| # Copyright Istio Authors |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Example configurations for deploying a jwt-server server separately in the mesh. |
| |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: jwt-server |
| labels: |
| app: jwt-server |
| spec: |
| ports: |
| - name: http |
| port: 8000 |
| targetPort: 8000 |
| - name: https |
| port: 8443 |
| targetPort: 8443 |
| selector: |
| app: jwt-server |
| --- |
| apiVersion: v1 |
| kind: Secret |
| metadata: |
| name: jwt-cert-key-secret |
| # command to generate certificate |
| # use the generated server.crt, server.key by following https://github.com/istio/istio/blob/master/samples/jwt-server/testdata/README.MD |
| stringData: |
| server.crt: | |
| -----BEGIN CERTIFICATE----- |
| MIIDjzCCAnegAwIBAgIUfIuuQDfWakIpZ7bZAuuLUWhSm2AwDQYJKoZIhvcNAQEL |
| BQAwRjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRMwEQYDVQQKDApBY21lLCBJ |
| bmMuMRUwEwYDVQQDDAxBY21lIFJvb3QgQ0EwHhcNMjExMTE3MDQ0NDE2WhcNMzEx |
| MTE1MDQ0NDE2WjA/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQVoxEzARBgNVBAoM |
| CkFjbWUsIEluYy4xDjAMBgNVBAMMBSouY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC |
| AQ8AMIIBCgKCAQEAv3qsDI+3Fc65EuuPnKG4BN0dLZZy+wFNxruszYRg0foP9kUQ |
| rUUv12uu/y2Rguf09y9mXXzGc51kwU5TIhVarYPBIa46MLMBBroF908VX9ng4Q9M |
| ta+rU10e9xugRRnCDf1ZMlQJB/7pmnF21vw6gdmRt7vMLKiHQuN9BI+042Z/NiiF |
| T7xCDDz+HvhGnn+vDv53h6LPzwNM2zGLSIPaV5xkYs0fYvs5Y2pUGonrra5hGoRq |
| JzOZ3SNfKtaQ3AXrf/+kikJGFA/GmzZuhW26Nygl/kYgx7l+g3uTXOz0hN434nF6 |
| Cc7EyuvD37lAsgw1w48poTnDUijV5Cx6yA8FHQIDAQABo3wwejB4BgNVHREEcTBv |
| ggpqd3Qtc2VydmVygglsb2NhbGhvc3SCF2p3dC1zZXJ2ZXIuaXN0aW8tc3lzdGVt |
| ghJqd3Qtc2VydmVyLmRlZmF1bHSCKWp3dC1zZXJ2ZXIuaXN0aW8tc3lzdGVtLnN2 |
| Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBAQC26tlBXaF+chVS3f8w |
| Tv1D1lgXgJ/ROozqlSMe5BGDuOgsVtWQeqpMIXxEx8w6fXUF0TaMYxp3sC4D3Ql9 |
| W+PALf9Zpy+vv6vxoKkrnKiXvOiuYkLJhaVDkzvj6j6yMjxUk5a9ehDZ0gKwXf+m |
| Ei35D8xKtPdz/FaB7qgN2mu7V47oFizon7jLLqAvlWIIQ7Pku+XfjraDPtjxUj4u |
| 5qSrIfSWAeuJSEsSlGPyYJCFvqFNQYW0y8y7fCCQo7FObHfBmpp7kG2BViuLxebW |
| zfi4K3gDCpR8lWiNEjm4NamQ07OpCtmLZfaueZH/vSXXVVbs6VCsb6nJqJrGDc5t |
| K/xK |
| -----END CERTIFICATE----- |
| server.key: | |
| -----BEGIN PRIVATE KEY----- |
| MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC/eqwMj7cVzrkS |
| 64+cobgE3R0tlnL7AU3Gu6zNhGDR+g/2RRCtRS/Xa67/LZGC5/T3L2ZdfMZznWTB |
| TlMiFVqtg8EhrjowswEGugX3TxVf2eDhD0y1r6tTXR73G6BFGcIN/VkyVAkH/uma |
| cXbW/DqB2ZG3u8wsqIdC430Ej7TjZn82KIVPvEIMPP4e+Eaef68O/neHos/PA0zb |
| MYtIg9pXnGRizR9i+zljalQaieutrmEahGonM5ndI18q1pDcBet//6SKQkYUD8ab |
| Nm6Fbbo3KCX+RiDHuX6De5Nc7PSE3jficXoJzsTK68PfuUCyDDXDjymhOcNSKNXk |
| LHrIDwUdAgMBAAECggEAPtk99ZWKa58BwkMNTUULiJUnCZqTPO4NoEhjjMWBngot |
| CRFcSvMlo9iVhO5pD4WhMy0ctVzKKpKjyosx4EMQE1nmn253bRqkIJgYczdC9cYm |
| +NgzvoLdgixTiJpJvcSZnEvm5g0NNdGmzWmmryP09D/8g0kh2Bqs4viWRVQB9I1T |
| eKbPOwatlDBiqitHDPQ7ZAGBvXfHbRc8PePQ2biJJWN/JzOrhBMG9tKpAqduQgbW |
| u/DR06JI5Gpp9LiOXcThDbSB/XLdwxLY64MAU4ihWRsQ2k+FNrnuOLDM3YNCrWF5 |
| MRKRVrUhAwDs3V4my4uVu65QjDWURTg7mnbzzwKAgQKBgQDopj9ZKuNXw5T7Yuj2 |
| BnYDd4h9gz2BAtQR0ACXoeFhRipmfX3TZdrfklbE5IryRZObSGBxMw/Jf+jseyT3 |
| 9nhE8dRrR2yxvlN/SMNP+uW3wziSRriGM8+WB2mkBEhxPrbIPyAQFupkeE6iuY0c |
| 14cNiKRXPrz4lE5tBZPCECEtIQKBgQDSspYwXuakP6jeiZOym1rRfj58Xi6Hfra3 |
| 4e4elTsgj+iKvw/5vqn+/axqmZzymxY6vOECSlxKDee+inxHvZxr9de7DXv8rr8x |
| w+nna/hnKUzqiplbDEQCqMH0US3k9fbNX/AknGccYQO9kiYj23Gi6cnRZAVrm7oy |
| MEQIFgB8fQKBgHPLQx5zbUIic4WHnmHNp3FkTkgCSVtr9/eBqrnN9ap/zNzEOxs7 |
| x+udH5jSE6IwJR6VsILHImVtR5ZkWGsefo/6OXrHyv7QtyhUI/or66hB/2c20eLh |
| 6MFIoTjkdNYAm+MhIClB7pnhE2qEpgqj73E6AGn4LQAgeMRkkT1237xhAoGAJoPW |
| yIjQiH3KlMN5aFDVzS3SplFhGAulwv9d0+FbqZwk2hgLB5A+6wncFrB17DNFYP9d |
| 8lk9fZwFHOObzFFw4ptSEDNq0snu0V4Kx+8IvXLjSIyFdAtN81599fdQ+GWt8+Tx |
| tP+SKbHiSSkKJ8vZffpWlhw+kWkqJDqGdSPwetECgYBzekGqr0MrrnK1nsXwd1pe |
| Y+KypdjOfu7SI9I1ujosSTo3XZ9+EJo2vJYy1acCLFrp1s8eaUhc/NTT57R/EIOL |
| 8mpQUbVH8l8h6gRs6izoPFhtOKJZgkPrx7OCs08CCmYIr9qUvWFhcnsxnW7B5hic |
| LEAqdR15WVMSx/Fw8dACEw== |
| -----END PRIVATE KEY----- |
| |
| |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: jwt-server |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app: jwt-server |
| template: |
| metadata: |
| labels: |
| app: jwt-server |
| spec: |
| containers: |
| - image: docker.io/istio/jwt-server:0.6 |
| imagePullPolicy: IfNotPresent |
| name: jwt-server |
| volumeMounts: |
| - name: certkeysecretresource |
| mountPath: "/app/https/secretresources" |
| readOnly: true |
| args: ["-https", "8443", "-cert", "/app/https/secretresources/server.crt", "-key", "/app/https/secretresources/server.key"] |
| ports: |
| - containerPort: 8000 |
| - containerPort: 8443 |
| volumes: |
| - name: certkeysecretresource |
| secret: |
| secretName: jwt-cert-key-secret |
| defaultMode: 0400 |
| --- |