harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 07:03:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update k8s example files

Browse source 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2024-07-01 09:39:43 +02:00
parent fa641d3578
commit 2443bd1cb8
Signed by: harald
GPG key ID: F519A1143B3FBE32
9 changed files with 17 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

4
examples/README.md
View file

@ -90,8 +90,7 @@ Attributes:
``` ```
```bash ```bash
docker compose build && (docker compose rm; docker volume rm teepot_vault-storage teepot_ha-raft-1 teepot_shared-1 teepot_ha-raft-2 teepot_shared-2 teepot_ha-raft-3 teepot_shared-3; docke docker compose build && (docker compose rm; docker volume rm teepot_vault-storage teepot_ha-raft-1 teepot_ha-raft-2 teepot_ha-raft-3; docker compose up --remove-orphans vault-1 tvu-1)
r compose up --remove-orphans vault-1 tvu-1)
(id=$(docker create teepot-vault-admin-sgx-azure); docker cp $id:/app/teepot-vault-admin-sgx-azure.sig ~/teepot-vault-admin-sgx-azure.sig; docker rm -v $id) (id=$(docker create teepot-vault-admin-sgx-azure); docker cp $id:/app/teepot-vault-admin-sgx-azure.sig ~/teepot-vault-admin-sgx-azure.sig; docker rm -v $id)
gramine-sgx-sigstruct-view ~/teepot-vault-admin-sgx-azure.sig gramine-sgx-sigstruct-view ~/teepot-vault-admin-sgx-azure.sig
Attributes: Attributes:
@ -138,7 +137,6 @@ Start the vault service and pod and forward the port
```bash ```bash
kubectl apply \ kubectl apply \
-f examples/k8s/data-1-persistentvolumeclaim.yaml \ -f examples/k8s/data-1-persistentvolumeclaim.yaml \
-f examples/k8s/shared-1-persistentvolumeclaim.yaml \
-f examples/k8s/vault-1-pod.yaml \ -f examples/k8s/vault-1-pod.yaml \
-f examples/k8s/vault-1-service.yaml -f examples/k8s/vault-1-service.yaml
kubectl port-forward pods/vault-1 8443 kubectl port-forward pods/vault-1 8443

19
examples/docker-compose.yml
View file

@ -114,26 +114,7 @@ services:
- /run/aesmd:/run/aesmd - /run/aesmd:/run/aesmd
- /dev/sgx_enclave:/dev/sgx_enclave - /dev/sgx_enclave:/dev/sgx_enclave
# stress:
# build:
# context: .
# dockerfile: bin/tee-stress-client/Dockerfile-azure
# restart: "no"
# environment:
# VAULT_ADDR: "https://vault-1:8210"
# VAULT_SGX_MRSIGNER: "c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d"
# VAULT_SGX_ALLOWED_TCB_LEVELS: "SwHardeningNeeded"
# ALLOWED_TCB_LEVELS: "SwHardeningNeeded"
# privileged: true
# init: true
# volumes:
# - /run/aesmd:/run/aesmd
# - /dev/sgx_enclave:/dev/sgx_enclave
volumes: volumes:
shared-1:
data-1: data-1:
shared-2:
data-2: data-2:
shared-3:
data-3: data-3:

14
examples/k8s/shared-1-persistentvolumeclaim.yaml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: shared-1
name: shared-1
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

14
examples/k8s/shared-2-persistentvolumeclaim.yaml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: shared-2
name: shared-2
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

14
examples/k8s/shared-3-persistentvolumeclaim.yaml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: shared-3
name: shared-3
namespace: default
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

24
examples/k8s/vault-1-pod.yaml
View file

@ -40,9 +40,9 @@ spec:
readinessProbe: readinessProbe:
exec: exec:
command: command:
- curl - curl
- -k - -k
- https://localhost:8210/v1/sys/health - https://localhost:8210/v1/sys/health
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 5 periodSeconds: 5
ports: ports:
@ -60,18 +60,16 @@ spec:
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:
- mountPath: /opt/vault/tls
name: shared-1
- mountPath: /opt/vault/data - mountPath: /opt/vault/data
name: data-1 name: data-1
- image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
name: vault-unseal name: vault-unseal
imagePullPolicy: Always imagePullPolicy: Always
env: env:
- name: VAULT_ADDR - name: VAULT_ADDR
value: "https://vault-1:8210" value: "https://vault-1:8210"
- name: ALLOWED_TCB_LEVELS - name: ALLOWED_TCB_LEVELS
value: "SwHardeningNeeded" value: "SwHardeningNeeded"
ports: ports:
- containerPort: 8443 - containerPort: 8443
hostPort: 8443 hostPort: 8443
@ -83,15 +81,9 @@ spec:
sgx.intel.com/epc: "10Mi" sgx.intel.com/epc: "10Mi"
securityContext: securityContext:
privileged: true privileged: true
volumeMounts:
- mountPath: /opt/vault/tls
name: shared-1
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: shared-1
persistentVolumeClaim:
claimName: shared-1
- name: data-1 - name: data-1
persistentVolumeClaim: persistentVolumeClaim:
claimName: data-1 claimName: data-1
status: {} status: { }

16
examples/k8s/vault-2-pod.yaml
View file

@ -40,9 +40,9 @@ spec:
readinessProbe: readinessProbe:
exec: exec:
command: command:
- curl - curl
- -k - -k
- https://localhost:8210/v1/sys/health - https://localhost:8210/v1/sys/health
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 5 periodSeconds: 5
ports: ports:
@ -60,8 +60,6 @@ spec:
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:
- mountPath: /opt/vault/tls
name: shared-2
- mountPath: /opt/vault/data - mountPath: /opt/vault/data
name: data-2 name: data-2
- image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
@ -83,15 +81,9 @@ spec:
sgx.intel.com/epc: "10Mi" sgx.intel.com/epc: "10Mi"
securityContext: securityContext:
privileged: true privileged: true
volumeMounts:
- mountPath: /opt/vault/tls
name: shared-2
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: shared-2
persistentVolumeClaim:
claimName: shared-2
- name: data-2 - name: data-2
persistentVolumeClaim: persistentVolumeClaim:
claimName: data-2 claimName: data-2
status: {} status: { }

16
examples/k8s/vault-3-pod.yaml
View file

@ -40,9 +40,9 @@ spec:
readinessProbe: readinessProbe:
exec: exec:
command: command:
- curl - curl
- -k - -k
- https://localhost:8210/v1/sys/health - https://localhost:8210/v1/sys/health
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 5 periodSeconds: 5
ports: ports:
@ -60,8 +60,6 @@ spec:
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:
- mountPath: /opt/vault/tls
name: shared-3
- mountPath: /opt/vault/data - mountPath: /opt/vault/data
name: data-3 name: data-3
- image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
@ -83,15 +81,9 @@ spec:
sgx.intel.com/epc: "10Mi" sgx.intel.com/epc: "10Mi"
securityContext: securityContext:
privileged: true privileged: true
volumeMounts:
- mountPath: /opt/vault/tls
name: shared-3
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: shared-3
persistentVolumeClaim:
claimName: shared-3
- name: data-3 - name: data-3
persistentVolumeClaim: persistentVolumeClaim:
claimName: data-3 claimName: data-3
status: {} status: { }

0
examples/k8s/vault-ha-serice.yaml → examples/k8s/vault-ha-service.yaml
View file