diff --git a/https/Dockerfile b/https/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..6c81094a90f775811725551166bcf1f27ade5330
--- /dev/null
+++ b/https/Dockerfile
@@ -0,0 +1,7 @@
+FROM python:3.10-slim
+WORKDIR /api-flask
+COPY requirements.txt /api-flask/
+RUN pip3 install --upgrade pip && pip install --no-cache-dir -r requirements.txt
+COPY server.flask.py /api-flask/
+EXPOSE 443
+CMD ["python3", "server.flask.py"]
diff --git a/https/ingress.sh b/https/ingress.sh
new file mode 100644
index 0000000000000000000000000000000000000000..08bc2abd29a79af660e04075dc4586dc120ac54f
--- /dev/null
+++ b/https/ingress.sh
@@ -0,0 +1,43 @@
+helm upgrade --install ingress-nginx ingress-nginx \
+ --repo https://kubernetes.github.io/ingress-nginx \
+ --namespace ingress-nginx --create-namespace
+
+kubectl wait --namespace ingress-nginx \
+ --for=condition=ready pod \
+ --selector=app.kubernetes.io/component=controller \
+ --timeout=120s
+
+IP=$(kubectl get service ingress-nginx-controller --namespace=ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+
+echo $IP
+
+HOSTNAME=demo-nginx.default.svc
+#openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=FR/L=Sophia Antipolis/O=SLICES-RI/CN=$HOSTNAME" -out server.csr
+#openssl x509 -req -extfile <(printf "subjectAltName=DNS:$HOSTNAME") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
+#kubectl create secret tls $HOSTNAME-secret --cert=server.crt --key=server.key
+
+cat << EOF > ingress-demo.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: demo-nginx
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+ ingressClassName: nginx
+ tls:
+ - hosts:
+ - www.demo.io # The hostname for HTTPS
+ secretName: $HOSTNAME-secret # TLS secret for SSL termination
+ rules:
+ - host: www.demo.io
+ http:
+ paths:
+ - backend:
+ service:
+ name: demo-nginx
+ port:
+ number: 5000
+ path: /
+ pathType: Prefix
+EOF
diff --git a/https/launch.sh b/https/launch.sh
index e7af87f7458f8185108bca5ef6d1e9686603a0d6..19bbc90d15f9f3c9dc39ccd79667ebad943b8a85 100755
--- a/https/launch.sh
+++ b/https/launch.sh
@@ -1,7 +1,9 @@
#!/usr/bin/bash
-#openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=172.29.7.11" -out server.csr
-#openssl x509 -req -extfile <(printf "subjectAltName=DNS:172.29.7.11,IP:172.29.7.11") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
-python3 -m venv .
-source ./bin/activate
-pip3 install -r requirements.txt
-python3/server.flask.py
+# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=FR/L=Sophia Antipolis/O=SLICES-RI/CN=$HOSTNAME" -out server.csr
+# openssl x509 -req -extfile <(printf "subjectAltName=DNS:$HOSTNAME") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
+# kubectl create secret generic tls-secret --from-file=server.key --from-file=server.crt
+
+#python3 -m venv .
+#source ./bin/activate
+#pip3 install -r requirements.txt
+#python3/server.flask.py
diff --git a/https/server.flask.py b/https/server.flask.py
index 3f206b790bf73c1e171b77fe9b9901a3e7bbef0b..19f4a6d0862cdb13cd1afe489b04211a4e4fd6dd 100644
--- a/https/server.flask.py
+++ b/https/server.flask.py
@@ -1,3 +1,7 @@
+# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=172.29.7.11" -out server.csr
+# openssl x509 -req -extfile <(printf "subjectAltName=DNS:172.29.7.11,IP:172.29.7.11") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
+# kubectl create secret generic tls-secret --from-file=server.key --from-file=server.crt
+
# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=172.29.7.11" -out server.csr
# openssl x509 -req -extfile <(printf "subjectAltName=DNS:172.29.7.11,IP:172.29.7.11") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
# python3 -m venv ~/https
@@ -5,6 +9,48 @@
# pip3 install -r requirements.txt
from flask import Flask, request, jsonify
+import argparse
+import os
+
+def check_environment_variables():
+ """
+ Checks and returns the 'KEY', 'CERTIFICATE', and 'PORT' values.
+
+ - Both 'KEY' and 'CERTIFICATE' are optional environment variables, but if one is set,
+ both must be defined. If only one is set without the other, a ValueError is raised.
+ - 'PORT' can be provided via an environment variable. Defaults to 80 if 'KEY' is not defined,
+ and 443 if 'KEY' is defined, if the environment variable is not set.
+
+ Returns:
+ tuple: A tuple containing the values of 'KEY', 'CERTIFICATE', and 'PORT'. If neither
+ 'KEY' nor 'CERTIFICATE' is set, both values will be None.
+
+ Raises:
+ ValueError: If one of 'KEY' or 'CERTIFICATE' is set but the other is not.
+ """
+ key = os.getenv('KEY')
+ certificate = os.getenv('CERTIFICATE')
+
+ if key is not None or certificate is not None:
+ if not (key and certificate):
+ raise ValueError("Both 'KEY' and 'CERTIFICATE' must be defined if one is set.")
+
+ # Determine port value from environment variable
+ port_env = os.getenv('PORT')
+ if port_env is not None:
+ try:
+ port = int(port_env)
+ except ValueError:
+ raise ValueError("Environment variable 'PORT' must be an integer.")
+ else:
+ # Default port values based on the presence of 'key'
+ if key is not None:
+ port = 443
+ else:
+ port = 80
+
+ return key, certificate, port
+
app = Flask(__name__)
@app.route("/namespace", methods = ['GET', 'POST'])
@@ -69,4 +115,12 @@ def hello():
return msg
if __name__ == "__main__":
- app.run(host='0.0.0.0', port=8000, ssl_context=('server.crt', 'server.key'))
+ try:
+ key, certificate, port = check_environment_variables()
+ except ValueError as e:
+ print(f"Error: {e}")
+
+ if key is None:
+ app.run(host='0.0.0.0', port=port)
+ else:
+ app.run(host='0.0.0.0', port=port, ssl_context=(certificate, key))
diff --git a/k8s/service.yaml b/k8s/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f16326206e4667e6fa864a3bff42f72d6fb77f65
--- /dev/null
+++ b/k8s/service.yaml
@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: demo-nginx
+ labels:
+ app.kubernetes.io/name: proxy
+spec:
+ containers:
+ - name: demo-nginx
+ image: 172.29.7.10:5001/k8s-webhook
+ env:
+ - name: KEY
+ value: "/server.key"
+ - name: CERTIFICATE
+ value: "/server.crt"
+ volumeMounts:
+ - name: secret-volume
+ mountPath: "/server.key"
+ subPath: server.key
+ readOnly: true
+ - name: secret-volume
+ mountPath: "/server.crt"
+ subPath: server.crt
+ readOnly: true
+ ports:
+ - containerPort: 443
+ name: http-web-svc
+ volumes:
+ - name: secret-volume
+ secret:
+ secretName: tls-secret
+ items:
+ - key: server.key
+ path: server.key
+ - key: server.crt
+ path: server.crt
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: demo-nginx
+spec:
+ selector:
+ app.kubernetes.io/name: proxy
+ ports:
+ - name: name-of-service-port
+ protocol: TCP
+ port: 443
+ targetPort: http-web-svc
diff --git a/k8s/webhook_service.sh b/k8s/webhook_service.sh
new file mode 100644
index 0000000000000000000000000000000000000000..760ef9f695f0a5fb80cc1908fd9dbbd097989b06
--- /dev/null
+++ b/k8s/webhook_service.sh
@@ -0,0 +1,24 @@
+cat <<EOF > webhook.yaml
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: my-webhook
+webhooks:
+- name: www.demo.io
+ clientConfig:
+ service:
+ namespace: default
+ name: demo-nginx
+ path: /namespace
+ caBundle: $(sudo cat /etc/kubernetes/pki/ca.crt | base64 | tr -d "\n")
+ rules:
+ - operations: ["CREATE", "DELETE"]
+ apiGroups: [""]
+ apiVersions: ["v1"]
+ resources: ["namespaces"]
+ admissionReviewVersions: ["v1"]
+ timeoutSeconds: 5
+ sideEffects: NoneOnDryRun
+EOF
+
+kubectl create -f webhook.yaml