djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f5bf8978a3
ContainerImage.Pinniped/hack/lib/kind-config/single-node.yaml
Ryan Richard 8b7c30cfbd Supervisor listens for HTTPS on port 443 with configurable TLS certs 
- TLS certificates can be configured on the OIDCProviderConfig using
  the `secretName` field.
- When listening for incoming TLS connections, choose the TLS cert
  based on the SNI hostname of the incoming request.
- Because SNI hostname information on incoming requests does not include
  the port number of the request, we add a validation that
  OIDCProviderConfigs where the issuer hostnames (not including port
  number) are the same must use the same `secretName`.
- Note that this approach does not yet support requests made to an
  IP address instead of a hostname. Also note that `localhost` is
  considered a hostname by SNI.
- Add port 443 as a container port to the pod spec.
- A new controller watches for TLS secrets and caches them in memory.
  That same in-memory cache is used while servicing incoming connections
  on the TLS port.
- Make it easy to configure both port 443 and/or port 80 for various
  Service types using our ytt templates for the supervisor.
- When deploying to kind, add another nodeport and forward it to the
  host on another port to expose our new HTTPS supervisor port to the
  host.
2020-10-26 17:03:26 -07:00

27 lines
937 B
YAML
Raw Blame History

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- protocol: TCP
# This same port number is hardcoded in the integration test setup
# when creating a Service on a kind cluster. It is used to talk to
# the supervisor app via HTTPS.
containerPort: 31243
hostPort: 12344
listenAddress: 127.0.0.1
- protocol: TCP
# This same port number is hardcoded in the integration test setup
# when creating a Service on a kind cluster. It is used to talk to
# the supervisor app via HTTP.
containerPort: 31234
hostPort: 12345
listenAddress: 127.0.0.1
- protocol: TCP
# This same port number is hardcoded in the integration test setup
# when creating a Service on a kind cluster. It is used to talk to
# the Dex app.
containerPort: 31235
hostPort: 12346
listenAddress: 127.0.0.1
Reference in New Issue View Git Blame Copy Permalink