auth + volumeMounts: + - name: config + mountPath: /app/etc + readOnly: true + volumes: + - name: config + configMap: + name: miseconfig + items: + - key: appsettings.json + path: appsettings.json +--- +apiVersion: v1 +kind: Service +metadata: + name: mise-auth +spec: + type: ClusterIP + ports: + - port: 80 + protocol: TCP + targetPort: http-auth + name: http-auth + selector: + app: mise-auth \ No newline at end of file From 660cd11b6e4c24c9a7a09e5901d2eacecba55f6b Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 13:19:21 -0700 Subject: [PATCH 090/173] combine deployment --- poc/pkg/templates/deployment.yaml | 19 ++++++++++ poc/pkg/templates/mise-configMap.yaml | 2 +- poc/pkg/templates/mise-deployment.yaml | 48 -------------------------- 3 files changed, 20 insertions(+), 49 deletions(-) delete mode 100644 poc/pkg/templates/mise-deployment.yaml diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index fb942768519..4cbb024db36 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,6 +47,25 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} + - name: mise + image: aropocsvc.azurecr.io/mise-sidecar:dev + env: + - name: MISE_APPSETTINGS_LOCATION + value: "/etc/mise/appsettings.json" + ports: + - containerPort: 5000 + name: http + volumeMounts: + - name: config + mountPath: /etc/mise + readOnly: true + volumes: + - name: config + configMap: + name: miseconfig + items: + - key: appsettings.json + path: appsettings.json {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 00ee1b60e61..3e9b2a9bf68 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -9,7 +9,7 @@ data: "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", "InboundPolicies": [ { - "Label": "my-inbound-policy", + "Label": "jonachang-policy", "AuthenticationSchemes": [ "Bearer"], "ValidAudiences" : [ "https://management.azure.com/" diff --git a/poc/pkg/templates/mise-deployment.yaml b/poc/pkg/templates/mise-deployment.yaml deleted file mode 100644 index 710ffc72406..00000000000 --- a/poc/pkg/templates/mise-deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mise-auth -spec: - replicas: 1 - selector: - matchLabels: - app: mise-auth - template: - metadata: - labels: - app: mise-auth - spec: - containers: - - name: mise - image: aropocsvc.azurecr.io/mise-sidecar:dev - env: - - name: MISE_APPSETTINGS_LOCATION - value: "/app/etc/appsettings.json" - ports: - - containerPort: 5000 - name: http-auth - volumeMounts: - - name: config - mountPath: /app/etc - readOnly: true - volumes: - - name: config - configMap: - name: miseconfig - items: - - key: appsettings.json - path: appsettings.json ---- -apiVersion: v1 -kind: Service -metadata: - name: mise-auth -spec: - type: ClusterIP - ports: - - port: 80 - protocol: TCP - targetPort: http-auth - name: http-auth - selector: - app: mise-auth \ No newline at end of file From cf8454e4a74d3af56b216b1c002181d3bcf15795 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 15:09:36 -0700 Subject: [PATCH 091/173] change to mise --- poc/pkg/templates/deployment.yaml | 2 +- poc/pkg/templates/mise-configMap.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 4cbb024db36..e955957983b 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} - name: mise - image: aropocsvc.azurecr.io/mise-sidecar:dev + image: aropocsvc.azurecr.io/mise:dev env: - name: MISE_APPSETTINGS_LOCATION value: "/etc/mise/appsettings.json" diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 3e9b2a9bf68..4cb6bcdc20f 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -7,8 +7,8 @@ data: "Instance": "https://login.microsoftonline.com", "ClientId": "704c7dfd-4ed1-4732-95c0-04a44b0895a0", "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", - "InboundPolicies": [ - { + "InboundPolicies": + [{ "Label": "jonachang-policy", "AuthenticationSchemes": [ "Bearer"], "ValidAudiences" : [ From afda35fccc42b1a461be045e43eb4a459da1541a Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 15:48:15 -0700 Subject: [PATCH 092/173] edit appsettings --- poc/pkg/templates/deployment.yaml | 2 +- poc/pkg/templates/mise-configMap.yaml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index e955957983b..cfce6c2a96b 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -51,7 +51,7 @@ spec: image: aropocsvc.azurecr.io/mise:dev env: - name: MISE_APPSETTINGS_LOCATION - value: "/etc/mise/appsettings.json" + value: "/etc/mise/appsettings.json" ports: - containerPort: 5000 name: http diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 4cb6bcdc20f..25a5c498e3d 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -8,13 +8,15 @@ data: "ClientId": "704c7dfd-4ed1-4732-95c0-04a44b0895a0", "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", "InboundPolicies": - [{ + [ + { "Label": "jonachang-policy", "AuthenticationSchemes": [ "Bearer"], "ValidAudiences" : [ "https://management.azure.com/" ] - }], + } + ], }, "AllowedHosts": "*", "Kestrel": { From a4d5791da19c2a77ec4ea4d1f4ff10e1b354d6d3 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 16 Oct 2023 16:37:32 -0700 Subject: [PATCH 093/173] add testing words --- pkg/poc/frontend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 07d352b8516..993d09f0c47 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -55,7 +55,7 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - w.Write([]byte("****** ARO-RP on AKS PoC ******")) + w.Write([]byte("****** ARO-RP on AKS PoC MISE******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) From 49299fa8307ff3838885edda50c276a12ff1464c Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 07:53:32 -0700 Subject: [PATCH 094/173] add mise --- cmd/aro/poc.go | 64 +------------------------------ pkg/poc/frontend.go | 2 +- poc/pkg/templates/deployment.yaml | 2 +- 3 files changed, 3 insertions(+), 65 deletions(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index 92759010d52..a9555ae0577 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -1,15 +1,11 @@ package main import ( - "bytes" "context" "flag" - "fmt" - "log" "net/http" "os" "os/signal" - "strings" "syscall" "github.com/Azure/ARO-RP/pkg/poc" @@ -20,7 +16,7 @@ import ( // Licensed under the Apache License 2.0. func rpPoc(ctx context.Context, log *logrus.Entry) error { - log.Print("********** ARO-RP on AKS PoC Testing**********") + log.Print("********** ARO-RP on AKS PoC **********") // Start Mise Authorization http.HandleFunc("/", handler) @@ -43,61 +39,3 @@ func handleSigterm(log *logrus.Entry, shutdown context.CancelFunc) { shutdown() } - -type MiseRequestData struct { - MiseURL string - OriginalURI string - OriginalMethod string - Token string -} - -func handler(w http.ResponseWriter, r *http.Request) { - ctx := context.Background() - t := extractToken(r.Header) - m := MiseRequestData{ - MiseURL: "http://localhost:5000/ValidateRequest", - OriginalURI: "https://server/endpoint", - OriginalMethod: r.Method, - Token: t, - } - req, err := createMiseHTTPRequest(ctx, m) - if err != nil { - log.Fatal(err) - } - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - log.Fatal(err) - } - defer resp.Body.Close() - - log.Default().Println("Response status: ", resp.Status) - - w.WriteHeader(resp.StatusCode) - switch resp.StatusCode { - case http.StatusOK: - fmt.Fprintln(w, "Authorized") - default: - fmt.Fprintln(w, "Unauthorized") - } - -} - -func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) - if err != nil { - log.Fatal(err) - return nil, err - } - req.Header.Set("Original-URI", data.OriginalURI) - req.Header.Set("Original-Method", data.OriginalMethod) - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) - return req, nil -} - -func extractToken(h http.Header) string { - auth := h.Get("Authorization") - token := strings.TrimPrefix(auth, "Bearer ") - return strings.TrimSpace(token) -} diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 993d09f0c47..07d352b8516 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -55,7 +55,7 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - w.Write([]byte("****** ARO-RP on AKS PoC MISE******")) + w.Write([]byte("****** ARO-RP on AKS PoC ******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index cfce6c2a96b..36d059cfb10 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} - name: mise - image: aropocsvc.azurecr.io/mise:dev + image: aropocsvc.azurecr.io/mise-sidecar:dev env: - name: MISE_APPSETTINGS_LOCATION value: "/etc/mise/appsettings.json" From ad3bc7490fdacec8deac93ead1275efd8a83fa1a Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 09:59:44 -0700 Subject: [PATCH 095/173] add mise --- cmd/aro/poc.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index a9555ae0577..b51c2b04201 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -3,7 +3,6 @@ package main import ( "context" "flag" - "net/http" "os" "os/signal" "syscall" @@ -17,8 +16,6 @@ import ( func rpPoc(ctx context.Context, log *logrus.Entry) error { log.Print("********** ARO-RP on AKS PoC **********") - // Start Mise Authorization - http.HandleFunc("/", handler) ctx, shutdown := context.WithCancel(ctx) defer shutdown() From 86f9cc660242ff93b00c5d6db49f0a3bc1d6cdc9 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 15:00:48 -0700 Subject: [PATCH 096/173] move constant to value.taml --- poc/pkg/templates/deployment.yaml | 22 +++++++++---------- poc/pkg/templates/mise-configMap.yaml | 20 +++++++++-------- poc/pkg/values.yaml | 31 +++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 20 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 36d059cfb10..81a193eaf57 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,25 +47,25 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} - - name: mise - image: aropocsvc.azurecr.io/mise-sidecar:dev + - name: {{ .Values.MISE.container.name }} + image: {{ .Values.MISE.container.image }} env: - - name: MISE_APPSETTINGS_LOCATION - value: "/etc/mise/appsettings.json" + - name: {{ .Values.MISE.container.env.name }} + value: {{ .Values.MISE.container.env.value }} ports: - - containerPort: 5000 + - containerPort: {{ .Values.MISE.container.ports.containerPort }} name: http volumeMounts: - - name: config - mountPath: /etc/mise + - name: {{ .Values.MISE.container.volumes.name }} + mountPath: {{ .Values.MISE.container.volumes.mountPath }} readOnly: true volumes: - - name: config + - name: {{ .Values.MISE.container.volumes.name }} configMap: - name: miseconfig + name: {{ .Values.MISE.container.volumes.configMap.name }} items: - - key: appsettings.json - path: appsettings.json + - key: {{ .Values.MISE.container.volumes.configMap.items.key }} + path: {{ .Values.MISE.container.volumes.configMap.items.path }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 25a5c498e3d..22ead8526f0 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,28 +1,30 @@ apiVersion: v1 data: + # Configuration detail can be found here. + # https://identitydivision.visualstudio.com/DevEx/_git/Microsoft-IdentityModel-S2S?path=/docs/JsonConfigurations.md&_a=preview appsettings.json: | { "Version": "1", "AzureAd": { - "Instance": "https://login.microsoftonline.com", - "ClientId": "704c7dfd-4ed1-4732-95c0-04a44b0895a0", - "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "Instance": {{ .Values.MISE.configMap.Instance }}, + "ClientId": {{ .Values.MISE.configMap.ClientId }}, + "TenantId": {{ .Values.MISE.configMap.TenantId }}, "InboundPolicies": [ { - "Label": "jonachang-policy", - "AuthenticationSchemes": [ "Bearer"], + "Label": {{ .Values.MISE.configMap.InboundPolicies.Label }}, + "AuthenticationSchemes": {{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}, "ValidAudiences" : [ - "https://management.azure.com/" + {{ .Values.MISE.configMap.ClientId }} ] } ], }, - "AllowedHosts": "*", + "AllowedHosts": {{ .Values.MISE.configMap.AllowedHosts }}, "Kestrel": { "Endpoints": { "Http": { - "Url": "http://0.0.0.0:5000" + "Url": {{ .Values.MISE.configMap.AllowedHosts }} } } } @@ -30,4 +32,4 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: miseconfig \ No newline at end of file + name: {{ .Values.MISE.container.volumes.configMap.name }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3a685379ba9..f654f9a7e92 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -90,3 +90,34 @@ AKSCluster: keyVault: name: aro-rp-aks-kv tlsCertificateName: aks-rp-certificate + +MISE: + container: + name: mise + image: aropocsvc.azurecr.io/mise-sidecar:dev + env: + name: MISE_APPSETTINGS_LOCATION + value: "/etc/mise/appsettings.json" + ports: + containerPort: 5000 + volumes: + name: config + mountPath: /etc/mise + configMap: + name: miseconfig + items: + key: appsettings.json + path: appsettings.json + configMap: + Instance: "https://login.microsoftonline.com" + ClientId: "704c7dfd-4ed1-4732-95c0-04a44b0895a0" + TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47" + InboundPolicies: + Label: "aro-rp-policy" + AuthenticationSchemes: [ "Bearer"] + AllowedHosts: "*" + Kestrel: + Endpoints: + Url: "http://0.0.0.0:5000" + metatata: + name: miseconfig \ No newline at end of file From 19a2c4120d4f10113ac8c703514a3ea95abae50b Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 15:29:17 -0700 Subject: [PATCH 097/173] change log level to debug --- poc/pkg/templates/mise-configMap.yaml | 4 +++- poc/pkg/values.yaml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 22ead8526f0..4372a10a689 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -32,4 +32,6 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: {{ .Values.MISE.container.volumes.configMap.name }} \ No newline at end of file + name: {{ .Values.MISE.container.volumes.configMap.name }} + data: + log_level: {{ .Values.MISE.container.volumes.configMap.log_level }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index f654f9a7e92..7700af9e4bb 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -120,4 +120,5 @@ MISE: Endpoints: Url: "http://0.0.0.0:5000" metatata: - name: miseconfig \ No newline at end of file + name: miseconfig + log_level: debug \ No newline at end of file From a88675319094703f1113d4c5668eed474b49b59c Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 15:34:26 -0700 Subject: [PATCH 098/173] remove comment --- poc/pkg/templates/mise-configMap.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 4372a10a689..6bacc6bde38 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,7 +1,5 @@ apiVersion: v1 data: - # Configuration detail can be found here. - # https://identitydivision.visualstudio.com/DevEx/_git/Microsoft-IdentityModel-S2S?path=/docs/JsonConfigurations.md&_a=preview appsettings.json: | { "Version": "1", From 618e5e0a5132b43e746eeca1c9e151f4f37f289c Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 15:50:33 -0700 Subject: [PATCH 099/173] add authority --- poc/pkg/templates/mise-configMap.yaml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 6bacc6bde38..ef664361061 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -4,17 +4,15 @@ data: { "Version": "1", "AzureAd": { - "Instance": {{ .Values.MISE.configMap.Instance }}, - "ClientId": {{ .Values.MISE.configMap.ClientId }}, - "TenantId": {{ .Values.MISE.configMap.TenantId }}, "InboundPolicies": [ { "Label": {{ .Values.MISE.configMap.InboundPolicies.Label }}, + "Instance": {{ .Values.MISE.configMap.Instance }}, + "ClientId": {{ .Values.MISE.configMap.ClientId }}, + "TenantId": {{ .Values.MISE.configMap.TenantId }}, + "Authority": "{Instance}/{TenantId}/v2.0", "AuthenticationSchemes": {{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}, - "ValidAudiences" : [ - {{ .Values.MISE.configMap.ClientId }} - ] } ], }, From 0c2ede0bf3864b28568e6eccf695668583eb9435 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 17 Oct 2023 16:52:15 -0700 Subject: [PATCH 100/173] fix json --- poc/pkg/templates/mise-configMap.yaml | 15 +++++++-------- poc/pkg/values.yaml | 1 + 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index ef664361061..27b76f9598f 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,5 +1,10 @@ apiVersion: v1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: {{ .Values.MISE.container.volumes.configMap.name }} data: + log_level: {{ .Values.MISE.container.volumes.configMap.log_level }} appsettings.json: | { "Version": "1", @@ -11,7 +16,7 @@ data: "Instance": {{ .Values.MISE.configMap.Instance }}, "ClientId": {{ .Values.MISE.configMap.ClientId }}, "TenantId": {{ .Values.MISE.configMap.TenantId }}, - "Authority": "{Instance}/{TenantId}/v2.0", + "Authority": {{ .Values.MISE.configMap.InboundPolicies.Authority }}, "AuthenticationSchemes": {{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}, } ], @@ -20,14 +25,8 @@ data: "Kestrel": { "Endpoints": { "Http": { - "Url": {{ .Values.MISE.configMap.AllowedHosts }} + "Url": {{ .Values.MISE.configMap.Kestrel.Endpoints.Url }} } } } } -kind: ConfigMap -metadata: - creationTimestamp: null - name: {{ .Values.MISE.container.volumes.configMap.name }} - data: - log_level: {{ .Values.MISE.container.volumes.configMap.log_level }} \ No newline at end of file diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 7700af9e4bb..65cf2ed0b27 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -114,6 +114,7 @@ MISE: TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47" InboundPolicies: Label: "aro-rp-policy" + Authority: "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0" AuthenticationSchemes: [ "Bearer"] AllowedHosts: "*" Kestrel: From 6592b871ab3e0e0a8ad8b86bdac7924c674494b2 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 09:18:43 -0700 Subject: [PATCH 101/173] add log level --- poc/pkg/templates/mise-configMap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 27b76f9598f..eeef52fb97f 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -4,7 +4,7 @@ metadata: creationTimestamp: null name: {{ .Values.MISE.container.volumes.configMap.name }} data: - log_level: {{ .Values.MISE.container.volumes.configMap.log_level }} + log_level: {{ .Values.MISE.container.volumes.configMap.metatata.log_level }} appsettings.json: | { "Version": "1", From 473dc79c06e1eaf4feb1bcc0f1c9878acc1879dd Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 09:58:26 -0700 Subject: [PATCH 102/173] change log level --- poc/pkg/templates/mise-configMap.yaml | 2 +- poc/pkg/values.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index eeef52fb97f..633435b2eb5 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -4,7 +4,7 @@ metadata: creationTimestamp: null name: {{ .Values.MISE.container.volumes.configMap.name }} data: - log_level: {{ .Values.MISE.container.volumes.configMap.metatata.log_level }} + log_level: debug appsettings.json: | { "Version": "1", diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 65cf2ed0b27..69332825ade 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -121,5 +121,4 @@ MISE: Endpoints: Url: "http://0.0.0.0:5000" metatata: - name: miseconfig - log_level: debug \ No newline at end of file + name: miseconfig \ No newline at end of file From 05eb42a4f3aee997df0726e5effecc1a6069fcb7 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 10:55:35 -0700 Subject: [PATCH 103/173] change debug level --- poc/pkg/templates/deployment.yaml | 4 ++++ poc/pkg/templates/mise-configMap.yaml | 2 +- poc/pkg/values.yaml | 4 +++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 81a193eaf57..6e81ababa0d 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -52,6 +52,10 @@ spec: env: - name: {{ .Values.MISE.container.env.name }} value: {{ .Values.MISE.container.env.value }} + valueFrom: + configMapKeyRef: + name: {{ .Values.MISE.container.volumes.configMap.name }} + key: {{ .Values.MISE.configMap.volumes.date.log_level }} ports: - containerPort: {{ .Values.MISE.container.ports.containerPort }} name: http diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 633435b2eb5..0257501939a 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -4,7 +4,6 @@ metadata: creationTimestamp: null name: {{ .Values.MISE.container.volumes.configMap.name }} data: - log_level: debug appsettings.json: | { "Version": "1", @@ -30,3 +29,4 @@ data: } } } + log_level: debug diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 69332825ade..331b0338c2e 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -121,4 +121,6 @@ MISE: Endpoints: Url: "http://0.0.0.0:5000" metatata: - name: miseconfig \ No newline at end of file + name: miseconfig + date: + log_level: log_level \ No newline at end of file From f50e4c1b72f791923ab39640fecbe20be115be70 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 11:24:31 -0700 Subject: [PATCH 104/173] change config --- poc/pkg/templates/deployment.yaml | 4 ---- poc/pkg/templates/mise-configMap.yaml | 1 - 2 files changed, 5 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 6e81ababa0d..81a193eaf57 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -52,10 +52,6 @@ spec: env: - name: {{ .Values.MISE.container.env.name }} value: {{ .Values.MISE.container.env.value }} - valueFrom: - configMapKeyRef: - name: {{ .Values.MISE.container.volumes.configMap.name }} - key: {{ .Values.MISE.configMap.volumes.date.log_level }} ports: - containerPort: {{ .Values.MISE.container.ports.containerPort }} name: http diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 0257501939a..7f6060fdb2c 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -29,4 +29,3 @@ data: } } } - log_level: debug From b03ee221b60a485de679246fcba0ec01a00cd5d0 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 12:02:30 -0700 Subject: [PATCH 105/173] add double quotation --- poc/pkg/templates/mise-configMap.yaml | 16 ++++++++-------- poc/pkg/values.yaml | 4 +--- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 7f6060fdb2c..508a594bc39 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -8,23 +8,23 @@ data: { "Version": "1", "AzureAd": { + "Instance": "{{ .Values.MISE.configMap.Instance }}", + "ClientId": "{{ .Values.MISE.configMap.ClientId }}", + "TenantId": "{{ .Values.MISE.configMap.TenantId }}", "InboundPolicies": [ { - "Label": {{ .Values.MISE.configMap.InboundPolicies.Label }}, - "Instance": {{ .Values.MISE.configMap.Instance }}, - "ClientId": {{ .Values.MISE.configMap.ClientId }}, - "TenantId": {{ .Values.MISE.configMap.TenantId }}, - "Authority": {{ .Values.MISE.configMap.InboundPolicies.Authority }}, - "AuthenticationSchemes": {{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}, + "Label": "{{ .Values.MISE.configMap.InboundPolicies.Label }}", + "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", + "AuthenticationSchemes": "{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}", } ], }, - "AllowedHosts": {{ .Values.MISE.configMap.AllowedHosts }}, + "AllowedHosts": "{{ .Values.MISE.configMap.AllowedHosts }}", "Kestrel": { "Endpoints": { "Http": { - "Url": {{ .Values.MISE.configMap.Kestrel.Endpoints.Url }} + "Url": "{{ .Values.MISE.configMap.Kestrel.Endpoints.Url }}" } } } diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 331b0338c2e..69332825ade 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -121,6 +121,4 @@ MISE: Endpoints: Url: "http://0.0.0.0:5000" metatata: - name: miseconfig - date: - log_level: log_level \ No newline at end of file + name: miseconfig \ No newline at end of file From 66e44e2f4f82aa8c77d7e63ba3fd8b74846cc0f4 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 12:08:01 -0700 Subject: [PATCH 106/173] add quotation --- poc/pkg/templates/mise-configMap.yaml | 10 +++++----- poc/pkg/values.yaml | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 508a594bc39..7ab96c8d52f 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,8 +1,4 @@ apiVersion: v1 -kind: ConfigMap -metadata: - creationTimestamp: null - name: {{ .Values.MISE.container.volumes.configMap.name }} data: appsettings.json: | { @@ -16,7 +12,7 @@ data: { "Label": "{{ .Values.MISE.configMap.InboundPolicies.Label }}", "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", - "AuthenticationSchemes": "{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}", + "AuthenticationSchemes": {{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}, } ], }, @@ -29,3 +25,7 @@ data: } } } +kind: ConfigMap +metadata: + creationTimestamp: null + name: {{ .Values.MISE.container.volumes.configMap.name }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 69332825ade..233a470c6a0 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -109,16 +109,16 @@ MISE: key: appsettings.json path: appsettings.json configMap: - Instance: "https://login.microsoftonline.com" - ClientId: "704c7dfd-4ed1-4732-95c0-04a44b0895a0" - TenantId: "72f988bf-86f1-41af-91ab-2d7cd011db47" + Instance: https://login.microsoftonline.com + ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 + TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 InboundPolicies: - Label: "aro-rp-policy" - Authority: "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0" + Label: aro-rp-policy + Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 AuthenticationSchemes: [ "Bearer"] AllowedHosts: "*" Kestrel: Endpoints: - Url: "http://0.0.0.0:5000" + Url: http://0.0.0.0:5000 metatata: name: miseconfig \ No newline at end of file From e6f5fde8b5e6573b812dd315c2e720ebb0c6fcd2 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 13:02:25 -0700 Subject: [PATCH 107/173] ad bearer --- poc/pkg/templates/mise-configMap.yaml | 2 +- poc/pkg/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 7ab96c8d52f..fa376bdb172 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -12,7 +12,7 @@ data: { "Label": "{{ .Values.MISE.configMap.InboundPolicies.Label }}", "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", - "AuthenticationSchemes": {{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}, + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }"], } ], }, diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 233a470c6a0..5fa3d6eab51 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -115,7 +115,7 @@ MISE: InboundPolicies: Label: aro-rp-policy Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 - AuthenticationSchemes: [ "Bearer"] + AuthenticationSchemes: Bearer AllowedHosts: "*" Kestrel: Endpoints: From 65fa4a05307e6c06f6caf0b44e0b9bafd79250b8 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 14:05:52 -0700 Subject: [PATCH 108/173] add log --- poc/pkg/templates/mise-configMap.yaml | 3 ++- poc/pkg/values.yaml | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index fa376bdb172..5730b3a183f 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,5 +1,6 @@ apiVersion: v1 data: + log_level: {{ .Values.MISE.configMap.date.log_level }} appsettings.json: | { "Version": "1", @@ -12,7 +13,7 @@ data: { "Label": "{{ .Values.MISE.configMap.InboundPolicies.Label }}", "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", - "AuthenticationSchemes": ["{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }"], + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}"], } ], }, diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 5fa3d6eab51..8c15d0630fb 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -121,4 +121,6 @@ MISE: Endpoints: Url: http://0.0.0.0:5000 metatata: - name: miseconfig \ No newline at end of file + name: miseconfig + date: + log_level: debug \ No newline at end of file From 1c2ef52513ce2d6ab09c8bcc1b65db2f963c1ff1 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 18 Oct 2023 17:05:39 -0700 Subject: [PATCH 109/173] add loglevel --- poc/pkg/templates/deployment.yaml | 9 +++++++-- poc/pkg/values.yaml | 8 ++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 81a193eaf57..8e74515bb46 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -50,8 +50,13 @@ spec: - name: {{ .Values.MISE.container.name }} image: {{ .Values.MISE.container.image }} env: - - name: {{ .Values.MISE.container.env.name }} - value: {{ .Values.MISE.container.env.value }} + - name: {{ .Values.MISE.container.env.MISE_APPSETTINGS_LOCATION.name }} + value: {{ .Values.MISE.container.env.MISE_APPSETTINGS_LOCATION.value }} + - name: {{ .Values.MISE.container.env.LOG_LEVEL.name }} + valueFrom: + configMapKeyRef: + name: {{ .Values.MISE.container.volumes.configMap.name }} + key: {{ .Values.MISE.container.env.LOG_LEVEL.key }} ports: - containerPort: {{ .Values.MISE.container.ports.containerPort }} name: http diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 8c15d0630fb..03e5b28d220 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -96,8 +96,12 @@ MISE: name: mise image: aropocsvc.azurecr.io/mise-sidecar:dev env: - name: MISE_APPSETTINGS_LOCATION - value: "/etc/mise/appsettings.json" + MISE_APPSETTINGS_LOCATION: + name: MISE_APPSETTINGS_LOCATION + value: "/etc/mise/appsettings.json" + LOG_LEVEL: + name: LOG_LEVEL + key: log_level ports: containerPort: 5000 volumes: From b59a69631a967c009cd0ee46eedbd4147f9fd4a5 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 08:40:16 -0700 Subject: [PATCH 110/173] add keyback --- poc/pkg/templates/deployment.yaml | 7 ++----- poc/pkg/values.yaml | 5 ++--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 8e74515bb46..8bd65b8ee3d 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -52,11 +52,6 @@ spec: env: - name: {{ .Values.MISE.container.env.MISE_APPSETTINGS_LOCATION.name }} value: {{ .Values.MISE.container.env.MISE_APPSETTINGS_LOCATION.value }} - - name: {{ .Values.MISE.container.env.LOG_LEVEL.name }} - valueFrom: - configMapKeyRef: - name: {{ .Values.MISE.container.volumes.configMap.name }} - key: {{ .Values.MISE.container.env.LOG_LEVEL.key }} ports: - containerPort: {{ .Values.MISE.container.ports.containerPort }} name: http @@ -71,6 +66,8 @@ spec: items: - key: {{ .Values.MISE.container.volumes.configMap.items.key }} path: {{ .Values.MISE.container.volumes.configMap.items.path }} + - key: {{ .Values.MISE.container.volumes.configMap.items.log_key }} + path: {{ .Values.MISE.container.volumes.configMap.items.log_path }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 03e5b28d220..261f581d5a6 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -99,9 +99,6 @@ MISE: MISE_APPSETTINGS_LOCATION: name: MISE_APPSETTINGS_LOCATION value: "/etc/mise/appsettings.json" - LOG_LEVEL: - name: LOG_LEVEL - key: log_level ports: containerPort: 5000 volumes: @@ -112,6 +109,8 @@ MISE: items: key: appsettings.json path: appsettings.json + log_key: log_level + log_path: log_level configMap: Instance: https://login.microsoftonline.com ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 From 3530d4223998855289258e86893167ff477d7703 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 10:06:11 -0700 Subject: [PATCH 111/173] add comments in yaml --- poc/pkg/templates/mise-configMap.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 5730b3a183f..83de7c25cb1 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,6 +1,8 @@ apiVersion: v1 data: log_level: {{ .Values.MISE.configMap.date.log_level }} + # Follow the instructuions here to create appsettings.json. + # https://identitydivision.visualstudio.com/DevEx/_git/Microsoft-IdentityModel-S2S?path=/docs/JsonConfigurations.md&_a=preview appsettings.json: | { "Version": "1", From ea8a994de58ae428b9f0ef1f49813805b13945e2 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 11:08:24 -0700 Subject: [PATCH 112/173] follow aks --- poc/pkg/templates/deployment.yaml | 2 -- poc/pkg/templates/mise-configMap.yaml | 16 ++++++++++++++-- poc/pkg/values.yaml | 17 ++++++++++++----- 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 8bd65b8ee3d..08a18bc8b25 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -66,8 +66,6 @@ spec: items: - key: {{ .Values.MISE.container.volumes.configMap.items.key }} path: {{ .Values.MISE.container.volumes.configMap.items.path }} - - key: {{ .Values.MISE.container.volumes.configMap.items.log_key }} - path: {{ .Values.MISE.container.volumes.configMap.items.log_path }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 83de7c25cb1..b35f1eb4e2f 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -5,17 +5,22 @@ data: # https://identitydivision.visualstudio.com/DevEx/_git/Microsoft-IdentityModel-S2S?path=/docs/JsonConfigurations.md&_a=preview appsettings.json: | { - "Version": "1", "AzureAd": { "Instance": "{{ .Values.MISE.configMap.Instance }}", "ClientId": "{{ .Values.MISE.configMap.ClientId }}", "TenantId": "{{ .Values.MISE.configMap.TenantId }}", + "Audience": "{{ .Values.MISE.configMap.Audience }}", + "Logging": { + "LogLevel": "{{ .Values.MISE.configMap.LogLevel }}" + }, "InboundPolicies": [ { "Label": "{{ .Values.MISE.configMap.InboundPolicies.Label }}", - "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", "AuthenticationSchemes": ["{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}"], + "TokenTypes": ["{{ .Values.MISE.configMap.InboundPolicies.TokenTypes }}"], + "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", + "ValidApplicationIds": ["{{ .Values.MISE.configMap.InboundPolicies.ValidApplicationIds }}"], } ], }, @@ -26,6 +31,13 @@ data: "Url": "{{ .Values.MISE.configMap.Kestrel.Endpoints.Url }}" } } + }, + "Logging": { + "LogLevel": { + "Default": "{{ .Values.MISE.configMap.Logging.LogLevel.Default }}", + "Microsoft": "{{ .Values.MISE.configMap.Logging.LogLevel.Microsoft }}", + "Microsoft.Hosting.Lifetime": "{{ .Values.MISE.configMap.Logging.LogLevel.Microsoft_Hosting_Lifetime }}", + } } } kind: ConfigMap diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 261f581d5a6..11735008ffa 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -109,21 +109,28 @@ MISE: items: key: appsettings.json path: appsettings.json - log_key: log_level - log_path: log_level configMap: Instance: https://login.microsoftonline.com ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 + Audience: https://management.azure.com + # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None + LogLevel: Debug InboundPolicies: Label: aro-rp-policy - Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 AuthenticationSchemes: Bearer + TokenTypes: AppToken + Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 + # Currently use client id for POC purpose + ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 AllowedHosts: "*" Kestrel: Endpoints: Url: http://0.0.0.0:5000 metatata: name: miseconfig - date: - log_level: debug \ No newline at end of file + Logging: + LogLevel: + Default: Warning + Microsoft: Warning + Microsoft_Hosting_Lifetime: Warning \ No newline at end of file From 85892a5471f34baad895b122e8f35b3410201ddd Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 11:35:57 -0700 Subject: [PATCH 113/173] remove comment --- poc/pkg/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 11735008ffa..b077eb451b6 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -121,7 +121,6 @@ MISE: AuthenticationSchemes: Bearer TokenTypes: AppToken Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 - # Currently use client id for POC purpose ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 AllowedHosts: "*" Kestrel: From 6a98dfca31c895f6b756eae987187f911b6d664f Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 11:39:46 -0700 Subject: [PATCH 114/173] remove error loglevel --- poc/pkg/templates/mise-configMap.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index b35f1eb4e2f..ad15a898334 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -1,6 +1,5 @@ apiVersion: v1 data: - log_level: {{ .Values.MISE.configMap.date.log_level }} # Follow the instructuions here to create appsettings.json. # https://identitydivision.visualstudio.com/DevEx/_git/Microsoft-IdentityModel-S2S?path=/docs/JsonConfigurations.md&_a=preview appsettings.json: | From beb1ac1e9f4529ca39fa9effc2d6f507e03ba7f7 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 13:55:31 -0700 Subject: [PATCH 115/173] fix comments --- poc/pkg/templates/mise-configMap.yaml | 20 ++++++++--------- poc/pkg/values.yaml | 31 ++++++++++++++------------- 2 files changed, 26 insertions(+), 25 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index ad15a898334..58f087a64e8 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -5,21 +5,21 @@ data: appsettings.json: | { "AzureAd": { - "Instance": "{{ .Values.MISE.configMap.Instance }}", - "ClientId": "{{ .Values.MISE.configMap.ClientId }}", - "TenantId": "{{ .Values.MISE.configMap.TenantId }}", - "Audience": "{{ .Values.MISE.configMap.Audience }}", + "Instance": "{{ .Values.MISE.configMap.AzureAd.Instance }}", + "ClientId": "{{ .Values.MISE.configMap.AzureAd.ClientId }}", + "TenantId": "{{ .Values.MISE.configMap.AzureAd.TenantId }}", + "Audience": "{{ .Values.MISE.configMap.AzureAd.Audience }}", "Logging": { - "LogLevel": "{{ .Values.MISE.configMap.LogLevel }}" + "LogLevel": "{{ .Values.MISE.configMap.AzureAd.LogLevel }}" }, "InboundPolicies": [ { - "Label": "{{ .Values.MISE.configMap.InboundPolicies.Label }}", - "AuthenticationSchemes": ["{{ .Values.MISE.configMap.InboundPolicies.AuthenticationSchemes }}"], - "TokenTypes": ["{{ .Values.MISE.configMap.InboundPolicies.TokenTypes }}"], - "Authority": "{{ .Values.MISE.configMap.InboundPolicies.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.InboundPolicies.ValidApplicationIds }}"], + "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Label }}", + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], + "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], + "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], } ], }, diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index b077eb451b6..ee51aad89fe 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -110,18 +110,19 @@ MISE: key: appsettings.json path: appsettings.json configMap: - Instance: https://login.microsoftonline.com - ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 - TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 - Audience: https://management.azure.com - # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None - LogLevel: Debug - InboundPolicies: - Label: aro-rp-policy - AuthenticationSchemes: Bearer - TokenTypes: AppToken - Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 - ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 + AzureAd: + Instance: https://login.microsoftonline.com + ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 + TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 + Audience: https://management.azure.com + # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None + LogLevel: Debug + InboundPolicies: + Label: aro-rp-policy + AuthenticationSchemes: Bearer + TokenTypes: AppToken + Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 + ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 AllowedHosts: "*" Kestrel: Endpoints: @@ -130,6 +131,6 @@ MISE: name: miseconfig Logging: LogLevel: - Default: Warning - Microsoft: Warning - Microsoft_Hosting_Lifetime: Warning \ No newline at end of file + Default: Debug + Microsoft: Debug + Microsoft_Hosting_Lifetime: Debug \ No newline at end of file From adbfc7dd02b5be90a594cd922c20a2c145f2053f Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 19 Oct 2023 13:59:17 -0700 Subject: [PATCH 116/173] fix comments --- poc/pkg/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index ee51aad89fe..4902ca4b61f 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -112,6 +112,7 @@ MISE: configMap: AzureAd: Instance: https://login.microsoftonline.com + # TODO(jonachang) use helm command to dynamically get the client id ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 Audience: https://management.azure.com @@ -122,6 +123,7 @@ MISE: AuthenticationSchemes: Bearer TokenTypes: AppToken Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 + # TODO(jonachang) use helm command to dynamically get the client id ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 AllowedHosts: "*" Kestrel: From 336fafedd7697e3780028a559a6b391a9fa141d1 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 25 Oct 2023 11:14:24 -0700 Subject: [PATCH 117/173] add flag --- cmd/aro/poc.go | 2 +- pkg/poc/frontend.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index b51c2b04201..f27e0244e0f 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -15,7 +15,7 @@ import ( // Licensed under the Apache License 2.0. func rpPoc(ctx context.Context, log *logrus.Entry) error { - log.Print("********** ARO-RP on AKS PoC **********") + log.Print("********** ARO-RP on AKS PoC front end**********") ctx, shutdown := context.WithCancel(ctx) defer shutdown() diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 07d352b8516..a2a26bdba86 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -55,7 +55,7 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - w.Write([]byte("****** ARO-RP on AKS PoC ******")) + w.Write([]byte("****** ARO-RP on AKS PoC frontend******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) From 63b8389dac4914438c731e5d86cd8fc3c42a6978 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 25 Oct 2023 11:28:56 -0700 Subject: [PATCH 118/173] add flag --- cmd/aro/poc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index f27e0244e0f..0650d007d1f 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -15,7 +15,7 @@ import ( // Licensed under the Apache License 2.0. func rpPoc(ctx context.Context, log *logrus.Entry) error { - log.Print("********** ARO-RP on AKS PoC front end**********") + log.Print("********** ARO-RP on AKS PoC poc.go **********") ctx, shutdown := context.WithCancel(ctx) defer shutdown() From e5cfdcb74afbeeec16c68f0de0a59a44685313d8 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 25 Oct 2023 11:40:09 -0700 Subject: [PATCH 119/173] update tgz --- pkg-0.1.0.tgz | Bin 0 -> 4898 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 pkg-0.1.0.tgz diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..bba2d2d7d3599cad1739cc27ca41fc4204f9092f GIT binary patch literal 4898 zcmV+-6W#0|iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}bKAC({hOa+Pri3;b0H;4o{=SRvAbC8E`Y^?*=5{6SrVawHA$0izDOAi z27{x~$owA+2JQcY;nC4I!_ndJX#eo|@bLJX!EktdeDnzlhMIk9?V_5BbB+JU5!(ez647>Y>7b#H+BUsP`HNbNW6Cw~+L{KtM zP=ewxN63hj7y)I9!XNL zB5UaZgq$ft8Hx)o)EJ%(o((*JJ$SW3A!wv&E)fh4P$Y({C6@@1>lC$*t-q?ATi}5P z9z(C^=wIYXGR07!l4JPwH{;9-5(aFMC&@;oCsC|uh?6ih-7%a^GYsj1qJ*m@swD~_ z;NXB*K#)tGCy|y_D3Bjlh2|J?Nm*$XYUvj1a+SP9)iZKiwD@K0fvUei$GamYK z6>5Dllio>^ONHX}LhEy-v7SK5a}i=SI=>*~GABv027w_@Q)H1D1I0la6X#Wc(b&r8F zK(?ZSvlN+vO48#3r=hSuaUpdN~w(v-UIk^bcby7brqxN;^kzPS1j!8~WQJJ;o!PVuGRK z!rGhSiMCp6fWQ9cd1SGmjHz1Njv~or5m-3#XT_(tbvS12jfDai*vZdRH;yEVI5YZ8g_|k0 zj6)RK)$7^L&DfM#XQDeGGh+HjrQ)Y{gkKib9i#7oaWE4pY0NM>jgTp-)~Av2{s0OY zVM_lz-e3Ii?Ad(bKRa3s{n3yt{2zv7?(av(VKf*HqxtCA^Dc4yRy)0#!U^t+%-57J zS61*RC=^}j-37iZl~QDWSk-&p`RVkSQuIef6>cD5z}(EaA-ZYYe?Us?gBw zlPr@?cZ1(0XT8#9WP!f5I652{X9BR|NuFW}W_hs2;;K@;0=OV*IfjyAg>*sVbCR_? zplD)l^t=Wrw(mR zuEieAUOj*H-S3Kx{1HY&e{_7X@BeTZ4*bE0j7IapvmXx0z%`oPPU~%>Ngh#b^fD!k#Hc-pRZHDL zD0_IprKIx&A>lD3xWYt^VWua;r|=x-dHfVknO(M1&Yr?AL@>(Yr|?1uE}p`Pph|cC zDZJzi3%qAMKGV3y7DqV(bDp!vtj{Ud#{7)THLNqz%&gzbhm%|_wLh?7fN8iyt(NfL zNCb)!YQ`^-&DNQIG|4javw?yOGga*z`~FRY-CykogA)Dy=?TDFlF(>Ug*{Fqc?+eP zXt$5iPh2lOp!dYu`_Cwqz@(7(3l?RZGF2OZHzKj38Tb2x!2FF%PmrP_`mgBcjx_=uVyc% zfqJj*mBz04?_ht}ivJvpjvnK`4^k$tU-_>u^sY~@8ZTa*d~Jpv%Y&At{l8mclA(}+ z%I+}~yuwRko)Kib*7a z2((cmbRkwM;k)_TNa6X*sfML2Ho>g#1MhSJ0uvcLx;k5d>xl2@!h#*@ND@-tA3?rzvNaJK4>heP-FyJDxx;`-bB&eE0yAg-ISY zI}%t@&1ceu8qXZMpr#qFTa)tWML#217F?E=7*O6X&xb#J=xFj0{*`lut!{2&vAgBS zpRX;VLQ7mwuTxA#ob*~jwR`AylDB)SwsfpP2i+XgGOkhQw{A9F+Szv0-3L3{x>7%} zdb!QpG{FLQ9@KL8-!(c~d9UF6ZFpF{XEpmSF!tP+-i;7!*znh$P5*kOx&EsH*7unW zuw(sqcyMsgTK^pmhmYs~4^ry+KP1a!e>L<;^*+V*SV>EzD?K2Hv7t;7wyRXQ>5?&0}$kLYMkUei=~Htrh<# zNs|WUXH~OC|8z+j9lB+gO2oy8batVgIZ+Yc$f@|8o@`E8n+n)9tp#-y%`AdWcB+AC z4 z*k1QHmTbK?m5W-g&IZ0Jk*CRDc4<(RKC(@B>U!%M zou5u$R5C6XUKJsyZQGmJq^w4p+S%#N$Rb+>TMth=m?{ra?~2ki-=VhtHM-d%X4+n_ zs+|U4PjJt*Gn2QIm^=IJluhl_cQ=9(xQ(Sqs48=%VDrfN^EmA|g03XB8)4bJQwSSp z)|yvyZhaff21{^>>kiLj1bhc{3(!h7@|Axo=?fu`u;o#tL|Mw83753S(%WCWrE0F$b z-)$Cu;)4F6{abRuqltq+@$frGLw9DiUg+ZexzQp36p3XU)^s1z3Y| zjp~V?+Zt6ct`RCh!@5AahwJ(j(!xXfE>HQjTM~N3lx}~vQ@+A1FKaA;`ow8b)#%lp zkrfIOW9{MAF5isv);zLP64zwO-ccAf@AskPaRdJEAqd*^|2DDH<SOt35eaQ3C})k`R<+NPuBHkR{4|?gOiit-VrHqy5Z{X3<&f6` zLIO?lGf7^yB~m0c2b;OeMf)X}#a7RU-jm+LjDMH?H&fw1-wo`t|HGqp{@3x~G5_mf z$}R2xZ9_G>mv>ETX(?0N8I)S@yNp+7U9N7YQ?cJvg z&x{rv<>S{IA2~ z!}k1tG#EVE|3j3<{r{m?81o+d!`#cWmus0+A`ew=A~Z`B2#Ob1MB7(6?3KIn{+7E9 z6wwtm7jIWo<|L6Sk0>`8`_FOp;(h;JOjWN8nRVP(>5bvnJJ9IFrD^`wB3fO4 zxg(_tK^OY+0?pk-RW|PsSI32yJ9eQ1(?(yaX}7E{m8e(0J+q^uHOP9OdhV)C(ABX`QpyJN#**zg>n|H_H~U?gr2GTsfSjy#~d* zAvQ<8^wqb-Shl+kXW(uP1;wqQyAs*Be$=E|O4YNUc8z;dAZ{#g&2&dOo6!`dB55`T zmM2Nq!uQ6fQeS)W-&p_2``Yp~%Fg}YL3{riVyo&@~v(YNf5lt}lqMbm|l^xPJh;K%zZk0SW`jgo9O-iTzyFB6t+W!qk z$Ak9%?|AeW|9OydqqJ|obp+UU6b}3br+wF?>D|qHbfgos`as%AmKzC{Te1p98;PU; z50eX;_ODPX`{{?AF$}eoKHClKoc|Bo?|(bqA09s1|3j2cv%cU_hb{N6KNR;{YSa4+ zo8B_3s_6*~UCUIf`;|HGsGw*4O+9X{Uw zeUNhZ`yb77na0boYI_1!y*aAZrg~#l(Djz7`nEtcUY)k{;s(jGTX1*%m5ufdire9C z-ksRIEYOi3y9*(7W?gr++DN@_BwiP!XQwms?z5s4@1XhxlaQy?yTaUQHOMs!p>hpX zu&O&-xgcZTG$wtixImwpxAoMh){>HY{gkPG1HK*+yGi2ljfjSl)=%vsL02eRZGuqJ z;PROaDBs0G#l}P_LFc(@C*@nr7lN;7gyJM2Qg-JDxZ!><```5cO;+z?54g+!9}e32 zpGSxLkMW-eDRuw9ss8VMYXC(WK(+7NQ0MC>iMD><$IOs9@?$WsM)L|Qdo}+Z!y>7` zR^25Z$Ht?2&HLIak=7wq^MnuF5WEWw_r5%p80h;%7Ye=f&4?f=s&dx3#Pv$!*p9qD z-Q*JAo}b%0^~H(o7<$_A^-9lHKyJPO^7*!b?S5TkL6y7V19xVt*W-e$>(k1|ns5Ca zX;tlKX0WZY*wHWF-`Cv-Rh_whZ4>^iqWyoMH&--fT;La>u{-|X&i~lof6V`Xn6d{K zL@5;Z72{S3;A)8s<~dCw%3{b!cu8WE>AR_(mb^W1FE)95 zGKGi==>;)Wee-GA_k#H!qHjKnie=o_AH`3(V*LuyoP?KoW?pJ9y(fXZ%DgARoLqWO z0+s6TT+rBi^1t35yd{G2T*B$|7t#wd!L{%30vaLdTX4aD_kxuSd4&Bx-){f0JeJ4u USgP`W0RRC1|7Vh_LI7$20IfK&t^fc4 literal 0 HcmV?d00001 From 5a2d589b5301dabb6d12306d8cadcf246fb70aec Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 25 Oct 2023 12:18:22 -0700 Subject: [PATCH 120/173] add main --- pkg-0.1.0.tgz | Bin 4898 -> 5627 bytes poc/pkg/rp-server/main.go | 73 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 poc/pkg/rp-server/main.go diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz index bba2d2d7d3599cad1739cc27ca41fc4204f9092f..63a8684d8481a74030ad4612eacd3779ff6b3a7e 100644 GIT binary patch delta 5618 zcmV{G*d1W5#J5InpV4U z|0RiJ^gRkmISXO2Ye-4A;K``)Ql#!sBGI>Yv3X>EftuZj=0)ELSC>Sb~9wRA+ zkX_6?wahRCl4S{vh_2`@3Z#Qz7!15`-Rj3wByIl-lH@4=J_oSI{tt%-hb{Zx+1WjK zwEu@lPv8YkNq?Rwuv%b@I=h$!-V->VQwdZ8fqx&Jo%W_&q(mu^43sGjOP&i*m}Uu4Ctt>4dK(3 zsee94(0?ogpLW&K$a0B+fjyZ5;|e4yAS`yg81ac5w}DthRKg4y3e7R(lCqgWT*#*E zXAi)R23kfLkB?g1>AW#Uxu9x!%$dTEs^oeqe-=E?Lf9D$23o@1U=hj4geFu`lveHl zvEW(py$469r{=pr62D=|@-64;Cz_yKN`+}n&VM3jNAfji8lav1PNE25=vXoG3(MAt zte5eqCl`^{Co||BC%IH8PDWavD~pA0tW8;WPcBge)|yEoIZ&p%SEAH*!6N%9 zlz-GM2F?K4f(p)3WJYDgxj`FrOJd!IeBa%=y(>0K3R~Uyd zC5hBBODTJ6eV)|*4j?5TYZ-%qaYkZ>>Ui|-ouUc-%b3atMTAUg=LpW}S+Fxh|9VJ| z@fgRLV5GRP_NI8Et=1agZ@+sUnNBIAYH5p~z&mO6^K{Ke0Xhy2$S6eGiO-Ie(Ip&KSlg zF)~Hf@+3CiA3z}^OzEG8JJTPYJ)2B>&km-;-rkT*dp``xq_-0vM)6=cj3;}Co_B%E z_uA>z6i)D-$a92TZ%vN&2gaEIEO?TqSb|v|tg*PPRL=lL zM9o7eDOO0QbaqCvb|W-Q0|@|Cn92$c-~yLs<=5c6R-PG>9RMw=M}N8#j^YCK36n|> zRh4H*_>8j3jyTgphqfkH;|ZLWm<15 z9py2_Mk`ao$PBdyv43i*8wh0!M_fueNe~h~g9I0t$Pmu;V7Lu0aFWlq;e^>~JLPN} zekFoYHrs}mLU6GS$AT)|_-%O285Vd?`Rr8V3N4PZ2PQmcv6-J!to8XRnP^yNq?wt& zmxV{UnrnYxw*kh{9JN})k4OZH66%~^AUj`Xy67m&%+Cf2E`Q8WwYKm3w-I)Ku@ekR z^!KMH0Pjgc!}C$Pp!TGf>H@g3VFX|amFcAwGMbE5-Xap z-ya0#Us!sA6cy3`ny#Q_$)|iabF-I*0+b}&8nLMn0B1!HTwCx#w}!IWhf_L5MKx^$ z`K_0|kIAL%Vt>{zSLglLZ_Zzi1NBkeD~)ygzk{7&YyW3=@8EI&_d(Lp+c&+pBfaX= zv&PYz<8RH-V|vikwEqutOfnQQP}x0h1+TIH-Q8jP{AX|XVE57fA0mDF)PL%|{Fs?} zPHVr=>KV?C?LH(aDNJ)c1^Y8637t}m^-99<9C*K?#ckk~ zrl9$kFu{oEDV^jg){d)eOQ#f*SOO7fcZtw#u~G?}lckZui`QcfOWDk9W^D!D$rJ=8 zNTd^&TYrVQZ8W!2s^F3)iC$ahQu8T+80HYs+sV>qM4# z{+Ho9e17}RtavOXV37oGt$1wRg3m_g7c!R#%G4D6f6CrJrQgD3iQZndy1zCQuGW*< zGTiZ{?nTp^PBko4q8C8d^r(TTy0hJkx`gd_cYi4pS3H57_YKD(eEI~GMM)kv8xmMj%`)k>8c!X%pr#qFSx4p3i!LKs7F?8; z7*O6X&xb#K>ZtM={>-_;Rx?+z*wu2}n=CD&LQCAHUZMg6; zcY)D&U;JAkSh3-6J(~XarRMyv+OWRQXn-~Izy00a-PZhXe>iwN|9_BFkN+WACi{z_ zcR^VkLUp#`rKm{kHj%oWT+Q~i9fI?wc7F%SxRyF}QVtZKfl(GCQ?RG&=?RvuuG3A6TS?8HMG> zTU^_C(-_TJYQbXjSlpt}seY1QZm8+nivOFWNrUpUs#>FcIwg$;ePNSI#6^#EHh-ZV zIZ+W`iK+OSmaGn0s|wgPtOa!x%_xFScB+nP#U^y~SsuRBTGy-WqdvJS>)go8HT=kH znHlahF}tHIzh(#~OPd3iRB^F{tE+IOSdkfgZqNH0Q#QX%WmJpRS;1EY@-+EtoLw~q zHdiWZ6s#O>tx#!{HwhVHf-4^JB!7hS<58_Fp$lXv=3- z-E$Kr`4*=ZOV=7#=dY}D8)MAPTsDF_Yo5L?z#5FJR1f^Tu2Kc#DxnfIstcsMyKW94 zEj(n;#VNmaQ$nv8((TW7$XAr*WsW6KA2=S)d>@tQB6{~r z8z^Uu)mF96k}jv(B7b;wem)wTTvhFvr6xlBTI?={ytW}E&;&n|mH2&8I@;no` zpm^!Q3R59`wi9M&s=m8k;)i7xfL~lP@ta2|#paze3Rg8KpyBGu->#4pw?%G;q=0TA zDQ=J44oLysLQ>o&xgC-Mx`o7D4QL3;W}7Plx5HgPH-8S2uD0uvZ(J_%LnzCBtC9WG z*l6|5!R2i`t3e5v{Jj+>ug+pbLF@f#znL26*P;^CyG!EjMyHsBkJhk^9V%xV#o%ZkIh#zSEH`qHIwAX)!dyo4+50Y*b z_T6h80k$251HZ*--wk1Uck><{;RLNVkam#eN`U1xQ3ZP|fusKegA1DWuTU!cw-<57 zFn`ig`f4|@cKqLOzyEf)GdO&-|A$DOW<%?0^g+d z8Fk%NYbEr$5qMpYK0i4(Z=V&Zc!TO!Od_6EZ-u$jYLH77LFF2%&8qHb<${cTX@5-i zq~Zd5)V$VHqgo3}_WLPQ{RVt}N9;C%$G0LHNm@U(iv?YvXw?ZKNrQ`LGN61N3l$qj zN(nm2RXZr(Vjc;;pfQT$gh<&PAK<$C!R&w4|2J8^k2T;r|Gz(I$A2E|?>z4RJV>hh z|5f$>*s}&ugaK6Rz7=)8d5~!9_kVqi44ESzf_WOvE3E9zZ7mU1+%X@>F7=?-N}l^wc*af~2U*QRf1e3ytG?u!Up&RoB>34c}6{y)%*D>`Fb;NL=H{r-PD{$pqO82|q;=?RR8QYh>b<5mga za*hlpIZa~9W{{ESg3M5sPr}PQGduAh=a?igOZdc2#m(E20u!R>0?jq3T0UX1_XHTu z%(@;nZA=!%cJuBZTLI{K6@PGMYHF4sLt$Qo4!q#S_`_HaOWqT351YI{9z#rp^nw{x zee>6{?*)^;MBn@^GUl_s{!{#v3)Zg?O-OW+XXa6R={*hPW#&B%Cgj3<8mLr%=Yr0> zr~l7;0`G~SJeP3t;-&P0OmOWxynx0?`W9U9KfGWeBOYV_KX0|ant!zYi>zm3Z2Kvp zEST|orm@EUcZb8a{qOEP?*Bhba>fn1=RJ?6W(RB2+wdn#h0^yn{K#HA*I%cp`AGOo ze=t=2xl)<_E|s8cCVg+qGynSwoKcBy?K|o(h$3Jk$l#N=p-bMqJuO#8rlz;?M$j2$ zBzgDtq$~Rj)ttv=wttCusV%Q;_Lb*Na~8pzusA`nd1(&wg10C$&LsXSs6w#~0-m~j z!{3(XDpDUId=9R$!H*=mmeS9@yyi$(*TS6#Kcm_#DVtGNBUHvz!so7v49*2jM}KDU-PCor!MD#bgN7EUa={v~ zW4-X&G-$R;-mX=f(uCY|729U1)HaYU*lgIKQ4ubTDb}^qz`Vvw2lgvfbBEWes42Jl zKH}053!Ld~gK=WI{*U=|iei(|Wb0OXSIB|U#PCv>jgx;c)}k&fulMfliSJ0)On2*s z8kXgDC2O18QLovl+n}{*Y#)=`EPC&svOs4PW~=HRV M|C9oKw*Yhi0RG1hWdHyG delta 4884 zcmV+v6YK2zE21WlJAXWXbKAC({hOa+Pri3;b0H;4o{=SRvAbC8E`Y^?*=5{6SrVawHA$0izDOAi z27{x~$owA+2JQcY;nC4I!_ndJX#eo|@bLJX!EktdeDna@3Wf@$$4H7} z$Sz|~tuq`0$+CooL^t$S1=2w<3&Q3@ki&;&KWa|{zA5LQG` zGEY!~;xI?Zh?E!sWs1X^=K>U_Swa-b!1Dwew{XI9rp7SzJerai#~whIC&>j*Xt*B3 zB)KAM=>deCDMA^F3og_co(-N2Jb*oTwL&3iq-ib@41W$#B!;Ucmk5#T6t$17zp9*D z;DH7nL$BxPU*t(L#ZaJjlh2|J?Nm*%5!ODv*dc5wJGc2$t8-wS~E!`2g>yDN|f3zSZMzX zC4Y5~fipn1qJpy&nUZit)e;h_RN|yku<{gS9xgTcbIRytKF2_7(VFKFakwI^(UV%U zoY~$gt2;bN_!VWb!Jbg2K}hs_F3s~)6JQvkltiqbn*Iw+x#>MZn2Tf$b3u%3777J? zTZ#JHz#&bkDwQP6ax3`s&+tXm+{t}q(I zf+SMQET!zV^?6eJJAjnDuT=~N#uz1Njv~or5m-3#XT_(tbvS12j;cKnS^#&@DzFf1=kIKj9sh#K` z4MmXBP;ki?DhPSnCx7GuP1m$+m#8g*izFJahNfXT2i9lD)l^t=Wrw(mRuEieAUOj*H-S3Kx{1HY&e{_7X@BeTZ4*bE0j7IapvmXx0z%`oPPU~%>Ngh#b z^fD!k#Hc-pRZHDLD1Uo+!KI}01R>!uB)Gyvj$x)J!>8~Z=Xv}TPMKY{Q_h~kFGMiP z;-~OJ2riz&iJ(e%{wciV3=6zxJU-L7#ui680&||T$gIyP*2esd%r&et(#)*i%ZHO( zEww+eVSs74M6H(a-$(?C5^BaTkrI~2AkI_$DFFm05#M=AMD3!pZkoOA~Wt=iq8-O<=v7#CG`-8yz zjZ06Eq9XdQ=?Yqwe8%J0tzH@mP?B(a#HL07oEIao^}##c8_ME$XLNyzYT5?!Yj1lW zi!0e>+%I?M{ePFQW-q3Jdav%4#;*A9V1L+({~U~t9^=0cQYNoo`L8eZu1~KTFJ7H| zZH6ApgO;ZKzguFGp^$;f?lBa+!~PErhVAp8(ZTWX(f%KzeE86R;=OpEnRQMpUTC61 zf%l~U>67>2gAWldC`0IFmvNxsdf-=2Oq?pPM~Qk%27kd@d#q3on!-m=B4;5S9hk2) zo#u-LeGfgq2M!mqNPqPVXD2oeNlFTfTra`?m6L=nC`NiGVR#O_U(n(<@JdtA{7aZ) zNc56U@)T>wRko)Kib*7a2((cmbRkwM;k)_TNa6X*sfML2Ho>g#1MhSJ0uvs)F+B@n~BQzSN^= zM$@T=g-Y}WXv>Hih-x_7-Kb00es>2H@DT)N34aL@djHvj-n-uIO^2r`XO=tJ&7FN_ z+0#3oKrZ`+<1u{r0F;GE9yL1>SW?Yr(uEq&9J-*U8LnHC^5{iBBUu()mX;V$-Y?IG zKYZwD@)7=(bA_#LZep>!<;b6}Euun8Tu`r5OhugZT0ymY=y#I0d#ko|tU(9e9Mdwc zQGe&RZZ=)o*>=?32RqxkQa`bJxy{=&!2)+4)N=RVH9A^(ui*P_cv!t>HTy0w_S~1= zjSy_u@YkMA|9Yjl{;LAk_n8f_WBqq{aB$FC{~Zp8kLUjnQtJ6XB+F!fHS{hii^fo$ zZFngv61gB!x09>czP3Yf-qc2rjBBYwCx7Kc@evqh5i$iM-A*sCbQ|Z47+0kqsGYI} z?ugA&66H~vcA*Zso@8LbYF+}M@aLAll&EldR%5t><;^*+V*SV>EzD?K2Hv7t;7wyR zXQ>5?&0}$kLYMkUei=~Htrh<#Ns|WUXH~OC|8z+j9lB+gO2oy8batVgIZ+Yc$bYH$ zoStk>S(^&jHLV486wNGxPIjt+Y2_w#^I0Cg)OzPv_EBHlm2Ix&WeY!YD>K9WCT4e( z)vFnTsnX`aB~@Ik;nSz_#$!cd_}E_eHwUR z;noI~#`7j2LrieRL!OLbc5+dBmVeL{GL-T{@HsY_(Mg>l&S(PG3|qE*D-EA*XHIo7kkRMw{B%>CMO@TLoJW zPdk_@4^r=n(lp2pebCnpbmfeH+XMOK^$n4$or*d&pz0Y*ccb>Tm)3uY(%kiUg+ZexzQp36p3XU)^s1z3Y|jp~V?+Zt6ct`RCh!@5AahwJ(j(!xXfE>HQj zTM~N3lx}~vQ@+A1FKaA;`ow8b)#%lpkrfIOW9{MAF5isv);zLP5`WiZ$=*>IHt+YL zZ?>*h?$Ts(8wcpyop7=8&C@xGYba-p-Bz{F zlCGu-5&SfpT}(}_s()f;smT!EirwXq*8)NUP4Y8IUbZDtBsB+{xywcSC6~ok&xhWV z-ouQ4m;EtV_*?f-21c>Q`;GoTJO7zS7%+W zZl_bR@iYr;;`oIH<$_jIb0%;>-;behY6Q=VD7_C6N=2ESkbg^f%~hi>vc-OhxaN+w zxTK<~b4Fi#z+0th|K`3!6_vQB1;DQSufyZR_WXY|7(CklLzKq-|DjhH^B(-e+{?3< zYnfCc4^?g=G)oi+iWgTz+gCa4mAmr(mb(oU(G@ipZ&y_2B#|nQC^s4V&vEtQeg9od zRlm#{_lrwJdVhXR{OSJmzcQkhf4A4a{zr0lVstcj0iqy{{^K3_dnRy2@yde@rpEBm zE|{IE_T2T7-ngs+=oObtdd(x0B6#PF!Zi&FX!!K0_q0M%+!nbRk^;Jgq_{nDGb9Cc z3rTUCL{&EL5Ld^AmpgW$ z1Jg!ds%f{ZE|sWPzdf^~qczBSpL*`9P17lq7j9Z60MPqMscfUxJb5E_=%phSl-Pqe zB59qo)_*(vX`{bghFLeu7O(CG&-Gk6oTa@6#k(OkN51scx5QYsyAEgIZVd&+t)aUT z*|>hxq*_YVv!8a2dr}~7EN{(pM>(6(6s00*HU^d_N!P;n#-~zWd-C5{|H=E>@-@oN z{og@*|2H}~dW`=(NNKJAtOeX?d$+kI`n<@!4S$|?5YP`Sf!aa5iv(S>(JIanO)&MM zoj}o*9nv_6Z$_zZl{_{2li2o6N~it1JmLr1{|!dRgZBRKc=QI z4*UkEeb=Pv-OYP+q!YCIK-x)`8wr+MvI<5UiKG7ylM9;muTU!c>4%/HR#+YRiT z|9=nL?|(bqA09s1|3j2cv%cU_hb{N6KNR;{YSa4+o8B_3s_6*~UCUIf`;|HGsGwtxK}9UVU2|9y~h_xm5sbD74=uxfh(R=qi@ z)~0%6RnYa8srt4+G+v#y^Wp}{vRiO>{gsXO4T{_0Zr+{Pye!a>AG-@7bY@+5wc1F% zZX{k8q-Uoy^X{{v6z`z=1(T4c)w{ynX*I|-3!!oiRj{f%Te%=(-!vwDsklI&nt!+T z)Tq{yl6(D>seS{#9ud1q;_;1$hLYA#?IJ-}C|YfTP}1P?nG7i3#X`l#L@7b%xoRin zTg(@NuV{qgBq36E=LfjqelYvr^#4s(?_&?R%l{t^+WDVHhx?E5p9d**|G%mJ?|o|k zMH)c0@7qx4>nDk}e&5H;kU8>WFn_N`^9n0_HUAyMBB{Vu-6bE##-n=8``Rjz)*)5% zgb&;hybBHYzC4u}==($$3cd8rh#)Dda@M)T^-AN|j=VnI^iqWyoMH&--fT;La>u{-|X&i~lof6V`Xn6d{KL@5;Z72{S3;A)8s<~dCw z%3{b!cu8WE(o|e2la4$A_doqQH3h4zgRekem+4q9^ zAEIwQi;893*B`}Cxnlha(VT>rd1hW}FTE#$yvn>M!JJ%rPXd+d?_AK>d-A{D9=s)j z@?65{^B2+!GQqX)@B$hk>05BYfA@lw40(k8Ki_Wuu{@T?@>r_!e+>Zu0RR7IlBz-g GY5)N76t)8Z diff --git a/poc/pkg/rp-server/main.go b/poc/pkg/rp-server/main.go new file mode 100644 index 00000000000..61a9afd1345 --- /dev/null +++ b/poc/pkg/rp-server/main.go @@ -0,0 +1,73 @@ +package main + +import ( + "bytes" + "context" + "fmt" + "log" + "net/http" + "strings" +) + +type MiseRequestData struct { + MiseURL string + OriginalURI string + OriginalMethod string + Token string +} + +func handler(w http.ResponseWriter, r *http.Request) { + ctx := context.Background() + t := extractToken(r.Header) + m := MiseRequestData{ + MiseURL: "http://localhost:5000/ValidateRequest", + OriginalURI: "https://server/endpoint", + OriginalMethod: r.Method, + Token: t, + } + req, err := createMiseHTTPRequest(ctx, m) + if err != nil { + log.Fatal(err) + } + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + log.Fatal(err) + } + defer resp.Body.Close() + + log.Default().Println("Response status: ", resp.Status) + + w.WriteHeader(resp.StatusCode) + switch resp.StatusCode { + case http.StatusOK: + fmt.Fprintln(w, "Authorized") + default: + fmt.Fprintln(w, "Unauthorized") + } + +} + +func extractToken(h http.Header) string { + auth := h.Get("Authorization") + token := strings.TrimPrefix(auth, "Bearer ") + return strings.TrimSpace(token) +} + +func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) + if err != nil { + log.Fatal(err) + return nil, err + } + req.Header.Set("Original-URI", data.OriginalURI) + req.Header.Set("Original-Method", data.OriginalMethod) + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) + return req, nil +} + +func main() { + http.HandleFunc("/", handler) + log.Fatal(http.ListenAndServe(":8080", nil)) +} From e958f5b77c7a4a802714cedc1b7f2312f7a024d5 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 26 Oct 2023 13:23:35 -0700 Subject: [PATCH 121/173] add text --- pkg/poc/frontend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index a2a26bdba86..0ba546f838d 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -55,7 +55,7 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - w.Write([]byte("****** ARO-RP on AKS PoC frontend******")) + w.Write([]byte("****** ARO-RP on AKS PoC jonachang frontend******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) From 70d4a68994e575ee034d18b63d9dcb4e3f7ba667 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 26 Oct 2023 13:26:45 -0700 Subject: [PATCH 122/173] add mise auth --- pkg-0.1.0.tgz | Bin 5627 -> 5628 bytes pkg/poc/frontend.go | 65 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz index 63a8684d8481a74030ad4612eacd3779ff6b3a7e..8a9bc8c97c652e50fd83a50d690ca3720ab4e6ea 100644 GIT binary patch delta 5506 zcmV-|6@BXaEBq^vP6OGposm!*e{w(j1t0s=+Hw-tIp+s6fF+T`nc;9|_!=_V<-C8g zAVLKzk|y8%Eom?q3=T&l^Ens{+Mk2r;o*0~(ZTTWV05rQI{a=h93CC*eFuZThn;51 zr6S_H!B^92H}1bAk&M1YAt`4eEcZN;W#!LdFgy$fUW_slG*c$;7+zqKe?p`+24-Bq zFZmP&Lxs{~B*hT2%ekjk8HPZzETIw66}@GFbPx=Kf%mOj{g8^J?SDy<9Od8V05;hF z(eUu7W&eA7qrrpy-$!}`&u~WaM1j=;W7OH@Jn$aD#ezzp5(xbJ`24Il<02(WVGJ{x zpayt`Q9=a5k_bws2})2Lf2If-krHE|OmSH8T!6wfONc@lc%DGx7EXB1R0u=QqbZqV z=mBJTl8kvmqg4pU$rV{i4scl5`3l1wlXsALGg{cfCDLBfE|@+4WyfAl1ZC5`YnicE71 zXOj#gI-@AzYJqBj0th%bAQlkhg6B!BWfch|3S-?;^DP7=ax{pJ8RN?MPa{|o$NEFJ zr-jY~AQfx~A3mA-7YhW=*>5C@ z5QdHwBfqe0oyd9_k9u+$X?-$--bs>6h2nIq^|{hmPoU(ve~7T^onH}hnUf@0fxw8T zDYDq~f#M*I3av^tE^C|4Q5+H^O9Z72lxPEuIFk|OxwNubaNW<^ly&#y5=CIGnIw_} zWx9JMN^KV`vY$dp-D2PjkS(d;EJdayTv4@vgesLdsT8d2g3P0ZCVx&Dz09W=Xf0at z9AXYvgf&`Hf2)==+gfFHhbIZYqHJ!kCzNRr6917)Q=V!93?r11h}EuXzrd86)+0o@ zNLDZv#K>l*P{8+4t@X81jQ1?#o1(n zN>MhKy^FI+%40ONR3a^*$?5s{?70W9q(bE+nN&93V%z~Z(Rc>OGt3gc(z;x)pc2`W zD;D+Qve=Z`fezA01SyRKmwcvzh^Kw>S1!;re@)AFf!ZRtNaAogG!@G+u!g(L^St9< zCeH0xjXnNl;`))qF=s}fsc<8umT`nayLvs^xe=Q(>r8Y5WJXN;s8sya_VCLhyQB9# zFb?KeN;+p4pT@`(Rjbq3cz*zej4-8t9_`J3c=BXA>peM~4SS;@ne~1cl4)-*K8oVO zZEzS*M@OD_iL1BT>D3fY@Sezen)2n+3jPFzqBFg^z?Y>`imVq^`JQ)vI(Z(}rx5i{ zN~y$puMojA9?4}CnBItl);bN;lQhPNh%m;bseo*05dmll?~cdg$@7bg)0aO_-krTV zIlef3^|F)C1tNbA2F95HEP0ZrSb|v|tg*PPRL=m$L@h!nDON~lbbd~9RMw=$GQ`a;{x?5lS&U&m1ju!oU+P}IMYLiwkB8O5nQ}_ z_GIoc5^N~nJxoM`MYotWQ7fd`}LD4xZ= z5yr#b=xBeh_rpOn=nY0>G@1^c{BS@9uF}QlX}zs)EGmU>Mv^dHhnDU&(W`0hw*5_wrs$rdxW@i3g79Qtnq5Xl~2AD(()M^PoA`vJ` zs0)6H>|&MaqT?(xKN~2xFhkYGzVF{g*!|^RFeuUAot^-^B?*m>t8I_dSbm1m9Ba3a z@e8h}9^gN=_Wlb>B`_)E{hY-ar%cs4;EhPEXu^Mfe-M~|Vd)7{R7C%4x`LJ^pYi$J z&0ZP`P?B(K#HL07oEJTCZNWR;8p`JH&gcvk)wB)dw_f%>B$u+wdB0qp_g}uccs>c# zdv&KYHtqio_J*zfpZ(F{!~XBRq~q7GdauWN)u(5T<5wr&nxThuuc>MO?-rP3C}g0r zJKTQ?-eCXx`@{D6&uIVf;KBayBYpVLf9ySfpP6}1YroL!3I*Qd{-;mghYvl7aYh+} zpIy!a4d+9zDlz+1fjvspOEL)F+GB`C2|(Q;lBAw(@8#?(f8o@d~mps#rmsf zI6JZXkffwA%k>oO&zvN5Mlsea3Bz;X{fd7Uw}Drhg63bs6eFUibdsl7JFc=Vol#6; z2}GdXB|^8wN+oPhS4IlYUQRSDWplHcwG()!GZ2^{kxpE073Q|l+)k;2E1D#FZJkTa zrvze{cieUgwb)0k1WRY79NQbvg}kmUzm2RDS>pL$hVSs{?K`vLv6O&C61=wJv2}k7 zJ{y^z$y_EVQ#0`YDSQ8vehZf+dVAIC{@PHuT2E@raL1Rr7fo+E)v!>BUI1OwqXwet z&UQ2E61Lyn0R?;nfmuQ#1pj~g;J@=f-*kAIa%Q=c-Q3wS%bs5G1ai?g9Eb4X15g$v zdE9JBU`aL0q}ysdbLfJaX1Hb@mq&jux{PF5a9LVnKzYABAO7&6qsmA4Gv^9h&0NP~ zSIcp4y0VB0EpeNAonk8XNpBQXyM?_@@^)?2mX0;(pqpb_?rYTft(#4kcD5aL_rcC} zO{t$)y}ZubG{FLQ9@KL8+l_`+-YeL-4iBrhtY+T@M&Et$Z-rpZhQIY_`rm(-n)APE z!}>0x0XEG44)*u=Tl2qz;qc-7|6Wo({)c3l>@SDjC1r64)!BxZq9U=|MCx{OHQU#A z2+o_@9VFvg>d;9!P<#YNS&U4sxJ98;{UpEK zP}8*)|2IjK2IVJJwMP4NN*WFN%qEqHiyrB0LOXJzBEA+=@ii@3AF|dJuxnTg>L{8~ z1fA?u9n*?U=;pILe5tjrSJ_8>a#z;5k(X=uk=HUa+-qWXM_GQ&5KMoTHU}=L;$j7# zK80(=ip=3-d*0ueviWT)<65lF8onx!r^#RA?5ZiSg;H6gVC`^gjY^}uNyrcrT=9q} zAzYk{Yh?*tB10+1f={u@jAr6zZ1qTSX4PLHNz~%6cA;Ue#lAoi)4!ic5$CW;gR1b6 z>vX5Cx31Fp>EwAO<8puERS|O9c6}8al+~zHJ3GA{S!B!L+QZWhrpklVFGXppZ&2Ib z4Z7JPX6oLos+|U4PjJt*Gn1buF?aUcDVy47c8!W*kt~xxA5%3pa%NoL78*b}iJr#dgBiQF_hS@cGMT}5w zZc;=I-6@?~a8d%T=t{)RB{4eP(*(O!G~w?8^MdRYJ6M`~^R zT(in*tP(4b{&LSP7GH2d|I+>~8T0tqL7=$*m7}41VZtO|YA>VcovRjOcIB~*e&b%Atu*UcfMg@^39IOW%FO6V0sy8YP>`HHf< z%&`RO1E)n*qgN{$R(yyEKv9#sT*1O1PN$=IIp04V1ISYO7jjNtaV?5xls#7*9;D zs`kuM6Cr*rb{9il+Yl0Hf}ct9vMrG!s5w}VT`uY`xGa`>J@6m<_tXDf_TLPJ|9UsD z$^H)x+wp&2M}vp>ulq@#Y5#8*tfUU{&_R0tpKgxQ&@@2;2lVVMQs z7nc)E{N@o#v3ci=!c`3lX!!KW->s8#4lRE^?bapVxLo3gP?r5xBm1GT(dwIn%iDHV zgFs-aHk;~X)^T6O58<~jpwWp-)BL?fw7UNCg_J4;UFgdTG+!pFvU-QOIxf6?VG}wq zt+k~ZcFXKiiTwKQnGFrCLDt*kyQ?-$r%+zFX_)|k|3ay3E!UL15gYW( zw9Z-U4gR#&-Y&zen`MhvcZ26byp z{r38Aw14=p|8p;?HUF~~aI59r`jUU>>vrz#=4l53U0?~+4&vQT&FGtnt zR4-NqU9U{lmj$BnblS#?8zjp-!R-HG+f0v++On-D^0)OA;_wb1KE z;B`Uz;`GA2eO9F64XR%;iFjJQ73NN>L9SQ?m20RrtGc6=3o`blG1-5UiVN&f^IA`h zYAq<)@25=l8}RiVvD*Y5-->7?Y5mkL7IcZCRVRof4KAO^fbvZ&RBRk8CFnF)?Vx;% zc`W#n#wbn_B4u}cfa~siv;TGf-(>YJ)_|M*|G}Ug|9N<@_ptwSFRAYT*VX@h&l*4x z22id0*3|jtL87hScQJo5WR83Y=4mvqu(DUvKQJnS3T)Pw#N*igD8G4MTP4yuq-vb# z0XGD{gob-BPbCKWF409oPkl2YNQ$Z)buMwW)Htq3ULS69iEq!(?VbAKL^cFpJ3hbk zYz5@{1CY)7t+A`7bAbsxAhTRk5aWK|zlKGuBe*GQ|Xe_?+*+bWCg{qp_3?l!3E z%=KHF@K+`6{{y|aqI1Rt{w*{%@Bg>sKlX+X@&EUe9>JI>g~C2DZj}J87RX?l(RA(OiS7=!lth<#W*)Vd-s3=CW!~dpN-n*}flBpvF6i8Q{Qta1@RkV5 za|x%iO0|Nh>?{{Q_XXWXEB-t%Z`cCfa+Eq}UFD1C3skLtnZ#cORVa2rz+;zh_}kH3Me03- zPr)@d_>n}HbHQ^KZ|`_pN*CdKB}k+Uwl$Sn%k(Ct4F8 zk;DX;9t;M9z6pFGs;KSndRui_gk@D3_WRCE(M5laG=QyyLJ)!drppYoVI?QE>ur7V zwgmpU3n+wXu{q+=%)Yp|7&|VuBlUh4(j9M$&J5r`o&uwZ7SvY4=fO`zkz^Z%ZvQ9G z+j39ghEL&NMzS`n?SmmDvx=6<4xaICfq&i-`BscG6rk}0Kk|4LoFrW0_KxQnU>BjX zy%T?o1!XE>+kVmAAQe%$48h;E)hFh+u6Y$0U9f$)T`N4{G46O<@`|cx0j&a~Cq$yv zDx3f6m(bhVnx!iEDRT^5?UpfDe_`zJm?qd4%{w69Fw%hieS9@yyi$( z*TP){Kcm_%DVtGNBUHvz!l$l^3@!vs$7X-<-PUz?!MD#bgN7EUa={v~6TR@-HfVNA z-mX=f(uCY|6}x7s)HaYE*lyUMQ4ubTDb}^qz`VpO2lgvf3y0ULs42JlKIYO93!Lfg zf^lNH{*U==hGLu1Wan0TSIB|U#PCv>jgx;c(V{LaulMHlsqaYFOn2vo8kXgDC7Wv7 zQLovlyP&mbVjq*+E_&~uvOs4PW~b^*BTz<@vh%dF-!`(gI%VADPdSUW{l33jxX&H0 zCKdyDMx{b_%wqGOD{TAWlfjdLZ*cEu)%ezf*+Y6r59uL2q+6%|9{>RV|3(agMF4aF E0O48_qW}N^ delta 5522 zcmV;D6>aMLEBh;uP6GLvkx?6ed_VgIAN$nWavaw==La)@C6U9K;c#a78Zz0%tbaTw zLIq2bCg1%nX)qWJ4)*rU=U^~se-4HR2j30%_J;>M2YZM6!|w*e;o;%nI~e>u>@-s@ z6%pSJzM59MasMTWWb{1>NjVE)vEz{}D}N4y;XyF)Vw91fnKF4t@CuWE6e6uLFy#V% z$tNfnDwG~0DTa_;%sjQsFa(li35|%Z=q(DQgJ2j8yl>s=$5bS3{|l1jDE~eOu*Uum zhX;o(``_8wJ$SVLhe%K01x`txD6m>!j5@oR1>O@lpHm4`0)c-Yot^fkT%<%PjA2R> z)BrCqN{B#M5JAZ#K?#a~!vrBCQeq60DGp1X3s9J52~j8m&l70e!ZFX83SsDZG$k_( zJ%B7vk`Yg6v<%@Wxg<;J0YscBLK%t?7b=8jgJ%N|;0e50pb#|HH0KBg2PiUw%Q=?_ zv1=5y#nxX{&Mojj1Bc-Ij{Yc5k}*aCl?>sx-;FaXNEonbo+K-OnVv+kpb;KLk!gQtRjI#VXRwfzJ;Jfjt0>YV_X^kX#`8+SbymD zw9t6~q=F6M)0L@zK1a|j1D|%)(#Ud&fq^}l0^}L;uz>Wr5Mj4NfTHNWpF-EzdYI)3=!jG!tdMbYwJkLVd84Lzm!rfpI z$;gBzR8f>x?f|jiS@FFGN2jOeyFe1ZVaf6>=jtb#pj=9YX-&=|XGiiiXBwcL{Z66? zVdz*f@(at>iL96Ls3#YZ)+aOQ9VfX|C{9LNpDT^^1WKNNiwLXU`4u6TIZ2Ww2#k1| zB8yEQC=Sx7(6UtHvbO0Q#UVkmKv3F1i8j!PGZ|5yODmf>*Zr(bS$9t^Q3TeSNg_E= zrn^_7)ONul`ze&vEe6g2*@6nrQe;ZPB~^1ss8WfOO2NuD$UK^B@@JIMi+qBC)}kfP zA?9#NSfeF>wQ4!DtyNZcc#`l-%4P<8LYW33@gKP~<*6pXFhVJbSZubgyGJ!GwPc7XO8l=H9V3lE+djq zHq$kbX;&DBFeQo9GD|6YYki*7{th4|A8Q$dfpJEEVutE?^zNOa3H{5M$_Pb-Olju` z&gogOGeiG+NRROt$CzNGxUlx7c%rS=8sKlgdmfoiDWhs>i=V(dY4znqD#}Ywk)oV~ zM|EDM_2feKOjeJwnLsILMByb__VA-Z!ARl(xGY_%Wh}156j%e<+uJq2p1}F(7|yu% zt#hS+G8y*!hE70v-;5rrAM;4|1x`^Qi?APYHl?#ZLv_i;1!c3oL*IWgMzKI~emWkb zQk2bP@BDO}@)!**l}Jlyd~!BAedz%#s8Bgc#+8k?76ryM82b%$d<=D%?n^WgMZD3fY@Sezen)1cM3jP>{qEo%Pz}KZximVq^`JQ)nGJYA>rx5i{ zN~y$puMojA9?3-%nBItl);bN;lQhPNh%m;5seo)@5dmllAC5+&@yqk`lh;3wKb*cf zJ~}^n^SS^is9g(K!kOt;2!0<`Wa##j-~|zX_6Nq904#Wtr&xkn9;~srtW?hcMnug+ zC@EG*r*w8kvUVdhOalo3RhY^O4&VZpX64u5yjGqWk{tjoszRh4H* z_>8j3jyTgphqfkH;|ZL~JLPN}ekFoY zHrs}mLU6GS$AT)|_-%O285Vd?`Rr7G;|eW~vIizSXR(=|Q>^v*DVb!}C$Pp!TGf>H@g3VFX|amFcAwGMbE5-Xa2u-_j9 z=3iKPf)o|e|C+9#Wyz;}HgmI=h60o%+#0c|5dddJ4_sUDLAQpo*@sg)MMX7j1Np6& zy^qPI>|)k0SLglLZ_Zzi1NBkeD~)ygzk{7&YyW3=@8EI&_d(Lp+c&+pBfaX=v&PYz z<8RH-V|vikwEqutOfnQQP}x0yZUwKg|J~hT`}}8b_h9$Y{vRTJ`qY2wz5JM&c}{D; z(Ci8Y-qZfomG|jW4`Q5BhTvxxvp~c7(5p(!K2>0k67`Y{g7@}Vp}uJfpFxS7MR2fd zzS4A@Pp9-F_&pySE@ZL(>KV?C?LH(aDNJ)c1^Y8637t}m^-99<9C*KfqQ!0Cm8PKi zmoUMI=qa7#Db|jwY)hvUlUM=~Xm^RwZLv}bo0FxH!i(2q4NKX~Y-Vi*-pLdMCP<_c zms^FoZ8W!2s^F3)iC$ahQu8T+80HYs+sV>qM4#{+Ho9 ze17}RtavOXV37oGt$1vI-Ga|X<`*)T3Ch$I{C~>cKc(NoWr^NiwYtAH6t32j+A`en zrS3)3n@%+>RH7F^*Yv1?sJgS=jJkyFcXvPmpFv=jkO;y5-#+*s{4X~ho~E2x?qoN2 zw#>4pS3H57_YKD(eEI~GMM)kv8xmMj%`)k>8c!X%pr#qFSx4o6(Tgr4Sr%NBmKadp zFVBZRed?(48UD<1=Vh0uamr8TeYQQ4La!N zn3nq*b$;t+)1{qlN8Np}b6r#FCswbo^EOSez?}!R-2G;wp_TUvwywj&>Mg6;cY)D& zU;JAkSh3-6J(~W1_oe3iuiCJ_&uD-(^S}Mw-QCvwZ+|#=JpX@?RFD55Stk37p?5)9 z971)r;iafZ>^70Qom|cKwH<=z5 zc+(ioS!%&z^H|)X(5ZfsUv8-B+KT_1q)CJFv#MI7eL5wL27O_ZO2kEvbT*+KIZ+W` ziK+OSmaGn0s|wgPtOa!x%_xFScB+nP#U^y~SsuRBTGy-WqdvJS>)go8HT=kHnHlah zF}tHIzh(%3CQF+GmsD}FgsZD?rC5;}d~VPC8&fvFO=VPz)mgz;1@bicYn)v*1vXbI zYZR;;Zmm#hls5?(VuC9k@g#)v<58_Fp$lXvLsCvZG-Kc%*sr7$FYOeq08TlK+z}Kw* zhKD=t_22H^;r`?L?;%oa+vl29R%4Y|f%F$UZn5}^3;LJ#Z^?+qM-BqT!>=3--E$Kr z`4*=ZOV=7#=dY}D8)MAPTsDF_Yo5L?z#5Eyt5gsCyslCO<0_#NG^z`vySr`>PH&mm0de^j;mNK=SL8%jKmH2&8I@;no`pm^!Q z3R59`wi9M&s=m8k;)i7xfL~k_GVz;7D8=TTGYVHVD4^l$%HOV&a}F(kuD0uvZ(J_% zLnzCBtC9WG*l6|5!R2i`t3e5v{Jj+>ug+pbLF@ zf#znL26*P;^CyG!EjMyHsBkJhk^9V%xV#o%ZkIh#zSEH`qHIwAX)! zdyo4+50Y*b_T6h80k$251HZ*--wk1Uck><{;RLNVkam#eN`U1xQ3ZP|fusKegA1DW zuTU!cw-<57Fw#^g+d8Fk%NYbEr$5qMpYK0i4(Z=V&Zc!TO!Od_6EZ-u$jYLH77LFF2%&8qHb z<${cTX-xKiq~Zd5)V$VHqgo3}_WLPQ{RVt}N9;C%$G0LHNm@U(iv?YvXw?ZKNrQ`L zGN61N3l$qjN(nm2RXZr(Vjc;;pfQT$gh<&PAK<$C!R&w4|2J8^k2T;r|Gz(I$A2E| z?>z4RJV>hh|5f$>*s}&ugaK6Rz7=)8d5~!9_kE0i44ESzf_WOvE3E9zZ7mU1+%X@>F7=?-N}l^wc*af~2U*QRf1e3ytG?u!Up&RoB>34c}6{y)%*D>`Fb;NL=H{r-PD{$pqO82|q;=?RR8 zQYh>b<5mgaa*hlpIZa~9W{{ESg3M5sPr}PQGduAh=a?igOZdc2#m(E20u!R>0?jq3 zT0UX1_XHTu%(@;nZA=!%cJuBZTLI{K6>w&MYHF4sLt$Qo4!q#S_`_HaOWqT351YI{ z9z#rp^nw{xee>6{?*)^;MBn@^GUl_s{!{#v3)Zg?O-OW+XXa6R={*hPW#&B%Cgj3< z8mLr%=Yr0>r~l7;0`G~SJeP3t;-&P0OmOWxynx0?`W9U9KfGWeBOYV_KX0|anza3Y zi>zm3Z2KvpEST|orm@EUcZb8a{qOEP?*Bhba>fn1=RJ?6W(RB2+wdn#h0^yn{K#HA z*I%cp`AGOoe=t=2xl)<_E|s8cCVg+qGynSwoKcBy?K|o(h$3Jk$l#N=p-bMqJuO#8 zrlz;?M$j2$BzgDtq$~Rj)ttv=wuyLusV%Q;_Lb*Na~8pzusA`nd1(&wg10C$&LsXS zs6w#~0-m~j!{3(XDpDUId=9R$!H*=mmeS9@yyi$(*TS6#Kcm_#DVtGNBUHvz!so7v49*2jM`rMU-PCor!MD#b zgN7EUa={v~W4-X&G-$R;-mX=f(uCY|729U1)HaYU*lgIKQ4ubTDb}^qz`Vvw2lgvf zbBEWes42JlKH}053!Ld~gK=WI{*U=|iei(|Wb0OXSIB|U#PCv>jgx;c)}k&fulMfl ziSJ0)On2*s8kXgDC7au6QLovl+n}{*Y#)=`EPC&svOs4PW~=HRV|C9oKw*Yhi02RC9)&Kwi diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 0ba546f838d..38ef39da687 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -1,9 +1,12 @@ package poc import ( + "bytes" "context" + "fmt" "log" "net/http" + "strings" "time" "github.com/go-chi/chi/v5" @@ -18,6 +21,13 @@ type frontend struct { port string } +type MiseRequestData struct { + MiseURL string + OriginalURI string + OriginalMethod string + Token string +} + func NewFrontend(logger *logrus.Entry, port string) frontend { return frontend{ logger: logger, @@ -55,7 +65,9 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - w.Write([]byte("****** ARO-RP on AKS PoC jonachang frontend******")) + f.logger.Infof("Received request Header: %s", r.Header) + handleMISE(w, r) + w.Write([]byte("****** ARO-RP on AKS PoC frontend******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) @@ -63,3 +75,54 @@ func (f *frontend) getRouter() chi.Router { }) return r } + +func handleMISE(w http.ResponseWriter, r *http.Request) { + ctx := context.Background() + t := extractToken(r.Header) + m := MiseRequestData{ + MiseURL: "http://localhost:5000/ValidateRequest", + OriginalURI: "https://server/endpoint", + OriginalMethod: r.Method, + Token: t, + } + req, err := createMiseHTTPRequest(ctx, m) + if err != nil { + log.Fatal(err) + } + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + log.Fatal(err) + } + defer resp.Body.Close() + + log.Default().Println("Response status: ", resp.Status) + + w.WriteHeader(resp.StatusCode) + switch resp.StatusCode { + case http.StatusOK: + fmt.Fprintln(w, "Authorized") + default: + fmt.Fprintln(w, "Unauthorized") + } + +} + +func extractToken(h http.Header) string { + auth := h.Get("Authorization") + token := strings.TrimPrefix(auth, "Bearer ") + return strings.TrimSpace(token) +} + +func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) + if err != nil { + log.Fatal(err) + return nil, err + } + req.Header.Set("Original-URI", data.OriginalURI) + req.Header.Set("Original-Method", data.OriginalMethod) + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) + return req, nil +} From 519cdcfc025b08299cc64e962a961c3e9dec1459 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 26 Oct 2023 14:30:51 -0700 Subject: [PATCH 123/173] add logs --- pkg/poc/frontend.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 38ef39da687..709ca44d535 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -65,7 +65,6 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - f.logger.Infof("Received request Header: %s", r.Header) handleMISE(w, r) w.Write([]byte("****** ARO-RP on AKS PoC frontend******")) }) @@ -111,7 +110,9 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { func extractToken(h http.Header) string { auth := h.Get("Authorization") + log.Default().Println("Authorization header is: ", auth) token := strings.TrimPrefix(auth, "Bearer ") + log.Default().Println("token value is: ", token) return strings.TrimSpace(token) } From 3aec3f26e749b9ee468e33ffb3e02e5a4ad08a5c Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 26 Oct 2023 15:04:13 -0700 Subject: [PATCH 124/173] change local --- pkg/poc/frontend.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 709ca44d535..ee333f59fd8 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -79,7 +79,7 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { ctx := context.Background() t := extractToken(r.Header) m := MiseRequestData{ - MiseURL: "http://localhost:5000/ValidateRequest", + MiseURL: "http://0.0.0.0:5000/ValidateRequest", OriginalURI: "https://server/endpoint", OriginalMethod: r.Method, Token: t, @@ -109,6 +109,7 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { } func extractToken(h http.Header) string { + log.Default().Println("header is: ", h) auth := h.Get("Authorization") log.Default().Println("Authorization header is: ", auth) token := strings.TrimPrefix(auth, "Bearer ") From 3829ffb4d1f1bbbb206f378fe71407d0057d6e3c Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 27 Oct 2023 09:02:01 -0700 Subject: [PATCH 125/173] add log and change url --- pkg/poc/frontend.go | 6 +++--- poc/pkg/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index ee333f59fd8..baced78b4fe 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -79,7 +79,7 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { ctx := context.Background() t := extractToken(r.Header) m := MiseRequestData{ - MiseURL: "http://0.0.0.0:5000/ValidateRequest", + MiseURL: "http://localhost:5000/ValidateRequest", OriginalURI: "https://server/endpoint", OriginalMethod: r.Method, Token: t, @@ -95,7 +95,7 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { log.Fatal(err) } defer resp.Body.Close() - + log.Default().Println("full response is : ", resp) log.Default().Println("Response status: ", resp.Status) w.WriteHeader(resp.StatusCode) @@ -109,7 +109,6 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { } func extractToken(h http.Header) string { - log.Default().Println("header is: ", h) auth := h.Get("Authorization") log.Default().Println("Authorization header is: ", auth) token := strings.TrimPrefix(auth, "Bearer ") @@ -126,5 +125,6 @@ func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Req req.Header.Set("Original-URI", data.OriginalURI) req.Header.Set("Original-Method", data.OriginalMethod) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) + log.Default().Println("full request is : ", req) return req, nil } diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 4902ca4b61f..85f21c3c788 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -128,7 +128,7 @@ MISE: AllowedHosts: "*" Kestrel: Endpoints: - Url: http://0.0.0.0:5000 + Url: http://localhost:5000 metatata: name: miseconfig Logging: From e0a96edb4f04b058d7f825823a033744240a5348 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 27 Oct 2023 09:44:00 -0700 Subject: [PATCH 126/173] update config --- poc/pkg/templates/mise-configMap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 58f087a64e8..6e0b4770f9c 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -17,8 +17,8 @@ data: { "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Label }}", "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], - "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", + "ValidAudiences": ["https://management.azure.com/"], "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], } ], From c958fb75d26d3fc9650f6b00d8939e9afe056fc4 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 27 Oct 2023 13:15:06 -0700 Subject: [PATCH 127/173] fix comments --- cmd/aro/poc.go | 2 +- pkg/poc/frontend.go | 18 ++++--- poc/pkg/rp-server/main.go | 73 --------------------------- poc/pkg/templates/mise-configMap.yaml | 1 - 4 files changed, 11 insertions(+), 83 deletions(-) delete mode 100644 poc/pkg/rp-server/main.go diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index 0650d007d1f..b51c2b04201 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -15,7 +15,7 @@ import ( // Licensed under the Apache License 2.0. func rpPoc(ctx context.Context, log *logrus.Entry) error { - log.Print("********** ARO-RP on AKS PoC poc.go **********") + log.Print("********** ARO-RP on AKS PoC **********") ctx, shutdown := context.WithCancel(ctx) defer shutdown() diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index baced78b4fe..02afdea3b3f 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -65,8 +65,12 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - handleMISE(w, r) - w.Write([]byte("****** ARO-RP on AKS PoC frontend******")) + miseError := handleMISE(w, r) + if miseError != nil { + w.Write([]byte("****** Blocked by MISE authorization ******")) + } else { + w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) + } }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) @@ -75,7 +79,7 @@ func (f *frontend) getRouter() chi.Router { return r } -func handleMISE(w http.ResponseWriter, r *http.Request) { +func handleMISE(w http.ResponseWriter, r *http.Request) error { ctx := context.Background() t := extractToken(r.Header) m := MiseRequestData{ @@ -95,24 +99,23 @@ func handleMISE(w http.ResponseWriter, r *http.Request) { log.Fatal(err) } defer resp.Body.Close() - log.Default().Println("full response is : ", resp) log.Default().Println("Response status: ", resp.Status) w.WriteHeader(resp.StatusCode) + switch resp.StatusCode { case http.StatusOK: fmt.Fprintln(w, "Authorized") + return nil default: fmt.Fprintln(w, "Unauthorized") + return fmt.Errorf("Unauthorized") } - } func extractToken(h http.Header) string { auth := h.Get("Authorization") - log.Default().Println("Authorization header is: ", auth) token := strings.TrimPrefix(auth, "Bearer ") - log.Default().Println("token value is: ", token) return strings.TrimSpace(token) } @@ -125,6 +128,5 @@ func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Req req.Header.Set("Original-URI", data.OriginalURI) req.Header.Set("Original-Method", data.OriginalMethod) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) - log.Default().Println("full request is : ", req) return req, nil } diff --git a/poc/pkg/rp-server/main.go b/poc/pkg/rp-server/main.go deleted file mode 100644 index 61a9afd1345..00000000000 --- a/poc/pkg/rp-server/main.go +++ /dev/null @@ -1,73 +0,0 @@ -package main - -import ( - "bytes" - "context" - "fmt" - "log" - "net/http" - "strings" -) - -type MiseRequestData struct { - MiseURL string - OriginalURI string - OriginalMethod string - Token string -} - -func handler(w http.ResponseWriter, r *http.Request) { - ctx := context.Background() - t := extractToken(r.Header) - m := MiseRequestData{ - MiseURL: "http://localhost:5000/ValidateRequest", - OriginalURI: "https://server/endpoint", - OriginalMethod: r.Method, - Token: t, - } - req, err := createMiseHTTPRequest(ctx, m) - if err != nil { - log.Fatal(err) - } - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - log.Fatal(err) - } - defer resp.Body.Close() - - log.Default().Println("Response status: ", resp.Status) - - w.WriteHeader(resp.StatusCode) - switch resp.StatusCode { - case http.StatusOK: - fmt.Fprintln(w, "Authorized") - default: - fmt.Fprintln(w, "Unauthorized") - } - -} - -func extractToken(h http.Header) string { - auth := h.Get("Authorization") - token := strings.TrimPrefix(auth, "Bearer ") - return strings.TrimSpace(token) -} - -func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) - if err != nil { - log.Fatal(err) - return nil, err - } - req.Header.Set("Original-URI", data.OriginalURI) - req.Header.Set("Original-Method", data.OriginalMethod) - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) - return req, nil -} - -func main() { - http.HandleFunc("/", handler) - log.Fatal(http.ListenAndServe(":8080", nil)) -} diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 6e0b4770f9c..76e10766579 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -18,7 +18,6 @@ data: "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Label }}", "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidAudiences": ["https://management.azure.com/"], "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], } ], From 79428ba21e3ad5fe70cf77606b9d4ffdbba508ab Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 27 Oct 2023 16:38:33 -0700 Subject: [PATCH 128/173] add miseauth --- pkg/poc/frontend.go | 65 +------------------------------ pkg/poc/miseAuthentication.go | 73 +++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 63 deletions(-) create mode 100644 pkg/poc/miseAuthentication.go diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 02afdea3b3f..f2ad82144f4 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -1,12 +1,9 @@ package poc import ( - "bytes" "context" - "fmt" "log" "net/http" - "strings" "time" "github.com/go-chi/chi/v5" @@ -21,13 +18,6 @@ type frontend struct { port string } -type MiseRequestData struct { - MiseURL string - OriginalURI string - OriginalMethod string - Token string -} - func NewFrontend(logger *logrus.Entry, port string) frontend { return frontend{ logger: logger, @@ -65,12 +55,13 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - miseError := handleMISE(w, r) + miseError := AuthenticateWithMISE(w, r) if miseError != nil { w.Write([]byte("****** Blocked by MISE authorization ******")) } else { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) } + w.Write([]byte("****** Blocked by MISE authorization ******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) @@ -78,55 +69,3 @@ func (f *frontend) getRouter() chi.Router { }) return r } - -func handleMISE(w http.ResponseWriter, r *http.Request) error { - ctx := context.Background() - t := extractToken(r.Header) - m := MiseRequestData{ - MiseURL: "http://localhost:5000/ValidateRequest", - OriginalURI: "https://server/endpoint", - OriginalMethod: r.Method, - Token: t, - } - req, err := createMiseHTTPRequest(ctx, m) - if err != nil { - log.Fatal(err) - } - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - log.Fatal(err) - } - defer resp.Body.Close() - log.Default().Println("Response status: ", resp.Status) - - w.WriteHeader(resp.StatusCode) - - switch resp.StatusCode { - case http.StatusOK: - fmt.Fprintln(w, "Authorized") - return nil - default: - fmt.Fprintln(w, "Unauthorized") - return fmt.Errorf("Unauthorized") - } -} - -func extractToken(h http.Header) string { - auth := h.Get("Authorization") - token := strings.TrimPrefix(auth, "Bearer ") - return strings.TrimSpace(token) -} - -func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) - if err != nil { - log.Fatal(err) - return nil, err - } - req.Header.Set("Original-URI", data.OriginalURI) - req.Header.Set("Original-Method", data.OriginalMethod) - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) - return req, nil -} diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go new file mode 100644 index 00000000000..dca621556e5 --- /dev/null +++ b/pkg/poc/miseAuthentication.go @@ -0,0 +1,73 @@ +package poc + +import ( + "bytes" + "context" + "fmt" + "log" + "net/http" + "strings" +) + +type MiseRequestData struct { + MiseURL string + OriginalURI string + OriginalMethod string + Token string +} + +const ( + miseURL = "http://localhost:5000/ValidateRequest" + originURI = "https://server/endpoint" +) + +func AuthenticateWithMISE(w http.ResponseWriter, r *http.Request) error { + ctx := context.Background() + token := extractToken(r.Header) + + requestData := MiseRequestData{ + MiseURL: miseURL, + OriginalURI: originURI, + OriginalMethod: r.Method, + Token: token, + } + + req, err := createMiseHTTPRequest(ctx, requestData) + if err != nil { + return err + } + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + log.Default().Println("Response status: ", resp.Status) + + w.WriteHeader(resp.StatusCode) + + switch resp.StatusCode { + case http.StatusOK: + return nil + default: + return fmt.Errorf("Unauthorized") + } +} + +func extractToken(h http.Header) string { + auth := h.Get("Authorization") + token := strings.TrimPrefix(auth, "Bearer ") + return strings.TrimSpace(token) +} + +func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) + if err != nil { + return nil, err + } + req.Header.Set("Original-URI", data.OriginalURI) + req.Header.Set("Original-Method", data.OriginalMethod) + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", data.Token)) + return req, nil +} From d600a3fdab0a87d2227a371466af15dd57b103b6 Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 27 Oct 2023 16:39:08 -0700 Subject: [PATCH 129/173] remove unused --- pkg/poc/frontend.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index f2ad82144f4..45e8884f496 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -61,7 +61,6 @@ func (f *frontend) getRouter() chi.Router { } else { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) } - w.Write([]byte("****** Blocked by MISE authorization ******")) }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) From 2af41d3fd391af7053bb39ceb2ba1731a5327160 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 30 Oct 2023 08:33:14 -0700 Subject: [PATCH 130/173] add token type back --- poc/pkg/templates/mise-configMap.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 76e10766579..58f087a64e8 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -17,6 +17,7 @@ data: { "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Label }}", "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], + "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], } From 3716957f97236c7aa91f8aecc4d9da6f3a32cd3d Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 31 Oct 2023 09:32:45 -0700 Subject: [PATCH 131/173] fix comment --- pkg/poc/frontend.go | 15 ++++++++++++--- pkg/poc/miseAuthentication.go | 3 ++- poc/pkg/templates/deployment.yaml | 2 ++ poc/pkg/values.yaml | 9 ++++++--- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 45e8884f496..80b8efc0934 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -12,6 +12,10 @@ import ( // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. +const ( + // TODO(jonachang): remove this when go production. + enableMISE = true +) type frontend struct { logger *logrus.Entry @@ -55,9 +59,14 @@ func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) - miseError := AuthenticateWithMISE(w, r) - if miseError != nil { - w.Write([]byte("****** Blocked by MISE authorization ******")) + // TODO(jonachang): remove this when go production. + if enableMISE { + miseError := authenticateWithMISE(w, r) + if miseError != nil { + w.Write([]byte("****** Blocked by MISE authorization ******")) + } else { + w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) + } } else { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) } diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index dca621556e5..4f377a8a0d5 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -21,7 +21,7 @@ const ( originURI = "https://server/endpoint" ) -func AuthenticateWithMISE(w http.ResponseWriter, r *http.Request) error { +func authenticateWithMISE(w http.ResponseWriter, r *http.Request) error { ctx := context.Background() token := extractToken(r.Header) @@ -37,6 +37,7 @@ func AuthenticateWithMISE(w http.ResponseWriter, r *http.Request) error { return err } + // TODO(jonachang): need to cache the client when do this in production. client := &http.Client{} resp, err := client.Do(req) if err != nil { diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 08a18bc8b25..4a95118268d 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -47,6 +47,7 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.MISE.MISE_AUTH_ENABLED }} - name: {{ .Values.MISE.container.name }} image: {{ .Values.MISE.container.image }} env: @@ -59,6 +60,7 @@ spec: - name: {{ .Values.MISE.container.volumes.name }} mountPath: {{ .Values.MISE.container.volumes.mountPath }} readOnly: true + {{- end }} volumes: - name: {{ .Values.MISE.container.volumes.name }} configMap: diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 85f21c3c788..3764db53109 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -92,6 +92,7 @@ keyVault: tlsCertificateName: aks-rp-certificate MISE: + MISE_AUTH_ENABLED: true container: name: mise image: aropocsvc.azurecr.io/mise-sidecar:dev @@ -112,8 +113,10 @@ MISE: configMap: AzureAd: Instance: https://login.microsoftonline.com - # TODO(jonachang) use helm command to dynamically get the client id - ClientId: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 + # Use for telemetry headed to AAD on OpenID configuration requests. + # https://identitydivision.visualstudio.com/DevEx/_wiki/wikis/DevEx.wiki/56/ServiceAuthLibrary-SAL- + # TODO(jonachang) use ARO-RP first party principal when going to production + ClientId: a4c2469b-cf84-4145-8f5f-cb7bacf814bc TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 Audience: https://management.azure.com # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None @@ -123,7 +126,7 @@ MISE: AuthenticationSchemes: Bearer TokenTypes: AppToken Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 - # TODO(jonachang) use helm command to dynamically get the client id + # TODO(jonachang) use helm command to dynamically get the allowed client id ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 AllowedHosts: "*" Kestrel: From 98230d7cb1baaee8c93cad4e16e976e31d745bb5 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 31 Oct 2023 09:38:19 -0700 Subject: [PATCH 132/173] remove pkg --- pkg-0.1.0.tgz | Bin 5628 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 pkg-0.1.0.tgz diff --git a/pkg-0.1.0.tgz b/pkg-0.1.0.tgz deleted file mode 100644 index 8a9bc8c97c652e50fd83a50d690ca3720ab4e6ea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5628 zcmVDc zVQyr3R8em|NM&qo0PKBxZyUGrX#e$oiaDEmPVHQ4CE2o_E)ZO}PTKg^PK3xwaZnTi zwL6kn?~+@RD@RRoKl=qA`_$TU64yEB2Qz>rk;9qcaAx=#GTG(4f3hG#1uK#!-~BCV zFc=IDMaXChr(tV3IVscl5`3l1wlXsALGg{cfCDLBfE|@+4Wy^dyQUjqo^%OmhrplMEv|qbT8Ofog#Q z2sk((77*lu=Si$(6$vB?W8G5oEd(WUG>DEFJC}KAHL# z3k1zF@L5+ajVzZK7}(PpFs?wN0>Wa)ixHp5aTkb1L?z6Tq0k&dE-9NE#D#3ie)a(D zXrN`3@%XsKoz9zJlnbg>C!8sKuS%|G@@K*GEQGzmV4x-34Hl7%Old+DMQP;@5DT6a z-+OR;c4oc{B=IYjtX^}jexeD=l~kD4kdKr&; zav5oTGK1bpl1qi+bgcEc(pXQRYZN^a+#APS%JWarzx`7^nv0ajS8(wH7;wL z&QTl^BufOP4U}jDjX0AL<+-%7S#aIY+LU$o7-%h8@f>0fSA;cMQmd9T+gfFH zhbIZYqHJ!kCzNRr6917)Q=V!93?r11h}EuXzrd86)+0o@NLDZv#K>l*P{8+kj3gd_%hHuv#^Op$fi;lPXy5#L1Q%x$IOp28E|kh-*zX%U0p)!&dZ>QP zBiR=?LxC*9e#F^~&if426&IJ3&HE00|Iq}+62-;YWP(ajHkZANvq{QhG_+JAEuqQj z`S|R)2e70<&@@fUc7fU=xJcq~IW!f^F|dZa%=5hCUnb7&SdBgYW#amg#4%?^pQ&&o zrIvAoLc4lB+PM*%GV4rq17t=_`>0g>)b{YpBDc zg^Vzze;)14et7a^I_o_-oDF-UA({1l7?NpkFFuOm!EhK)M@OD_iL1BT>D3fY@Seze zn)2n+3jPFzqBFg^z?Y>`imVq^`JQ)vI(Z(}rx5i{N~y$puMojA9?4}CnBItl);bN; zlQhPNh%m;bseo*05dmll?~cdg$@7bg)0aO_-krTVIlef3^|Amcs9g(K!kOt;2!0<` zWa#!umPx0(!5@+{zqA=ypl?l%4hF`V04#Zur&xkn9;~srtW?hc#zZYbC@EG*XLNo} zvUVdhOalo3RhY^O4&V}3X64u5yjGqWk{tjos>iw$j^hILDU(VMRh4H*_?)uJjyTgp zhqfkH;}KlEdiHAj56*}l<>otDOJQMFuRKlNI2x}QNoiz8;W^q7DN3jwoM`MYotWQ7 zfd`}LD4xZ=5yr#b=xBeh_rpOn=nY0>G@1^c{BS@9uF}QlX}zs)EGmR^>ILaQF@|?wHeonF0=VxT9VV#j?X8v9l9_MPI{ej&Em_!TI zY6(9g5hzNi3x0|0VwLHl<18~j8z{IiL)FH<@83q){pDUTDAC`Yo&dZh35}1dZI9Df zeumNDS14dl08_C6$+vdekDT%Gq{ zzPflm3DkRar!+S0{|@$st^J?<(c#1X@4cks*ROi7$9mPLXN}`mC*PW(hjg#0Y5(sQ zm}Dqqpt3vM3f^G<`}@Q8`Oj$o@ZiDz?<0Nq(0}Ybf1jCoPHVr=>pL$hVSs{?K`vLv6O&C61=wJ zv2_bR8=0TUTqY<}Gw}Z@d;gSv3zsE&d)4ax+EBP!Pio6>$CtVnO>a8YuuzF!0A16g z2BPZDb~EY{w%^?W1$+d7SwbQN|9|`7zw=z^MNxMm%fM=!dJWLa=oT4F$XzdRrQ@S&s1NBA@63R}%w z$6{B@ac{b^hzc!nn|hsMD)vcl6jZx~y-xCWZPk{JHRzz5V_NQO)cLKOO_z4I9d-A? z&UH0(TzNa`)SfhF0Dy*trf5tGBFX-vvhBeerLFV9kcV^=SIvmzwjx zYQy?2qX9O|{|@%|_gnM7gW>Su{Qq83J^qJend~oz-X&#m2-Vq!m!cxE+eGSiay8r6 zb_mX!+8re0TI$eAIZ%8AMp=wZ!ARHB6D(cFIU~kZ=?7}3Y=Jvsvy?=6l%`#%gRTb| zSg@Lx04V&qsxJ98;{UpEK zP}8*)|2IjK2IVJJwMP4NN*WFN%qEqHiyrB0LOXJzBEA+=@ii@3AF|dJuxnTg>L{8~ z1fA?u9n*?U=;pILe5tjrSJ_8>a#z;5k(X=uk=HUa+-qWXM_GQ&5KNXf2QI1NVg;W* zg=@u%%;95u-rtzA`E4rWTCC0*zABKX$zS8_swuFAQdy&5?Qm<2N~63<$Pg1;@rWlO zT%3$+WeHs(Ln+6CPqE32X5wdT^+<7M)n6b<)Z(vpp<%AYzCaSwzn@4E=dekGs_>EP zbf>PjuG0DG(+;M}gVZlYX{v8f+ujYj z*&=4@-mI#f24GKc&$Tm?pC>VQ_S-3&+Ntkm1SN1AOA%02#!A8Zk@MGa+HnM3Noq5~ zvU;Zw*3PUoujbtPb1)k$!6mLbJdY9Z7hua8!d@G0>tQ_=SR>fyYlhi1dPR&-ZEjLT z4c#f7T5wVYRgYNuGHTy?YW-i4n(MzsM*fB{@D1y~;n7}u{kK0lI(k_D-A8I|`&_fi zYOE3~kp6PdEf!yJLI2YJEgAFp*g>GU|COVmdtt&PU*pVT>00CJ{Izv%V~n|(%SKRV z&C}NfSc7qu>VcovRjOcIB~*e&b%Atu*UcfMg@^39IOW%FO6V0sy8YP>`HHf<%&`RO z1E)n*qgN{7?{B%=KrvlXbMbabWlj>Q@|bcHvHuL0&)@go&8g~_QRBVh5|JKXlip-+@_#a- z7EkTr}ow?%G;q=0TADQ=J44oLysLQ>o&xgC-Mx`o7D4QL3;W}7Pl zx5HgPHx80M?bapVxLo3gP?r5xBm1GT(dwIn%iDHVgFs-aHk;~X)^T6O58<~jpwWp- z)BL?fw7UNCg_J4;UFgdTG+!pFvU-QOIxf6?VG}wqt+k~ZcFXKiiTwKQnGFrCLDt*k zyQ?-$r%+zFX_)|k|3ay3E!UL15gYW)nJiaJPnn;?~fY5?Q-`)TCNU)w6%?9QUL^+?d{);f`{4 zK~t29q*(|oPm->Q@2yXzzV+b0Hvf}%wd8B0jqAVt_WEzMfB3Nfb1$hi|FafwtL5GL zlIZJp?(ODj2LWAR3Dgea-A>RA3$5ZD(QKxU+W{0^(IJh4_~tIvX9Z7<{zGj0HmTG8 zT^#W}t^Wq2qd|N9cQks~|GAfRtFZ50>j<#zC>;1LPWx^M)B7^-(GgD2Y6EEpS*`_G zUK3R?S_>Tg9~fNFw10(C*}uJrGlr3t(pS5IjpP48`~A10z2We|{_i7on)R5+9k%S> zd??;)sg3^?Hoaz|esMi%!TF^hf~Hl@9NK}nMdaDl9F-f|U993Xm#Zm%U!2$2_Z>p` z?RyRS{qIGTlbB1Ld2@Ti>!%(DlhDfqp^6~cm$*dnpXWAO_Mb@egih~HFM@2a|KZ_Y z+x`y^M-TUZ?FGtntR4-NqU9U{lmj$BnblS#?8zjp-!R-HG+f0v++On-D^0)OA;_wb1KE;B`Uz;`GA2eO9F64XR%;iFjJQ73NN> zL9SQ?m20RrtGc6=3o`blG1-%f3+z$zT2GB?EhyRVr%d%5@bw+B+XNopifANh{nRcN zbcv!>Cx|2sE}zJN@=YvMY#b{k=rmXDpnQvYEclYfC{7Y0Wp{jl>+XBA|8@W0Wc4oA zfSdgP!Jr-gd3dn*u>W%}sqX*R)&G6Z8bA>SP_6sc)cNK?qOIR|F*0P1dCX?fvrozV0@t>df_9oA6g9?f(P4xT15$1^z8GHt+wp<3IL> z5Apx^lODmCD22j4F>aLrt`^8(n$skvYz`TTF3B8a`6Rr|GqV#9a)C(#^Mp_BRNTBR zDKH_5F40_rs^t?FdyjzO+^p+i+s0&JY&Y-zu@iuvR{>|Hre+B;6y`=!lth<#W*)Vd-s3=C zW!~dpN-n*}flBpvF6i8Q{Qta1@RkV5a|x%|NSIq+@O2j^Jr>zu(rJ|f4WjA zeQ(Q;?6q_Kb(WfsgwOQ{L)Bj>mFe$N3CiZu_jWwX1cwAM3-~Ha~5y!cw0&r;d>=WqzvV45xhVW zquBAbQeD_;?gwwHXlGdP=({Ic6CRPo1ehKS27|r{d?Bi+?eBV9byro zjWmF*ghCL3{ie$dvtcDCwd-wt^0oy2xeF+SX|Xxt(agTMxEMPwwj=d^7t$SXi_Q$- zKb``ki5ApW!so$HM3H10g>L^R&)afO;f7D)Uq-SvtnGs#C9{f_$qt_JZGnH@68Tn) zGZdil1V8e46`Uko;`WZ`8DJNovb__G1!XE>+kVmAAQe%$48h;E)hFh+u6Y$0U9f$) zT`N4{G46O<@`|cx0j&a~Cq$yvDx3f6m(bhVnx!iEDRT^5?UpfDe_`zJm?qd4%{w69 zFw%hieS9@yyi$(*TP){Kcm_%DVtGNBUHvz!l$l^3@!vs$7b-|)^&Hm zx6d(yh8C!D!5Xj=z3|#LXm(28u2q}Tgxqr#yJo4>Hjo|IZrGqv5iX1=*0s~Xyu>R9 z_A6Bjhu5m8DYyDQ=F$-hoaya?abmjukNIqdVw=%q=T>@G$br$s@KTtKlYcPLqAo12 z_vZDf??~57cjty0mgROOo7+*Z*{QprwP<1=liMzO@1L?jXB1|q>P#b0Mw7Dhw6otf zvbH*9+~rR>i?;o~zgxJ^9j_)919(QILUznz^Pekh`{9$plYwt=?`YNd)`QtYdPooH WAw8s9r~e-S0RR6+41z@fbN~P-0YGg4 From b29280a9b1bbcd4720275db65e960ef5a9d24ce2 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 8 Nov 2023 10:17:24 -0800 Subject: [PATCH 133/173] add README --- pkg/poc/frontend.go | 2 +- pkg/poc/miseAuthentication.go | 2 +- poc/README.md | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 poc/README.md diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 80b8efc0934..20fdeccd4d7 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -14,7 +14,7 @@ import ( // Licensed under the Apache License 2.0. const ( // TODO(jonachang): remove this when go production. - enableMISE = true + enableMISE = false ) type frontend struct { diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 4f377a8a0d5..6609e6a701a 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -37,7 +37,7 @@ func authenticateWithMISE(w http.ResponseWriter, r *http.Request) error { return err } - // TODO(jonachang): need to cache the client when do this in production. + // TODO(jonachang): need to cache the client when in production. client := &http.Client{} resp, err := client.Do(req) if err != nil { diff --git a/poc/README.md b/poc/README.md new file mode 100644 index 00000000000..c9a5544eed8 --- /dev/null +++ b/poc/README.md @@ -0,0 +1,18 @@ +# Feature +This project is part of the [migration tasks](https://dev.azure.com/msazure/AzureRedHatOpenShift/_wiki/wikis/AzureRedHatOpenShift.wiki/515448/Migration) to migrate the RP application from VMSS to the AKS Cluster and follow the [design](https://dev.azure.com/msazure/AzureRedHatOpenShift/_wiki/wikis/AzureRedHatOpenShift.wiki/567165/Mock-RP-Design). + +# Pipelines (Build & Release) +- [RP Infrastructure - INT](https://dev.azure.com/msazure/AzureRedHatOpenShift/_build?definitionId=321081) + +# Resources +- Deployment: + - Set up the cluster and deploy the RP application. +- [Istio](https://dev.azure.com/msazure/AzureRedHatOpenShift/_wiki/wikis/AzureRedHatOpenShift.wiki/499024/Istio): + - Follow [AKS Instruction](https://learn.microsoft.com/en-us/azure/aks/istio-about) to implement the Istio addon for the AKS cluster. + - Use it to create an Istio service mesh and gateway for the RP application. +- [TLS Certificate](https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli): + - Use the [CSI driver](https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver) to synchronize the Key Vault certificate to AKS. + - Create a dummy pod in the `aks-istio-ingress` namespace to synchronize the certificate using the CSI driver. +- [MISE](https://identitydivision.visualstudio.com/DevEx/_git/MISE?path=%2Fdocs%2FContainer.md&_a=preview): + - Currently, follow the [sidecar pattern](https://dev.azure.com/msazure/AzureRedHatOpenShift/_wiki/wikis/AzureRedHatOpenShift.wiki/595474/MISE-istio-external-authorization-V.S.-side-car-pattern) to implement MISE. + - To enable MISE authentication, edit the `values.yaml`'s `MISE_AUTH_ENABLED` attribute and `enableMISE` in `pkg>poc>miseAuthentication.go` to be either true or false. \ No newline at end of file From b1ebf4a3142ab8f1d72c50fc52e3cbc9d38fd304 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 8 Nov 2023 13:47:04 -0800 Subject: [PATCH 134/173] change mise switch to off --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3764db53109..2e75dd66ae9 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -92,7 +92,7 @@ keyVault: tlsCertificateName: aks-rp-certificate MISE: - MISE_AUTH_ENABLED: true + MISE_AUTH_ENABLED: false container: name: mise image: aropocsvc.azurecr.io/mise-sidecar:dev From 76ac9df74038a602d3abea8c80dff0005736fd1a Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 8 Nov 2023 14:40:08 -0800 Subject: [PATCH 135/173] test if false would work --- pkg/poc/frontend.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 20fdeccd4d7..5e12753096e 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -12,10 +12,9 @@ import ( // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. -const ( - // TODO(jonachang): remove this when go production. - enableMISE = false -) + +// TODO(jonachang): remove this when go production. +const enableMISE = false type frontend struct { logger *logrus.Entry @@ -60,9 +59,10 @@ func (f *frontend) getRouter() chi.Router { r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) // TODO(jonachang): remove this when go production. - if enableMISE { + if enableMISE == true { miseError := authenticateWithMISE(w, r) if miseError != nil { + f.logger.Errorf("MISE error: %s", miseError) w.Write([]byte("****** Blocked by MISE authorization ******")) } else { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) From 5ded4f1e97d011ebd41333baf63b0a49ec47e8b7 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 8 Nov 2023 14:51:08 -0800 Subject: [PATCH 136/173] reenable MISE --- pkg/poc/frontend.go | 2 +- poc/pkg/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 5e12753096e..a948583b16b 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -14,7 +14,7 @@ import ( // Licensed under the Apache License 2.0. // TODO(jonachang): remove this when go production. -const enableMISE = false +const enableMISE = true type frontend struct { logger *logrus.Entry diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 2e75dd66ae9..3764db53109 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -92,7 +92,7 @@ keyVault: tlsCertificateName: aks-rp-certificate MISE: - MISE_AUTH_ENABLED: false + MISE_AUTH_ENABLED: true container: name: mise image: aropocsvc.azurecr.io/mise-sidecar:dev From dc80c37e3254823f42e244044b704494931ff0b3 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 9 Nov 2023 16:16:42 -0800 Subject: [PATCH 137/173] Make entrypoint just aro --- Dockerfile.aro-poc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index ba4bd997cbe..c24589e2d19 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -4,6 +4,6 @@ FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ -ENTRYPOINT ["aro", "poc", "8080"] +ENTRYPOINT ["aro"] EXPOSE 8080/tcp USER 1000 \ No newline at end of file From 60fb4ce839de7ad72d0197cb2fcf0e85b3761f25 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 9 Nov 2023 16:23:32 -0800 Subject: [PATCH 138/173] Update comment --- Dockerfile.aro-poc | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index c24589e2d19..9424ac6bb8a 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -5,5 +5,6 @@ RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ ENTRYPOINT ["aro"] +# Endpoint used for healthz. We may also use this endpoint for HTTP handler (configurable) EXPOSE 8080/tcp USER 1000 \ No newline at end of file From 9bf817c8241d41618544a2f9c030d9515c18fd18 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 9 Nov 2023 16:25:07 -0800 Subject: [PATCH 139/173] Update deployment.yaml --- poc/pkg/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index 08a18bc8b25..ef2ef44be79 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -33,6 +33,8 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["aro"] + args: ["poc", "{{ .Values.image.containerPort }}"] ports: - name: http containerPort: {{ .Values.image.containerPort }} From 17817b80acc6e8fdbcc6da60aee28b76ff6b3a92 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 9 Nov 2023 17:22:19 -0800 Subject: [PATCH 140/173] simplify aro command for poc --- cmd/aro/main.go | 105 +++--------------------------- cmd/aro/poc.go | 4 +- poc/pkg/templates/deployment.yaml | 3 +- 3 files changed, 12 insertions(+), 100 deletions(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 5923e6bb77e..6ea728bc535 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -6,115 +6,28 @@ package main import ( "context" "flag" - "fmt" - "math/rand" - "net/http" _ "net/http/pprof" - "os" - "strings" - "time" - "github.com/Azure/ARO-RP/pkg/env" utillog "github.com/Azure/ARO-RP/pkg/util/log" _ "github.com/Azure/ARO-RP/pkg/util/scheme" - "github.com/Azure/ARO-RP/pkg/util/version" + "github.com/spf13/pflag" ) -func usage() { - fmt.Fprint(flag.CommandLine.Output(), "usage:\n") - fmt.Fprintf(flag.CommandLine.Output(), " %s dbtoken\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s deploy config.yaml location\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s gateway\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s mirror [release_image...]\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s monitor\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s portal\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s rp\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s operator {master,worker}\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s update-versions\n", os.Args[0]) - fmt.Fprintf(flag.CommandLine.Output(), " %s poc port\n", os.Args[0]) - flag.PrintDefaults() +var ( + serverPort string +) + +func init() { + pflag.StringVar(&serverPort, "server-port", "8080", "port to service http requests") } func main() { - rand.Seed(time.Now().UnixNano()) - - flag.Usage = usage flag.Parse() - ctx := context.Background() - // audit := utillog.GetAuditEntry() log := utillog.GetLogger() - go func() { - log.Warn(http.ListenAndServe("localhost:6060", nil)) - }() - - log.Printf("starting, git commit %s", version.GitCommit) - - var err error - switch strings.ToLower(flag.Arg(0)) { - case "dbtoken": - checkArgs(1) - // err = dbtoken(ctx, log) - case "deploy": - checkArgs(3) - // err = deploy(ctx, log) - case "gateway": - checkArgs(1) - // err = gateway(ctx, log) - case "mirror": - checkMinArgs(1) - // err = mirror(ctx, log) - case "monitor": - checkArgs(1) - // err = monitor(ctx, log) - case "rp": - checkArgs(1) - // err = rp(ctx, log, audit) - case "portal": - checkArgs(1) - // err = portal(ctx, log, audit) - case "operator": - checkArgs(2) - // err = operator(ctx, log) - case "update-versions": - checkArgs(1) - // err = updateOCPVersions(ctx, log) - case "poc": - checkArgs(2) - err = rpPoc(ctx, log) - default: - usage() - os.Exit(2) - } - - if err != nil { + ctx := context.Background() + if err := rpPoc(ctx, log, serverPort); err != nil { log.Fatal(err) } } - -func checkArgs(required int) { - if len(flag.Args()) != required { - usage() - os.Exit(2) - } -} - -func checkMinArgs(required int) { - if len(flag.Args()) < required { - usage() - os.Exit(2) - } -} - -func DBName(isLocalDevelopmentMode bool) (string, error) { - if !isLocalDevelopmentMode { - return "ARO", nil - } - - if err := env.ValidateVars(DatabaseName); err != nil { - return "", fmt.Errorf("%v (development mode)", err.Error()) - } - - return os.Getenv(DatabaseName), nil -} diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index b51c2b04201..b45720e6ff9 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -2,7 +2,6 @@ package main import ( "context" - "flag" "os" "os/signal" "syscall" @@ -14,14 +13,13 @@ import ( // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. -func rpPoc(ctx context.Context, log *logrus.Entry) error { +func rpPoc(ctx context.Context, log *logrus.Entry, port string) error { log.Print("********** ARO-RP on AKS PoC **********") ctx, shutdown := context.WithCancel(ctx) defer shutdown() go handleSigterm(log, shutdown) - port := flag.Arg(1) frontEnd := poc.NewFrontend(log, port) return frontEnd.Run(ctx) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index ef2ef44be79..bd2af5b1805 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -34,7 +34,8 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["aro"] - args: ["poc", "{{ .Values.image.containerPort }}"] + args: + - "--server-port={{ .Values.image.containerPort }}" ports: - name: http containerPort: {{ .Values.image.containerPort }} From bfd2bece20d98dae9a747a0c5f3dd7ef7a4eca0d Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 9 Nov 2023 17:30:06 -0800 Subject: [PATCH 141/173] Add back dbname --- cmd/aro/main.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 6ea728bc535..f1cebc54b4e 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -6,8 +6,11 @@ package main import ( "context" "flag" + "fmt" _ "net/http/pprof" + "os" + "github.com/Azure/ARO-RP/pkg/env" utillog "github.com/Azure/ARO-RP/pkg/util/log" _ "github.com/Azure/ARO-RP/pkg/util/scheme" "github.com/spf13/pflag" @@ -31,3 +34,15 @@ func main() { log.Fatal(err) } } + +func DBName(isLocalDevelopmentMode bool) (string, error) { + if !isLocalDevelopmentMode { + return "ARO", nil + } + + if err := env.ValidateVars(DatabaseName); err != nil { + return "", fmt.Errorf("%v (development mode)", err.Error()) + } + + return os.Getenv(DatabaseName), nil +} From ee0f9532ee1967fac9b348b54b41b47b9c4c7b8f Mon Sep 17 00:00:00 2001 From: jonachang Date: Fri, 10 Nov 2023 09:00:58 -0800 Subject: [PATCH 142/173] add mise switch to dockerfile --- Dockerfile.aro-poc | 2 +- cmd/aro/main.go | 4 ++-- cmd/aro/poc.go | 5 +++-- pkg/poc/frontend.go | 32 +++++++++++++++++++++----------- pkg/poc/miseAuthentication.go | 14 ++++---------- 5 files changed, 31 insertions(+), 26 deletions(-) diff --git a/Dockerfile.aro-poc b/Dockerfile.aro-poc index ba4bd997cbe..9d3ee2347f0 100644 --- a/Dockerfile.aro-poc +++ b/Dockerfile.aro-poc @@ -4,6 +4,6 @@ FROM ${REGISTRY}/ubi8/ubi-minimal RUN microdnf update && microdnf clean all RUN curl -o /etc/pki/ca-trust/source/anchors/AMEROOT_ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt && update-ca-trust COPY ./aro /usr/local/bin/ -ENTRYPOINT ["aro", "poc", "8080"] +ENTRYPOINT ["aro", "poc", "8080", "true"] EXPOSE 8080/tcp USER 1000 \ No newline at end of file diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 5923e6bb77e..42a8e05b5cd 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -81,8 +81,8 @@ func main() { checkArgs(1) // err = updateOCPVersions(ctx, log) case "poc": - checkArgs(2) - err = rpPoc(ctx, log) + checkArgs(3) + err = rpPoc(ctx, log, os.Args[2]) default: usage() os.Exit(2) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index b51c2b04201..cbe5e2d2c38 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -5,6 +5,7 @@ import ( "flag" "os" "os/signal" + "strings" "syscall" "github.com/Azure/ARO-RP/pkg/poc" @@ -14,9 +15,9 @@ import ( // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. -func rpPoc(ctx context.Context, log *logrus.Entry) error { +func rpPoc(ctx context.Context, log *logrus.Entry, enableMISE string) error { log.Print("********** ARO-RP on AKS PoC **********") - + var mise = strings.ToLower(enableMISE) == "true" ctx, shutdown := context.WithCancel(ctx) defer shutdown() go handleSigterm(log, shutdown) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index a948583b16b..6e53e7f80a9 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -2,8 +2,10 @@ package poc import ( "context" + "fmt" "log" "net/http" + "strings" "time" "github.com/go-chi/chi/v5" @@ -13,23 +15,23 @@ import ( // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. -// TODO(jonachang): remove this when go production. -const enableMISE = true - type frontend struct { logger *logrus.Entry port string + // TODO(jonachang) delete this in production + enableMISE bool } -func NewFrontend(logger *logrus.Entry, port string) frontend { +func NewFrontend(logger *logrus.Entry, port string, enableMISE bool) frontend { return frontend{ - logger: logger, - port: port, + logger: logger, + port: port, + enableMISE: enableMISE, } } func (f *frontend) Run(ctx context.Context) error { - router := f.getRouter() + router := f.getRouter(ctx) server := &http.Server{ Addr: ":" + f.port, Handler: router, @@ -54,15 +56,17 @@ func (f *frontend) Run(ctx context.Context) error { return err } -func (f *frontend) getRouter() chi.Router { +func (f *frontend) getRouter(ctx context.Context) chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) // TODO(jonachang): remove this when go production. - if enableMISE == true { - miseError := authenticateWithMISE(w, r) + if f.enableMISE == true { + miseToken := extractMISEToken(r.Header) + miseError := authenticateWithMISE(ctx, miseToken) if miseError != nil { - f.logger.Errorf("MISE error: %s", miseError) + message := fmt.Sprintf("MISE error: %s", miseError) + f.logger.Info(message) w.Write([]byte("****** Blocked by MISE authorization ******")) } else { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) @@ -77,3 +81,9 @@ func (f *frontend) getRouter() chi.Router { }) return r } + +func extractMISEToken(h http.Header) string { + auth := h.Get("Authorization") + token := strings.TrimPrefix(auth, "Bearer ") + return strings.TrimSpace(token) +} diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 6609e6a701a..86415218362 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -21,15 +21,12 @@ const ( originURI = "https://server/endpoint" ) -func authenticateWithMISE(w http.ResponseWriter, r *http.Request) error { - ctx := context.Background() - token := extractToken(r.Header) +func authenticateWithMISE(ctx context.Context, token string) error { requestData := MiseRequestData{ - MiseURL: miseURL, - OriginalURI: originURI, - OriginalMethod: r.Method, - Token: token, + MiseURL: miseURL, + OriginalURI: originURI, + Token: token, } req, err := createMiseHTTPRequest(ctx, requestData) @@ -45,9 +42,6 @@ func authenticateWithMISE(w http.ResponseWriter, r *http.Request) error { } defer resp.Body.Close() log.Default().Println("Response status: ", resp.Status) - - w.WriteHeader(resp.StatusCode) - switch resp.StatusCode { case http.StatusOK: return nil From 5d5db4eb045e04f5b20772a1e0334973e0ed835a Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 08:57:46 -0800 Subject: [PATCH 143/173] add flag --- package-lock.json | 10 ++++++++++ pkg/poc/frontend.go | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 package-lock.json diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 00000000000..1da67751a82 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,10 @@ +{ + "name": "ARO-RP", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "ARO-RP" + } + } +} diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 6e53e7f80a9..8e5c06289fc 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -69,10 +69,10 @@ func (f *frontend) getRouter(ctx context.Context) chi.Router { f.logger.Info(message) w.Write([]byte("****** Blocked by MISE authorization ******")) } else { - w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) + w.Write([]byte("****** Welcome to ARO-RP on AKS PoC mise ******")) } } else { - w.Write([]byte("****** Welcome to ARO-RP on AKS PoC ******")) + w.Write([]byte("****** Welcome to ARO-RP on AKS PoC no mise ******")) } }) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { From 9e24398a258fd63c35e4b19921e3ccd4ee2f43b2 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 13:49:43 -0800 Subject: [PATCH 144/173] fix error --- cmd/aro/poc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index cbe5e2d2c38..c3b1a11c203 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -23,7 +23,7 @@ func rpPoc(ctx context.Context, log *logrus.Entry, enableMISE string) error { go handleSigterm(log, shutdown) port := flag.Arg(1) - frontEnd := poc.NewFrontend(log, port) + frontEnd := poc.NewFrontend(log, port, mise) return frontEnd.Run(ctx) } From 7b1b0f8ac26b43d5c9cd358bc0bc2a8fcf374c72 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 13 Nov 2023 14:58:05 -0800 Subject: [PATCH 145/173] Fix flag parse --- cmd/aro/main.go | 3 +-- poc/pkg/templates/deployment.yaml | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index f1cebc54b4e..1c169702d72 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -5,7 +5,6 @@ package main import ( "context" - "flag" "fmt" _ "net/http/pprof" "os" @@ -25,7 +24,7 @@ func init() { } func main() { - flag.Parse() + pflag.Parse() log := utillog.GetLogger() diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index bd2af5b1805..210e56b0e5f 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -33,7 +33,8 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["aro"] + command: + - aro args: - "--server-port={{ .Values.image.containerPort }}" ports: From fe009f977e78099cdfb5900e6fe5732a8a7506ee Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 15:39:58 -0800 Subject: [PATCH 146/173] add checklog --- cmd/aro/main.go | 2 +- cmd/aro/poc.go | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 42a8e05b5cd..ba0717cb8c5 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -82,7 +82,7 @@ func main() { // err = updateOCPVersions(ctx, log) case "poc": checkArgs(3) - err = rpPoc(ctx, log, os.Args[2]) + err = rpPoc(ctx, log, os.Args[3]) default: usage() os.Exit(2) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index c3b1a11c203..e3f920bb71d 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -18,6 +18,8 @@ import ( func rpPoc(ctx context.Context, log *logrus.Entry, enableMISE string) error { log.Print("********** ARO-RP on AKS PoC **********") var mise = strings.ToLower(enableMISE) == "true" + log.Print("enableMISE is %s", enableMISE) + log.Print("mise is %s", mise) ctx, shutdown := context.WithCancel(ctx) defer shutdown() go handleSigterm(log, shutdown) From d2dc2668eec2d0685d62632a05ff812b9de51d65 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 16:08:35 -0800 Subject: [PATCH 147/173] remove logs --- cmd/aro/poc.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index e3f920bb71d..c3b1a11c203 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -18,8 +18,6 @@ import ( func rpPoc(ctx context.Context, log *logrus.Entry, enableMISE string) error { log.Print("********** ARO-RP on AKS PoC **********") var mise = strings.ToLower(enableMISE) == "true" - log.Print("enableMISE is %s", enableMISE) - log.Print("mise is %s", mise) ctx, shutdown := context.WithCancel(ctx) defer shutdown() go handleSigterm(log, shutdown) From bd4ed97048a359a04646cd45af57f9e5eb79f089 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 16:10:51 -0800 Subject: [PATCH 148/173] remove unused --- package-lock.json | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 package-lock.json diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 1da67751a82..00000000000 --- a/package-lock.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "ARO-RP", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "name": "ARO-RP" - } - } -} From 08fa552cda3a4ae40c971bc30bd8772879fb3e29 Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 16:22:06 -0800 Subject: [PATCH 149/173] fix nit --- pkg/poc/frontend.go | 8 +++----- pkg/poc/miseAuthentication.go | 7 ------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 8e5c06289fc..b02b9512443 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -2,7 +2,6 @@ package poc import ( "context" - "fmt" "log" "net/http" "strings" @@ -62,11 +61,10 @@ func (f *frontend) getRouter(ctx context.Context) chi.Router { f.logger.Infof("Received request: %s", time.Now().String()) // TODO(jonachang): remove this when go production. if f.enableMISE == true { - miseToken := extractMISEToken(r.Header) + miseToken := extractAuthBearerToken(r.Header) miseError := authenticateWithMISE(ctx, miseToken) if miseError != nil { - message := fmt.Sprintf("MISE error: %s", miseError) - f.logger.Info(message) + f.logger.Infof("MISE error: %s", miseError) w.Write([]byte("****** Blocked by MISE authorization ******")) } else { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC mise ******")) @@ -82,7 +80,7 @@ func (f *frontend) getRouter(ctx context.Context) chi.Router { return r } -func extractMISEToken(h http.Header) string { +func extractAuthBearerToken(h http.Header) string { auth := h.Get("Authorization") token := strings.TrimPrefix(auth, "Bearer ") return strings.TrimSpace(token) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 86415218362..39a9e88a266 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -6,7 +6,6 @@ import ( "fmt" "log" "net/http" - "strings" ) type MiseRequestData struct { @@ -50,12 +49,6 @@ func authenticateWithMISE(ctx context.Context, token string) error { } } -func extractToken(h http.Header) string { - auth := h.Get("Authorization") - token := strings.TrimPrefix(auth, "Bearer ") - return strings.TrimSpace(token) -} - func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) if err != nil { From 263f0bd10cb182c60a8db810121e5412c640cf0d Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 13 Nov 2023 16:38:31 -0800 Subject: [PATCH 150/173] change ocntext --- pkg/poc/frontend.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index b02b9512443..5cf90c9ab1d 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -30,7 +30,7 @@ func NewFrontend(logger *logrus.Entry, port string, enableMISE bool) frontend { } func (f *frontend) Run(ctx context.Context) error { - router := f.getRouter(ctx) + router := f.getRouter() server := &http.Server{ Addr: ":" + f.port, Handler: router, @@ -55,14 +55,14 @@ func (f *frontend) Run(ctx context.Context) error { return err } -func (f *frontend) getRouter(ctx context.Context) chi.Router { +func (f *frontend) getRouter() chi.Router { r := chi.NewRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { f.logger.Infof("Received request: %s", time.Now().String()) // TODO(jonachang): remove this when go production. if f.enableMISE == true { miseToken := extractAuthBearerToken(r.Header) - miseError := authenticateWithMISE(ctx, miseToken) + miseError := authenticateWithMISE(r.Context(), miseToken) if miseError != nil { f.logger.Infof("MISE error: %s", miseError) w.Write([]byte("****** Blocked by MISE authorization ******")) From 8d65ed50d39c351ea476100c5a5c5141665c4b72 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 14 Nov 2023 10:40:31 -0800 Subject: [PATCH 151/173] Cleanup code --- cmd/aro/main.go | 4 +- cmd/aro/poc.go | 11 +++-- pkg/poc/frontend.go | 77 +++++++++++++++++++++++------------ pkg/poc/miseAuthentication.go | 15 ++----- 4 files changed, 66 insertions(+), 41 deletions(-) diff --git a/cmd/aro/main.go b/cmd/aro/main.go index 1c169702d72..a01182af813 100644 --- a/cmd/aro/main.go +++ b/cmd/aro/main.go @@ -17,10 +17,12 @@ import ( var ( serverPort string + enableMISE bool ) func init() { pflag.StringVar(&serverPort, "server-port", "8080", "port to service http requests") + pflag.BoolVar(&enableMISE, "enable-mise", false, "enable MISE authentication for http requests") } func main() { @@ -29,7 +31,7 @@ func main() { log := utillog.GetLogger() ctx := context.Background() - if err := rpPoc(ctx, log, serverPort); err != nil { + if err := rpPoc(ctx, log); err != nil { log.Fatal(err) } } diff --git a/cmd/aro/poc.go b/cmd/aro/poc.go index 682308608e6..83efc5e16ea 100644 --- a/cmd/aro/poc.go +++ b/cmd/aro/poc.go @@ -4,7 +4,6 @@ import ( "context" "os" "os/signal" - "strings" "syscall" "github.com/Azure/ARO-RP/pkg/poc" @@ -14,14 +13,18 @@ import ( // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. -func rpPoc(ctx context.Context, log *logrus.Entry, port string) error { +func rpPoc(ctx context.Context, log *logrus.Entry) error { log.Print("********** ARO-RP on AKS PoC **********") - var mise = strings.ToLower(enableMISE) == "true" ctx, shutdown := context.WithCancel(ctx) defer shutdown() go handleSigterm(log, shutdown) - frontEnd := poc.NewFrontend(log, port, mise) + config := poc.FrontendConfig{ + Port: serverPort, + EnableMISE: enableMISE, + } + + frontEnd := poc.NewFrontend(log, config) return frontEnd.Run(ctx) } diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 5cf90c9ab1d..7eeca8fb774 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -2,35 +2,48 @@ package poc import ( "context" + "fmt" "log" "net/http" "strings" - "time" "github.com/go-chi/chi/v5" + "github.com/go-chi/chi/v5/middleware" "github.com/sirupsen/logrus" ) // Copyright (c) Microsoft Corporation. // Licensed under the Apache License 2.0. +type FrontendConfig struct { + Port string + // TODO(jonachang) delete this in production + EnableMISE bool +} + type frontend struct { logger *logrus.Entry port string - // TODO(jonachang) delete this in production - enableMISE bool + router chi.Router } -func NewFrontend(logger *logrus.Entry, port string, enableMISE bool) frontend { +func NewFrontend(logger *logrus.Entry, config FrontendConfig) frontend { + var router chi.Router + if config.EnableMISE { + router = getMiseRouter() + } else { + router = getNonMiseRouter() + } + return frontend{ - logger: logger, - port: port, - enableMISE: enableMISE, + logger: logger, + port: config.Port, + router: router, } } func (f *frontend) Run(ctx context.Context) error { - router := f.getRouter() + router := f.router server := &http.Server{ Addr: ":" + f.port, Handler: router, @@ -55,24 +68,9 @@ func (f *frontend) Run(ctx context.Context) error { return err } -func (f *frontend) getRouter() chi.Router { +func getBaseRouter() chi.Router { r := chi.NewRouter() - r.Get("/", func(w http.ResponseWriter, r *http.Request) { - f.logger.Infof("Received request: %s", time.Now().String()) - // TODO(jonachang): remove this when go production. - if f.enableMISE == true { - miseToken := extractAuthBearerToken(r.Header) - miseError := authenticateWithMISE(r.Context(), miseToken) - if miseError != nil { - f.logger.Infof("MISE error: %s", miseError) - w.Write([]byte("****** Blocked by MISE authorization ******")) - } else { - w.Write([]byte("****** Welcome to ARO-RP on AKS PoC mise ******")) - } - } else { - w.Write([]byte("****** Welcome to ARO-RP on AKS PoC no mise ******")) - } - }) + r.Use(middleware.Logger) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) w.Write([]byte("ok")) @@ -80,6 +78,35 @@ func (f *frontend) getRouter() chi.Router { return r } +func getMiseRouter() chi.Router { + r := getBaseRouter() + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + miseToken := extractAuthBearerToken(r.Header) + miseResp, err := authenticateWithMISE(r.Context(), miseToken) + if err != nil { + err = fmt.Errorf("unable to authenticate with MISE: %s", err) + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + if miseResp != http.StatusOK { + err = fmt.Errorf("MISE authentication failed: %d", miseResp) + http.Error(w, err.Error(), miseResp) + return + } + w.Write([]byte("****** Welcome to ARO-RP on AKS PoC mise ******")) + }) + return r +} + +func getNonMiseRouter() chi.Router { + r := getBaseRouter() + r.Get("/", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("****** Welcome to ARO-RP on AKS PoC no mise ******")) + }) + + return r +} + func extractAuthBearerToken(h http.Header) string { auth := h.Get("Authorization") token := strings.TrimPrefix(auth, "Bearer ") diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 39a9e88a266..cd5e220ca1b 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -4,7 +4,6 @@ import ( "bytes" "context" "fmt" - "log" "net/http" ) @@ -20,7 +19,7 @@ const ( originURI = "https://server/endpoint" ) -func authenticateWithMISE(ctx context.Context, token string) error { +func authenticateWithMISE(ctx context.Context, token string) (int, error) { requestData := MiseRequestData{ MiseURL: miseURL, @@ -30,23 +29,17 @@ func authenticateWithMISE(ctx context.Context, token string) error { req, err := createMiseHTTPRequest(ctx, requestData) if err != nil { - return err + return 0, err } // TODO(jonachang): need to cache the client when in production. client := &http.Client{} resp, err := client.Do(req) if err != nil { - return err + return 0, err } defer resp.Body.Close() - log.Default().Println("Response status: ", resp.Status) - switch resp.StatusCode { - case http.StatusOK: - return nil - default: - return fmt.Errorf("Unauthorized") - } + return resp.StatusCode, nil } func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { From caca367413c53303e72a122cc60d7ae8a02f300a Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 14 Nov 2023 10:42:19 -0800 Subject: [PATCH 152/173] Update deployment --- poc/pkg/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/poc/pkg/templates/deployment.yaml b/poc/pkg/templates/deployment.yaml index fa1f98c5c17..8be3e37fc54 100644 --- a/poc/pkg/templates/deployment.yaml +++ b/poc/pkg/templates/deployment.yaml @@ -37,6 +37,7 @@ spec: - aro args: - "--server-port={{ .Values.image.containerPort }}" + - "--enable-mise={{ .Values.MISE.MISE_AUTH_ENABLED }}" ports: - name: http containerPort: {{ .Values.image.containerPort }} From a3ffa426ea269d6f9b625a6d09ef1ad66a1d5977 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Tue, 14 Nov 2023 10:43:04 -0800 Subject: [PATCH 153/173] frontend nit --- pkg/poc/frontend.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 7eeca8fb774..3e2d54e5966 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -103,7 +103,6 @@ func getNonMiseRouter() chi.Router { r.Get("/", func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("****** Welcome to ARO-RP on AKS PoC no mise ******")) }) - return r } From 90bdfba4e4c87701569561bc1d1388ee6dae4c11 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 16 Nov 2023 15:40:44 -0800 Subject: [PATCH 154/173] Don't export MISE request data for now --- pkg/poc/miseAuthentication.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index cd5e220ca1b..2ae2cbb09d6 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -7,7 +7,7 @@ import ( "net/http" ) -type MiseRequestData struct { +type miseRequestData struct { MiseURL string OriginalURI string OriginalMethod string @@ -21,7 +21,7 @@ const ( func authenticateWithMISE(ctx context.Context, token string) (int, error) { - requestData := MiseRequestData{ + requestData := miseRequestData{ MiseURL: miseURL, OriginalURI: originURI, Token: token, @@ -42,7 +42,7 @@ func authenticateWithMISE(ctx context.Context, token string) (int, error) { return resp.StatusCode, nil } -func createMiseHTTPRequest(ctx context.Context, data MiseRequestData) (*http.Request, error) { +func createMiseHTTPRequest(ctx context.Context, data miseRequestData) (*http.Request, error) { req, err := http.NewRequestWithContext(ctx, http.MethodPost, data.MiseURL, bytes.NewBuffer(nil)) if err != nil { return nil, err From d9c4b027747cdb3e155df146cda8303b09f639d6 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 16 Nov 2023 15:52:19 -0800 Subject: [PATCH 155/173] fix auth with mise --- pkg/poc/frontend.go | 8 ++++---- pkg/poc/miseAuthentication.go | 22 +++++++++++++++------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 3e2d54e5966..e422aa72054 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -82,15 +82,15 @@ func getMiseRouter() chi.Router { r := getBaseRouter() r.Get("/", func(w http.ResponseWriter, r *http.Request) { miseToken := extractAuthBearerToken(r.Header) - miseResp, err := authenticateWithMISE(r.Context(), miseToken) + miseRespCode, miseRespBody, err := authenticateWithMISE(r.Context(), miseToken, r.Method) if err != nil { err = fmt.Errorf("unable to authenticate with MISE: %s", err) http.Error(w, err.Error(), http.StatusInternalServerError) return } - if miseResp != http.StatusOK { - err = fmt.Errorf("MISE authentication failed: %d", miseResp) - http.Error(w, err.Error(), miseResp) + if miseRespCode != http.StatusOK { + err = fmt.Errorf("MISE authentication failed with code %d and body %s", miseRespCode, miseRespBody) + http.Error(w, err.Error(), miseRespCode) return } w.Write([]byte("****** Welcome to ARO-RP on AKS PoC mise ******")) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 2ae2cbb09d6..c9ea3130730 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "fmt" + "io" "net/http" ) @@ -19,27 +20,34 @@ const ( originURI = "https://server/endpoint" ) -func authenticateWithMISE(ctx context.Context, token string) (int, error) { +func authenticateWithMISE(ctx context.Context, token, requestMethod string) (int, string, error) { requestData := miseRequestData{ - MiseURL: miseURL, - OriginalURI: originURI, - Token: token, + MiseURL: miseURL, + OriginalURI: originURI, + OriginalMethod: requestMethod, + Token: token, } req, err := createMiseHTTPRequest(ctx, requestData) if err != nil { - return 0, err + return 0, "", err } // TODO(jonachang): need to cache the client when in production. client := &http.Client{} resp, err := client.Do(req) if err != nil { - return 0, err + return 0, "", err } defer resp.Body.Close() - return resp.StatusCode, nil + + bodyBytes, err := io.ReadAll(resp.Body) + if err != nil { + return 0, "", fmt.Errorf("error reading response body: %w", err) + } + + return resp.StatusCode, string(bodyBytes), nil } func createMiseHTTPRequest(ctx context.Context, data miseRequestData) (*http.Request, error) { From a5792621d75388c2452c5256b64e5be5cf45db9a Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Thu, 16 Nov 2023 16:06:02 -0800 Subject: [PATCH 156/173] nit --- pkg/poc/frontend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index e422aa72054..4ce27cf88e2 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -84,7 +84,7 @@ func getMiseRouter() chi.Router { miseToken := extractAuthBearerToken(r.Header) miseRespCode, miseRespBody, err := authenticateWithMISE(r.Context(), miseToken, r.Method) if err != nil { - err = fmt.Errorf("unable to authenticate with MISE: %s", err) + err = fmt.Errorf("unable to perform authentication with MISE: %s", err) http.Error(w, err.Error(), http.StatusInternalServerError) return } From 065b7f1be53605819319dc3dd5cf32b9405c6aaf Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 30 Oct 2023 11:34:16 -0700 Subject: [PATCH 157/173] revaseremove clientid --- poc/pkg/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3764db53109..30de4ffa022 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -116,7 +116,7 @@ MISE: # Use for telemetry headed to AAD on OpenID configuration requests. # https://identitydivision.visualstudio.com/DevEx/_wiki/wikis/DevEx.wiki/56/ServiceAuthLibrary-SAL- # TODO(jonachang) use ARO-RP first party principal when going to production - ClientId: a4c2469b-cf84-4145-8f5f-cb7bacf814bc + ClientId: "" TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 Audience: https://management.azure.com # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None From 7c93b0330d080f9930a9354a30c2644b2386fabc Mon Sep 17 00:00:00 2001 From: jonachang Date: Mon, 30 Oct 2023 13:53:12 -0700 Subject: [PATCH 158/173] remove comment --- poc/pkg/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 30de4ffa022..66e1d75414d 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -126,8 +126,7 @@ MISE: AuthenticationSchemes: Bearer TokenTypes: AppToken Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 - # TODO(jonachang) use helm command to dynamically get the allowed client id - ValidApplicationIds: 704c7dfd-4ed1-4732-95c0-04a44b0895a0 + ValidApplicationIds: "" AllowedHosts: "*" Kestrel: Endpoints: From cc6748e703a981467f03d74de6bfdc8368b119a4 Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 14 Nov 2023 12:59:12 -0800 Subject: [PATCH 159/173] add internal policy --- poc/pkg/templates/mise-configMap.yaml | 7 +++++++ poc/pkg/values.yaml | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 58f087a64e8..29b2321a9cb 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -20,6 +20,13 @@ data: "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], + }, + { + "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], + "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.TokenTypes }}"], + "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } ], }, diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 66e1d75414d..7c57386cb4f 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -122,11 +122,17 @@ MISE: # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None LogLevel: Debug InboundPolicies: - Label: aro-rp-policy + Label: aro-rp-arm-policy AuthenticationSchemes: Bearer TokenTypes: AppToken Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 ValidApplicationIds: "" + Internal: + Label: aro-rp-internal-policy + AuthenticationSchemes: Bearer + TokenTypes: AppToken + Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 + ValidApplicationIds: "" AllowedHosts: "*" Kestrel: Endpoints: From d410429025c08c957ecd5562411e9206ce4106df Mon Sep 17 00:00:00 2001 From: jonachang Date: Tue, 14 Nov 2023 20:18:27 -0800 Subject: [PATCH 160/173] combine policy --- poc/pkg/templates/mise-configMap.yaml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 29b2321a9cb..0009d14d87e 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -19,14 +19,7 @@ data: "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], - }, - { - "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", - "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], - "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.TokenTypes }}"], - "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}","{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } ], }, From 32822e8759006d6dd5612eefa1afbf1164ef9a56 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 15 Nov 2023 07:43:52 -0800 Subject: [PATCH 161/173] add log --- pkg/poc/frontend.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 4ce27cf88e2..7de7255ab63 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/go-chi/chi/v5" - "github.com/go-chi/chi/v5/middleware" "github.com/sirupsen/logrus" ) @@ -70,7 +69,6 @@ func (f *frontend) Run(ctx context.Context) error { func getBaseRouter() chi.Router { r := chi.NewRouter() - r.Use(middleware.Logger) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) w.Write([]byte("ok")) From 6cf6d0b64f5b10d025ed8c4538135c01e7cb6e4e Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 15 Nov 2023 08:39:08 -0800 Subject: [PATCH 162/173] test ids --- poc/pkg/templates/mise-configMap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 0009d14d87e..405a999ccaf 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -19,7 +19,7 @@ data: "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}","{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], + "ValidApplicationIds": "[\"{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}\",\"{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}\"]" } ], }, From ccccd7cabd6fcc4bfb46c48cf454b98425358e01 Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 15 Nov 2023 11:50:48 -0800 Subject: [PATCH 163/173] edit mise --- poc/pkg/templates/mise-configMap.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 405a999ccaf..e7b050c0003 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -19,9 +19,15 @@ data: "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidApplicationIds": "[\"{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}\",\"{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}\"]" + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], + }, + { + "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], + "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } - ], + ] }, "AllowedHosts": "{{ .Values.MISE.configMap.AllowedHosts }}", "Kestrel": { From 12403a5981d63034644eb17662ace726b0bf5c7a Mon Sep 17 00:00:00 2001 From: jonachang Date: Wed, 15 Nov 2023 12:45:00 -0800 Subject: [PATCH 164/173] test --- pkg/poc/miseAuthentication.go | 1 - poc/pkg/templates/mise-configMap.yaml | 6 ------ 2 files changed, 7 deletions(-) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index c9ea3130730..1f082ed3457 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -41,7 +41,6 @@ func authenticateWithMISE(ctx context.Context, token, requestMethod string) (int return 0, "", err } defer resp.Body.Close() - bodyBytes, err := io.ReadAll(resp.Body) if err != nil { return 0, "", fmt.Errorf("error reading response body: %w", err) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index e7b050c0003..333e64876db 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -19,12 +19,6 @@ data: "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], - }, - { - "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", - "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], - "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } ] From 271267c0cc5a6a7bb48f8c4ccd4449180a84a475 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 07:04:22 -0800 Subject: [PATCH 165/173] fix mise --- poc/pkg/templates/mise-configMap.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 333e64876db..a2ba906fddd 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -20,8 +20,14 @@ data: "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], + }, + { + "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], + "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } - ] + ], }, "AllowedHosts": "{{ .Values.MISE.configMap.AllowedHosts }}", "Kestrel": { From 41a6ad7b286168d952e23e40d25796f5c25420df Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 07:58:06 -0800 Subject: [PATCH 166/173] add more log --- pkg/poc/miseAuthentication.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 1f082ed3457..564ab091481 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -4,7 +4,12 @@ import ( "bytes" "context" "fmt" +<<<<<<< HEAD "io" +======= + "io/ioutil" + "log" +>>>>>>> 4fa870fb7 (add more log) "net/http" ) From cacce431b3ae538d01251e3962af6667c901aa2b Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 08:31:27 -0800 Subject: [PATCH 167/173] try another deploy --- poc/pkg/templates/mise-configMap.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index a2ba906fddd..3145d4d5d94 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -20,12 +20,6 @@ data: "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], - }, - { - "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", - "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], - "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } ], }, From 7a7e88ce76c7e47e81df72da4b3d711ff980a343 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 09:12:47 -0800 Subject: [PATCH 168/173] change authority --- poc/pkg/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 7c57386cb4f..2bdc94e7d55 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -125,13 +125,13 @@ MISE: Label: aro-rp-arm-policy AuthenticationSchemes: Bearer TokenTypes: AppToken - Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 + Authority: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/ ValidApplicationIds: "" Internal: Label: aro-rp-internal-policy AuthenticationSchemes: Bearer TokenTypes: AppToken - Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 + Authority: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/ ValidApplicationIds: "" AllowedHosts: "*" Kestrel: From 8e8baea0afce28f1a68d7370765bead08b487297 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 10:41:31 -0800 Subject: [PATCH 169/173] test --- poc/pkg/templates/mise-configMap.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 3145d4d5d94..475af3d2323 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -19,9 +19,9 @@ data: "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"] } - ], + ] }, "AllowedHosts": "{{ .Values.MISE.configMap.AllowedHosts }}", "Kestrel": { From 5b3f8bb03b07d09f92ad5c7ee4c547140b4a078d Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 11:52:56 -0800 Subject: [PATCH 170/173] informative log --- poc/pkg/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 2bdc94e7d55..3c07d66f012 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -120,7 +120,7 @@ MISE: TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 Audience: https://management.azure.com # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None - LogLevel: Debug + LogLevel: Information InboundPolicies: Label: aro-rp-arm-policy AuthenticationSchemes: Bearer @@ -141,6 +141,6 @@ MISE: name: miseconfig Logging: LogLevel: - Default: Debug - Microsoft: Debug - Microsoft_Hosting_Lifetime: Debug \ No newline at end of file + Default: Information + Microsoft: Information + Microsoft_Hosting_Lifetime: Information \ No newline at end of file From 32b6bfd54d1e16f97d9ec7da4e0b34e72ab6870e Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 13:12:24 -0800 Subject: [PATCH 171/173] add method back --- pkg/poc/miseAuthentication.go | 11 ++++++----- poc/pkg/values.yaml | 12 ++++++------ 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 564ab091481..21ebe910431 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -4,12 +4,7 @@ import ( "bytes" "context" "fmt" -<<<<<<< HEAD "io" -======= - "io/ioutil" - "log" ->>>>>>> 4fa870fb7 (add more log) "net/http" ) @@ -25,9 +20,15 @@ const ( originURI = "https://server/endpoint" ) +<<<<<<< HEAD func authenticateWithMISE(ctx context.Context, token, requestMethod string) (int, string, error) { requestData := miseRequestData{ +======= +func authenticateWithMISE(ctx context.Context, requestMethod string, token string) error { + + requestData := MiseRequestData{ +>>>>>>> 6b3ff8572 (add method back) MiseURL: miseURL, OriginalURI: originURI, OriginalMethod: requestMethod, diff --git a/poc/pkg/values.yaml b/poc/pkg/values.yaml index 3c07d66f012..7c57386cb4f 100644 --- a/poc/pkg/values.yaml +++ b/poc/pkg/values.yaml @@ -120,18 +120,18 @@ MISE: TenantId: 72f988bf-86f1-41af-91ab-2d7cd011db47 Audience: https://management.azure.com # Possible log levels: Trace, Debug, Information, Warning, Error, Critical, None - LogLevel: Information + LogLevel: Debug InboundPolicies: Label: aro-rp-arm-policy AuthenticationSchemes: Bearer TokenTypes: AppToken - Authority: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/ + Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 ValidApplicationIds: "" Internal: Label: aro-rp-internal-policy AuthenticationSchemes: Bearer TokenTypes: AppToken - Authority: https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/ + Authority: https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0 ValidApplicationIds: "" AllowedHosts: "*" Kestrel: @@ -141,6 +141,6 @@ MISE: name: miseconfig Logging: LogLevel: - Default: Information - Microsoft: Information - Microsoft_Hosting_Lifetime: Information \ No newline at end of file + Default: Debug + Microsoft: Debug + Microsoft_Hosting_Lifetime: Debug \ No newline at end of file From e6c93d26b6065369864924f2f5e75958a8a5ae16 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 14:16:57 -0800 Subject: [PATCH 172/173] add inboundpolicy and rebase --- pkg/poc/miseAuthentication.go | 6 ------ poc/pkg/templates/mise-configMap.yaml | 11 +++++++++-- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 21ebe910431..1f082ed3457 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -20,15 +20,9 @@ const ( originURI = "https://server/endpoint" ) -<<<<<<< HEAD func authenticateWithMISE(ctx context.Context, token, requestMethod string) (int, string, error) { requestData := miseRequestData{ -======= -func authenticateWithMISE(ctx context.Context, requestMethod string, token string) error { - - requestData := MiseRequestData{ ->>>>>>> 6b3ff8572 (add method back) MiseURL: miseURL, OriginalURI: originURI, OriginalMethod: requestMethod, diff --git a/poc/pkg/templates/mise-configMap.yaml b/poc/pkg/templates/mise-configMap.yaml index 475af3d2323..29b2321a9cb 100644 --- a/poc/pkg/templates/mise-configMap.yaml +++ b/poc/pkg/templates/mise-configMap.yaml @@ -19,9 +19,16 @@ data: "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.AuthenticationSchemes }}"], "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.TokenTypes }}"], "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Authority }}", - "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"] + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.ValidApplicationIds }}"], + }, + { + "Label": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Label }}", + "AuthenticationSchemes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.AuthenticationSchemes }}"], + "TokenTypes": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.TokenTypes }}"], + "Authority": "{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.Authority }}", + "ValidApplicationIds": ["{{ .Values.MISE.configMap.AzureAd.InboundPolicies.Internal.ValidApplicationIds }}"], } - ] + ], }, "AllowedHosts": "{{ .Values.MISE.configMap.AllowedHosts }}", "Kestrel": { From 352450a7fcea65c51f360589dfb0ce3739866d92 Mon Sep 17 00:00:00 2001 From: jonachang Date: Thu, 16 Nov 2023 14:25:40 -0800 Subject: [PATCH 173/173] add back changed --- pkg/poc/frontend.go | 2 ++ pkg/poc/miseAuthentication.go | 1 + 2 files changed, 3 insertions(+) diff --git a/pkg/poc/frontend.go b/pkg/poc/frontend.go index 7de7255ab63..4ce27cf88e2 100644 --- a/pkg/poc/frontend.go +++ b/pkg/poc/frontend.go @@ -8,6 +8,7 @@ import ( "strings" "github.com/go-chi/chi/v5" + "github.com/go-chi/chi/v5/middleware" "github.com/sirupsen/logrus" ) @@ -69,6 +70,7 @@ func (f *frontend) Run(ctx context.Context) error { func getBaseRouter() chi.Router { r := chi.NewRouter() + r.Use(middleware.Logger) r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) w.Write([]byte("ok")) diff --git a/pkg/poc/miseAuthentication.go b/pkg/poc/miseAuthentication.go index 1f082ed3457..c9ea3130730 100644 --- a/pkg/poc/miseAuthentication.go +++ b/pkg/poc/miseAuthentication.go @@ -41,6 +41,7 @@ func authenticateWithMISE(ctx context.Context, token, requestMethod string) (int return 0, "", err } defer resp.Body.Close() + bodyBytes, err := io.ReadAll(resp.Body) if err != nil { return 0, "", fmt.Errorf("error reading response body: %w", err)