-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #12 from SgtCoDFish/guestbook
Add a "guestbook"
- Loading branch information
Showing
17 changed files
with
723 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,3 +6,5 @@ print-your-cert-front.tar | |
| *.tar | ||
| *amd64 | ||
| *arm64 | ||
| guestbook/guestbook | ||
| guestbook/guestbook.sqlite | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| MAKEFLAGS += --warn-undefined-variables --no-builtin-rules | ||
| SHELL := /usr/bin/env bash | ||
| .SHELLFLAGS := -uo pipefail -c | ||
| .DEFAULT_GOAL := help | ||
| .DELETE_ON_ERROR: | ||
| .SUFFIXES: | ||
|
|
||
| .PHONY: build | ||
| build: guestbook guestbook-linux-amd64 | ||
|
|
||
| guestbook: main.go | ||
| go build -o guestbook main.go | ||
|
|
||
| guestbook-linux-amd64: main.go | ||
| GOOS=linux GOARCH=amd64 go build -o guestbook-linux-amd64 main.go |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| # cert-manager Booth Guestbook | ||
|
|
||
| ## Setup | ||
|
|
||
| 1. Manually copied a locally built guestbook binary, litestream.yml, the systemd service, the cert, key and CA files to the remote VM. | ||
| 2. Installed litestream manually, then moved litestream.yml to /etc/litestream.yml | ||
| 3. Moved the systemd unit to /usr/lib/systemd/system | ||
| 4. Created /var/guestbook | ||
| 5. Ran the guestbook with init-db to create the db, moved it to /var/guestbook | ||
| 6. Enabled litestream and the systemd unit | ||
|
|
||
| ## Root CA | ||
|
|
||
| The root CA for the whole booth demo is below: | ||
|
|
||
| ```text | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIB7TCCAZOgAwIBAgIRAJ0xoqVXNnNYDT5ZomjDrnAwCgYIKoZIzj0EAwIwVTEN | ||
| MAsGA1UEChMEQ05DRjEVMBMGA1UECxMMY2VydC1tYW5hZ2VyMS0wKwYDVQQDEyRU | ||
| aGUgY2VydC1tYW5hZ2VyIG1haW50YWluZXJzIFJvb3QgQ0EwIBcNMjQwMzE1MTcw | ||
| NjU5WhgPMjEyNDAyMjAxNzA2NTlaMFUxDTALBgNVBAoTBENOQ0YxFTATBgNVBAsT | ||
| DGNlcnQtbWFuYWdlcjEtMCsGA1UEAxMkVGhlIGNlcnQtbWFuYWdlciBtYWludGFp | ||
| bmVycyBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIHB+NLHy2VDv | ||
| QyPUVY7tPlQxfQla1dAMZGpJTy/omh3KYjDAnkW3HQYLoCOunGvdueZcGj7TC/6h | ||
| uA2FJpMgqqNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYD | ||
| VR0OBBYEFDUCC+tbCj9UK7ucreYunGkKnwGmMAoGCCqGSM49BAMCA0gAMEUCIQDC | ||
| dHkfIZx5ZNiZ2B0bdI9BfgGb+/kQW2ZXzLwm/FP6QAIgZq2wn5fZVux8ZXF7Bx22 | ||
| ZEpst23GWAwfamTUmBLlgFA= | ||
| -----END CERTIFICATE----- | ||
| ``` | ||
|
|
||
| ```text | ||
| Certificate: | ||
| Data: | ||
| Version: 3 (0x2) | ||
| Serial Number: | ||
| 9d:31:a2:a5:57:36:73:58:0d:3e:59:a2:68:c3:ae:70 | ||
| Signature Algorithm: ecdsa-with-SHA256 | ||
| Issuer: O=CNCF, OU=cert-manager, CN=The cert-manager maintainers Root CA | ||
| Validity | ||
| Not Before: Mar 15 17:06:59 2024 GMT | ||
| Not After : Feb 20 17:06:59 2124 GMT | ||
| Subject: O=CNCF, OU=cert-manager, CN=The cert-manager maintainers Root CA | ||
| Subject Public Key Info: | ||
| Public Key Algorithm: id-ecPublicKey | ||
| Public-Key: (256 bit) | ||
| pub: | ||
| 04:20:70:7e:34:b1:f2:d9:50:ef:43:23:d4:55:8e: | ||
| ed:3e:54:31:7d:09:5a:d5:d0:0c:64:6a:49:4f:2f: | ||
| e8:9a:1d:ca:62:30:c0:9e:45:b7:1d:06:0b:a0:23: | ||
| ae:9c:6b:dd:b9:e6:5c:1a:3e:d3:0b:fe:a1:b8:0d: | ||
| 85:26:93:20:aa | ||
| ASN1 OID: prime256v1 | ||
| NIST CURVE: P-256 | ||
| X509v3 extensions: | ||
| X509v3 Key Usage: critical | ||
| Digital Signature, Key Encipherment, Certificate Sign | ||
| X509v3 Basic Constraints: critical | ||
| CA:TRUE | ||
| X509v3 Subject Key Identifier: | ||
| 35:02:0B:EB:5B:0A:3F:54:2B:BB:9C:AD:E6:2E:9C:69:0A:9F:01:A6 | ||
| Signature Algorithm: ecdsa-with-SHA256 | ||
| Signature Value: | ||
| 30:45:02:21:00:c2:74:79:1f:21:9c:79:64:d8:99:d8:1d:1b: | ||
| 74:8f:41:7e:01:9b:fb:f9:10:5b:66:57:cc:bc:26:fc:53:fa: | ||
| 40:02:20:66:ad:b0:9f:97:d9:56:ec:7c:65:71:7b:07:1d:b6: | ||
| 64:4a:6c:b7:6d:c6:58:0c:1f:6a:64:d4:98:12:e5:80:50 | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: Certificate | ||
| metadata: | ||
| name: guestbook-tls | ||
| namespace: cert-manager | ||
| spec: | ||
| privateKey: | ||
| algorithm: ECDSA | ||
| size: 256 | ||
| secretName: guestbook-tls | ||
| commonName: guestbook.print-your-cert.cert-manager.io | ||
| subject: | ||
| organizations: | ||
| - CNCF | ||
| organizationalUnits: | ||
| - cert-manager | ||
| countries: | ||
| - GB | ||
| - US | ||
| - FR | ||
| - ES | ||
| - NL | ||
| duration: 87600h # 10 years | ||
| dnsNames: | ||
| - guestbook.print-your-cert.cert-manager.io | ||
| issuerRef: | ||
| name: root-print-your-cert-ca-issuer | ||
| kind: Issuer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| module github.com/cert-manager/print-your-cert/guestbook | ||
|
|
||
| go 1.22 | ||
|
|
||
| require modernc.org/sqlite v1.29.1 | ||
|
|
||
| require ( | ||
| github.com/dustin/go-humanize v1.0.1 // indirect | ||
| github.com/google/uuid v1.3.0 // indirect | ||
| github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect | ||
| github.com/mattn/go-isatty v0.0.16 // indirect | ||
| github.com/ncruces/go-strftime v0.1.9 // indirect | ||
| github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect | ||
| golang.org/x/sys v0.16.0 // indirect | ||
| modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect | ||
| modernc.org/libc v1.41.0 // indirect | ||
| modernc.org/mathutil v1.6.0 // indirect | ||
| modernc.org/memory v1.7.2 // indirect | ||
| modernc.org/strutil v1.2.0 // indirect | ||
| modernc.org/token v1.1.0 // indirect | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= | ||
| github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= | ||
| github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ= | ||
| github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= | ||
| github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= | ||
| github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= | ||
| github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= | ||
| github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= | ||
| github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= | ||
| github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= | ||
| github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= | ||
| github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= | ||
| github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4= | ||
| github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= | ||
| github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= | ||
| github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= | ||
| github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= | ||
| github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= | ||
| golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= | ||
| golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= | ||
| golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | ||
| golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= | ||
| golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= | ||
| golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= | ||
| golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= | ||
| modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 h1:5D53IMaUuA5InSeMu9eJtlQXS2NxAhyWQvkKEgXZhHI= | ||
| modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6/go.mod h1:Qz0X07sNOR1jWYCrJMEnbW/X55x206Q7Vt4mz6/wHp4= | ||
| modernc.org/libc v1.41.0 h1:g9YAc6BkKlgORsUWj+JwqoB1wU3o4DE3bM3yvA3k+Gk= | ||
| modernc.org/libc v1.41.0/go.mod h1:w0eszPsiXoOnoMJgrXjglgLuDy/bt5RR4y3QzUUeodY= | ||
| modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4= | ||
| modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo= | ||
| modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E= | ||
| modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E= | ||
| modernc.org/sqlite v1.29.1 h1:19GY2qvWB4VPw0HppFlZCPAbmxFU41r+qjKZQdQ1ryA= | ||
| modernc.org/sqlite v1.29.1/go.mod h1:hG41jCYxOAOoO6BRK66AdRlmOcDzXf7qnwlwjUIOqa0= | ||
| modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA= | ||
| modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0= | ||
| modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= | ||
| modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| [Unit] | ||
| Description=cert-manager Booth Guestbook | ||
| After=network.target | ||
|
|
||
| [Service] | ||
| # TODO: Add custom user | ||
| # User=guestbook | ||
| # Group=guestbook | ||
| ExecStart=/usr/bin/guestbook -ca-cert /var/guestbook/ca.crt -tls-chain /etc/ssl/tls.chain -tls-key /etc/ssl/tls.key -db-path /var/guestbook/guestbook.sqlite | ||
| StandardOutput=journal | ||
| StandardError=journal | ||
| Type=simple | ||
| Restart=always | ||
|
|
||
| [Install] | ||
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| set -eu -o pipefail | ||
|
|
||
| curl --cacert root-ca.pem --cert /tmp/chain.pem --key /tmp/pkey.pem https://guestbook.print-your-cert.cert-manager.io/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| dbs: | ||
| - path: /var/guestbook/guestbook.sqlite | ||
| replicas: | ||
| - url: gcs://cert-manager-booth-bucket/guestbook.sqlite |
Oops, something went wrong.