diff --git a/cmd/keytransparency-server/Dockerfile b/cmd/keytransparency-server/Dockerfile index d8ce444ba..4c476ce47 100644 --- a/cmd/keytransparency-server/Dockerfile +++ b/cmd/keytransparency-server/Dockerfile @@ -1,44 +1,14 @@ FROM golang -ENV DB_USER=test \ - DB_PASSWORD=zaphod \ - DB_DATABASE=test \ - DB_HOST=db:3306 - -ENV HOST=0.0.0.0 \ - RPC_PORT=8080 - -# TLS Certificate needs 0.0.0.0 to be in the SAN IP field. -ENV VRF_PRIV=keytransparency/genfiles/vrf-key.pem \ - TLS_KEY_PATH=keytransparency/genfiles/server.key \ - TLS_CRT_PATH=keytransparency/genfiles/server.crt - -ENV MAP_ID=0 \ - MAP_URL="" -ENV LOG_ID=0 \ - LOG_URL=localhost:8090 - -ENV VERBOSITY=1 - ADD keytransparency/genfiles/* /kt/ ADD ./keytransparency /go/src/github.com/google/keytransparency ADD ./trillian /go/src/github.com/google/trillian WORKDIR /go/src/github.com/google/keytransparency -RUN apt-get update && apt-get install -y libtool libltdl-dev RUN go get -tags="mysql" ./cmd/keytransparency-server -ENTRYPOINT /go/bin/keytransparency-server \ - --addr="$HOST:$RPC_PORT" \ - --db="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \ - --vrf="$VRF_PRIV" \ - --key="$TLS_KEY_PATH" --cert="$TLS_CRT_PATH" \ - --log-id="$LOG_ID" --log-url="$LOG_URL" \ - --map-id="$MAP_ID" --map-url="$MAP_URL" \ - --alsologtostderr \ - --v=${VERBOSITY} - -EXPOSE $RPC_PORT +# Specify mandatory flags via the docker command-line or using docker-compose. +# See the README.md file on how to use docker-compose. +ENTRYPOINT ["/go/bin/keytransparency-server"] -HEALTHCHECK --interval=5m --timeout=3s \ - CMD curl -f http://localhost:$RPC_PORT/debug/vars || exit 1 +EXPOSE 8080 \ No newline at end of file diff --git a/cmd/keytransparency-server/main.go b/cmd/keytransparency-server/main.go index cf0e52b1f..44e1e422b 100644 --- a/cmd/keytransparency-server/main.go +++ b/cmd/keytransparency-server/main.go @@ -54,10 +54,10 @@ import ( var ( addr = flag.String("addr", ":8080", "The ip:port combination to listen on") metricsAddr = flag.String("metrics-addr", ":8081", "The ip:port to publish metrics on") - serverDBPath = flag.String("db", "db", "Database connection string") + serverDBPath = flag.String("db", "test:zaphod@tcp(localhost:3306)/test", "Database connection string") vrfPath = flag.String("vrf", "genfiles/vrf-key.pem", "Path to VRF private key") - keyFile = flag.String("key", "genfiles/server.key", "TLS private key file") - certFile = flag.String("cert", "genfiles/server.crt", "TLS cert file") + keyFile = flag.String("tls-key", "genfiles/server.key", "TLS private key file") + certFile = flag.String("tls-cert", "genfiles/server.crt", "TLS cert file") authType = flag.String("auth-type", "google", "Sets the type of authentication required from clients to update their entries. Accepted values are google (oauth tokens) and insecure-fake (for testing only).") // Info to connect to sparse merkle tree database. diff --git a/cmd/keytransparency-signer/Dockerfile b/cmd/keytransparency-signer/Dockerfile index 760980fa6..5bd4c9991 100644 --- a/cmd/keytransparency-signer/Dockerfile +++ b/cmd/keytransparency-signer/Dockerfile @@ -1,32 +1,11 @@ FROM golang -ENV DB_USER=test \ - DB_PASSWORD=zaphod \ - DB_DATABASE=test \ - DB_HOST=127.0.0.0:3306 - -ENV MAP_ID=0 \ - MAP_URL="" -ENV LOG_ID=0 \ - LOG_URL=localhost:8090 \ - LOG_KEY=trillian/testdata/log-rpc-server.pubkey.pem - -ENV MIN_SIGN_PERIOD=5s \ - MAX_SIGN_PERIOD=24h - -ENV VERBOSITY=0 - ADD ./keytransparency /go/src/github.com/google/keytransparency ADD ./trillian /go/src/github.com/google/trillian WORKDIR /go/src/github.com/google/keytransparency -RUN apt-get update && apt-get install -y libtool libltdl-dev RUN go get -tags="mysql" ./cmd/keytransparency-signer -ENTRYPOINT /go/bin/keytransparency-signer \ - --db="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \ - --min-period="$MIN_SIGN_PERIOD" --max-period="$MAX_SIGN_PERIOD" \ - --log-id="$LOG_ID" --log-url="$LOG_URL" \ - --map-id="$MAP_ID" --map-url="$MAP_URL" \ - --alsologtostderr --v=${VERBOSITY} - +# Specify mandatory flags via the docker command-line or using docker-compose. +# See the README.md file on how to use docker-compose. +ENTRYPOINT ["/go/bin/keytransparency-signer"] \ No newline at end of file diff --git a/deploy/kubernetes/keytransparency-deployment.yml.tmpl b/deploy/kubernetes/keytransparency-deployment.yml.tmpl index 685e57ca0..02cee2e5f 100644 --- a/deploy/kubernetes/keytransparency-deployment.yml.tmpl +++ b/deploy/kubernetes/keytransparency-deployment.yml.tmpl @@ -28,29 +28,17 @@ spec: name: json-grpc - containerPort: 8081 name: metrics - env: - - name: LOG_URL - value: trillian-log:8090 - - name: LOG_ID - value: "${LOG_ID}" - - name: MAP_URL - value: trillian-map:8090 - - name: MAP_ID - value: "${MAP_ID}" - - name: MYSQL_USER - value: test - - name: MYSQL_DATABASE - value: test - - name: MYSQL_PASSWORD - value: zaphod - - name: DB_HOST - value: mysql:3306 - - name: TLS_KEY_PATH - value: /kt-secrets/server.key - - name: TLS_CRT_PATH - value: /kt-secrets/server.crt - - name: VRF_PRIV - value: /kt-secrets/vrf-key.pem + args: ["--addr=0.0.0.0.:8080", + "--db=test:zaphod@tcp(mysql:3306)/test", + "--log-id=$LOG_ID", + "--log-url=trillian-log:8090", + "--map-id=$MAP_ID", + "--map-url=trillian-map:8090", + "--vrf=/kt-secrets/vrf-key.pem", + "--tls-key=/kt-secrets/server.key", + "--tls-cert=/kt-secrets/server.crt", + "--alsologtostderr", + "--v=5"] initContainers: - name: init-trillian-map image: radial/busyboxplus @@ -107,29 +95,15 @@ spec: ports: - containerPort: 8080 name: json-grpc - env: - - name: LOG_URL - value: trillian-log:8090 - - name: LOG_ID - value: "${LOG_ID}" - - name: MAP_URL - value: trillian-map:8090 - - name: MAP_ID - value: "${MAP_ID}" - - name: MIN_SIGN_PERIOD - value: 5s - - name: MAX_SIGN_PERIOD - value: 12h - - name: MYSQL_USER - value: test - - name: MYSQL_DATABASE - value: test - - name: MYSQL_PASSWORD - value: zaphod - - name: DB_HOST - value: mysql:3306 - - name: LOG_KEY - value: /kt/trillian-log.pem + args: ["--db=test:zaphod@tcp(mysql:3306)/test", + "--log-id=$LOG_ID", + "--log-url=trillian-log:8090", + "--map-id=$MAP_ID", + "--map-url=trillian-map:8090", + "--min-period=5s", + "--max-period=12h", + "--alsologtostderr", + "--v=5"] --- apiVersion: v1 kind: Service diff --git a/docker-compose.yml b/docker-compose.yml index 8be70825a..24a0b942f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -109,20 +109,24 @@ services: ports: - "8080:8080" # json & grpc - "8081:8081" # metrics - environment: - LOG_ID: ${LOG_ID} # Update with trillian admin CLI. - LOG_URL: trillian-log:8090 - MAP_ID: ${MAP_ID} # Update with trillian admin CLI. - MAP_URL: trillian-map:8090 - DB_HOST: db:3306 - DB_DATABASE: test - DB_USER: test - DB_PASSWORD: zaphod - VRF_PRIV: /kt/vrf-key.pem - VRF_PUB: /kt/vrf-pubkey.pem - TLS_KEY_PATH: /kt/server.key - TLS_CRT_PATH: /kt/server.crt - VERBOSITY: 5 + entrypoint: + - /go/bin/keytransparency-server + - --addr=0.0.0.0.:8080 + - --db=test:zaphod@tcp(db:3306)/test + - --log-id=$LOG_ID + - --log-url=trillian-log:8090 + - --map-id=$MAP_ID + - --map-url=trillian-map:8090 + - --vrf=/kt/vrf-key.pem + - --tls-key=/kt/server.key + - --tls-cert=/kt/server.crt + - --alsologtostderr + - --v=5 + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/debug/var"] + interval: 30s + timeout: 10s + retries: 5 kt-signer: depends_on: @@ -134,15 +138,14 @@ services: dockerfile: ./keytransparency/cmd/keytransparency-signer/Dockerfile image: us.gcr.io/key-transparency/keytransparency-signer restart: always - environment: - LOG_ID: ${LOG_ID} # Update with trillian admin CLI. - LOG_URL: trillian-log:8090 - MAP_ID: ${MAP_ID} # Update with trillian admin CLI. - MAP_URL: trillian-map:8090 - DB_HOST: db:3306 - DB_DATABASE: test - DB_USER: test - DB_PASSWORD: zaphod - MIN_SIGN_PERIOD: 5s - MAX_SIGN_PERIOD: 5m - VERBOSITY: 5 + entrypoint: + - /go/bin/keytransparency-signer + - --db=test:zaphod@tcp(db:3306)/test + - --log-id=$LOG_ID + - --log-url=trillian-log:8090 + - --map-id=$MAP_ID + - --map-url=trillian-map:8090 + - --min-period=5s + - --max-period=5m + - --alsologtostderr + - --v=5