fix port forwarded by onion-service

2 files changed, 42 insertions, 22 deletions

diff --git a/templates/default/kubernetes/onion-service-cm.yml.j2 b/templates/default/kubernetes/onion-service-cm.yml.j2
new file mode 100644
index 0000000..f980637
--- /dev/null
+++ b/templates/default/kubernetes/onion-service-cm.yml.j2
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: {{ deploy.namespace }}
+  name: onion-service-{{ deploy.stream }}
+data:
+  torrc: |
+    ## Set DataDirectory
+    DataDirectory /var/lib/tor
+
+    ## Do not act as a SOCKS proxy
+    SOCKSPort 0
+
+    ## Publish a hidden service
+    HiddenServiceDir /var/lib/tor/onion_service/
+{% for port, svc in deploy.onion_services.items() %}
+    HiddenServicePort {{ port }} {{ svc.host }}:{{ svc.port }}
+{% endfor %}
+    HiddenServiceNonAnonymousMode 1
+    HiddenServiceSingleHopMode 1
diff --git a/templates/default/kubernetes/sfive-deploy.yml.j2 b/templates/default/kubernetes/sfive-deploy.yml.j2
index fe9766b..68d907f 100644
--- a/templates/default/kubernetes/sfive-deploy.yml.j2
+++ b/templates/default/kubernetes/sfive-deploy.yml.j2
@@ -49,16 +49,28 @@ spec:
         volumeMounts:
         - name: onion-lib
           mountPath: /var/lib/tor
+      - name: generate-onion-key
+        image: spreadspace/onion-service:{{ desc.globals.deployment.parameter.onion_service_image_version }}
+        command: ['sh', '-c', '/keygen.py && touch /var/lib/tor/onion_service/onion_service_non_anonymous']
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - name: onion-lib
+          mountPath: /var/lib/tor
 {% endif %}
       containers:
 {% if deploy.worker.flags.sfive == 'proxy' %}
       - name: proxy
         image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }}
         imagePullPolicy: Always
-        args:
-        - s5proxy
-        - -config
-        - /srv/config/proxy.json
+        args: [ 's5proxy', '-config', '/srv/config/proxy.json' ]
         volumeMounts:
         - name: home
           mountPath: /srv
@@ -68,10 +80,7 @@ spec:
       - name: proxy-onion
         image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }}
         imagePullPolicy: Always
-        args:
-        - s5proxy
-        - -config
-        - /srv/config/proxy-onion.json
+        args: [ 's5proxy', '-config', '/srv/config/proxy-onion.json' ]
         volumeMounts:
         - name: home
           mountPath: /srv
@@ -80,23 +89,11 @@ spec:
       - name: onion-service
         image: spreadspace/onion-service:{{ desc.globals.deployment.parameter.onion_service_image_version }}
         imagePullPolicy: Always
-        env:
-        - name: ONION_HOST
-          value: "127.0.0.1"
-        - name: ONION_PORT
-          value: "8001"
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
+        args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ]
         volumeMounts:
         - name: onion-lib
           mountPath: /var/lib/tor
-        - name: proxy-config
+        - name: onion-config
           mountPath: /srv/config
 {%   endif %}
 {% endif %}
@@ -125,6 +122,9 @@ spec:
       - name: onion-lib
         emptyDir:
           medium: Memory
+      - name: onion-config
+        configMap:
+          name: onion-service-{{ deploy.worker.flags.stream }}
 {% endif %}
       - name: proxy-config
         configMap: