istio.io/istio@v0.0.0-20240520182934-d79c90f27776/samples/jwt-server/jwt-server.yaml (about) 1 # Copyright Istio Authors 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 # Example configurations for deploying a jwt-server server separately in the mesh. 16 17 apiVersion: v1 18 kind: Service 19 metadata: 20 name: jwt-server 21 labels: 22 app: jwt-server 23 spec: 24 ports: 25 - name: http 26 port: 8000 27 targetPort: 8000 28 - name: https 29 port: 8443 30 targetPort: 8443 31 selector: 32 app: jwt-server 33 --- 34 apiVersion: v1 35 kind: Secret 36 metadata: 37 name: jwt-cert-key-secret 38 # command to generate certificate 39 # use the generated server.crt, server.key by following https://github.com/istio/istio/blob/master/samples/jwt-server/testdata/README.MD 40 stringData: 41 server.crt: | 42 -----BEGIN CERTIFICATE----- 43 MIIDjzCCAnegAwIBAgIUfIuuQDfWakIpZ7bZAuuLUWhSm2AwDQYJKoZIhvcNAQEL 44 BQAwRjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRMwEQYDVQQKDApBY21lLCBJ 45 bmMuMRUwEwYDVQQDDAxBY21lIFJvb3QgQ0EwHhcNMjExMTE3MDQ0NDE2WhcNMzEx 46 MTE1MDQ0NDE2WjA/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQVoxEzARBgNVBAoM 47 CkFjbWUsIEluYy4xDjAMBgNVBAMMBSouY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC 48 AQ8AMIIBCgKCAQEAv3qsDI+3Fc65EuuPnKG4BN0dLZZy+wFNxruszYRg0foP9kUQ 49 rUUv12uu/y2Rguf09y9mXXzGc51kwU5TIhVarYPBIa46MLMBBroF908VX9ng4Q9M 50 ta+rU10e9xugRRnCDf1ZMlQJB/7pmnF21vw6gdmRt7vMLKiHQuN9BI+042Z/NiiF 51 T7xCDDz+HvhGnn+vDv53h6LPzwNM2zGLSIPaV5xkYs0fYvs5Y2pUGonrra5hGoRq 52 JzOZ3SNfKtaQ3AXrf/+kikJGFA/GmzZuhW26Nygl/kYgx7l+g3uTXOz0hN434nF6 53 Cc7EyuvD37lAsgw1w48poTnDUijV5Cx6yA8FHQIDAQABo3wwejB4BgNVHREEcTBv 54 ggpqd3Qtc2VydmVygglsb2NhbGhvc3SCF2p3dC1zZXJ2ZXIuaXN0aW8tc3lzdGVt 55 ghJqd3Qtc2VydmVyLmRlZmF1bHSCKWp3dC1zZXJ2ZXIuaXN0aW8tc3lzdGVtLnN2 56 Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBAQC26tlBXaF+chVS3f8w 57 Tv1D1lgXgJ/ROozqlSMe5BGDuOgsVtWQeqpMIXxEx8w6fXUF0TaMYxp3sC4D3Ql9 58 W+PALf9Zpy+vv6vxoKkrnKiXvOiuYkLJhaVDkzvj6j6yMjxUk5a9ehDZ0gKwXf+m 59 Ei35D8xKtPdz/FaB7qgN2mu7V47oFizon7jLLqAvlWIIQ7Pku+XfjraDPtjxUj4u 60 5qSrIfSWAeuJSEsSlGPyYJCFvqFNQYW0y8y7fCCQo7FObHfBmpp7kG2BViuLxebW 61 zfi4K3gDCpR8lWiNEjm4NamQ07OpCtmLZfaueZH/vSXXVVbs6VCsb6nJqJrGDc5t 62 K/xK 63 -----END CERTIFICATE----- 64 server.key: | 65 -----BEGIN PRIVATE KEY----- 66 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/eqwMj7cVzrkS 67 64+cobgE3R0tlnL7AU3Gu6zNhGDR+g/2RRCtRS/Xa67/LZGC5/T3L2ZdfMZznWTB 68 TlMiFVqtg8EhrjowswEGugX3TxVf2eDhD0y1r6tTXR73G6BFGcIN/VkyVAkH/uma 69 cXbW/DqB2ZG3u8wsqIdC430Ej7TjZn82KIVPvEIMPP4e+Eaef68O/neHos/PA0zb 70 MYtIg9pXnGRizR9i+zljalQaieutrmEahGonM5ndI18q1pDcBet//6SKQkYUD8ab 71 Nm6Fbbo3KCX+RiDHuX6De5Nc7PSE3jficXoJzsTK68PfuUCyDDXDjymhOcNSKNXk 72 LHrIDwUdAgMBAAECggEAPtk99ZWKa58BwkMNTUULiJUnCZqTPO4NoEhjjMWBngot 73 CRFcSvMlo9iVhO5pD4WhMy0ctVzKKpKjyosx4EMQE1nmn253bRqkIJgYczdC9cYm 74 +NgzvoLdgixTiJpJvcSZnEvm5g0NNdGmzWmmryP09D/8g0kh2Bqs4viWRVQB9I1T 75 eKbPOwatlDBiqitHDPQ7ZAGBvXfHbRc8PePQ2biJJWN/JzOrhBMG9tKpAqduQgbW 76 u/DR06JI5Gpp9LiOXcThDbSB/XLdwxLY64MAU4ihWRsQ2k+FNrnuOLDM3YNCrWF5 77 MRKRVrUhAwDs3V4my4uVu65QjDWURTg7mnbzzwKAgQKBgQDopj9ZKuNXw5T7Yuj2 78 BnYDd4h9gz2BAtQR0ACXoeFhRipmfX3TZdrfklbE5IryRZObSGBxMw/Jf+jseyT3 79 9nhE8dRrR2yxvlN/SMNP+uW3wziSRriGM8+WB2mkBEhxPrbIPyAQFupkeE6iuY0c 80 14cNiKRXPrz4lE5tBZPCECEtIQKBgQDSspYwXuakP6jeiZOym1rRfj58Xi6Hfra3 81 4e4elTsgj+iKvw/5vqn+/axqmZzymxY6vOECSlxKDee+inxHvZxr9de7DXv8rr8x 82 w+nna/hnKUzqiplbDEQCqMH0US3k9fbNX/AknGccYQO9kiYj23Gi6cnRZAVrm7oy 83 MEQIFgB8fQKBgHPLQx5zbUIic4WHnmHNp3FkTkgCSVtr9/eBqrnN9ap/zNzEOxs7 84 x+udH5jSE6IwJR6VsILHImVtR5ZkWGsefo/6OXrHyv7QtyhUI/or66hB/2c20eLh 85 6MFIoTjkdNYAm+MhIClB7pnhE2qEpgqj73E6AGn4LQAgeMRkkT1237xhAoGAJoPW 86 yIjQiH3KlMN5aFDVzS3SplFhGAulwv9d0+FbqZwk2hgLB5A+6wncFrB17DNFYP9d 87 8lk9fZwFHOObzFFw4ptSEDNq0snu0V4Kx+8IvXLjSIyFdAtN81599fdQ+GWt8+Tx 88 tP+SKbHiSSkKJ8vZffpWlhw+kWkqJDqGdSPwetECgYBzekGqr0MrrnK1nsXwd1pe 89 Y+KypdjOfu7SI9I1ujosSTo3XZ9+EJo2vJYy1acCLFrp1s8eaUhc/NTT57R/EIOL 90 8mpQUbVH8l8h6gRs6izoPFhtOKJZgkPrx7OCs08CCmYIr9qUvWFhcnsxnW7B5hic 91 LEAqdR15WVMSx/Fw8dACEw== 92 -----END PRIVATE KEY----- 93 --- 94 apiVersion: apps/v1 95 kind: Deployment 96 metadata: 97 name: jwt-server 98 spec: 99 replicas: 1 100 selector: 101 matchLabels: 102 app: jwt-server 103 template: 104 metadata: 105 labels: 106 app: jwt-server 107 spec: 108 containers: 109 - image: gcr.io/istio-testing/jwt-server:0.8 110 imagePullPolicy: IfNotPresent 111 name: jwt-server 112 volumeMounts: 113 - name: certkeysecretresource 114 mountPath: "/app/https/secretresources" 115 readOnly: true 116 args: ["-https", "8443", "-cert", "/app/https/secretresources/server.crt", "-key", "/app/https/secretresources/server.key"] 117 ports: 118 - containerPort: 8000 119 - containerPort: 8443 120 volumes: 121 - name: certkeysecretresource 122 secret: 123 secretName: jwt-cert-key-secret 124 defaultMode: 0400 125 ---