Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change 'user' to 'client' #292

Merged
merged 3 commits into from
Aug 3, 2023
Merged

Change 'user' to 'client' #292

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c6677f0
Change 'user' to 'client'
mrsabath Jul 19, 2023
089f27c
Merge branch 'v1.4' into naming-patch
mrsabath Jul 19, 2023
522c909
removed the old user files
mrsabath Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions examples/tls_mtls/CA-client/rootCA.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIUId/nR5BsUECclKD/hehrM9Wuc+0wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQKDApBY21lLCBJ
bmMuMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0yMzA2MTIxNjEwMzdaFw0zMzA2
MDkxNjEwMzdaMEUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTETMBEGA1UECgwK
QWNtZSwgSW5jLjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCX2rTixWBiB5155y+LUrKTkbabWj7gzJZ4aTcoMiEv
FzRKhnAoS195fz9P7qyMuLl0vv3BNWF4GaPPe69gMPqDlaTuvmysdduB7EJcYktC
bQbbjMPlRmXPz1JRhAHFG6ZDrneJL02srUX2VUg48uyksqULCijUDtEMkxol1Uib
j+a+AGbT6ca5jN04iLab3t0JFsq8GRFaysu0rM3ojB+etyG80/arB4IOqeUuzgBo
n6O3igH+TaJ22Jsutr5JG+6riQcy03x7e4Jw3m+5L3ofxnY/ka8mjaTxx+Pi6lPR
Ws1Zz0vOZalQEOsSxAMm6NQeAqOKCMP6mOPx7c1Ycb5wqSXdh68Gq+bHoocIjxjP
hlnk43z+QwEn3VYzWiWNu9SiyFF2BvyYl/u+dcBtxQc92oiwFe12gHIt7AdjF1M+
GUfPSScjICifmVdTpx09VfD6c7VXYEirm2Gj4uqOBDkbObUa4Qevhn4AhGEgxFdz
UfjmilRGmzcuqBNCZNp3xOhLgLEEga4/eZC6gDGaMHHae7beOmtwpUSKEYd0sn0w
a5dLAsb0cm4UPni48RL35NY5MOIvLEepz4HdrXxJUF9R2Yf9IP03e/6LFj+jkfVE
djmmwZE0oJAFIXD0/6C06eJluYYh3FO5/Z35YAgZY5ExmXReA6lNDNN+mMqv7Rbe
8QIDAQABo1MwUTAdBgNVHQ4EFgQUVSORpa6KXhklRqc3RLgu4feEnQowHwYDVR0j
BBgwFoAUVSORpa6KXhklRqc3RLgu4feEnQowDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEATnY0bl4AI32AeLTs7CvmdaGEa2Rwpbg8MujdLCsB33mE
HkWSuaZ3PkzXE15/OJHZgklPx0HxwbA0HPFuUFXqM8NqIixKY43IOV6Bf1/FNGwr
kKXp9+I5eOqbRrxnGr+ZMadTnGnWf6OppnkVeXY9Ly/jvIdjKHcEfY8q6oIdu+e3
3vMmeI/BlVzpV7HuPLy5ff6K90EG6tpyOV+CEChzsxjF9m4wNJwphCt73gkvPXw8
DEz8pTVqTYWk5ZZS8JSQzb8RVNk9SMdMXbSnSqZY+kq/KPPIx+ljFRGHWRHYvc1a
58azpMQSUfW4k/WK4fkcdya95+eC0QDpAX2AaQvd1lMkpZk6+XkLIdvHD5RJ9VOa
8ost27KDjvWOvGESieJFvxGhg7dIqMf5bJR3Cq/052LEmyH3PVGENhfwZNoEjMTD
hmDZJmXCWjneYu+NjIYFSSIrfluPycbBf8c1yDzRR1mqiaDvyKm03peXn1jRYoO1
kBw8uzm5dPfqaYVz/qpkHzOtaHiU6Are5nhPOZHTi1tscSzfiFujA9xMarySW2/q
brDuDrcdcWx5uscASShym/iMbSD1n5Vb2sSwqttCBeYitmwxAj6Ej5L2EP6XmHdw
aptFGRCGLlV3FsCP1CkLpdcq82WeZU7HWIDtPoSbIwUFeQSmn8uMoyDWiqbfzH8=
-----END CERTIFICATE-----
51 changes: 51 additions & 0 deletions examples/tls_mtls/CA-client/rootCA.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAl9q04sVgYgedeecvi1Kyk5G2m1o+4MyWeGk3KDIhLxc0SoZw
KEtfeX8/T+6sjLi5dL79wTVheBmjz3uvYDD6g5Wk7r5srHXbgexCXGJLQm0G24zD
5UZlz89SUYQBxRumQ653iS9NrK1F9lVIOPLspLKlCwoo1A7RDJMaJdVIm4/mvgBm
0+nGuYzdOIi2m97dCRbKvBkRWsrLtKzN6IwfnrchvNP2qweCDqnlLs4AaJ+jt4oB
/k2idtibLra+SRvuq4kHMtN8e3uCcN5vuS96H8Z2P5GvJo2k8cfj4upT0VrNWc9L
zmWpUBDrEsQDJujUHgKjigjD+pjj8e3NWHG+cKkl3YevBqvmx6KHCI8Yz4ZZ5ON8
/kMBJ91WM1oljbvUoshRdgb8mJf7vnXAbcUHPdqIsBXtdoByLewHYxdTPhlHz0kn
IyAon5lXU6cdPVXw+nO1V2BIq5tho+LqjgQ5Gzm1GuEHr4Z+AIRhIMRXc1H45opU
Rps3LqgTQmTad8ToS4CxBIGuP3mQuoAxmjBx2nu23jprcKVEihGHdLJ9MGuXSwLG
9HJuFD54uPES9+TWOTDiLyxHqc+B3a18SVBfUdmH/SD9N3v+ixY/o5H1RHY5psGR
NKCQBSFw9P+gtOniZbmGIdxTuf2d+WAIGWORMZl0XgOpTQzTfpjKr+0W3vECAwEA
AQKCAgAJhx9yWxABFpk63NaO11F9ENd0R+VKFYwbYf6j9wE+Aya0xlqjLJeA+Arw
6PjKm4yHVrR1OvQypOkyS4BleK0/NFR05l3LNFnhfQFs6n3uXQjhHaPs7s3UjB2O
H8o8o896z6eQY/drrjOFkTRG3ncanlrcpnaJV6SmNVSeqxMzL4Q6x6usAC8H1V7L
/Uf337Perh9qTehY2gCOBYml3aTeQH9Nab9AW+g9I0vN8/7ykZGkInSdkCFxc4XJ
GI436BjBiod5GOvmk4lLq6k25VO0Sq+ArZNfx+NhiDk0M5+usxPPXsJS4O4OqAEX
3FSWTGWCvIemUYZ6Yr1qoJERy5E3R6bt2f4E5FbBKVL3xVt+EWr4jMCUboXZrHQT
18OdAcFQG3uBXn5kCo1ncM9Q9Y8R1BMixN2/clkhWOCpxytPU4xO1gTOVP6QvPBF
973wX9Wp22wFNasZmOa/cvgb9jCbcDWlHnZ7toNzWJos1Rt/TjRcBVKYJHfVieFm
U3ehjA9rwhZp9/beHSRB8ZmXflgV5FApsI/uKCjy0czwsNTwMzvxDe+qFRzgRTfS
7Jm8yUu/akeUMekA+LiQEpRBn6aMQm1dKm5pIgKvLP5cxeE3EMApkehCLRbX3iC5
ZTGjuSZeOIBQCv2K6ejpnv/HdY705tMei3al3LjxEy9IuPZ+QQKCAQEAyDj9REgO
aNe05aF+7eg2cpn2tUL/RLMMR8cNtak8AuNbst6b3o/Y1/yx0cySu48fW/oVuY7F
QLRU8x2rLycx6Btq859FX1rJbwv3B9V2eo8/dcKkQfe9tIjFI9nZVg3yMFEozeFS
j0rymiR0TikfXozQ12wJjZX2W9T1swoiQp7WuT8qOLakM3CskgDQhVNjYlrb/SI+
kl4hbr2TBdYY52yNPzu6Ip8l2xeIY6fV0Tn/abf8if3/s4DjS0Yt2jqI+zmdGBGJ
ir4FVcgZd2+p5nhqaRKSqBF/ru3FcQkwpkDgqrlUlQr5NYINvqHmN1AYjZRsAWuR
kpGrxTQryzeE3wKCAQEAwihMyCRMyM7604zQ1MjKFC7fwRUQ+q05UvW6Ulcqijrf
sB5hAZdshCPIBSaMCnapwPy+t/rQH1UGqxdfwv/QfyRGTlTLNom+idud3crCA9io
/pQHrruPBbR9hNIEeZajgdomnOL9hrDyRQmIpXnB6jqjiicmsvw9K++YGIpLUWrW
TcjCerh5KBgkeex8eVb6z0U4+vGeJWI9Ik41fH0w6ASfQ/9F97evgMJNKgPzEhU1
axZe3jqLH2UJoLJb9yEOCYkrwHrlssHxWgVgAL+ReWP0fzqkoEZuOjIIVx5urJcZ
jGaqtQGpaD6QffM+yzt3URphqUOgX2/IHEgUDf/GLwKCAQEAlcVDdlMsLDLGx0qh
hta/+8O9ruM5zardUcfNMokwMbzeeBNapwYVH6OPZC9Rx2kM/SE6JP5uALOkI+Oa
jIAWLdhsjWYjX2uq6B0cIUkFAjKrNqxtcEcgKa5xQRsRHvT5qDjde/vDZRqcFL+W
HG1YYMKW6b2P+9AkY5cOX2oCLLFiT1m3fIrqkuwCuohPcpvo6MasblKyWYx+F7dJ
BgGbyWkC0z0bRBCmIZgd1uXR5Fss+mi9SH+uSRjtbP5HCEnm832qTDm6GAWCOiOf
IR9vCM4kUwqol33XdAO6QI6uTH6VUD+nzIFT3zm0jFfQvKl2ZFmU3Q8Y6nl68t3O
sImMIwKCAQApPqpg8eUl22JJQmaybR0QgIyj1bfPqLC+wNid2Up+JteR8EInNmWl
BHzfKzsgleilyIszRiKkJUnPWp3LLNC70Zbl2Pl6UnSZkH/Ot93TN1lfC08+fTV6
vsbTSlINCkUdtpvxQ/8bd8dfhxDyJhVdjqtjE8ISz6anCLTEscwiNZHk4DsAGuQR
8l79T5F5rVKGaWwbUuyHgIEAIqEWGvoir6itpzLT1r9/mMcPn9spAjxgzVXF26Xm
O256JqmGrAzxVaRntTPKb4y31OB6CDf9E5DC3lBOg+eykSJYb2yPWWHiA4VMAlhc
fr3vI5c5UR6dqf8JGAaff32BFIa+GpGdAoIBAQCvh1o0i61sxIiGt+V5+RBys1vw
pbpEJHMQ0VSBoOG8aU+bTEXW9AofrQjKzLuU5iw5CA45PrjsWYCnUB3igXf91wFV
xA4UsNcs7PHcsgIfs0PhxXRwd5xa/ZkVnX0wxqNoNCsDsq9mi+vOZORyGpY3QzQG
P27XIFDcvC5M3+ZM7UvHX4Ek54/hTGaVT5Hr75wzxKzIn5aEnLB7F3QkVCE5Bkbk
0NKVFOjreKATl9q1hd/ioUQ6FuJRP4L6vcfjuO9HCYWg/niuwAFI3UxTfYHRJ4Id
70XiTZDMGSbyB+Nitjw2pW6qhKxGa+O65ycifZCv2Lf3T/Tq4XeuNawcRuuG
-----END RSA PRIVATE KEY-----
1 change: 1 addition & 0 deletions examples/tls_mtls/CA-client/rootCA.srl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
028D2EDD44518926CB4B77030BC4A45D38B781BF
24 changes: 12 additions & 12 deletions examples/tls_mtls/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ cd tornjak/examples/tls_mtls

For both TLS and mTLS, we will need to deliver a certificate/key pair to the server. In this directory are the respective files `server.crt` and `server.key`. These files have been signed by the self-signed CA in the `CA-server` directory. They will be delivered to the caller when establishing a connection so that the caller may verify the certificate.

For mTLS, we additionally need to deliver the CA certificate of the caller to the server so that the server may verify the caller certificate. The relevant file can be found in `CA-user/rootCA.crt`
For mTLS, we additionally need to deliver the CA certificate of the caller to the server so that the server may verify the caller certificate. The relevant file can be found in `CA-client/rootCA.crt`

### Deliver the certificate/key pair to Tornjak (TLS and mTLS)

Expand Down Expand Up @@ -109,11 +109,11 @@ tls.key

### Deliver the CA certificate to Tornjak (mTLS only)

For mTLS we will additionally need to deliver a user CA certificate to the Tornjak container. Currently it is found at `CA-user/rootCA.crt`. The process is the same. First we create the secret:
For mTLS we will additionally need to deliver a client CA certificate to the Tornjak container. Currently it is found at `CA-client/rootCA.crt`. The process is the same. First we create the secret:

```
kubectl create secret generic -n spire tornjak-user-ca \
--from-file=CA-user/rootCA.crt
kubectl create secret generic -n spire tornjak-client-certs \
--from-file=CA-client/rootCA.crt
```

Then we mount the secret to the Tornjak container via volume mount, as in the previous secret volume mount, retaining the previous modifications:
Expand All @@ -124,32 +124,32 @@ volumeMounts:
...
- name: tls-volume
mountPath: /opt/spire/server
- name: user-cas
mountPath: /opt/spire/users
- name: client-cas
mountPath: /opt/spire/clients
...
volumes:
...
- name: tls-volume
secret:
secretName: tornjak-server-tls
- name: user-cas
- name: client-cas
secret:
secretName: tornjak-user-ca
items:
- key: rootCA.crt
path: userCA.crt
path: clientCA.crt

```

Apply the same changes to your deployment, attaching the secret volumeMount to the Tornjak container. For the quickstart, we can simply apply the file in this directory `server-statefulset-mtls.yaml` and view the files in the container:

```
kubectl apply -f server-statefulset-mtls.yaml
kubectl exec -n spire spire-server-0 -c tornjak-backend -- ls users
kubectl exec -n spire spire-server-0 -c tornjak-backend -- ls clients
```

```
userCA.crt
clientCA.crt
```

----
Expand Down Expand Up @@ -197,7 +197,7 @@ server {
port = 10443 # container port for mTLS connection
cert = "server/tls.crt" # TLS cert
key = "server/tls.key" # TLS key
ca = "users/userCA.crt" # user CA for mTLS [Removing this line creates a TLS connection]
ca = "clients/clientCA.crt" # client CA for mTLS [Removing this line creates a TLS connection]
}
...
}
Expand Down Expand Up @@ -285,7 +285,7 @@ In order to make a TLS call we need only a CA certificate that can validate the
Additionally, we must have a certificate/key pair locally that was signed by the CA certificate given to the Tornjak server via `tornjak-user-ca` secret when configuring mTLS. In our case, we can use the certificate/key pair `user.crt` and `user.key`:

```
curl --cacert CA-server/rootCA.crt --key user.key --cert user.crt https://<Tornjak_mTLS_endpoint>
curl --cacert CA-server/rootCA.crt --key client.key --cert client.crt https://<Tornjak_mTLS_endpoint>
```

-----
Expand Down
25 changes: 25 additions & 0 deletions examples/tls_mtls/client.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIETDCCAjSgAwIBAgIUAo0u3URRiSbLS3cDC8SkXTi3gb8wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRMwEQYDVQQKDApBY21lLCBJ
bmMuMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0yMzA2MTIxNjExMDJaFw0yNDEw
MjQxNjExMDJaMEcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UECgwL
TXlPcmcsIEluYy4xFTATBgNVBAMMDG15ZG9tYWluLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBANMLlsBrmolGbWYO63ljSKYrSpoqik+ImJ3+4oSi
lrJXeSormENTI1yBvH8nB1FuwAz9mGRewb9n26P7ts4Y+AQDn8I5TCIpoWblnG2b
iNu/i4ygWbZwxNdQ1gUCW4P4IPyBYPRJo8HtGCM4feUmEpTQtsBbsjUer/MYEW4n
KatdEwYTeq36CJZHjgQ5vnyIVrnI6lyf8f6g+5Y8MSrYrI2CDqaG9q5BRvfQpaCn
RkZ00/4Z6BzHHu8N3iPJX2eSKM8MaK6Q893KbEJ+FOjV024XPVwhsbRo2d78lv2C
fxCCK6d7zCeO0EAjdCReMNACH6jxqJLDXTfgb7NDZn2dcr8CAwEAAaMyMDAwLgYD
VR0RBCcwJYIFbG9jYWyCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wDQYJ
KoZIhvcNAQELBQADggIBAFmLVa1/LyKNO1CT2iSdNEDAGous6EgAW5PBDDdz9Tkv
yzgX/wetczvHip7vspvajYVKHJJR2MNc6HegewXXqU+3Oskd+hbpT4uR7ha2CQPo
oTqnP4F0ewuA9OS33uf9xTpeWmm6UcoxtfhI0dxEb2CRVbMXVS4vGB5pBY/GFRbs
wo0HYiWco7+6tUlN5HeG4OfhkQIyp9CiDJwZ266/bHbjMZPcbxUdswXbAHXhI5cd
vqHGrlBlBLsrggRLDu+ROe5txJEfp95FDPufuOwyGdLf17hPhmCO78bRUE0a3B1X
nKGoL7lb8sFhVkq3h4sSLnZOoyA1k+7xtpQOpBE3TKLd+eIqrLVCFhiJ2mz/oahd
MBU1dU2W+Ojgy1K3CCH2Ly4lV7OqiY3cCBXueux8BY0Hae35iytp/i+wQzypYYdo
ZEmNsX8hckJ0uhLT7TcDCLFFaa8v6xlLBIlYKKXL6x3e0hkvS6WNvSApnMqBwpay
N8vp1+nCQ3DToPFZdoNokVQPGWW/BGl5mR2O5ps8g7ZKK/f06G4HUxCdaxU2iGnP
KVMLius4E5jK4AlbA0KjRy/tD+LtPOZ09+8g7AOx/inCFXdHDWbiyA23wAMDmrmM
SO+pxZiTTU0HeZsz6Miq6YRGybIIMp2A4od/C+mfWkb4REhDoeKZKOeX1wydJcuw
-----END CERTIFICATE-----
18 changes: 18 additions & 0 deletions examples/tls_mtls/client.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICzTCCAbUCAQAwRzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQK
DAtNeU9yZywgSW5jLjEVMBMGA1UEAwwMbXlkb21haW4uY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wuWwGuaiUZtZg7reWNIpitKmiqKT4iYnf7i
hKKWsld5KiuYQ1MjXIG8fycHUW7ADP2YZF7Bv2fbo/u2zhj4BAOfwjlMIimhZuWc
bZuI27+LjKBZtnDE11DWBQJbg/gg/IFg9Emjwe0YIzh95SYSlNC2wFuyNR6v8xgR
bicpq10TBhN6rfoIlkeOBDm+fIhWucjqXJ/x/qD7ljwxKtisjYIOpob2rkFG99Cl
oKdGRnTT/hnoHMce7w3eI8lfZ5IozwxorpDz3cpsQn4U6NXTbhc9XCGxtGjZ3vyW
/YJ/EIIrp3vMJ47QQCN0JF4w0AIfqPGoksNdN+Bvs0NmfZ1yvwIDAQABoEEwPwYJ
KoZIhvcNAQkOMTIwMDAuBgNVHREEJzAlggVsb2NhbIILZXhhbXBsZS5jb22CD3d3
dy5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAMkagumVx+q9FOFKGwbhT
G8o/Yn/rb545vJLKxEf6qzU4ftevJyYUJq4gAQjNwN+j1bt0C4t8CN16DoWzCDoA
B7ilH7NN2RZb6UNpngE/1vGTs9zzkTQ9t9K5OII4UrOZMLCAV2OXqt76Qmwk2iSi
I/CSeJHHUA9lEraiHok8kJ5ITmTwqgiskLHphEwTt+tBjOVg1g+8/xGb5lSkeP9U
DE4DEX8CvLhabV1Gjb1txv6iNEoWtRmjduMS+Cww48aHXSJDtjb+9cwBAnuWxSTH
/VhsS0W02lAd5BwUQkosuLVCINKZcB+nMdrwvz2KI2GCcecRQeX/Oz+tZyeD6NDw
4Q==
-----END CERTIFICATE REQUEST-----
27 changes: 27 additions & 0 deletions examples/tls_mtls/client.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA0wuWwGuaiUZtZg7reWNIpitKmiqKT4iYnf7ihKKWsld5KiuY
Q1MjXIG8fycHUW7ADP2YZF7Bv2fbo/u2zhj4BAOfwjlMIimhZuWcbZuI27+LjKBZ
tnDE11DWBQJbg/gg/IFg9Emjwe0YIzh95SYSlNC2wFuyNR6v8xgRbicpq10TBhN6
rfoIlkeOBDm+fIhWucjqXJ/x/qD7ljwxKtisjYIOpob2rkFG99CloKdGRnTT/hno
HMce7w3eI8lfZ5IozwxorpDz3cpsQn4U6NXTbhc9XCGxtGjZ3vyW/YJ/EIIrp3vM
J47QQCN0JF4w0AIfqPGoksNdN+Bvs0NmfZ1yvwIDAQABAoIBAHdIy5JCv3vrlJXk
xO89UKirO2VbugUuHaTflcSF6Usv6coODeevrALzSUlNE/PQ9zfgdiv06ul2mExd
T3u53STXr4qlvARrJ1DzYrEJAhfCceuwDkTyBC/2/qCiLnuu2WYe8l/g53AKxGPT
4ESOel4mgcTDjzw69hQefGuYMxMpZumMuPzGScJSFQGqfpsCUwaezFdrLnNEkldW
5G4ktzSIUqiZQvKNvyNIs0brh3DhRf5FnvDiVc4aAnfp/6RyO6P+9J0asmoaJPTl
uBJBnGCYzz6ikMa+1Z4Ktf95ZJpu8z1G99NTmEUHuQc+zMofFYtTM4SWnMRTI+nM
dHf4sDECgYEA+H/+OjlV8f0+SrNMG38QoXOnG/J3n4hn5sV9DBAEPR5JvqoXbMiu
yWhyXaJx8N361tbwL+QYPCqCK7btiyjRUitlntkLjI7LLD/CcPxzPViO+q8yqcF+
vISbepWytunaRb1Bp7QvdUPaNbu8z2YcZcHzjP7wQl4ucSpqHXErCT0CgYEA2Wo0
zdUACxfzxi+bRMSYzE8XC8iUdCSt1vZAXqq5auDa6HAgrDDXxOqqKTMrUurUCL00
fhT8TISbEDH5HwwqQmUoT8GmTbfgK6hDKOgMEa4pe6sHDtnUewGAK0bgr5AGcaCt
k8zDqmAms6tLuXRR9LZ1OJ6Fpmf3oOyrdoxV06sCgYEAz8+JtPs5ynKzYxjp7pym
Nb5X42EzdHBII47H8gx63vmzRgVMLabttHTqHy+4BWw9VujMV+Bx++64iQIjSJrL
4eF0zBBKPjMz6T8wxff4Dzc96poUzi2IZPKoay1BFQIfjO6mNy7R+UjS9NiZHwAP
g3Fc0W5pUbcdM3n638BB8ykCgYEA1V/NiQD1dO3B+ox4ZypHB6TLam4lfEMPNXwi
OoZ1SPZ7AUoiVrvs1z6zV5H3f/4lsJn4bZEs9+/guylAZH8s7lKXGIdmLro6UL5n
gzsRtTxnTA7S83lHdp1Ha7G5C7RfDp9yGy8IDSsmcIi53b3SPUfgjXvOkT1SI2aC
9OrPxNcCgYEAnsE4WyDlN+FOJK4x4f3NJVcAjD2b2XQiL7xOXeSQN+P+oOQL8Kz0
JikiWQ4SzQVXXVK4BcbfkuJrMqsVN4k/JPeUu/PXw0jf9O4sIprUeUbdUeeHpsbO
sXJIePgCfwqML//bAA0uxg0za5uMyv8klvWVK7E27WE1aRGs0Srpmk0=
-----END RSA PRIVATE KEY-----
10 changes: 5 additions & 5 deletions examples/tls_mtls/server-statefulset-mtls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ spec:
mountPath: /tmp/spire-server/private
- name: tls-volume # 👈 TLS SECRET VOLUME MOUNT
mountPath: /opt/spire/server # 👈 TLS SECRET VOLUME MOUNT
- name: user-cas # 👈 mTLS CA SECRET VOLUME MOUNT
mountPath: /opt/spire/users # 👈 mTLS CA SECRET VOLUME MOUNT
- name: client-ca # 👈 mTLS CA SECRET VOLUME MOUNT
mountPath: /opt/spire/clients # 👈 mTLS CA SECRET VOLUME MOUNT
volumes:
- name: spire-config
configMap:
Expand All @@ -86,12 +86,12 @@ spec:
- name: tls-volume # 👈 TLS SECRET VOLUME
secret: # 👈 TLS SECRET VOLUME
secretName: tornjak-server-tls # 👈 TLS SECRET VOLUME
- name: user-cas # 👈 mTLS CA SECRET VOLUME
- name: client-ca # 👈 mTLS CA SECRET VOLUME
secret: # 👈 mTLS CA SECRET VOLUME
secretName: tornjak-user-certs # 👈 mTLS CA SECRET VOLUME
secretName: tornjak-client-ca # 👈 mTLS CA SECRET VOLUME
items:
- key: rootCA.crt
path: userCA.crt
path: clientCA.crt
volumeClaimTemplates:
- metadata:
name: spire-data
Expand Down
Loading