parent
8022ed80bc
commit
14fcf58903
@ -0,0 +1,6 @@
|
||||
FROM node:lts-alpine
|
||||
|
||||
RUN mkdir /src
|
||||
ADD client.js /src
|
||||
|
||||
CMD ["node", "/src/client.js"]
|
@ -0,0 +1,44 @@
|
||||
const fs = require('fs');
|
||||
const https = require('https');
|
||||
|
||||
const config = {
|
||||
ca: '/var/run/autocert.step.sm/root.crt',
|
||||
key: '/var/run/autocert.step.sm/site.key',
|
||||
cert: '/var/run/autocert.step.sm/site.crt',
|
||||
url: process.env.HELLO_MTLS_URL,
|
||||
requestFrequency: 5000
|
||||
};
|
||||
|
||||
var options = {
|
||||
ca: fs.readFileSync(config.ca),
|
||||
key: fs.readFileSync(config.key),
|
||||
cert: fs.readFileSync(config.cert),
|
||||
ciphers: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256',
|
||||
minVersion: 'TLSv1.2',
|
||||
maxVersion: 'TLSv1.2',
|
||||
// Not necessary as it defaults to true
|
||||
rejectUnauthorized: true
|
||||
};
|
||||
|
||||
fs.watch(config.cert, (event, filename) => {
|
||||
if (event == 'change') {
|
||||
options.cert = fs.readFileSync(config.cert);
|
||||
}
|
||||
});
|
||||
|
||||
function loop() {
|
||||
var req = https.request(config.url, options, function(res) {
|
||||
res.on('data', (data) => {
|
||||
process.stdout.write(options.cert)
|
||||
process.stdout.write(data)
|
||||
setTimeout(loop, config.requestFrequency);
|
||||
});
|
||||
});
|
||||
req.on('error', (e) => {
|
||||
process.stderr.write('error: ' + e.message + '\n');
|
||||
setTimeout(loop, config.requestFrequency);
|
||||
})
|
||||
req.end();
|
||||
}
|
||||
|
||||
loop();
|
@ -0,0 +1,22 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: hello-mtls-client
|
||||
labels: {app: hello-mtls-client}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector: {matchLabels: {app: hello-mtls-client}}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
autocert.step.sm/name: hello-mtls-client.default.pod.cluster.local
|
||||
labels: {app: hello-mtls-client}
|
||||
spec:
|
||||
containers:
|
||||
- name: hello-mtls-client
|
||||
image: hello-mtls-client-node:latest
|
||||
imagePullPolicy: Never
|
||||
resources: {requests: {cpu: 10m, memory: 20Mi}}
|
||||
env:
|
||||
- name: HELLO_MTLS_URL
|
||||
value: https://hello-mtls.default.svc.cluster.local
|
Loading…
Reference in New Issue