From 2443bd1cb8a35ff559e9f5d8836ca7c82df6993a Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Mon, 1 Jul 2024 09:39:43 +0200 Subject: [PATCH] chore: update k8s example files Signed-off-by: Harald Hoyer --- examples/README.md | 4 +--- examples/docker-compose.yml | 19 --------------- .../k8s/shared-1-persistentvolumeclaim.yaml | 14 ----------- .../k8s/shared-2-persistentvolumeclaim.yaml | 14 ----------- .../k8s/shared-3-persistentvolumeclaim.yaml | 14 ----------- examples/k8s/vault-1-pod.yaml | 24 +++++++------------ examples/k8s/vault-2-pod.yaml | 16 ++++--------- examples/k8s/vault-3-pod.yaml | 16 ++++--------- ...t-ha-serice.yaml => vault-ha-service.yaml} | 0 9 files changed, 17 insertions(+), 104 deletions(-) delete mode 100644 examples/k8s/shared-1-persistentvolumeclaim.yaml delete mode 100644 examples/k8s/shared-2-persistentvolumeclaim.yaml delete mode 100644 examples/k8s/shared-3-persistentvolumeclaim.yaml rename examples/k8s/{vault-ha-serice.yaml => vault-ha-service.yaml} (100%) diff --git a/examples/README.md b/examples/README.md index 2533743..b99e24f 100644 --- a/examples/README.md +++ b/examples/README.md @@ -90,8 +90,7 @@ Attributes: ``` ```bash -❯ docker compose build && (docker compose rm; docker volume rm teepot_vault-storage teepot_ha-raft-1 teepot_shared-1 teepot_ha-raft-2 teepot_shared-2 teepot_ha-raft-3 teepot_shared-3; docke -r compose up --remove-orphans vault-1 tvu-1) +❯ docker compose build && (docker compose rm; docker volume rm teepot_vault-storage teepot_ha-raft-1 teepot_ha-raft-2 teepot_ha-raft-3; docker compose up --remove-orphans vault-1 tvu-1) ❯ (id=$(docker create teepot-vault-admin-sgx-azure); docker cp $id:/app/teepot-vault-admin-sgx-azure.sig ~/teepot-vault-admin-sgx-azure.sig; docker rm -v $id) ❯ gramine-sgx-sigstruct-view ~/teepot-vault-admin-sgx-azure.sig Attributes: @@ -138,7 +137,6 @@ Start the vault service and pod and forward the port ```bash ❯ kubectl apply \ -f examples/k8s/data-1-persistentvolumeclaim.yaml \ - -f examples/k8s/shared-1-persistentvolumeclaim.yaml \ -f examples/k8s/vault-1-pod.yaml \ -f examples/k8s/vault-1-service.yaml ❯ kubectl port-forward pods/vault-1 8443 diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml index 623a776..c0bb4a8 100644 --- a/examples/docker-compose.yml +++ b/examples/docker-compose.yml @@ -114,26 +114,7 @@ services: - /run/aesmd:/run/aesmd - /dev/sgx_enclave:/dev/sgx_enclave -# stress: -# build: -# context: . -# dockerfile: bin/tee-stress-client/Dockerfile-azure -# restart: "no" -# environment: -# VAULT_ADDR: "https://vault-1:8210" -# VAULT_SGX_MRSIGNER: "c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d" -# VAULT_SGX_ALLOWED_TCB_LEVELS: "SwHardeningNeeded" -# ALLOWED_TCB_LEVELS: "SwHardeningNeeded" -# privileged: true -# init: true -# volumes: -# - /run/aesmd:/run/aesmd -# - /dev/sgx_enclave:/dev/sgx_enclave - volumes: - shared-1: data-1: - shared-2: data-2: - shared-3: data-3: diff --git a/examples/k8s/shared-1-persistentvolumeclaim.yaml b/examples/k8s/shared-1-persistentvolumeclaim.yaml deleted file mode 100644 index f9eefa5..0000000 --- a/examples/k8s/shared-1-persistentvolumeclaim.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: shared-1 - name: shared-1 - namespace: default -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi -status: {} diff --git a/examples/k8s/shared-2-persistentvolumeclaim.yaml b/examples/k8s/shared-2-persistentvolumeclaim.yaml deleted file mode 100644 index 48b34b4..0000000 --- a/examples/k8s/shared-2-persistentvolumeclaim.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: shared-2 - name: shared-2 - namespace: default -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi -status: {} diff --git a/examples/k8s/shared-3-persistentvolumeclaim.yaml b/examples/k8s/shared-3-persistentvolumeclaim.yaml deleted file mode 100644 index ff76a83..0000000 --- a/examples/k8s/shared-3-persistentvolumeclaim.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: shared-3 - name: shared-3 - namespace: default -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi -status: {} diff --git a/examples/k8s/vault-1-pod.yaml b/examples/k8s/vault-1-pod.yaml index fc018a1..2e3f181 100644 --- a/examples/k8s/vault-1-pod.yaml +++ b/examples/k8s/vault-1-pod.yaml @@ -40,9 +40,9 @@ spec: readinessProbe: exec: command: - - curl - - -k - - https://localhost:8210/v1/sys/health + - curl + - -k + - https://localhost:8210/v1/sys/health initialDelaySeconds: 5 periodSeconds: 5 ports: @@ -60,18 +60,16 @@ spec: securityContext: privileged: true volumeMounts: - - mountPath: /opt/vault/tls - name: shared-1 - mountPath: /opt/vault/data name: data-1 - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest name: vault-unseal imagePullPolicy: Always env: - - name: VAULT_ADDR - value: "https://vault-1:8210" - - name: ALLOWED_TCB_LEVELS - value: "SwHardeningNeeded" + - name: VAULT_ADDR + value: "https://vault-1:8210" + - name: ALLOWED_TCB_LEVELS + value: "SwHardeningNeeded" ports: - containerPort: 8443 hostPort: 8443 @@ -83,15 +81,9 @@ spec: sgx.intel.com/epc: "10Mi" securityContext: privileged: true - volumeMounts: - - mountPath: /opt/vault/tls - name: shared-1 restartPolicy: Never volumes: - - name: shared-1 - persistentVolumeClaim: - claimName: shared-1 - name: data-1 persistentVolumeClaim: claimName: data-1 -status: {} +status: { } diff --git a/examples/k8s/vault-2-pod.yaml b/examples/k8s/vault-2-pod.yaml index 3c8c0ff..dd69d42 100644 --- a/examples/k8s/vault-2-pod.yaml +++ b/examples/k8s/vault-2-pod.yaml @@ -40,9 +40,9 @@ spec: readinessProbe: exec: command: - - curl - - -k - - https://localhost:8210/v1/sys/health + - curl + - -k + - https://localhost:8210/v1/sys/health initialDelaySeconds: 5 periodSeconds: 5 ports: @@ -60,8 +60,6 @@ spec: securityContext: privileged: true volumeMounts: - - mountPath: /opt/vault/tls - name: shared-2 - mountPath: /opt/vault/data name: data-2 - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest @@ -83,15 +81,9 @@ spec: sgx.intel.com/epc: "10Mi" securityContext: privileged: true - volumeMounts: - - mountPath: /opt/vault/tls - name: shared-2 restartPolicy: Never volumes: - - name: shared-2 - persistentVolumeClaim: - claimName: shared-2 - name: data-2 persistentVolumeClaim: claimName: data-2 -status: {} +status: { } diff --git a/examples/k8s/vault-3-pod.yaml b/examples/k8s/vault-3-pod.yaml index 48b28d2..fb740ce 100644 --- a/examples/k8s/vault-3-pod.yaml +++ b/examples/k8s/vault-3-pod.yaml @@ -40,9 +40,9 @@ spec: readinessProbe: exec: command: - - curl - - -k - - https://localhost:8210/v1/sys/health + - curl + - -k + - https://localhost:8210/v1/sys/health initialDelaySeconds: 5 periodSeconds: 5 ports: @@ -60,8 +60,6 @@ spec: securityContext: privileged: true volumeMounts: - - mountPath: /opt/vault/tls - name: shared-3 - mountPath: /opt/vault/data name: data-3 - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest @@ -83,15 +81,9 @@ spec: sgx.intel.com/epc: "10Mi" securityContext: privileged: true - volumeMounts: - - mountPath: /opt/vault/tls - name: shared-3 restartPolicy: Never volumes: - - name: shared-3 - persistentVolumeClaim: - claimName: shared-3 - name: data-3 persistentVolumeClaim: claimName: data-3 -status: {} +status: { } diff --git a/examples/k8s/vault-ha-serice.yaml b/examples/k8s/vault-ha-service.yaml similarity index 100% rename from examples/k8s/vault-ha-serice.yaml rename to examples/k8s/vault-ha-service.yaml