Skip to content

Commit 34ff147

Browse files
phrockerphrocker
committed
Fix TLS. Need to verify other containers
1 parent e3d72d9 commit 34ff147

32 files changed

Lines changed: 477 additions & 94 deletions

File tree

.gitignore

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,4 +55,9 @@ api/node_modules/
5555

5656
# Ignore generated frontend assets
5757
api/src/main/resources/static/node/
58-
api/node
58+
api/node
59+
60+
.generated/
61+
# Ignore Generated keys if they exist
62+
docker/dev-certs/sentrius-ca.crt
63+
docker/dev-certs/sentrius-ca.key

.local.env

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
SENTRIUS_VERSION=1.1.110
2-
SENTRIUS_SSH_VERSION=1.1.19
3-
SENTRIUS_KEYCLOAK_VERSION=1.1.31
4-
SENTRIUS_AGENT_VERSION=1.1.19
5-
SENTRIUS_AI_AGENT_VERSION=1.1.34
6-
LLMPROXY_VERSION=1.0.22
7-
LAUNCHER_VERSION=1.0.30
1+
SENTRIUS_VERSION=1.1.117
2+
SENTRIUS_SSH_VERSION=1.1.26
3+
SENTRIUS_KEYCLOAK_VERSION=1.1.38
4+
SENTRIUS_AGENT_VERSION=1.1.25
5+
SENTRIUS_AI_AGENT_VERSION=1.1.40
6+
LLMPROXY_VERSION=1.0.28
7+
LAUNCHER_VERSION=1.0.36

.local.env.bak

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
SENTRIUS_VERSION=1.1.110
2-
SENTRIUS_SSH_VERSION=1.1.19
3-
SENTRIUS_KEYCLOAK_VERSION=1.1.30
4-
SENTRIUS_AGENT_VERSION=1.1.19
5-
SENTRIUS_AI_AGENT_VERSION=1.1.34
6-
LLMPROXY_VERSION=1.0.22
7-
LAUNCHER_VERSION=1.0.30
1+
SENTRIUS_VERSION=1.1.117
2+
SENTRIUS_SSH_VERSION=1.1.26
3+
SENTRIUS_KEYCLOAK_VERSION=1.1.38
4+
SENTRIUS_AGENT_VERSION=1.1.25
5+
SENTRIUS_AI_AGENT_VERSION=1.1.40
6+
LLMPROXY_VERSION=1.0.28
7+
LAUNCHER_VERSION=1.0.36

Dockerfile

Lines changed: 0 additions & 19 deletions
This file was deleted.

README.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,8 +117,8 @@ Run the Helm deployment script to deploy Sentrius to your local Kubernetes clust
117117

118118
./ops-scripts/local/deploy-helm.sh
119119

120-
121120

121+
## If Not using TLS
122122
You may wish to forward ports so you can access the services locally. The following commands will forward the necessary ports for the core and api modules:
123123
kubectl port-forward -n dev service/sentrius-sentrius 8080:8080
124124
kubectl port-forward -n dev service/sentrius-keycloak 8081:8081
@@ -127,6 +127,15 @@ This will require that you either change the hostnames in the deploy-helm script
127127
127.0.0.1 sentrius-sentrius
128128
127.0.0.1 sentrius-keycloak
129129

130+
## If Using TLS
131+
The deploy script will automatically install cert-manager and create self-signed certificates for the services. You can access the services via:
132+
133+
https://sentrius-dev.local
134+
https://keycloak-dev.local
135+
136+
Add these to /etc/hosts file pointing to your minikube or local cluster IP.
137+
138+
130139
There is a GCP deployment that is hasn't been tested in some time. You can find it in the ops-scripts/gcp directory.
131140

132141
You will need to ensure you link to your GKE cluster and have the necessary permissions to deploy resources.

docker/dev-certs/empty-sentrius-ca.crt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
empty file :)

docker/fake-ssh/dev-certs/sentrius-ca.crt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDJTCCAg2gAwIBAgIUDvcfbY2leSeMSnrsrJo2zv0ue/kwDQYJKoZIhvcNAQEL
3+
BQAwGjEYMBYGA1UEAwwPc2VudHJpdXMtZGV2LWNhMB4XDTI1MDcwMjIxNDk0MloX
4+
DTI2MDcwMjIxNDk0MlowGjEYMBYGA1UEAwwPc2VudHJpdXMtZGV2LWNhMIIBIjAN
5+
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDoRTDzG6QhQNy9tthyVnFIfBvS
6+
issnqzmpT3XrDdpHT0BIgYIBXWZzQbnhfnM1abCzZtn1ozmzUp84/PJbFYcupjNZ
7+
YUwul0C7BTAm8oN1vhQFbZ6u5iixHUsIbvxNb9IW8Yu003dtP1iXiaMcNZPr9xz7
8+
INgYigJuoSxtIEuzSBOFNYaXuUfn4r4GIlzF9lDnxeltvQqHTS5j4cdzXdis2e6k
9+
Gy+9OYZZp62WRHWTuhRfOakL1b+voTU8udyIS++mmxXy+AjHlzPuRB8L7wi3HoAM
10+
hBUxCzzJB3+mYNzyOd75bccbiWbMu1ay7WhOxxN2hxWJg+8u05bgAi4EPQIDAQAB
11+
o2MwYTAdBgNVHQ4EFgQU63Fomh1GrbWOavtqFoOhcboMAxMwHwYDVR0jBBgwFoAU
12+
63Fomh1GrbWOavtqFoOhcboMAxMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
13+
BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAIu5heYvdV0r33avCMg82txjWvv7mXA5
14+
8BwU2GUsHqbh/0bS3Sxwc2KRsEh77NcgGo5Lr0gEftTzexGBjCikzhTL1+cWf6Ay
15+
b04NTr7E/EigZlZs/Ceoav5Mw7zElwDhtAr35OoQKTKBUHJgPKUAr5i2Ijwj8HYw
16+
ua/zUKU3RxRiuMTfsZmnzTJEtrTkgMbQN4HNRXTSmVPYNpYhVS+cPM9Xvy5QVaIR
17+
F2RxiywKSSzRY88w2c3sGXjDYs9wmxIWKbjNX51q2ZxwpF9E4c2s48eTjiVS5kVA
18+
/frlToZdVeLORjTtVw24RN4DTqsbOB3SkybylkopF8YjlkvEQNNZZ3c=
19+
-----END CERTIFICATE-----

docker/integrationproxy/Dockerfile

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,34 @@
11
# Use an OpenJDK image as the base
22
FROM openjdk:17-jdk-slim
33

4+
# Declare the argument
5+
ARG INCLUDE_DEV_CERTS=false
6+
7+
# Set environment so you can use in RUN
8+
ENV INCLUDE_DEV_CERTS=${INCLUDE_DEV_CERTS}
9+
10+
411
# Set working directory
512
WORKDIR /app
613

714
# Copy the pre-built API JAR into the container
815
COPY llmproxy.jar /app/llmproxy.jar
916

17+
18+
COPY dev-certs/sentrius-ca.crt /tmp/sentrius-ca.crt
19+
20+
RUN if [ "$INCLUDE_DEV_CERTS" = "true" ] && [ -f /tmp/sentrius-ca.crt ]; then \
21+
echo "Importing dev CA cert..." && \
22+
keytool -import -noprompt -trustcacerts \
23+
-alias sentrius-local-ca \
24+
-file /tmp/sentrius-ca.crt \
25+
-keystore "$JAVA_HOME/lib/security/cacerts" \
26+
-storepass changeit ; \
27+
else \
28+
echo "Skipping cert import"; \
29+
fi
30+
31+
1032
# Expose the port the app runs on
1133
EXPOSE 8080
1234

docker/integrationproxy/dev-certs/sentrius-ca.crt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDJTCCAg2gAwIBAgIUDvcfbY2leSeMSnrsrJo2zv0ue/kwDQYJKoZIhvcNAQEL
3+
BQAwGjEYMBYGA1UEAwwPc2VudHJpdXMtZGV2LWNhMB4XDTI1MDcwMjIxNDk0MloX
4+
DTI2MDcwMjIxNDk0MlowGjEYMBYGA1UEAwwPc2VudHJpdXMtZGV2LWNhMIIBIjAN
5+
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDoRTDzG6QhQNy9tthyVnFIfBvS
6+
issnqzmpT3XrDdpHT0BIgYIBXWZzQbnhfnM1abCzZtn1ozmzUp84/PJbFYcupjNZ
7+
YUwul0C7BTAm8oN1vhQFbZ6u5iixHUsIbvxNb9IW8Yu003dtP1iXiaMcNZPr9xz7
8+
INgYigJuoSxtIEuzSBOFNYaXuUfn4r4GIlzF9lDnxeltvQqHTS5j4cdzXdis2e6k
9+
Gy+9OYZZp62WRHWTuhRfOakL1b+voTU8udyIS++mmxXy+AjHlzPuRB8L7wi3HoAM
10+
hBUxCzzJB3+mYNzyOd75bccbiWbMu1ay7WhOxxN2hxWJg+8u05bgAi4EPQIDAQAB
11+
o2MwYTAdBgNVHQ4EFgQU63Fomh1GrbWOavtqFoOhcboMAxMwHwYDVR0jBBgwFoAU
12+
63Fomh1GrbWOavtqFoOhcboMAxMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
13+
BAMCAQYwDQYJKoZIhvcNAQELBQADggEBAIu5heYvdV0r33avCMg82txjWvv7mXA5
14+
8BwU2GUsHqbh/0bS3Sxwc2KRsEh77NcgGo5Lr0gEftTzexGBjCikzhTL1+cWf6Ay
15+
b04NTr7E/EigZlZs/Ceoav5Mw7zElwDhtAr35OoQKTKBUHJgPKUAr5i2Ijwj8HYw
16+
ua/zUKU3RxRiuMTfsZmnzTJEtrTkgMbQN4HNRXTSmVPYNpYhVS+cPM9Xvy5QVaIR
17+
F2RxiywKSSzRY88w2c3sGXjDYs9wmxIWKbjNX51q2ZxwpF9E4c2s48eTjiVS5kVA
18+
/frlToZdVeLORjTtVw24RN4DTqsbOB3SkybylkopF8YjlkvEQNNZZ3c=
19+
-----END CERTIFICATE-----

docker/keycloak/Dockerfile

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,22 @@
11
FROM quay.io/keycloak/keycloak:24.0.1 as builder
22

3+
# Declare the argument
4+
ARG INCLUDE_DEV_CERTS=false
5+
6+
# Set environment so you can use in RUN
7+
ENV INCLUDE_DEV_CERTS=${INCLUDE_DEV_CERTS}
8+
39
# Enable health and metrics support
410
ENV KC_HEALTH_ENABLED=true
511
ENV KC_METRICS_ENABLED=true
6-
712
# Configure a database vendor
813
ENV KC_DB=postgres
914

1015
WORKDIR /opt/keycloak
1116

17+
# Copy certs if needed
18+
19+
1220
RUN /opt/keycloak/bin/kc.sh build
1321

1422
FROM quay.io/keycloak/keycloak:24.0.1

0 commit comments

Comments
 (0)