Comments (5)
fffonion
commented on May 24, 2024
1
@UXabre The WIP code looks awesome!
I'm not super familar with how to test upon k8s world without bring up
real k8s cluster (minikube?). But that may be too compilcated and make the test takes much more time to run.
Actually I think if you can capture what a real Vault agent sent when it's authenticating to Vault server, and use that
as an "expected result", it's kind of acceptable as well.
from lua-resty-acme.
UXabre
commented on May 24, 2024
1
I'll try doing it using a JWT auth method. It behaves very similar to the kubernetes auth (only very minor changes, an nothing which affects the code). It, at least, is much more lightweight then setting up k8s/k3s.
I'm currently running the test suites and it will probably need a bit of rinse and repeat before I'll make the PR... nevertheless, I hope to have it in a few hours.
from lua-resty-acme.
fffonion
commented on May 24, 2024
Resource for developer for this feature: https://www.vaultproject.io/docs/auth/kubernetes
from lua-resty-acme.
UXabre
commented on May 24, 2024
Thanks for the input!
I'm currently working on implementing this.
I'm struggling a bit to get this automatically tested tough...
Here's my WiP so far:
UXabre@81de6f9
from lua-resty-acme.
UXabre
commented on May 24, 2024
I've made it! The automated test is running; but I was unsure where to put the prepping of Vault (as to include JWT auth etc.), I've added it to tests.yml in the github workflow directory
from lua-resty-acme.
Related Issues (20)
- 按照Synopsis的步骤操作之后,没有生效,访问网站发现使用的是fallback证书,如何查找原因呢? HOT 4
- During renewal, errors on list() operation from consul storage is not logged: instead results in runtime error
- dns-01 challenge HOT 3
- How do I use ZeroSSL? HOT 3
- Error while trying to use subdomain with "_" simbol HOT 2
- How to use it? HOT 3
- -
- - HOT 1
- ZeroSSL integration failing to create account HOT 5
- How to configure other storage configs when in DB-less? HOT 2
- Zerossl config api_uri but error ngx.timer HOT 5
- Storage adapter not connect redis HOT 1
- -
- BoringSSL not working HTTP3 HOT 2
- error during acme login HOT 2
- get_certkey_parsed: Pass stale certificate if getting certificate from storage fails HOT 2
- Problem with update locks HOT 4
- Option to delete none whitelisted domains in certificate update HOT 2
- Check cache from domain_whitelist_callback? HOT 7
- Ability to block the first request until certs are created? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-acme.