fixing some issues with k8s plan

CSCfi · Apr 3, 2024 · 5db5fe2 · 5db5fe2
1 parent 57b8395
commit 5db5fe2
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 4 deletions.
diff --git a/k8s/hpcs-server-service.yaml b/k8s/hpcs-server-service.yaml
@@ -0,0 +1,14 @@
+# Service definition for spire-oidc (expose the OIDC socket)
+apiVersion: v1
+kind: Service
+metadata:
+  name: hpcs-server
+  namespace: hpcs
+spec:
+  clusterIP: None
+  selector:
+    app: hpcs-server
+  ports:
+    - name: https
+      port: 10080
+      targetPort: hpcs-server
diff --git a/k8s/hpcs-server-statefulset.yaml b/k8s/hpcs-server-statefulset.yaml
@@ -22,6 +22,9 @@ spec:
       containers:
         - name: hpcs-server
           image: ghcr.io/cscfi/hpcs/server:k8s_plan
+          ports:
+            - containerPort: 10080
+              name: hpcs-server
           command:
             - sleep
           args:

diff --git a/server/app.py b/server/app.py
@@ -49,6 +49,11 @@
         "hpcs-server-spiffeid"
     )
 
+if configuration["spire-server"].get("socket-path"):
+    spire_interactions.spire_server_socketpath = configuration["spire-server"].get(
+        "socket-path"
+    )
+
 if configuration["spire-server"].get("pre-command"):
     spire_interactions.pre_command = configuration["spire-server"]["pre-command"]
     if configuration["spire-server"]["pre-command"] == '""':

diff --git a/server/lib/spire_interactions.py b/server/lib/spire_interactions.py
@@ -10,6 +10,7 @@
 
 jwt_workload_api = None
 hpcs_server_spiffeid = "spiffe://hpcs/hpcs-server/workload"
+spire_server_socketpath = "/tmp/spire-server/private/api.sock:"
 
 
 def token_generate(spiffeID: SpiffeId) -> subprocess.CompletedProcess:
@@ -23,11 +24,11 @@ def token_generate(spiffeID: SpiffeId) -> subprocess.CompletedProcess:
     """
 
     if pre_command != "":
-        command = f"{pre_command} {spire_server_bin} token generate -spiffeID {str(spiffeID)}".split(
+        command = f"{pre_command} {spire_server_bin} token generate -socketPath {spire_server_socketpath} -spiffeID {str(spiffeID)}".split(
             " "
         )
     else:
-        command = f"{spire_server_bin} token generate -spiffeID {str(spiffeID)}".split(
+        command = f"{spire_server_bin} token generate -socketPath {spire_server_socketpath} -spiffeID {str(spiffeID)}".split(
             " "
         )
 
@@ -48,11 +49,11 @@ def entry_create(
         subprocess.CompletedProcess: result of the cli command to create the entry
     """
     if pre_command != "":
-        command = f"{pre_command} {spire_server_bin} entry create -parentID {str(parentID)} -spiffeID {str(spiffeID)}".split(
+        command = f"{pre_command} {spire_server_bin} entry create -socketPath {spire_server_socketpath} -parentID {str(parentID)} -spiffeID {str(spiffeID)}".split(
             " "
         )
     else:
-        command = f"{spire_server_bin} entry create -parentID {str(parentID)} -spiffeID {str(spiffeID)}".split(
+        command = f"{spire_server_bin} entry create -socketPath {spire_server_socketpath} -parentID {str(parentID)} -spiffeID {str(spiffeID)}".split(
             " "
         )