3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/integration/clusters/google-kubernetes/compose.yml
Caleb Doxsey c97dcf7e0f
envoy: add hash policy and routing key for hash-based load balancers (#2791) 
* envoy: add hash policy and routing key for hash-based load balancers

* fix integration test

* fix nginx
2021-12-01 13:42:12 -07:00

1068 lines
71 KiB
YAML
Raw Blame History

networks:
main: {}
services:
k3s-agent:
entrypoint:
- sh
- -c
- |
set -x
# the dev image is only available locally, so load it first
if [ "${POMERIUM_TAG:-master}" = "dev" ]; then
sh -c '
while true ; do
ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break
sleep 1
done
' &
fi
k3s "$$@"
- k3s
- agent
environment:
K3S_TOKEN: TOKEN
K3S_URL: https://k3s-server:6443
image: rancher/k3s:${K3S_TAG:-latest}
networks:
main:
aliases:
- k3s-agent
privileged: true
restart: always
tmpfs:
- /run
- /var/run
ulimits:
nofile:
hard: 65535
soft: 65535
nproc: 65535
volumes:
- k3s-tmp:/k3s-tmp
k3s-init:
depends_on:
k3s-server:
condition: service_healthy
entrypoint:
- sh
- -c
- |
cat /k3s-tmp/kubeconfig.yaml | sed s/127.0.0.1/k3s-server/g >/tmp/kubeconfig.yaml
export KUBECONFIG=/tmp/kubeconfig.yaml
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "mock-idp",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "mock-idp"
}
},
"template": {
"metadata": {
"labels": {
"app": "mock-idp"
}
},
"spec": {
"containers": [
{
"args": [
"--provider",
"google",
"--port",
"8024",
"--root-url",
"https://mock-idp.localhost.pomerium.io/"
],
"image": "pomerium/mock-idps:${MOCK_IDPS_TAG:-master}",
"name": "mock-idp",
"ports": [
{
"containerPort": 8024,
"name": "http"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/mock-idp
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "pomerium",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "pomerium"
}
},
"template": {
"metadata": {
"labels": {
"app": "pomerium"
}
},
"spec": {
"containers": [
{
"env": [
{
"name": "AUTHENTICATE_SERVICE_URL",
"value": "https://authenticate.localhost.pomerium.io"
},
{
"name": "CERTIFICATE",
"value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVVakNDQXJxZ0F3SUJBZ0lSQUtOYUVxQ21tWmZobWNZZ1p5MDFXQ3N3RFFZSktvWklodmNOQVFFTEJRQXcKZ1lNeEhqQWNCZ05WQkFvVEZXMXJZMlZ5ZENCa1pYWmxiRzl3YldWdWRDQkRRVEVzTUNvR0ExVUVDd3dqWTJGcwpaV0pBWTJGc1pXSXRjR010YkdsdWRYZ2dLRU5oYkdWaUlFUnZlSE5sZVNreE16QXhCZ05WQkFNTUttMXJZMlZ5CmRDQmpZV3hsWWtCallXeGxZaTF3WXkxc2FXNTFlQ0FvUTJGc1pXSWdSRzk0YzJWNUtUQWVGdzB5TVRBNE1UQXgKTnpNeU1UQmFGdzB5TXpFeE1UQXhPRE15TVRCYU1GY3hKekFsQmdOVkJBb1RIbTFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCalpYSjBhV1pwWTJGMFpURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnCktFTmhiR1ZpSUVSdmVITmxlU2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQzgKSExCQUl6WGtQZWVnbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRAp5VmhEVDBRbEkvTy9FS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2Cld5bCtGb1BEVi92c1ozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXQKak9ic2FRZ0o1TEx4Q1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcQpiWlVERytaaW9BclBtcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkCjlyNnJPQnhweHduVER2SGtCbjZ2QWdNQkFBR2piREJxTUE0R0ExVWREd0VCL3dRRUF3SUZvREFUQmdOVkhTVUUKRERBS0JnZ3JCZ0VGQlFjREFUQWZCZ05WSFNNRUdEQVdnQlNGaGxoWWdFZktUcGxWT2VuZVZHMyszSUUvVFRBaQpCZ05WSFJFRUd6QVpnaGNxTG14dlkyRnNhRzl6ZEM1d2IyMWxjbWwxYlM1cGJ6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBWUVBdWZRQUY3OXM3YzFnbVo5Q0lLQlNHa0hoK1NIMDFDdUtZbm5IaU1vd0hzVGlvRmFVQVFzZC9QNFgKYzJYQnFjMzRlVDNtQ3ZwZ1pqSGJqejZKbG5UWUp4dUx2VnFuVkIzZW10V3JiMWNRdmg4QnBoeHNwVGxTOHVpRQpBRWYvbmd0cHpmQS9mNGxwR2t6clEwY3lQa0VKR3o1MTFxOTdpdHpuOVJaWnpWVFp4TlZGU1AydlZoTk5RVnNXCk94YWtjdllSZ256OEFPUVMzT1BIajJGUWMzaWlic2hjdDVsZUl3WVpGY3hJTkdIUjZLTDYrL0xTZVBOQ0VNbUsKcXltVlBrUUdzSWNVNkdROWZ4YVN1NG1wK0lVQUxQcm9pekVWSThTVms1bk9tM0hJZXorWmZYaHpmbkd4MDZTSQo2TnVvUVFQcVVCZVplWG4yWUZZaGlwZVJkclF4dkEzNi9ZWGEvQWtYQ2VVMHBYeGJ0WEtjdmF0ZnJpNUtuWUpECmtINTlhK2FGa1RzbDQxdGZJMmNuUllWZGRxWFZsM096TGJjZ0FGTG4xV2VDMXh4M3hSWGk3S2xkb2tPbHZndisKQjZuYVdmQ3hSbFdaL2xzbUhhZTRrYzFXSDRLYzduSytJVGI0MEVralY2OC9BN2tyWnNOMVZjcU50cG9tWWtnRQp4alVFOFhVdQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
},
{
"name": "CERTIFICATE_AUTHORITY",
"value": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUxekNDQXorZ0F3SUJBZ0lRWjEzOWNkL3BhUGRrUzJKeUF1N2tFREFOQmdrcWhraUc5dzBCQVFzRkFEQ0IKZ3pFZU1Cd0dBMVVFQ2hNVmJXdGpaWEowSUdSbGRtVnNiM0J0Wlc1MElFTkJNU3d3S2dZRFZRUUxEQ05qWVd4bApZa0JqWVd4bFlpMXdZeTFzYVc1MWVDQW9RMkZzWldJZ1JHOTRjMlY1S1RFek1ERUdBMVVFQXd3cWJXdGpaWEowCklHTmhiR1ZpUUdOaGJHVmlMWEJqTFd4cGJuVjRJQ2hEWVd4bFlpQkViM2h6WlhrcE1CNFhEVEl4TURneE1ERTMKTXpJd09Wb1hEVE14TURneE1ERTNNekl3T1Zvd2dZTXhIakFjQmdOVkJBb1RGVzFyWTJWeWRDQmtaWFpsYkc5dwpiV1Z1ZENCRFFURXNNQ29HQTFVRUN3d2pZMkZzWldKQVkyRnNaV0l0Y0dNdGJHbHVkWGdnS0VOaGJHVmlJRVJ2CmVITmxlU2t4TXpBeEJnTlZCQU1NS20xclkyVnlkQ0JqWVd4bFlrQmpZV3hsWWkxd1l5MXNhVzUxZUNBb1EyRnMKWldJZ1JHOTRjMlY1S1RDQ0FhSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnR1BBRENDQVlvQ2dnR0JBTmJLeU16NQpNVlc2WUtkamgxb0lOMU1uN1BFMnBINVNiSlNwV3hkQUdoZEJrQmtwQWE3T3hhcmpINUtWa0NUU2E3b25jbGE3CnFOdUpaUzZtQm1veEYrUitjUjNqeUdkVUFZbG96bDFqbGZxTElmQy8rZzdWN1ZtT0puOTh0akI0MmZhdHhMbDYKV1BBdzFKRE5zV3RRZmhLaGJjSHV0N1JzRjByTU9PSGN3eXdUUjdMT3lDbUllbDFwY21wVjRoYlZjVDZlVndvUApIWHlKU2E5Y3FhTVE1WHJkb2dhaTRJcVpaSUdMSGVMc1RWdXRPZ0pGWEVldmxYL1FUM3NXb21FY3R6aDM4SnM0CjlEaUFQRDZkNFk3L0NQTFlFZmsyOUpROU5aaHBnRHNpOWh1NUZISFpjWHdmMUlIbHcvQ0JWZ242aitqbXZLS3oKOTBNYTFvcXV2M1c2ZHR0aWQveENjTEd1MlMrOTZUenJ5a21veTVWYWNMdFZFUDQxWW1vVmxzOTFybG83b2xwZQpRV0Zibm1jbzczOVRJLzRoK0hvZG9scGVyUUVSUWw3dUNucEtWUFozV29rS3VSaDVwa3FrUXAvYXJRanR3Y1J0Ckc0M0NyRHBibCt1U2pNQ0F4aGE5NThlVFl2dG9qVE1udkx0c0dJRDFoR1hucWx3KzVLaktyZ1JIclFJREFRQUIKbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQWdRd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFEQWRCZ05WSFE0RQpGZ1FVaFlaWVdJQkh5azZaVlRucDNsUnQvdHlCUDAwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFBMUYvYXByCmw2cE5UM01wL014aFVVZ282dXNFSkNyeUdRY0xSZmV4eVFYR04zaHVDbUlyUDU1VkZhOEVUUEF0anNyNlBNZTcKN3Z2RWo4ZUZ1Mkp0S292bFF3TmV3WVU5Y2pBTUNWYUZpTmJyUWEyMGh6aFdjMmpzNmR5aWxkRTYvRFB6YmVkcwpLREF4aEZOcDM1U2x3dFJ0S2sxU3p4SnhzcVN3amZ4SThmcCtSLzB3TzhnMGZXVGRNMmdDcFJ3WU1Od0pFTEVnCitkU2x2SkN3dXUrcnp4TGFsemFQRjFQTVRXNzJPRUxhbC9qNXNEKzJWeXRRNGsrSFVEYnl0MkRuUVQ3WVEzem8KcTAyeDJ1MnNtMVdXL28vdWg4cGpQeGtHUXFMMm1yeVpzNlZIOVZDVTNRa0tORHNzTmQ3MWxyM3dQb0U0WVJIZQpVdnpEMWVEZWVsekJVRk5JcERDamRDc0w1NXlJUHFVc3I2bG1qcEJQTDB2ZWEzM1FUTWJjc1N4dTB1bUdYRGJVCjY2anVVNFoxak9FMHdDbEl2YU82OTlKK0UyZ0JlMWpVTjZBdDZiOEJTb1pxQ3FYWW9ESEdlaTlSQlVkdmdxdG8Ka1Zzb0pmREkvVEZNZWtZZ3BMNVVWWW1MZGZncUxQUFJQOXBRQkxEeDNtc3plQXFudmZUSUNBemZYZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
{
"name": "CERTIFICATE_KEY",
"value": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzhITEJBSXpYa1BlZWcKbGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PLwpFS2dDT0ZGeFVEcW9SODJpWTA2U2FjQWpIbmk2K1BPOXRWUmJGVjB3MTRCREFKU3BCK1Z2V3lsK0ZvUERWL3ZzClozMUZ0WXcrRXdxa2JEeC9rYVQ5dXpmK0xKZGxrZjE0blFRajhFa3kvOGQzbVdKYmIvOXRqT2JzYVFnSjVMTHgKQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUAptcW1rYXdVV3czZWtoajgwU0pnL1RLOVBSYU4vVnZjSTFQZ0FkN0xaenRVUmVTbVR5NWhkOXI2ck9CeHB4d25UCkR2SGtCbjZ2QWdNQkFBRUNnZ0VBQjI4aTBBWVVOU2IxSm5XRmJLenJ1VWN0dTN0Q05Yb3ZKZzZLM0JpUFZNa3EKRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBVwo4ZUplcVJMWkVmc1NTSk9YVEc3UmRHc240cUhGSjAwczJaVGxjSUhTUHduRm0rWGpKaTk5VThHNFhzVW9YbzByCkd5KzBWQ3VVN004Z0lDRUhIc3JRTzlYREQzblQyaml1NVRqckt3anV0M0Vtb0pzc0k1YnF4MzMrT0J1NUJwQ1AKQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVApiTGtMRnlXQk5UV1VaMlIvMnd4bXVvQzZtTFp3ODc5TUxDS012azFkb1FLQmdRRGhtd0dhZkpOeW1UaUVRWlJJClNzUXg0c2VxZk9LZmdGQzdvaHFIOWNST091OElKMW83cTJwTTJXNFhpVitTM3dUZFBHbWNhNklPalgyM2lzVkIKMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzNwpheHpsYU1yeEV1M0xJOVVFN050cmRRaUJ5UUtCZ1FEVmRJNmNlSVZCVDZSZ3ZWR3Q4emtMalBJRmpoUUVIQUlwCnVoaXJncXBTNkNYOUJseWYyK280MHptZmozaGU1ckNjRW9CNU1zZU0rRGdGYmNWaDJlL01WbllpTk53NkpDREIKQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleQp1QkhWQnYvNHR3S0JnSHdIdWVQeTVTVTFzMnFTbXpEN1djMkxQZll1M25DT0hOUnJGR2IyNk11UmZ1UmVyaTdyCjJHOFRnb0VTRnljcDBRVElOOCsxSk0wWFlLeE5jSkQ2QjhWMXdLYmJwUXN5bW5lSTFnanV0aUIvSWd3L1BrREsKQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWgpmTjJZZVlieVljYU0xMXAxVmlsdWxWVFZqWTNpL0ZaaURSNFNML0lHSldqTi9Temc0aVhZc0tGbXUrZHVsT1psCmNCQUxwRUtycXBtelhZdHJONmJzdjE4KzVlTzNxR2JLMkRyRXEzZVdWZXYyS29UTW9ieHo3ZysrWEJJV0ptTEEKSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkUwpLcmx0d21vZEhpcVhOYlZrd2JXMUFGUEpiaVlhaTRZRmZLNElBYmlmL1lteGY5Rzc4YU9rcjlacENJek9rRFBaCllwRXdRR1dzQWhFbENGdmM4RS81ZEhFU1NwK3RXdFArTmx1aW1wRnFpRGczL1NVbk13TzJ4SDBuaExhMHplamgKZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
},
{
"name": "COOKIE_SECRET",
"value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w="
},
{
"name": "DATABROKER_STORAGE_CONNECTION_STRING",
"value": "redis://redis:6379"
},
{
"name": "DATABROKER_STORAGE_TYPE",
"value": "redis"
},
{
"name": "ENVOY_ADMIN_ADDRESS",
"value": "0.0.0.0:9901"
},
{
"name": "GOOGLE_CLOUD_SERVERLESS_AUTHENTICATION_SERVICE_ACCOUNT",
"value": "ewoiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiLAoiYXV0aF91cmkiOiAiaHR0cDovL21vY2staWRwLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAyNCIsCiJjbGllbnRfZW1haWwiOiAicmVkYWN0ZWRAcG9tZXJpdW0tcmVkYWN0ZWQuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAoiY2xpZW50X2lkIjogIjEwMTIxNTk5MDQ1ODAwMDMzNDM4NyIsCiJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0IiwKInByaXZhdGVfa2V5IjogIi0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tLVxuTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDOEhMQkFJelhrUGVlZ1xubGRVZlJLSzJqUXhTVlpENWcrcXNqQXpwbXJxL0F0bXdlSzFjR2NPdFo2ZU9MK3A4YnJQRHlWaERUMFFsSS9PL1xuRUtnQ09GRnhVRHFvUjgyaVkwNlNhY0FqSG5pNitQTzl0VlJiRlYwdzE0QkRBSlNwQitWdld5bCtGb1BEVi92c1xuWjMxRnRZdytFd3FrYkR4L2thVDl1emYrTEpkbGtmMTRuUVFqOEVreS84ZDNtV0piYi85dGpPYnNhUWdKNUxMeFxuQ1lkSW1rcjc3WDJMTXVEdy8xdHBINjQyR0UyNU5yZ202UUhseUtTZllYbzM4djgzZWJFcWJaVURHK1ppb0FyUFxubXFta2F3VVd3M2VraGo4MFNKZy9USzlQUmFOL1Z2Y0kxUGdBZDdMWnp0VVJlU21UeTVoZDlyNnJPQnhweHduVFxuRHZIa0JuNnZBZ01CQUFFQ2dnRUFCMjhpMEFZVU5TYjFKbldGYkt6cnVVY3R1M3RDTlhvdkpnNkszQmlQVk1rcVxuRFQxWHJKSWdGNVJISE9scjNPc0xFNnU3WHoyY3RkTUw2UHNoaUtUdEl3dEdwaXZnUnBDaUpFc2xtcjJ6aThBV1xuOGVKZXFSTFpFZnNTU0pPWFRHN1JkR3NuNHFIRkowMHMyWlRsY0lIU1B3bkZtK1hqSmk5OVU4RzRYc1VvWG8wclxuR3krMFZDdVU3TThnSUNFSEhzclFPOVhERDNuVDJqaXU1VGpyS3dqdXQzRW1vSnNzSTVicXgzMytPQnU1QnBDUFxuQ1Q0NzNENDNQOXAzcWkvWG5mdnFHU0cyT2o0T2FqVjRmcjBvOUIzS3ZJeGtNZW03V2xJM2p5eTFrQXB5WHFWVFxuYkxrTEZ5V0JOVFdVWjJSLzJ3eG11b0M2bUxadzg3OU1MQ0tNdmsxZG9RS0JnUURobXdHYWZKTnltVGlFUVpSSVxuU3NReDRzZXFmT0tmZ0ZDN29ocUg5Y1JPT3U4SUoxbzdxMnBNMlc0WGlWK1Mzd1RkUEdtY2E2SU9qWDIzaXNWQlxuMnVxTmk5UzRNbkkyL2QyMkdkL0JSOXJ2QncxZUdKb0ticld4MjJmRThRQ0VXVDFBbk8rRHVEMGpDODV5UmxzN1xuYXh6bGFNcnhFdTNMSTlVRTdOdHJkUWlCeVFLQmdRRFZkSTZjZUlWQlQ2Umd2Vkd0OHprTGpQSUZqaFFFSEFJcFxudWhpcmdxcFM2Q1g5Qmx5ZjIrbzQwem1majNoZTVyQ2NFb0I1TXNlTStEZ0ZiY1ZoMmUvTVZuWWlOTnc2SkNEQlxuQlFrRjQwOHBacFNlS1h2TC9veVYva0ltTVRKL3RVRFkwRVh4TXdTUEpCMFdsdGJXcmVWSUhvcGlnWFJDYmFleVxudUJIVkJ2LzR0d0tCZ0h3SHVlUHk1U1UxczJxU216RDdXYzJMUGZZdTNuQ09ITlJyRkdiMjZNdVJmdVJlcmk3clxuMkc4VGdvRVNGeWNwMFFUSU44KzFKTTBYWUt4TmNKRDZCOFYxd0tiYnBRc3ltbmVJMWdqdXRpQi9JZ3cvUGtES1xuQ0w0VlA0RjRkYTVOV1cxeVdnTnlnTG9KdlovNXFpS0tpc0pjMEdXazRIS3o2bUxnek9qUTJMSnhBb0dCQUxIWlxuZk4yWWVZYnlZY2FNMTFwMVZpbHVsVlRWalkzaS9GWmlEUjRTTC9JR0pXak4vU3pnNGlYWXNLRm11K2R1bE9abFxuY0JBTHBFS3JxcG16WFl0ck42YnN2MTgrNWVPM3FHYksyRHJFcTNlV1ZldjJLb1RNb2J4ejdnKytYQklXSm1MQVxuSGhhYTZJaVBrWUQ1eXlWeUhLRGJlWGdiM285ZXFDUjd3N2ZZTGp5L0FvR0FJNEQrTUZraXZ3VUY3aHFmNWVkU1xuS3JsdHdtb2RIaXFYTmJWa3diVzFBRlBKYmlZYWk0WUZmSzRJQWJpZi9ZbXhmOUc3OGFPa3I5WnBDSXpPa0RQWlxuWXBFd1FHV3NBaEVsQ0Z2YzhFLzVkSEVTU3ArdFd0UCtObHVpbXBGcWlEZzMvU1VuTXdPMnhIMG5oTGEwemVqaFxuZ21MaDR3L0NjUHliOVp5WGNlV1UvblU9XG4tLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tXG4iLAoicHJpdmF0ZV9rZXlfaWQiOiAiZTA3ZjdjOTM4NzBjN2UwM2Y4ODM1NjBlY2Q4ZmQwZjRkMjdiMDA4MSIsCiJwcm9qZWN0X2lkIjogInBvbWVyaXVtLXJlZGFjdGVkIiwKInRva2VuX3VyaSI6ICJodHRwOi8vbW9jay1pZHAuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDI0L3Rva2VuIiwKInR5cGUiOiAic2VydmljZV9hY2NvdW50Igp9"
},
{
"name": "IDP_CLIENT_ID",
"value": "CLIENT_ID"
},
{
"name": "IDP_CLIENT_SECRET",
"value": "CLIENT_SECRET"
},
{
"name": "IDP_PROVIDER",
"value": "google"
},
{
"name": "IDP_PROVIDER_URL",
"value": "https://mock-idp.localhost.pomerium.io/"
},
{
"name": "JWT_CLAIMS_HEADERS",
"value": "email,groups,user"
},
{
"name": "LOG_LEVEL",
"value": "info"
},
{
"name": "POLICY",
"value": "Wwp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vbW9jay1pZHAubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZXNlcnZlX2hvc3RfaGVhZGVyIjogdHJ1ZSwKInRvIjogImh0dHA6Ly9tb2NrLWlkcC5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwMjQiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9lbnZveS5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cDovL2xvY2FsaG9zdDo5OTAxIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly92ZXJpZnkubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJ0byI6ICJodHRwOi8vdmVyaWZ5LmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImFsbG93X3dlYnNvY2tldHMiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL3dlYnNvY2tldC1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfYW55X2F1dGhlbnRpY2F0ZWRfdXNlciI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZm9ydGlvLXVpLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL2ZvcnRpby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9mb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidGxzX2N1c3RvbV9jYSI6ICJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VVeGVrTkRRWG9yWjBGM1NVSkJaMGxSV2pFek9XTmtMM0JoVUdSclV6SktlVUYxTjJ0RlJFRk9RbWRyY1docmFVYzVkekJDUVZGelJrRkVRMElLWjNwRlpVMUNkMGRCTVZWRlEyaE5WbUpYZEdwYVdFb3dTVWRTYkdSdFZuTmlNMEowV2xjMU1FbEZUa0pOVTNkM1MyZFpSRlpSVVV4RVEwNXFXVmQ0YkFwWmEwSnFXVmQ0YkZscE1YZFplVEZ6WVZjMU1XVkRRVzlSTWtaeldsZEpaMUpIT1RSak1sWTFTMVJGZWsxRVJVZEJNVlZGUVhkM2NXSlhkR3BhV0Vvd0NrbEhUbWhpUjFacFVVZE9hR0pIVm1sTVdFSnFURmQ0Y0dKdVZqUkpRMmhFV1ZkNGJGbHBRa1ZpTTJoNldsaHJjRTFDTkZoRVZFbDRUVVJuZUUxRVJUTUtUWHBKZDA5V2IxaEVWRTE0VFVSbmVFMUVSVE5OZWtsM1QxWnZkMmRaVFhoSWFrRmpRbWRPVmtKQmIxUkdWekZ5V1RKV2VXUkRRbXRhV0Zwc1lrYzVkd3BpVjFaMVpFTkNSRkZVUlhOTlEyOUhRVEZWUlVOM2QycFpNa1p6V2xkS1FWa3lSbk5hVjBsMFkwZE5kR0pIYkhWa1dHZG5TMFZPYUdKSFZtbEpSVkoyQ21WSVRteGxVMnQ0VFhwQmVFSm5UbFpDUVUxTlMyMHhjbGt5Vm5sa1EwSnFXVmQ0YkZsclFtcFpWM2hzV1dreGQxbDVNWE5oVnpVeFpVTkJiMUV5Um5NS1dsZEpaMUpIT1RSak1sWTFTMVJEUTBGaFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUjFCQlJFTkRRVmx2UTJkblIwSkJUbUpMZVUxNk5RcE5WbGMyV1V0a2FtZ3hiMGxPTVUxdU4xQkZNbkJJTlZOaVNsTndWM2hrUVVkb1pFSnJRbXR3UVdFM1QzaGhjbXBJTlV0V2EwTlVVMkUzYjI1amJHRTNDbkZPZFVwYVV6WnRRbTF2ZUVZclVpdGpVak5xZVVka1ZVRlpiRzk2YkRGcWJHWnhURWxtUXk4clp6ZFdOMVp0VDBwdU9UaDBha0kwTW1aaGRIaE1iRFlLVjFCQmR6RktSRTV6VjNSUlptaExhR0pqU0hWME4xSnpSakJ5VFU5UFNHTjNlWGRVVWpkTVQzbERiVWxsYkRGd1kyMXdWalJvWWxaalZEWmxWbmR2VUFwSVdIbEtVMkU1WTNGaFRWRTFXSEprYjJkaGFUUkpjVnBhU1VkTVNHVk1jMVJXZFhSUFowcEdXRVZsZG14WUwxRlVNM05YYjIxRlkzUjZhRE00U25NMENqbEVhVUZRUkRaa05GazNMME5RVEZsRlptc3lPVXBST1U1YWFIQm5SSE5wT1doMU5VWklTRnBqV0hkbU1VbEliSGN2UTBKV1oyNDJhaXRxYlhaTFMzb0tPVEJOWVRGdmNYVjJNMWMyWkhSMGFXUXZlRU5qVEVkMU1sTXJPVFpVZW5KNWEyMXZlVFZXWVdOTWRGWkZVRFF4V1cxdlZteHpPVEZ5Ykc4M2IyeHdaUXBSVjBaaWJtMWpiemN6T1ZSSkx6Um9LMGh2Wkc5c2NHVnlVVVZTVVd3M2RVTnVjRXRXVUZvelYyOXJTM1ZTYURWd2EzRnJVWEF2WVhKUmFuUjNZMUowQ2tjME0wTnlSSEJpYkN0MVUycE5RMEY0YUdFNU5UaGxWRmwyZEc5cVZFMXVka3gwYzBkSlJERm9SMWh1Y1d4M0t6Vkxha3R5WjFKSWNsRkpSRUZSUVVJS2J6QlZkMUY2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVdkUmQwVm5XVVJXVWpCVVFWRklMMEpCWjNkQ1owVkNMM2RKUWtGRVFXUkNaMDVXU0ZFMFJRcEdaMUZWYUZsYVdWZEpRa2g1YXpaYVZsUnVjRE5zVW5RdmRIbENVREF3ZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGRVoyZEhRa0ZCTVVZdllYQnlDbXcyY0U1VU0wMXdMMDE0YUZWVloyODJkWE5GU2tOeWVVZFJZMHhTWm1WNGVWRllSMDR6YUhWRGJVbHlVRFUxVmtaaE9FVlVVRUYwYW5OeU5sQk5aVGNLTjNaMlJXbzRaVVoxTWtwMFMyOTJiRkYzVG1WM1dWVTVZMnBCVFVOV1lVWnBUbUp5VVdFeU1HaDZhRmRqTW1wek5tUjVhV3hrUlRZdlJGQjZZbVZrY3dwTFJFRjRhRVpPY0RNMVUyeDNkRkowUzJzeFUzcDRTbmh6Y1ZOM2FtWjRTVGhtY0N0U0x6QjNUemhuTUdaWFZHUk5NbWREY0ZKM1dVMU9kMHBGVEVWbkNpdGtVMngyU2tOM2RYVXJjbnA0VEdGc2VtRlFSakZRVFZSWE56SlBSVXhoYkM5cU5YTkVLekpXZVhSUk5Hc3JTRlZFWW5sME1rUnVVVlEzV1ZFemVtOEtjVEF5ZURKMU1uTnRNVmRYTDI4dmRXZzRjR3BRZUd0SFVYRk1NbTF5ZVZwek5sWklPVlpEVlROUmEwdE9SSE56VG1RM01XeHlNM2RRYjBVMFdWSklaUXBWZG5wRU1XVkVaV1ZzZWtKVlJrNUpjRVJEYW1SRGMwdzFOWGxKVUhGVmMzSTJiRzFxY0VKUVREQjJaV0V6TTFGVVRXSmpjMU40ZFRCMWJVZFlSR0pWQ2pZMmFuVlZORm94YWs5Rk1IZERiRWwyWVU4Mk9UbEtLMFV5WjBKbE1XcFZUalpCZERaaU9FSlRiMXB4UTNGWVdXOUVTRWRsYVRsU1FsVmtkbWR4ZEc4S2ExWnpiMHBtUkVrdlZFWk5aV3RaWjNCTU5WVldXVzFNWkdabmNVeFFVRkpRT1hCUlFreEVlRE50YzNwbFFYRnVkbVpVU1VOQmVtWllaejA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwKInRsc19zZXJ2ZXJfbmFtZSI6ICJmb3J0aW8tcGluZy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoidG8iOiAiaHR0cHM6Ly9mb3J0aW8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDc5Igp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAidGNwK2h0dHBzOi8vcmVkaXMubG9jYWxob3N0LnBvbWVyaXVtLmlvOjYzNzkiLAoidG8iOiAidGNwOi8vcmVkaXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo2Mzc5Igp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1lbmFibGVkIiwKInRsc19za2lwX3ZlcmlmeSI6IHRydWUsCiJ0byI6ICJodHRwczovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1za2lwLXZlcmlmeS1kaXNhYmxlZCIsCiJ0bHNfc2tpcF92ZXJpZnkiOiBmYWxzZSwKInRvIjogImh0dHBzOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLXNlcnZlci1uYW1lLWVuYWJsZWQiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5ub3Rwb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1zZXJ2ZXItbmFtZS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3dyb25nbHktbmFtZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4NDQzIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhdGgiOiAiL3Rscy1jdXN0b20tY2EtZW5hYmxlZCIsCiJ0bHNfY3VzdG9tX2NhIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVV5UkVORFFUQkRaMEYzU1VKQlowbFNRVXhrT1VkaFNsSTVNbkZwTjNGTU1XVklSMDAyU3pCM1JGRlpTa3R2V2tsb2RtTk9RVkZGVEVKUlFYY0taMWxOZUVocVFXTkNaMDVXUWtGdlZFWlhNWEpaTWxaNVpFTkNhMXBZV214aVJ6bDNZbGRXZFdSRFFrUlJWRVZ6VFVOdlIwRXhWVVZEZDNkcVdUSkdjd3BhVjBwQldUSkdjMXBYU1hSalIwMTBZa2RzZFdSWVoyZExSVTVvWWtkV2FVbEZVblpsU0U1c1pWTnJlRTE2UVhoQ1owNVdRa0ZOVFV0dE1YSlpNbFo1Q21SRFFtcFpWM2hzV1d0Q2FsbFhlR3haYVRGM1dYa3hjMkZYTlRGbFEwRnZVVEpHYzFwWFNXZFNSemswWXpKV05VdFVRV1ZHZHpCNVRWUkJORTFVUlhrS1RWUlZNazFVUW1GR2R6QjZUVlJCTkUxVVJYbE5WRlV5VFZSQ1lVMUpSMFJOVWpSM1NFRlpSRlpSVVV0RmVGWjBZVEpPYkdOdVVXZGFSMVl5V2xkNGRncGpSekZzWW01UloxRXdSWGhNUkVGeFFtZE9Wa0pCYzAxSk1rNW9Za2RXYVZGSFRtaGlSMVpwVEZoQ2FreFhlSEJpYmxZMFNVTm9SRmxYZUd4WmFVSkZDbUl6YUhwYVdHdHdUVlJOZDAxUldVUldVVkZFUkVOd2RHRXlUbXhqYmxGbldUSkdjMXBYU2tGWk1rWnpXbGRKZEdOSFRYUmlSMngxWkZoblowdEZUbWdLWWtkV2FVbEZVblpsU0U1c1pWTnJkMmRuUjJsTlFUQkhRMU54UjFOSllqTkVVVVZDUVZGVlFVRTBTVUpxZDBGM1oyZEhTMEZ2U1VKblVVUlhXWEJXWlFwQ1UyNWxaVEpqUVVKWmIyWlRiMWQ0UjAxNVJtRk5VVEJ1U210Wk1GVlhUVGxqYTNsVmFEZFdabWRPS3k5aFJsTlhNbHBUYlZoMWRqVmtjbU53YVRJd0Nub3paV3hvVUZSbE9UaGlRVTVpYWlzdllta3dNREUxVVZkdVRXVnVTekExV2tzMmNVUjBSbmR2TDBoV1F5OVpZMkZ5ZFhVNU5pc3hTakowYjJWWGRVVUtkSGxyVnpOTlEzQkRNWEJJV1ZNMVp6bHBWa1JyY0dSeWVtNTJXRXRzV1hWVGFXdHFjbW8zU3pWMGIybFVkblZ0T1RkTWVFdHJkV28yUkZocVlYQlFSQW8xZG5SbFUwNHhaRkZuVHpsRFV6TnpjV3hqZDFsQk5sSnFWVWgzV1RKV1JXZ3lZV1JRTXpkQ1duSmFkMDhyZVVweE9YRkdOWGsxUjJ4bmFUaHNUalJqQ2t0c1NXeEdWWE12ZUZOd1VYTjRUbUpPVVZoMFRqbHRhelJwYlZsc1drZDZXVmxpWW0wclptOUNWbEJRWW05aE5XcFdkMHRFY0ZvMk5XMVBjemRLUjFBS05ubHFLemRXTjFWQ1RVWndWeXRuUzIxS2RHZG9MMnRyUVhneE9EVm9PVE54ZDB4R1VHTTRMMVEzYmlzclVERmlkU3RtWVd0WVVFZFFSVEl4Y2tSbFRBcFFibFZ0ZFdOSlduQktielZPY0ZsV1VYWTBWM1pVUzNFdmVrMVNPVk56Y0hveVVFWktia1ZTVkdaVWRuRXJSakZ4TTFwT1lXWkZlbWxRYzBJNWIyVlRDbTVxZUhkdFlWcFBVMVl3ZGxoeEwzRmxiM0Y0TkhZMlRVSjZWa0ZaTUM4NFVqSk1ZM0JLTkhWbk1FOWFNM2N3WWpKME5ubHZPRFpRTlZFNFEwRjNSVUVLUVdGT1JrMUZUWGRFWjFsRVZsSXdVRUZSU0M5Q1FWRkVRV2RKUlUxQ1NVZEJNVlZrUlhkRlFpOTNVVWxOUVZsQ1FXWTRRMEZSUVhkSVVWbEVWbEl3VHdwQ1FsbEZSa3hqV1RoRmIwNXZaazFqY25KNGVubDRTVzR6VnpaYVQwMVdXRTFCTUVkRFUzRkhVMGxpTTBSUlJVSkRkMVZCUVRSSlFtZFJRMXA2UkVOMkNrdEpTRmd6UjNacVRsTlpOWGMxWWs5dU5FVXpkemRSU0ZBd09VRkNhbFF2ZDNWVU5FeEVhMXBJU2sxdGJISk1iek56T0dKamMxRXdjMDFFTVZrdkx5OEtjekEzWTNBMGVGbHNjVVEzUWtFd1FXTndkbGxXV1hFMU9IaExlSE52UTNkV1dHMUhOV05GWlU5dldtMVhaak54V1RKdFV6aGxWemsyZGs5R2NtUkpZZ3BNTkU5R05IaFpWVTlOVW5GQlQwZEJRWEkyVm14UE4yZFlZVFF3TmtoNmNuTkJNV2haV25keVpWaG9UMVJEV2xwUVdrOVZia0YxTURWVFNFWmtaMkZOQ2xSS1RrSXZiekF4ZEhCM1VXeHlWSGhPYldaeWIzQnZUM3A1ZFhaSU1IcFZNbEp5VFhNd0swVmlUM1ZETkVFeVkxRTRNMFJKUm5oMmNUWTNiSGxWTUVFS2N6RlJOblJTVFRBclZVUnRTazlNZWpOVFpHZE9LMFF3TUdoamRYVnFPVEpIVmpSaVNEaENabmxWZGpoT1Exa3dka1JwYWpCVVUycHFOR00wVVhSak53cEpVRXhVV2pKbk5UUTFiMk42YUU1blFXMVVOMlFyUWpWSmJubG1hVk5KUzJWdFdIRmxjekpxY0dsQlpucFFUbXc1UWxaNGMyRnJZM012V1hwdldYTXhDaXR4VkdwQlYzVmhSSE5MYjJoRmJrODBRa3AxZW5Zd2VISmpaVFF3Wlc1U1oxaDVSMGRHZGxoMU1uTTBSbGt5ZGtweFZGTnZObmx6UkZkdWFFa3pURmNLWkdObk5rOHlSalJCVUVOSFIyVTNlbk4xY1dseGEzQmphMjVDWVdKbmVrVnpPV1p2U0hFeWJXWnZOMWhwUlhwbFpFMU9PRUpPY1daVFlrRTlDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsiLAoidGxzX3NlcnZlcl9uYW1lIjogImh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicGF0aCI6ICIvdGxzLWN1c3RvbS1jYS1kaXNhYmxlZCIsCiJ0byI6ICJodHRwczovL3VudHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiCn0sCnsKImNvcnNfYWxsb3dfcHJlZmxpZ2h0IjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9jb3JzLWVuYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJjb3JzX2FsbG93X3ByZWZsaWdodCI6IGZhbHNlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwcmVmaXgiOiAiL2NvcnMtZGlzYWJsZWQiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInByZWZpeCI6ICIvcHJlc2VydmUtaG9zdC1oZWFkZXItZW5hYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IHRydWUsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93X3B1YmxpY191bmF1dGhlbnRpY2F0ZWRfYWNjZXNzIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoicHJlZml4IjogIi9wcmVzZXJ2ZS1ob3N0LWhlYWRlci1kaXNhYmxlZCIsCiJwcmVzZXJ2ZV9ob3N0X2hlYWRlciI6IGZhbHNlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9yZXN0cmljdGVkLWh0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd2VkX2RvbWFpbnMiOiBbCiJkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LWRvbWFpbiIsCiJ0byI6ICJodHRwOi8vdHJ1c3RlZC1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCn0sCnsKImFsbG93ZWRfdXNlcnMiOiBbCiJ1c2VyMUBkb2dzLnRlc3QiCl0sCiJmcm9tIjogImh0dHBzOi8vaHR0cGRldGFpbHMubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInBhc3NfaWRlbnRpdHlfaGVhZGVycyI6IHRydWUsCiJwcmVmaXgiOiAiL2J5LXVzZXIiLAoidG8iOiAiaHR0cDovL3RydXN0ZWQtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoibGJfcG9saWN5IjogIlJPVU5EX1JPQklOIiwKInByZWZpeCI6ICIvcm91bmQtcm9iaW4iLAoidG8iOiBbCiJodHRwOi8vdHJ1c3RlZC0xLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIsCiJodHRwOi8vdHJ1c3RlZC0yLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIsCiJodHRwOi8vdHJ1c3RlZC0zLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIKXQp9LAp7CiJhbGxvd19hbnlfYXV0aGVudGljYXRlZF91c2VyIjogdHJ1ZSwKImZyb20iOiAiaHR0cHM6Ly9odHRwZGV0YWlscy5sb2NhbGhvc3QucG9tZXJpdW0uaW8iLAoibGJfcG9saWN5IjogIlJJTkdfSEFTSCIsCiJwcmVmaXgiOiAiL3JpbmctaGFzaCIsCiJ0byI6IFsKImh0dHA6Ly90cnVzdGVkLTEtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIiwKImh0dHA6Ly90cnVzdGVkLTItaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIiwKImh0dHA6Ly90cnVzdGVkLTMtaHR0cGRldGFpbHMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MDgwIgpdCn0sCnsKImFsbG93X2FueV9hdXRoZW50aWNhdGVkX3VzZXIiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJsYl9wb2xpY3kiOiAiTUFHTEVWIiwKInByZWZpeCI6ICIvbWFnbGV2IiwKInRvIjogWwoiaHR0cDovL3RydXN0ZWQtMS1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiLAoiaHR0cDovL3RydXN0ZWQtMi1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiLAoiaHR0cDovL3RydXN0ZWQtMy1odHRwZGV0YWlscy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwODAiCl0KfSwKewoiYWxsb3dfcHVibGljX3VuYXV0aGVudGljYXRlZF9hY2Nlc3MiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL2h0dHBkZXRhaWxzLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoic2V0X3JlcXVlc3RfaGVhZGVycyI6IHsKIlgtQ3VzdG9tLVJlcXVlc3QtSGVhZGVyIjogImN1c3RvbS1yZXF1ZXN0LWhlYWRlci12YWx1ZSIKfSwKInRvIjogImh0dHA6Ly90cnVzdGVkLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIKfSwKewoiYWxsb3dfcHVibGljX3VuYXV0aGVudGljYXRlZF9hY2Nlc3MiOiB0cnVlLAoiYWxsb3dfd2Vic29ja2V0cyI6IHRydWUsCiJmcm9tIjogImh0dHBzOi8vZW5hYmxlZC13cy1lY2hvLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJ0byI6ICJodHRwOi8vd2Vic29ja2V0LWVjaG8uZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbDo4MCIKfSwKewoiYWxsb3dfcHVibGljX3VuYXV0aGVudGljYXRlZF9hY2Nlc3MiOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL2Rpc2FibGVkLXdzLWVjaG8ubG9jYWxob3N0LnBvbWVyaXVtLmlvIiwKInRvIjogImh0dHA6Ly93ZWJzb2NrZXQtZWNoby5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsOjgwIgp9LAp7CiJhbGxvd19wdWJsaWNfdW5hdXRoZW50aWNhdGVkX2FjY2VzcyI6IHRydWUsCiJlbmFibGVfZ29vZ2xlX2Nsb3VkX3NlcnZlcmxlc3NfYXV0aGVudGljYXRpb24iOiB0cnVlLAoiZnJvbSI6ICJodHRwczovL2Nsb3VkcnVuLmxvY2FsaG9zdC5wb21lcml1bS5pbyIsCiJwYXNzX2lkZW50aXR5X2hlYWRlcnMiOiB0cnVlLAoic2V0X3JlcXVlc3RfaGVhZGVycyI6IHsKIngtaWRwIjogImdvb2dsZSIKfSwKInRvIjogImh0dHA6Ly90cnVzdGVkLWh0dHBkZXRhaWxzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWw6ODA4MCIKfQpd"
},
{
"name": "SHARED_SECRET",
"value": "UYgnt8bxxK5G2sFaNzyqi5Z+OgF8m2akNc0xdQx718w="
},
{
"name": "SIGNING_KEY",
"value": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBSR1d3TGg3NW5OWG5razM3ekRmTjhvbkx3ZkNpYUxQVEQrbmM4THg1aGNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa3BCa08wVEttaDRKZFFmTE9lZU1kNTNLbmdhMVdkUVhyNUZjZXBrK2RMVktkVkt4WENHcQpoMW9qdWh1VzExR0lvT3pTOUdvU0tsTlZTUkZXVkVXRHZ3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
},
{
"name": "SIGNING_KEY_ALGORITHM",
"value": "ES256"
}
],
"image": "pomerium/pomerium:${POMERIUM_TAG:-master}",
"imagePullPolicy": "IfNotPresent",
"name": "pomerium",
"ports": [
{
"containerPort": 80,
"name": "http"
},
{
"containerPort": 443,
"name": "https"
},
{
"containerPort": 5443,
"name": "grpc"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/pomerium
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "redis",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "redis"
}
},
"template": {
"metadata": {
"labels": {
"app": "redis"
}
},
"spec": {
"containers": [
{
"image": "redis:6.2.5-alpine",
"name": "redis",
"ports": [
{
"containerPort": 6379,
"name": "tcp"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/redis
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "trusted-1-httpdetails",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "trusted-1-httpdetails"
}
},
"template": {
"metadata": {
"labels": {
"app": "trusted-1-httpdetails"
}
},
"spec": {
"containers": [
{
"args": [
"sh",
"-c",
"cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n"
],
"image": "mendhak/http-https-echo:19",
"name": "trusted-1-httpdetails",
"ports": [
{
"containerPort": 8080,
"name": "http"
},
{
"containerPort": 8443,
"name": "https"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/trusted-1-httpdetails
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "trusted-2-httpdetails",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "trusted-2-httpdetails"
}
},
"template": {
"metadata": {
"labels": {
"app": "trusted-2-httpdetails"
}
},
"spec": {
"containers": [
{
"args": [
"sh",
"-c",
"cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n"
],
"image": "mendhak/http-https-echo:19",
"name": "trusted-2-httpdetails",
"ports": [
{
"containerPort": 8080,
"name": "http"
},
{
"containerPort": 8443,
"name": "https"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/trusted-2-httpdetails
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "trusted-3-httpdetails",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "trusted-3-httpdetails"
}
},
"template": {
"metadata": {
"labels": {
"app": "trusted-3-httpdetails"
}
},
"spec": {
"containers": [
{
"args": [
"sh",
"-c",
"cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n"
],
"image": "mendhak/http-https-echo:19",
"name": "trusted-3-httpdetails",
"ports": [
{
"containerPort": 8080,
"name": "http"
},
{
"containerPort": 8443,
"name": "https"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/trusted-3-httpdetails
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "trusted-httpdetails",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "trusted-httpdetails"
}
},
"template": {
"metadata": {
"labels": {
"app": "trusted-httpdetails"
}
},
"spec": {
"containers": [
{
"args": [
"sh",
"-c",
"cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKNaEqCmmZfhmcYgZy01WCswDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTAx\nNzMyMTBaFw0yMzExMTAxODMyMTBaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8\nHLBAIzXkPeegldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPD\nyVhDT0QlI/O/EKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+Vv\nWyl+FoPDV/vsZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9t\njObsaQgJ5LLxCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEq\nbZUDG+ZioArPmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd\n9r6rOBxpxwnTDvHkBn6vAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAufQAF79s7c1gmZ9CIKBSGkHh+SH01CuKYnnHiMowHsTioFaUAQsd/P4X\nc2XBqc34eT3mCvpgZjHbjz6JlnTYJxuLvVqnVB3emtWrb1cQvh8BphxspTlS8uiE\nAEf/ngtpzfA/f4lpGkzrQ0cyPkEJGz511q97itzn9RZZzVTZxNVFSP2vVhNNQVsW\nOxakcvYRgnz8AOQS3OPHj2FQc3iibshct5leIwYZFcxINGHR6KL6+/LSePNCEMmK\nqymVPkQGsIcU6GQ9fxaSu4mp+IUALProizEVI8SVk5nOm3HIez+ZfXhzfnGx06SI\n6NuoQQPqUBeZeXn2YFYhipeRdrQxvA36/YXa/AkXCeU0pXxbtXKcvatfri5KnYJD\nkH59a+aFkTsl41tfI2cnRYVddqXVl3OzLbcgAFLn1WeC1xx3xRXi7KldokOlvgv+\nB6naWfCxRlWZ/lsmHae4kc1WH4Kc7nK+ITb40EkjV68/A7krZsN1VcqNtpomYkgE\nxjUE8XUu\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8HLBAIzXkPeeg\nldUfRKK2jQxSVZD5g+qsjAzpmrq/AtmweK1cGcOtZ6eOL+p8brPDyVhDT0QlI/O/\nEKgCOFFxUDqoR82iY06SacAjHni6+PO9tVRbFV0w14BDAJSpB+VvWyl+FoPDV/vs\nZ31FtYw+EwqkbDx/kaT9uzf+LJdlkf14nQQj8Eky/8d3mWJbb/9tjObsaQgJ5LLx\nCYdImkr77X2LMuDw/1tpH642GE25Nrgm6QHlyKSfYXo38v83ebEqbZUDG+ZioArP\nmqmkawUWw3ekhj80SJg/TK9PRaN/VvcI1PgAd7LZztUReSmTy5hd9r6rOBxpxwnT\nDvHkBn6vAgMBAAECggEAB28i0AYUNSb1JnWFbKzruUctu3tCNXovJg6K3BiPVMkq\nDT1XrJIgF5RHHOlr3OsLE6u7Xz2ctdML6PshiKTtIwtGpivgRpCiJEslmr2zi8AW\n8eJeqRLZEfsSSJOXTG7RdGsn4qHFJ00s2ZTlcIHSPwnFm+XjJi99U8G4XsUoXo0r\nGy+0VCuU7M8gICEHHsrQO9XDD3nT2jiu5TjrKwjut3EmoJssI5bqx33+OBu5BpCP\nCT473D43P9p3qi/XnfvqGSG2Oj4OajV4fr0o9B3KvIxkMem7WlI3jyy1kApyXqVT\nbLkLFyWBNTWUZ2R/2wxmuoC6mLZw879MLCKMvk1doQKBgQDhmwGafJNymTiEQZRI\nSsQx4seqfOKfgFC7ohqH9cROOu8IJ1o7q2pM2W4XiV+S3wTdPGmca6IOjX23isVB\n2uqNi9S4MnI2/d22Gd/BR9rvBw1eGJoKbrWx22fE8QCEWT1AnO+DuD0jC85yRls7\naxzlaMrxEu3LI9UE7NtrdQiByQKBgQDVdI6ceIVBT6RgvVGt8zkLjPIFjhQEHAIp\nuhirgqpS6CX9Blyf2+o40zmfj3he5rCcEoB5MseM+DgFbcVh2e/MVnYiNNw6JCDB\nBQkF408pZpSeKXvL/oyV/kImMTJ/tUDY0EXxMwSPJB0WltbWreVIHopigXRCbaey\nuBHVBv/4twKBgHwHuePy5SU1s2qSmzD7Wc2LPfYu3nCOHNRrFGb26MuRfuReri7r\n2G8TgoESFycp0QTIN8+1JM0XYKxNcJD6B8V1wKbbpQsymneI1gjutiB/Igw/PkDK\nCL4VP4F4da5NWW1yWgNygLoJvZ/5qiKKisJc0GWk4HKz6mLgzOjQ2LJxAoGBALHZ\nfN2YeYbyYcaM11p1VilulVTVjY3i/FZiDR4SL/IGJWjN/Szg4iXYsKFmu+dulOZl\ncBALpEKrqpmzXYtrN6bsv18+5eO3qGbK2DrEq3eWVev2KoTMobxz7g++XBIWJmLA\nHhaa6IiPkYD5yyVyHKDbeXgb3o9eqCR7w7fYLjy/AoGAI4D+MFkivwUF7hqf5edS\nKrltwmodHiqXNbVkwbW1AFPJbiYai4YFfK4IAbif/Ymxf9G78aOkr9ZpCIzOkDPZ\nYpEwQGWsAhElCFvc8E/5dHESSp+tWtP+NluimpFqiDg3/SUnMwO2xH0nhLa0zejh\ngmLh4w/CcPyb9ZyXceWU/nU=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n"
],
"image": "mendhak/http-https-echo:19",
"name": "trusted-httpdetails",
"ports": [
{
"containerPort": 8080,
"name": "http"
},
{
"containerPort": 8443,
"name": "https"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/trusted-httpdetails
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "untrusted-httpdetails",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "untrusted-httpdetails"
}
},
"template": {
"metadata": {
"labels": {
"app": "untrusted-httpdetails"
}
},
"spec": {
"containers": [
{
"args": [
"sh",
"-c",
"cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEUjCCArqgAwIBAgIRAKKYU7PSAFxZbhuLUlbv3iAwDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU2MTFaFw0yMzExMTEyMjU2MTFaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg\nVDM59lGzCRjdUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHG\noryKGDOkRV1SDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2v\nJX4qTwgrqQtLOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqP\nqpc6AEFuklmoBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPw\nve8VoGIlx4uvHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxG\nmgByfa2rxbNg15PFwF+ZAgMBAAGjbDBqMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBS3GPBKDaHzHK68c8sSJ91umTjFVzAi\nBgNVHREEGzAZghcqLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG9w0BAQsF\nAAOCAYEAizMhh+VYIMp07wGn7+rzAE/651yiMC6kZHIOMHilvimyYvCf+Yc0MrcD\nmVQgqlUpkn/f2SOFsBQonjAACkWlSHah9KStL0iTvOIH+oGLnv3Y9wrKvwJol3KR\nc/+mO9R9TS71DoX+rTGRY3BNldpMBZF7HsYt/bg0RSpF0zkZarW+PEMmPw6IgIaD\nRPGpOiQOqIxQn4d6MyiNGS0QmDeGSZvsC07ZcZ+JxsYi4S+yN6GXt11pstiRXjDv\nzrO3s8TnVsBux7VDdIYfzMxqz+874MbsUUlb4txr3V48UDRLm7VDQ2/F+o0+Y5wt\nXAnXTn/6GFpjJvPGr0A1QLOvnhR0DZ4Fl97athu44pqeQywDU5LPP3HqrWRXLy3j\nBPBC4waHayL9Hnh4zQUe/h6hwC5Nxl/gqfB3Aaqr5PWX6rMFss8AYpB81ci+UJdm\nKSIn/pMoK6TWkCveoQRQOZD8wfwPF4cUUmWcLFwSveZSiniFrAXQqZbO1k6RDhQf\nhavcwKlK\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgVDM59lGzCRjd\nUQCyzokqC4sEr7Ln2FpXfHjMWPuNK5vQYccTxto3JlAVXl+oOLHGoryKGDOkRV1S\nDb3zAxYQNDuYUnraiVgLPrM9NFpHSk/IlACQjRlFRYG0Go3PDR2vJX4qTwgrqQtL\nOJ5tHnqrt6idtvNp1ISYOIscXf/WIAhh+IuOvas4eie7GETX4eqPqpc6AEFuklmo\nBHBfMCrGg89WBUTWCZYrHE9BYDL0LG/VwLYn2tDKBrS9iZIlTqPwve8VoGIlx4uv\nHTdzaVStcRKOXCsbSwXRdt0842d4C1nohQkRHqHoBjQzrJiWJzxGmgByfa2rxbNg\n15PFwF+ZAgMBAAECggEADTzGefunZTPUFLnSZ/D7jDglwz5KdC/9zYleY+jY5B/8\nnmjkSfK6I6GLLSh8l2QO8YqQLIqxANglS1gNHdpcYPwfC4WL1S1P0qXboKsI5Sfy\njGoD3et4caq6ecdTfAvmLobW8uFRmGE9qHlFQ1cn47OnPVZUpKFCTVslyTLNo70h\n28gx/lnpgkbeWotJ5GygE/H0jKJlG8/V3+Ppfuq6wypA5ELcGUeMAwmCfUNNlDy3\nBhXSa6STgL26ar70KZIjTp9B97hIfDWObxgjzMX2JoiWXziszvbfaknfBsmfTm45\noUZYO0DuvLdLpxic0GZQwZCT6GzuexxJ9zR/pdahrQKBgQDEiwc0e+M1KaOoIIcw\nV7pxoGjvd+CC5whS00jSf/rXPSPFxat9Ml5serOzLdRLM/NQ5wB9S7TYc6PJi3Mb\n8pmbGadIXiGIJY8vX79P/velHT4csgULJAKJF9U65knhaidPPPmXloHOhRWrE8Zq\nmexVgJZrHLI8197qmi+ctT5rEwKBgQDQ1J84AwI1hEsXHxoSetSznt+ae7pSUb/J\nbyqK9KEp0DLyf8GcS7vxyYGQo0mJDlHaJt56LKv+zdX4wGG85ztbOFVPee6XLKSs\nI+h7rzc2hKrl+SaI91h1234WsTeJvfUSHyBy9vAwLhd0hplNrt7Tql5Z0VTWHmFE\n2XbEwcTUIwKBgQDBpioHMDmBW/F/6ezJWOa+pco+h+KRl4i/8qVBog9Im1jvt/9r\nb4FRaOQ9mt4c6qbGA5Sb30fkLKwoHFniI3ntM616xCRNvJQDnVcmPpVJ/jIAm/YU\nL/q/kNfrHJOWobzxeaaCESz8imv7D5Tj25zb8cJC7xc+k4Nzq09WG83QOQKBgG28\nLOZ7/j8tA2BlAYhQb1Dr3UgKWEBFoOgyuEJIhh+4vezb4VtGGL7XSnQ8ubmBgtWF\ns0a0DrVYaGXMgg+H2pL2qS2YPx3FYcrrG5FS40qMsFkkcXFruFpGOp2mBi8lWJBr\nNtvykwheUAj1ab1+dKz5S5ca/t99G1PYiiaeQ9XNAoGAVXk4HvdUc5q+BNiYvKUS\nM2/TDU3cYY72mPCEw7G6Kpn6zMaakQcA1+Z8LkYcLaQKRD/66n99WWT+BcY+QXtC\n0ZPHjeepDL8q+yXRY8zlcgAukg18Ta5yD1J1014y8UIV+HY8ongTni1sI8N+vKd4\n+TF2C2Cynf5vQr5man7ShPw=\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n"
],
"image": "mendhak/http-https-echo:19",
"name": "untrusted-httpdetails",
"ports": [
{
"containerPort": 8080,
"name": "http"
},
{
"containerPort": 8443,
"name": "https"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/untrusted-httpdetails
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "verify",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "verify"
}
},
"template": {
"metadata": {
"labels": {
"app": "verify"
}
},
"spec": {
"containers": [
{
"image": "pomerium/verify:${VERIFY_TAG:-latest}",
"name": "verify",
"ports": [
{
"containerPort": 80,
"name": "http"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/verify
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "websocket-echo",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "websocket-echo"
}
},
"template": {
"metadata": {
"labels": {
"app": "websocket-echo"
}
},
"spec": {
"containers": [
{
"args": [
"--port",
"80",
"tee"
],
"image": "pvtmert/websocketd:latest",
"name": "websocket-echo",
"ports": [
{
"containerPort": 80,
"name": "http"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/websocket-echo
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "apps/v1",
"kind": "Deployment",
"metadata": {
"name": "wrongly-named-httpdetails",
"namespace": "default"
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "wrongly-named-httpdetails"
}
},
"template": {
"metadata": {
"labels": {
"app": "wrongly-named-httpdetails"
}
},
"spec": {
"containers": [
{
"args": [
"sh",
"-c",
"cat <<-END_OF_HTTPDETAILS | tee /app/fullchain.pem\n-----BEGIN CERTIFICATE-----\nMIIEWDCCAsCgAwIBAgIRAK1MkqoHP+DPILewhMcnnu4wDQYJKoZIhvcNAQELBQAw\ngYMxHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEsMCoGA1UECwwjY2Fs\nZWJAY2FsZWItcGMtbGludXggKENhbGViIERveHNleSkxMzAxBgNVBAMMKm1rY2Vy\ndCBjYWxlYkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTAeFw0yMTA4MTEy\nMTU0MzRaFw0yMzExMTEyMjU0MzRaMFcxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9w\nbWVudCBjZXJ0aWZpY2F0ZTEsMCoGA1UECwwjY2FsZWJAY2FsZWItcGMtbGludXgg\nKENhbGViIERveHNleSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV\nDWPhOpNWAYNTQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM\n3cvyRs40dygZeogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV\n6ttf6y0+4Nq1hRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3E\nlxIYQsCr85FyW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC\n8X2vHBBIbnZipb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3\nOIkJji4rpJqxG1Z7MvPzAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE\nDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSFhlhYgEfKTplVOeneVG3+3IE/TTAo\nBgNVHREEITAfgh1pbnZhbGlkLmxvY2FsaG9zdC5wb21lcml1bS5pbzANBgkqhkiG\n9w0BAQsFAAOCAYEABsSByXWA7e8hpKWZK4APWzkvDwiTGrDDE7k0hueJksTZ5Nqw\nfRdGoUpweWIYzAv1etPAr+B2gsZM/jVRidaGDI1tKPytZ3pP6mQ52CVXkeJQytPr\nrNDnP3Lbpbs8PHoHw3PVxIyRps1ZbZkgbUsXrSvpp/l+ZObbGQjr3Fdx5oXI6a1V\nNNC39LkPhjTKtcG+H8dO5GRuDb/9PrzrnDwnl6CoORbEjTKRIFuA+vkFBRjyuccr\nGQiMNmMxy5CMOsK+Od4+8qhv2ZgnREHyBnjFFhgVLFJ2PwUxk3N4GIzCC8tsD+vb\n+YJgCS7n6JmcB9SFeyRy+qpolnfEaMvRwnJl6Evj17VCBy7x0gEO6B4lILPpziN8\nVVhSuRsC0V8aXJJx89mwrg9pzN9w771rFVOCrAEdZei34/yfo8VyBbIR1gUxkRNJ\ncrTI9pT0PK+9OWQ57HtnGmFsPtWT8r7P8xukAPy50wSLF3InjEo8VR2df+V7DVVU\naTjNbuaG1NLNyWLH\n-----END CERTIFICATE-----\n\nEND_OF_HTTPDETAILS\ncat <<-END_OF_HTTPDETAILS | tee /app/privkey.pem\n-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVDWPhOpNWAYNT\nQZ4BR5ZU13HqRg/6B49duFcHPY+hkbQPSZdN+GZjCeRVIK8iAkgM3cvyRs40dygZ\neogu9LYo6AN/h6cVCF9ENg5jo7/PjK5/6aIf8/Ss22tCuhUL7UHV6ttf6y0+4Nq1\nhRQcbyIPij89nmO+mT4Fhs9gNSsj2y0gQQWqN2lGhhBnnaCUxh3ElxIYQsCr85Fy\nW8wWtPxn6mdFHc/iSUh0edeiExWsbPTdfEAj93J5bidXAi27uxTC8X2vHBBIbnZi\npb9zmZxBjDjslEnN4vVc9weW5N3nKcu+7QXJdiHFP32YSET2Opu3OIkJji4rpJqx\nG1Z7MvPzAgMBAAECggEBAM3XhRO7+1QSXCaZdCZ6WuWXzojxrkf8++gpzXPCZ75L\nvvMyP8xmXc38Za5VyL+MAr7joENxY5NPON/9AgyUBFdbat3RW323vAt0Ssy8Dfti\nScpuGWTT2CcWS/iJPwJp9bzPj6qJ1wo0Rzsv23FpcjgfcuB+4pHpDwJZ8IxcclTN\njv5XdmanN0Ai2ONDkIHQyvMTsYAX99OK7nXIs3OW7s4wsm8Wg+loCqTvojTzWuwE\nTZNFonHAZ81jkrYfNjz+sM/tPuOYD+vWQ89+1IeQKFw1U0iBpF1VvhA7UeQZMeI8\nS1NpDQTQW0kxmUAlLj7ldnIvknT/x0lKzoafVpk47/kCgYEA+SxnMLHe3Wxb4Kkf\n7Gwktbth/wlWzUWzQ7c0TdhfEDjcRB7SeGIjrL4/HPyXEsCcGIj84TEob1EA0KVP\nl6Jeqh5t/sr9da+uLFf6H41yZUaTccoyclnjHsqT+WLTtiTKqf7cXACg5NKbJwUT\nldCEu+4Ovur+8Ax6s/mGWNEzar0CgYEA2uOmD+SCIhj16P+3GnpZ0UzyDhUKedTy\nLisZznroF6RI3BHzNT+YotHORDMiJtmX0slFcInAWaB3htLPbHmvredjlsH35eHW\nB6wkWmbniJEovPysWdg7xjrj8DoL2dcm6liM1KpSo9k6XWJu36//xF4RTnL8JPEH\nRPuBWmBXHG8CgYBjJy886lr0I61//eztKK+G/bTmRvIapzTJqnqOy54wl1/XX6iD\nLRJjKCV3RHBdjvXOsZxnhCdB/KrlXBMLFRq0eX1t2Zr4nNsjXDL1IVU3Rdlge4SN\nioVdeGFf6Nq0bXmUIg3QMpPT2pbQ9S0w/ZQEMJv/jwW5wk2FlrLGXyElxQKBgQC3\nskUzITp1Ey2NFM290uB93m1llBLum9+DD3jg6BTPgngC+K17Cpw2SI0qfx8yK3pW\n08MK5xAeJ6Un6NNa3eSptX7GjpJUwmq0lasMkz/MRMZDlGmwHOBNRC729D/t2bo3\nAYlvEGG6UBvDM1CJOVMUoT008Rrahczr/4ZXKnLw0QKBgExc+SXb5IRJIMHEQLkg\nE7va23sR7x4j75mK6HnSwAM3jKx4GDgpkY1EO+rh+99mq/bIouL8ob/PG7A5RtKp\n+Sgpqk5N6NpSFMaubsu1EQhqT5pmy0dN5KXecR4s1IylPvth/h3tdXPKGcLMD2M2\nEN59YIA1o4qWjJsfEiuQ6x7M\n-----END PRIVATE KEY-----\n\nEND_OF_HTTPDETAILS\nnode ./index.js\n"
],
"image": "mendhak/http-https-echo:19",
"name": "wrongly-named-httpdetails",
"ports": [
{
"containerPort": 8080,
"name": "http"
},
{
"containerPort": 8443,
"name": "https"
}
]
}
]
}
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
kubectl wait --for=condition=available deployment/wrongly-named-httpdetails
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "mock-idp"
},
"name": "mock-idp",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8024,
"targetPort": "http"
}
],
"selector": {
"app": "mock-idp"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "pomerium"
},
"name": "pomerium",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"nodePort": 80,
"port": 80,
"targetPort": "http"
},
{
"name": "https",
"nodePort": 443,
"port": 443,
"targetPort": "https"
},
{
"name": "grpc",
"nodePort": 5443,
"port": 5443,
"targetPort": "grpc"
}
],
"selector": {
"app": "pomerium"
},
"type": "NodePort"
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "redis"
},
"name": "redis",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "tcp",
"port": 6379,
"targetPort": "tcp"
}
],
"selector": {
"app": "redis"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "trusted-1-httpdetails"
},
"name": "trusted-1-httpdetails",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8080,
"targetPort": "http"
},
{
"name": "https",
"port": 8443,
"targetPort": "https"
}
],
"selector": {
"app": "trusted-1-httpdetails"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "trusted-2-httpdetails"
},
"name": "trusted-2-httpdetails",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8080,
"targetPort": "http"
},
{
"name": "https",
"port": 8443,
"targetPort": "https"
}
],
"selector": {
"app": "trusted-2-httpdetails"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "trusted-3-httpdetails"
},
"name": "trusted-3-httpdetails",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8080,
"targetPort": "http"
},
{
"name": "https",
"port": 8443,
"targetPort": "https"
}
],
"selector": {
"app": "trusted-3-httpdetails"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "trusted-httpdetails"
},
"name": "trusted-httpdetails",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8080,
"targetPort": "http"
},
{
"name": "https",
"port": 8443,
"targetPort": "https"
}
],
"selector": {
"app": "trusted-httpdetails"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "untrusted-httpdetails"
},
"name": "untrusted-httpdetails",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8080,
"targetPort": "http"
},
{
"name": "https",
"port": 8443,
"targetPort": "https"
}
],
"selector": {
"app": "untrusted-httpdetails"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "verify"
},
"name": "verify",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 80,
"targetPort": "http"
}
],
"selector": {
"app": "verify"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "websocket-echo"
},
"name": "websocket-echo",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 80,
"targetPort": "http"
}
],
"selector": {
"app": "websocket-echo"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
cat <<-END_OF_MANIFEST | tee /tmp/manifest.json
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"labels": {
"app": "wrongly-named-httpdetails"
},
"name": "wrongly-named-httpdetails",
"namespace": "default"
},
"spec": {
"ports": [
{
"name": "http",
"port": 8080,
"targetPort": "http"
},
{
"name": "https",
"port": 8443,
"targetPort": "https"
}
],
"selector": {
"app": "wrongly-named-httpdetails"
}
}
}
END_OF_MANIFEST
kubectl apply -f /tmp/manifest.json
sleep 30
image: rancher/k3s:${K3S_TAG:-latest}
networks:
main:
aliases:
- k3s-init
volumes:
- k3s-tmp:/k3s-tmp
k3s-ready:
command:
- sh
- -c
- exit 0
depends_on:
k3s-init:
condition: service_completed_successfully
image: busybox:latest
networks:
main:
aliases:
- k3s-ready
k3s-server:
entrypoint:
- sh
- -c
- |
set -x
# the dev image is only available locally, so load it first
if [ "${POMERIUM_TAG:-master}" = "dev" ]; then
sh -c '
while true ; do
ctr --connect-timeout=1s --timeout=60s images import /k3s-tmp/pomerium-dev.tar && break
sleep 1
done
' &
fi
k3s "$$@"
- k3s
- server
- --disable
- traefik
- --disable
- metrics-server
- --kube-apiserver-arg
- service-node-port-range=1-65535
environment:
K3S_KUBECONFIG_MODE: "666"
K3S_KUBECONFIG_OUTPUT: /k3s-tmp/kubeconfig.yaml
K3S_TOKEN: TOKEN
healthcheck:
test:
- CMD
- kubectl
- cluster-info
image: rancher/k3s:${K3S_TAG:-latest}
networks:
main:
aliases:
- k3s-server
ports:
- 6443:6443/tcp
- 5443:5443/tcp
- 443:443/tcp
- 80:80/tcp
privileged: true
restart: always
tmpfs:
- /run
- /var/run
ulimits:
nofile:
hard: 65535
soft: 65535
nproc: 65535
volumes:
- k3s-tmp:/k3s-tmp
volumes:
k3s-tmp:
driver_opts:
device: /tmp
o: bind
type: none
Reference in a new issue View git blame Copy permalink