https://github.com/nmarcetic/docker-nginx-reload

Golang microservice for Vault PKI and Nginx CRL sync on Kubernetes
https://github.com/nmarcetic/docker-nginx-reload

crl go kuberne micro pki vault

Last synced: 2 days ago
JSON representation

Golang microservice for Vault PKI and Nginx CRL sync on Kubernetes

• Host: GitHub
• URL: https://github.com/nmarcetic/docker-nginx-reload
• Owner: nmarcetic
• Created: 2019-05-23T17:25:35.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2019-06-07T13:06:01.000Z (over 6 years ago)
• Last Synced: 2025-04-08T10:50:40.173Z (6 months ago)
• Topics: crl, go, kuberne, micro, pki, vault
• Language: Go
• Homepage:
• Size: 1.02 MB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
****docker-nginx-reload****

Super micro Sidecar container for K8s nginx CRL reload with image size of 1.9MB.

It exposes HTTP API endpoint which triggers CRL fetching from Vault and updating CRL file. Then thanks to K8s [Shated process namespaces  between Containers in a Pod](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) sents reload signal to nginx in order to re-load CRL file.

## Configuration

The service is configured using the environment variables presented in the

following table. Note that any unset variables will be replaced with their

default values.

| Variable                            | Description                                                | Default               |

|-------------------------------------|------------------------------------------------------------|-----------------------|

| VAULT_API_URL                         | [Vault instance API CRL read endpoint](https://www.vaultproject.io/api/secret/pki/index.html#read-crl)                                           | "http://locahost" 

| VAULT_CA_INTERMEDIATE                       | Is CA is intermediate and should we fetch its own CRL   | "false"

| VAULT_SECRET_ROOT                       | PKI secret Root name   | "pki"                 |

| VAULT_SECRET_INTERMEDIATE                       | If VAULT_CA_INTERMEDIATE is true, we must set Intermediate secret name   | "pki_int"                 |

| CRL_FILE_PATH                         | Path to CRL pem file                                          | "crl.pem"                  |

| CMD_TO_EXEC                           | Its a regex which looks for PID's looping over all running processes and finds the ones which cmdline matches the regex provided.              | ".*nginx: master.*"             |

| API_PORT                              |   API listening port                                  | "8000"              |

| API_ENDPOINT                       | API Endpoint                                        |    "/reload"                   |