Skip to content
This repository was archived by the owner on Oct 11, 2024. It is now read-only.

Simplify, cleanup and update docker files #763

Merged
gdbelvin merged 5 commits into from
Aug 18, 2017
Merged

Simplify, cleanup and update docker files #763

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8ad3e6d
WIP: simplify and update docker files
liamsi Aug 17, 2017
ca7afb1
Everything works as expected
liamsi Aug 17, 2017
8cf4e17
Add entrypoint to Dockerfiles, update kube config, rename key/cert
liamsi Aug 18, 2017
a159173
Merge remote-tracking branch 'origin/master' into docker_update
liamsi Aug 18, 2017
26a5a8b
remove log-key from kube config
liamsi Aug 18, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 4 additions & 34 deletions cmd/keytransparency-server/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,44 +1,14 @@
FROM golang

ENV DB_USER=test \
DB_PASSWORD=zaphod \
DB_DATABASE=test \
DB_HOST=db:3306

ENV HOST=0.0.0.0 \
RPC_PORT=8080

# TLS Certificate needs 0.0.0.0 to be in the SAN IP field.
ENV VRF_PRIV=keytransparency/genfiles/vrf-key.pem \
TLS_KEY_PATH=keytransparency/genfiles/server.key \
TLS_CRT_PATH=keytransparency/genfiles/server.crt

ENV MAP_ID=0 \
MAP_URL=""
ENV LOG_ID=0 \
LOG_URL=localhost:8090

ENV VERBOSITY=1

ADD keytransparency/genfiles/* /kt/
ADD ./keytransparency /go/src/github.com/google/keytransparency
ADD ./trillian /go/src/github.com/google/trillian
WORKDIR /go/src/github.com/google/keytransparency

RUN apt-get update && apt-get install -y libtool libltdl-dev
RUN go get -tags="mysql" ./cmd/keytransparency-server

ENTRYPOINT /go/bin/keytransparency-server \
Copy link
Contributor

@gdbelvin gdbelvin Aug 18, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to set an entry point. Otherwise, it's not possible to add additional arguments via the docker command line.

Copy link
Contributor Author

@liamsi liamsi Aug 18, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker-compose and kubernetes work though. I'll add an ENTRYPOINT in case someone wants to use the images with any these. Thanks

--addr="$HOST:$RPC_PORT" \
--db="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \
--vrf="$VRF_PRIV" \
--key="$TLS_KEY_PATH" --cert="$TLS_CRT_PATH" \
--log-id="$LOG_ID" --log-url="$LOG_URL" \
--map-id="$MAP_ID" --map-url="$MAP_URL" \
--alsologtostderr \
--v=${VERBOSITY}

EXPOSE $RPC_PORT
# Specify mandatory flags via the docker command-line or using docker-compose.
# See the README.md file on how to use docker-compose.
ENTRYPOINT ["/go/bin/keytransparency-server"]

HEALTHCHECK --interval=5m --timeout=3s \
CMD curl -f http://localhost:$RPC_PORT/debug/vars || exit 1
EXPOSE 8080
6 changes: 3 additions & 3 deletions cmd/keytransparency-server/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@ import (
var (
addr = flag.String("addr", ":8080", "The ip:port combination to listen on")
metricsAddr = flag.String("metrics-addr", ":8081", "The ip:port to publish metrics on")
serverDBPath = flag.String("db", "db", "Database connection string")
serverDBPath = flag.String("db", "test:zaphod@tcp(localhost:3306)/test", "Database connection string")
vrfPath = flag.String("vrf", "genfiles/vrf-key.pem", "Path to VRF private key")
keyFile = flag.String("key", "genfiles/server.key", "TLS private key file")
certFile = flag.String("cert", "genfiles/server.crt", "TLS cert file")
keyFile = flag.String("tls-key", "genfiles/server.key", "TLS private key file")
certFile = flag.String("tls-cert", "genfiles/server.crt", "TLS cert file")
authType = flag.String("auth-type", "google", "Sets the type of authentication required from clients to update their entries. Accepted values are google (oauth tokens) and insecure-fake (for testing only).")

// Info to connect to sparse merkle tree database.
Expand Down
27 changes: 3 additions & 24 deletions cmd/keytransparency-signer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,32 +1,11 @@
FROM golang

ENV DB_USER=test \
DB_PASSWORD=zaphod \
DB_DATABASE=test \
DB_HOST=127.0.0.0:3306

ENV MAP_ID=0 \
MAP_URL=""
ENV LOG_ID=0 \
LOG_URL=localhost:8090 \
LOG_KEY=trillian/testdata/log-rpc-server.pubkey.pem

ENV MIN_SIGN_PERIOD=5s \
MAX_SIGN_PERIOD=24h

ENV VERBOSITY=0

ADD ./keytransparency /go/src/github.com/google/keytransparency
ADD ./trillian /go/src/github.com/google/trillian
WORKDIR /go/src/github.com/google/keytransparency

RUN apt-get update && apt-get install -y libtool libltdl-dev
RUN go get -tags="mysql" ./cmd/keytransparency-signer

ENTRYPOINT /go/bin/keytransparency-signer \
--db="${DB_USER}:${DB_PASSWORD}@tcp(${DB_HOST})/${DB_DATABASE}" \
--min-period="$MIN_SIGN_PERIOD" --max-period="$MAX_SIGN_PERIOD" \
--log-id="$LOG_ID" --log-url="$LOG_URL" \
--map-id="$MAP_ID" --map-url="$MAP_URL" \
--alsologtostderr --v=${VERBOSITY}

# Specify mandatory flags via the docker command-line or using docker-compose.
# See the README.md file on how to use docker-compose.
ENTRYPOINT ["/go/bin/keytransparency-signer"]
66 changes: 20 additions & 46 deletions deploy/kubernetes/keytransparency-deployment.yml.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,29 +28,17 @@ spec:
name: json-grpc
- containerPort: 8081
name: metrics
env:
- name: LOG_URL
value: trillian-log:8090
- name: LOG_ID
value: "${LOG_ID}"
- name: MAP_URL
value: trillian-map:8090
- name: MAP_ID
value: "${MAP_ID}"
- name: MYSQL_USER
value: test
- name: MYSQL_DATABASE
value: test
- name: MYSQL_PASSWORD
value: zaphod
- name: DB_HOST
value: mysql:3306
- name: TLS_KEY_PATH
value: /kt-secrets/server.key
- name: TLS_CRT_PATH
value: /kt-secrets/server.crt
- name: VRF_PRIV
value: /kt-secrets/vrf-key.pem
args: ["--addr=0.0.0.0.:8080",
"--db=test:zaphod@tcp(mysql:3306)/test",
"--log-id=$LOG_ID",
"--log-url=trillian-log:8090",
"--map-id=$MAP_ID",
"--map-url=trillian-map:8090",
"--vrf=/kt-secrets/vrf-key.pem",
"--tls-key=/kt-secrets/server.key",
"--tls-cert=/kt-secrets/server.crt",
"--alsologtostderr",
"--v=5"]
initContainers:
- name: init-trillian-map
image: radial/busyboxplus
Expand Down Expand Up @@ -107,29 +95,15 @@ spec:
ports:
- containerPort: 8080
name: json-grpc
env:
- name: LOG_URL
value: trillian-log:8090
- name: LOG_ID
value: "${LOG_ID}"
- name: MAP_URL
value: trillian-map:8090
- name: MAP_ID
value: "${MAP_ID}"
- name: MIN_SIGN_PERIOD
value: 5s
- name: MAX_SIGN_PERIOD
value: 12h
- name: MYSQL_USER
value: test
- name: MYSQL_DATABASE
value: test
- name: MYSQL_PASSWORD
value: zaphod
- name: DB_HOST
value: mysql:3306
- name: LOG_KEY
value: /kt/trillian-log.pem
args: ["--db=test:zaphod@tcp(mysql:3306)/test",
"--log-id=$LOG_ID",
"--log-url=trillian-log:8090",
"--map-id=$MAP_ID",
"--map-url=trillian-map:8090",
"--min-period=5s",
"--max-period=12h",
"--alsologtostderr",
"--v=5"]
---
apiVersion: v1
kind: Service
Expand Down
55 changes: 29 additions & 26 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,20 +109,24 @@ services:
ports:
- "8080:8080" # json & grpc
- "8081:8081" # metrics
environment:
LOG_ID: ${LOG_ID} # Update with trillian admin CLI.
LOG_URL: trillian-log:8090
MAP_ID: ${MAP_ID} # Update with trillian admin CLI.
MAP_URL: trillian-map:8090
DB_HOST: db:3306
DB_DATABASE: test
DB_USER: test
DB_PASSWORD: zaphod
VRF_PRIV: /kt/vrf-key.pem
VRF_PUB: /kt/vrf-pubkey.pem
TLS_KEY_PATH: /kt/server.key
TLS_CRT_PATH: /kt/server.crt
VERBOSITY: 5
entrypoint:
- /go/bin/keytransparency-server
- --addr=0.0.0.0.:8080
- --db=test:zaphod@tcp(db:3306)/test
- --log-id=$LOG_ID
- --log-url=trillian-log:8090
- --map-id=$MAP_ID
- --map-url=trillian-map:8090
- --vrf=/kt/vrf-key.pem
- --tls-key=/kt/server.key
- --tls-cert=/kt/server.crt
- --alsologtostderr
- --v=5
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/debug/var"]
interval: 30s
timeout: 10s
retries: 5

kt-signer:
depends_on:
Expand All @@ -134,15 +138,14 @@ services:
dockerfile: ./keytransparency/cmd/keytransparency-signer/Dockerfile
image: us.gcr.io/key-transparency/keytransparency-signer
restart: always
environment:
LOG_ID: ${LOG_ID} # Update with trillian admin CLI.
LOG_URL: trillian-log:8090
MAP_ID: ${MAP_ID} # Update with trillian admin CLI.
MAP_URL: trillian-map:8090
DB_HOST: db:3306
DB_DATABASE: test
DB_USER: test
DB_PASSWORD: zaphod
MIN_SIGN_PERIOD: 5s
MAX_SIGN_PERIOD: 5m
VERBOSITY: 5
entrypoint:
- /go/bin/keytransparency-signer
- --db=test:zaphod@tcp(db:3306)/test
- --log-id=$LOG_ID
- --log-url=trillian-log:8090
- --map-id=$MAP_ID
- --map-url=trillian-map:8090
- --min-period=5s
- --max-period=5m
- --alsologtostderr
- --v=5