README
¶
Autograph (pre-alpha)
Certificate signer and custom admission controller for Kubernetes manifests.
Usage
NAME:
autograph - A new cli application
USAGE:
autograph [global options] command [command options] [arguments...]
VERSION:
0.0.1
COMMANDS:
generate, g generate a key and certificate pair
sign, s sign a manifest
verify, v verify a signed manifest
run, r starts the HTTP(S) server
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
To sign your manifest:
autograph sign example-manifest.yaml
After that there should be a new annotation in the manifest, e.g.:
...
metadata:
annotations:
autograph.codemat.es/signature: 72976B7400E7630F846501847CB04A...
...
Commands:
- generate - generate a key and certificate pair
- sign - sign a manifest
- verify - verify a signed manifest
- run - starts the HTTP(S) server
Dependencies
- Go 1.8.0+
- Kubernetes 1.7.0+
Flow
- Signer (CLI tool) signs a manifest using a provided key an puts the signature in the manifest.
- Verifier (an admission controller) checks the signature with a provided certificate.
- If the signature is correct the manifest is deployed (or more precisely, it's is handed over to other admission controllers).
Build from source code
Define go workspace (GOPATH)
export GOPATH=~/go
Get the repository
go get -u github.com/codem8s/autograph
cd $GOPATH/src/github.com/codem8s/autograph
Build
go build
Run tests
go test
Run on minikube
Installation for Ubuntu
sudo apt-get update
sudo apt-get install virtualbox
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.22.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
Run
cd ~/go
export GOPATH=$(pwd)
cd $GOPATH/src/github.com/codem8s/autograph
export CGO_ENABLED=0 GOOS=linux
go build
./autograph generate
./start-minikube.sh
eval $(minikube docker-env)
docker build -t autograph .
cat kubernetes/external-admission-hook-configuration > kubernetes/external-admission-hook-configuration.yaml
awk '{printf(" %s\n", $0)}' resources/ca.pem >> kubernetes/external-admission-hook-configuration.yaml
kubectl create secret generic autograph --from-file=./resources/server.pem --from-file=./resources/server.key
kubectl create -f kubernetes/service.yaml
kubectl create -f kubernetes/autograph.yaml
Test
kubectl create -f kubernetes/echoserver.yaml
kubectl get po
kubectl logs autograph
Dependency management
Installation
cd ~/go
go get -u github.com/golang/dep/cmd/dep
Usage
export GOPATH=$(pwd)
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
cd $GOPATH/src/github.com/codem8s/autograph
dep ensure
Version Changes
Make sure to update:
README.md(both badge and the text).travis.yml(image version)main.go(binary version)
Contribute
If you have any idea for an improvement or found a bug don't hesitate to open an issue or just make a pull request!
Useful links
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.