diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 756c0ceec..26984fe59 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -100,7 +100,7 @@ jobs: matrix: go-version: [1.17.x] platform: [ubuntu-latest] - deployment: [multi, nginx, single, traefik] + deployment: [kubernetes, multi, nginx, single, traefik] idp: [auth0, azure, github, gitlab, google, oidc, okta, onelogin, ping] runs-on: ${{ matrix.platform }} steps: diff --git a/integration/clusters/auth0-kubernetes/compose.yml b/integration/clusters/auth0-kubernetes/compose.yml new file mode 100644 index 000000000..08c19f131 --- /dev/null +++ b/integration/clusters/auth0-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "auth0", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "auth0" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAiYXV0aDAiCn0sCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0KXQ==" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/azure-kubernetes/compose.yml b/integration/clusters/azure-kubernetes/compose.yml new file mode 100644 index 000000000..17d24e9a8 --- /dev/null +++ b/integration/clusters/azure-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "azure", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "azure" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAiYXp1cmUiCn0sCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0KXQ==" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/github-kubernetes/compose.yml b/integration/clusters/github-kubernetes/compose.yml new file mode 100644 index 000000000..8e8c8f998 --- /dev/null +++ b/integration/clusters/github-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "github", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "github" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAiZ2l0aHViIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9Cl0=" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/gitlab-kubernetes/compose.yml b/integration/clusters/gitlab-kubernetes/compose.yml new file mode 100644 index 000000000..1c741f029 --- /dev/null +++ b/integration/clusters/gitlab-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "gitlab", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "gitlab" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAiZ2l0bGFiIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9Cl0=" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/google-kubernetes/compose.yml b/integration/clusters/google-kubernetes/compose.yml new file mode 100644 index 000000000..b3b584de3 --- /dev/null +++ b/integration/clusters/google-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "google", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "google" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAiZ29vZ2xlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9Cl0=" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/oidc-kubernetes/compose.yml b/integration/clusters/oidc-kubernetes/compose.yml new file mode 100644 index 000000000..acabb98c1 --- /dev/null +++ b/integration/clusters/oidc-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "oidc", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "oidc" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAib2lkYyIKfSwKInRvIjogImh0dHA6Ly90cnVzdGVkLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIKfQpd" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/okta-kubernetes/compose.yml b/integration/clusters/okta-kubernetes/compose.yml new file mode 100644 index 000000000..3c81f1ae3 --- /dev/null +++ b/integration/clusters/okta-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "okta", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "okta" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAib2t0YSIKfSwKInRvIjogImh0dHA6Ly90cnVzdGVkLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIKfQpd" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/onelogin-kubernetes/compose.yml b/integration/clusters/onelogin-kubernetes/compose.yml new file mode 100644 index 000000000..f6d80949c --- /dev/null +++ b/integration/clusters/onelogin-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "onelogin", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "onelogin" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAib25lbG9naW4iCn0sCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0KXQ==" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/clusters/ping-kubernetes/compose.yml b/integration/clusters/ping-kubernetes/compose.yml new file mode 100644 index 000000000..62764cc54 --- /dev/null +++ b/integration/clusters/ping-kubernetes/compose.yml @@ -0,0 +1,825 @@ +networks: + main: {} +services: + k3s-agent: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - agent + environment: + K3S_TOKEN: TOKEN + K3S_URL: https://k3s-server:6443 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-agent + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp + k3s-init: + depends_on: + k3s-server: + condition: service_healthy + entrypoint: + - sh + - -c + - | + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "mock-idp" + } + }, + "template": { + "metadata": { + "labels": { + "app": "mock-idp" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--provider", + "ping", + "--port", + "8024", + "--root-url", + "https://mock-idp.localhost.pomerium.io/" + ], + "image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}", + "name": "mock-idp", + "ports": [ + { + "containerPort": 8024, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/mock-idp + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "pomerium" + } + }, + "template": { + "metadata": { + "labels": { + "app": "pomerium" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "AUTHENTICATE_SERVICE_URL", + "value": "https://authenticate.localhost.pomerium.io" + }, + { + "name": "CERTIFICATE", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + }, + { + "name": "CERTIFICATE_AUTHORITY", + "value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + { + "name": "CERTIFICATE_KEY", + "value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K" + }, + { + "name": "COOKIE_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "DATABROKER_STORAGE_CONNECTION_STRING", + "value": "redis://redis:6379" + }, + { + "name": "DATABROKER_STORAGE_TYPE", + "value": "redis" + }, + { + "name": "ENVOY_ADMIN_ADDRESS", + "value": "0.0.0.0:9901" + }, + { + "name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT", + "value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9" + }, + { + "name": "IDP_CLIENT_ID", + "value": "CLIENT_ID" + }, + { + "name": "IDP_CLIENT_SECRET", + "value": "CLIENT_SECRET" + }, + { + "name": "IDP_PROVIDER", + "value": "ping" + }, + { + "name": "IDP_PROVIDER_URL", + "value": "https://mock-idp.localhost.pomerium.io/" + }, + { + "name": "JWT_CLAIMS_HEADERS", + "value": "email,groups,user" + }, + { + "name": "LOG_LEVEL", + "value": "info" + }, + { + "name": "POLICY", + "value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoiWC1DdXN0b20tUmVxdWVzdC1IZWFkZXIiOiAiY3VzdG9tLXJlcXVlc3QtaGVhZGVyLXZhbHVlIgp9LAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJhbGxvd193ZWJzb2NrZXRzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbmFibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZGlzYWJsZWQtd3MtZWNoby5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL3dlYnNvY2tldC1lY2hvLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImVuYWJsZV9nb29nbGVfY2xvdWRfc2VydmVybGVzc19hdXRoZW50aWNhdGlvbiI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vY2xvdWRydW4ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJzZXRfcmVxdWVzdF9oZWFkZXJzIjogewoieC1pZHAiOiAicGluZyIKfSwKInRvIjogImh0dHA6Ly90cnVzdGVkLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIKfQpd" + }, + { + "name": "SHARED_SECRET", + "value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w=" + }, + { + "name": "SIGNING_KEY", + "value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=" + }, + { + "name": "SIGNING_KEY_ALGORITHM", + "value": "ES256" + } + ], + "image": "pomerium/pomerium:${POMERIUM_TAG:-master}", + "imagePullPolicy": "IfNotPresent", + "name": "pomerium", + "ports": [ + { + "containerPort": 80, + "name": "http" + }, + { + "containerPort": 443, + "name": "https" + }, + { + "containerPort": 5443, + "name": "grpc" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/pomerium + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "redis", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "redis" + } + }, + "template": { + "metadata": { + "labels": { + "app": "redis" + } + }, + "spec": { + "containers": [ + { + "image": "redis:6.2.5-alpine", + "name": "redis", + "ports": [ + { + "containerPort": 6379, + "name": "tcp" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/redis + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "trusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "trusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "trusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/trusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "untrusted-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "untrusted-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/untrusted-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "verify", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "verify" + } + }, + "template": { + "metadata": { + "labels": { + "app": "verify" + } + }, + "spec": { + "containers": [ + { + "image": "pomerium/verify:${VERIFY_TAG:-latest}", + "name": "verify", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/verify + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "websocket-echo" + } + }, + "template": { + "metadata": { + "labels": { + "app": "websocket-echo" + } + }, + "spec": { + "containers": [ + { + "args": [ + "--port", + "80", + "tee" + ], + "image": "pvtmert/websocketd:latest", + "name": "websocket-echo", + "ports": [ + { + "containerPort": 80, + "name": "http" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/websocket-echo + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "replicas": 1, + "selector": { + "matchLabels": { + "app": "wrongly-named-httpdetails" + } + }, + "template": { + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + } + }, + "spec": { + "containers": [ + { + "args": [ + "sh", + "-c", + "cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n" + ], + "image": "mendhak/http-https-echo:19", + "name": "wrongly-named-httpdetails", + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8443, + "name": "https" + } + ] + } + ] + } + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + kubectl wait --for=condition=available deployment/wrongly-named-httpdetails + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "mock-idp" + }, + "name": "mock-idp", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8024, + "targetPort": "http" + } + ], + "selector": { + "app": "mock-idp" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "pomerium" + }, + "name": "pomerium", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "nodePort": 80, + "port": 80, + "targetPort": "http" + }, + { + "name": "https", + "nodePort": 443, + "port": 443, + "targetPort": "https" + }, + { + "name": "grpc", + "nodePort": 5443, + "port": 5443, + "targetPort": "grpc" + } + ], + "selector": { + "app": "pomerium" + }, + "type": "NodePort" + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "redis" + }, + "name": "redis", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "tcp", + "port": 6379, + "targetPort": "tcp" + } + ], + "selector": { + "app": "redis" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "trusted-httpdetails" + }, + "name": "trusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "trusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "untrusted-httpdetails" + }, + "name": "untrusted-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "untrusted-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "verify" + }, + "name": "verify", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "verify" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "websocket-echo" + }, + "name": "websocket-echo", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 80, + "targetPort": "http" + } + ], + "selector": { + "app": "websocket-echo" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + cat <<-END_OF_MANIFEST | tee /tmp/manifest.json + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "app": "wrongly-named-httpdetails" + }, + "name": "wrongly-named-httpdetails", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + } + ], + "selector": { + "app": "wrongly-named-httpdetails" + } + } + } + END_OF_MANIFEST + kubectl apply -f /tmp/manifest.json + sleep 30 + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-init + volumes: + - k3s-tmp:/k3s-tmp + k3s-ready: + command: + - sh + - -c + - exit 0 + depends_on: + k3s-init: + condition: service_completed_successfully + image: busybox:latest + networks: + main: + aliases: + - k3s-ready + k3s-server: + entrypoint: + - sh + - -c + - | + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + - k3s + - server + - --disable + - traefik + - --disable + - metrics-server + - --kube-apiserver-arg + - service-node-port-range=1-65535 + environment: + K3S_KUBECONFIG_MODE: "666" + K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml + K3S_TOKEN: TOKEN + healthcheck: + test: + - CMD + - kubectl + - cluster-info + image: rancher/k3s:${K3S_TAG:-latest} + networks: + main: + aliases: + - k3s-server + ports: + - 6443:6443/tcp + - 5443:5443/tcp + - 443:443/tcp + - 80:80/tcp + privileged: true + restart: always + tmpfs: + - /run + - /var/run + ulimits: + nofile: + hard: 65535 + soft: 65535 + nproc: 65535 + volumes: + - k3s-tmp:/k3s-tmp +volumes: + k3s-tmp: + driver_opts: + device: /tmp + o: bind + type: none diff --git a/integration/tpl/backends/k3s.libsonnet b/integration/tpl/backends/k3s.libsonnet new file mode 100644 index 000000000..f212cba4f --- /dev/null +++ b/integration/tpl/backends/k3s.libsonnet @@ -0,0 +1,144 @@ +local utils = import '../utils.libsonnet'; + +local Command() = + [ + 'sh', + '-c', + ||| + set -x + # the dev image is only available locally, so load it first + if [ "${POMERIUM_TAG:-master}" = "dev" ]; then + sh -c ' + while true ; do + ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break + sleep 1 + done + ' & + fi + k3s "$$@" + |||, + 'k3s', + ]; + +local InstallManifest(manifest) = + std.join('\n', [ + 'cat <<-END_OF_MANIFEST | tee /tmp/manifest.json', + std.manifestJsonEx(manifest, ' '), + 'END_OF_MANIFEST', + 'kubectl apply -f /tmp/manifest.json', + ] + if manifest.kind == 'Deployment' then [ + 'kubectl wait --for=condition=available deployment/' + manifest.metadata.name, + ] else []); + +function(idp, manifests) { + compose: { + services: + utils.ComposeService('k3s-server', { + image: 'rancher/k3s:${K3S_TAG:-latest}', + entrypoint: Command() + [ + 'server', + '--disable', + 'traefik', + '--disable', + 'metrics-server', + '--kube-apiserver-arg', + 'service-node-port-range=1-65535', + ], + tmpfs: ['/run', '/var/run'], + ulimits: { + nproc: 65535, + nofile: { + soft: 65535, + hard: 65535, + }, + }, + privileged: true, + restart: 'always', + environment: { + K3S_TOKEN: 'TOKEN', + K3S_KUBECONFIG_OUTPUT: '/k3s-tmp/kubeconfig.yaml', + K3S_KUBECONFIG_MODE: '666', + }, + healthcheck: { + test: ['CMD', 'kubectl', 'cluster-info'], + }, + ports: [ + '6443:6443/tcp', + '5443:5443/tcp', + '443:443/tcp', + '80:80/tcp', + ], + volumes: [ + 'k3s-tmp:/k3s-tmp', + ], + }) + + utils.ComposeService('k3s-agent', { + image: 'rancher/k3s:${K3S_TAG:-latest}', + entrypoint: Command() + ['agent'], + tmpfs: ['/run', '/var/run'], + ulimits: { + nproc: 65535, + nofile: { + soft: 65535, + hard: 65535, + }, + }, + privileged: true, + restart: 'always', + environment: { + K3S_URL: 'https://k3s-server:6443', + K3S_TOKEN: 'TOKEN', + }, + volumes: [ + 'k3s-tmp:/k3s-tmp', + ], + }) + + utils.ComposeService('k3s-init', { + image: 'rancher/k3s:${K3S_TAG:-latest}', + depends_on: { + 'k3s-server': { + condition: 'service_healthy', + }, + }, + entrypoint: [ + 'sh', + '-c', + ||| + cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml + export KUBECONFIG=/tmp/kubeconfig.yaml + ||| + std.join('\n', std.map( + InstallManifest, + std.sort(manifests, function(manifest) manifest.kind + '/' + manifest.metadata.name) + )) + '\n' + + ||| + sleep 30 + |||, + ], + volumes: [ + 'k3s-tmp:/k3s-tmp', + ], + }) + + utils.ComposeService('k3s-ready', { + depends_on: { + 'k3s-init': { + condition: 'service_completed_successfully', + }, + }, + image: 'busybox:latest', + command: [ + 'sh', + '-c', + 'exit 0', + ], + }), + volumes: { + 'k3s-tmp': { + driver_opts: { + type: 'none', + device: '/tmp', + o: 'bind', + }, + }, + }, + }, +} diff --git a/integration/tpl/clusters/auth0-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/auth0-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..f90629251 --- /dev/null +++ b/integration/tpl/clusters/auth0-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('auth0') diff --git a/integration/tpl/clusters/auth0-multi/compose.yml.jsonnet b/integration/tpl/clusters/auth0-multi/compose.yml.jsonnet new file mode 100644 index 000000000..b48612d9d --- /dev/null +++ b/integration/tpl/clusters/auth0-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('auth0') diff --git a/integration/tpl/clusters/azure-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/azure-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..47c9966b2 --- /dev/null +++ b/integration/tpl/clusters/azure-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('azure') diff --git a/integration/tpl/clusters/azure-multi/compose.yml.jsonnet b/integration/tpl/clusters/azure-multi/compose.yml.jsonnet new file mode 100644 index 000000000..d97f3fb26 --- /dev/null +++ b/integration/tpl/clusters/azure-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('azure') diff --git a/integration/tpl/clusters/github-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/github-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..5cf51d867 --- /dev/null +++ b/integration/tpl/clusters/github-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('github') diff --git a/integration/tpl/clusters/github-multi/compose.yml.jsonnet b/integration/tpl/clusters/github-multi/compose.yml.jsonnet new file mode 100644 index 000000000..481c188c6 --- /dev/null +++ b/integration/tpl/clusters/github-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('github') diff --git a/integration/tpl/clusters/gitlab-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/gitlab-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..65cb91f49 --- /dev/null +++ b/integration/tpl/clusters/gitlab-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('gitlab') diff --git a/integration/tpl/clusters/gitlab-multi/compose.yml.jsonnet b/integration/tpl/clusters/gitlab-multi/compose.yml.jsonnet new file mode 100644 index 000000000..a2b23b913 --- /dev/null +++ b/integration/tpl/clusters/gitlab-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('gitlab') diff --git a/integration/tpl/clusters/google-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/google-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..df3c2c82b --- /dev/null +++ b/integration/tpl/clusters/google-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('google') diff --git a/integration/tpl/clusters/google-multi/compose.yml.jsonnet b/integration/tpl/clusters/google-multi/compose.yml.jsonnet new file mode 100644 index 000000000..a1efc8823 --- /dev/null +++ b/integration/tpl/clusters/google-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('google') diff --git a/integration/tpl/clusters/oidc-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/oidc-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..a20702012 --- /dev/null +++ b/integration/tpl/clusters/oidc-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('oidc') diff --git a/integration/tpl/clusters/oidc-multi/compose.yml.jsonnet b/integration/tpl/clusters/oidc-multi/compose.yml.jsonnet new file mode 100644 index 000000000..95c6628fd --- /dev/null +++ b/integration/tpl/clusters/oidc-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('oidc') diff --git a/integration/tpl/clusters/okta-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/okta-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..34081c41a --- /dev/null +++ b/integration/tpl/clusters/okta-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('okta') diff --git a/integration/tpl/clusters/okta-multi/compose.yml.jsonnet b/integration/tpl/clusters/okta-multi/compose.yml.jsonnet new file mode 100644 index 000000000..693bf02e8 --- /dev/null +++ b/integration/tpl/clusters/okta-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('okta') diff --git a/integration/tpl/clusters/onelogin-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/onelogin-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..aafa71259 --- /dev/null +++ b/integration/tpl/clusters/onelogin-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('onelogin') diff --git a/integration/tpl/clusters/onelogin-multi/compose.yml.jsonnet b/integration/tpl/clusters/onelogin-multi/compose.yml.jsonnet new file mode 100644 index 000000000..b8cab6bd1 --- /dev/null +++ b/integration/tpl/clusters/onelogin-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('onelogin') diff --git a/integration/tpl/clusters/ping-kubernetes/compose.yml.jsonnet b/integration/tpl/clusters/ping-kubernetes/compose.yml.jsonnet new file mode 100644 index 000000000..a98ba4e44 --- /dev/null +++ b/integration/tpl/clusters/ping-kubernetes/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/kubernetes.libsonnet')('ping') diff --git a/integration/tpl/clusters/ping-multi/compose.yml.jsonnet b/integration/tpl/clusters/ping-multi/compose.yml.jsonnet new file mode 100644 index 000000000..fe0c6e9bc --- /dev/null +++ b/integration/tpl/clusters/ping-multi/compose.yml.jsonnet @@ -0,0 +1 @@ +(import '../../deployments/multi.libsonnet')('ping') diff --git a/integration/tpl/deployments/kubernetes.libsonnet b/integration/tpl/deployments/kubernetes.libsonnet new file mode 100644 index 000000000..55c98e102 --- /dev/null +++ b/integration/tpl/deployments/kubernetes.libsonnet @@ -0,0 +1,19 @@ +local utils = import '../utils.libsonnet'; + +function(idp) utils.Merge([ + (import '../backends/k3s.libsonnet')( + idp, + (import '../backends/fortio.libsonnet')().kubernetes + + (import '../backends/httpdetails.libsonnet')().kubernetes + + (import '../backends/mock-idp.libsonnet')(idp).kubernetes + + (import '../backends/pomerium.libsonnet')('single', idp, '.default.svc.cluster.local').kubernetes + + (import '../backends/redis.libsonnet')().kubernetes + + (import '../backends/verify.libsonnet')('single').kubernetes + + (import '../backends/websocket-echo.libsonnet')().kubernetes + ).compose, + { + networks: { + main: {}, + }, + }, +]) diff --git a/scripts/build-dev-docker.bash b/scripts/build-dev-docker.bash index f15194c6f..6ab104b03 100755 --- a/scripts/build-dev-docker.bash +++ b/scripts/build-dev-docker.bash @@ -24,4 +24,6 @@ ENTRYPOINT [ "/bin/pomerium" ] CMD ["-config","/pomerium/config.yaml"] EOF docker build --tag=pomerium/pomerium:dev . + # save the image so we can load it from docker-compose + docker save --output=/tmp/pomerium-dev.tar pomerium/pomerium:dev )