From 899cebd346ab8028135da82f01098becf1fd48df Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 23 Feb 2018 16:08:23 +0100 Subject: fix port forwarded by onion-service --- .../default/kubernetes/onion-service-cm.yml.j2 | 20 ++++++++++ templates/default/kubernetes/sfive-deploy.yml.j2 | 44 +++++++++++----------- 2 files changed, 42 insertions(+), 22 deletions(-) create mode 100644 templates/default/kubernetes/onion-service-cm.yml.j2 (limited to 'templates') diff --git a/templates/default/kubernetes/onion-service-cm.yml.j2 b/templates/default/kubernetes/onion-service-cm.yml.j2 new file mode 100644 index 0000000..f980637 --- /dev/null +++ b/templates/default/kubernetes/onion-service-cm.yml.j2 @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ deploy.namespace }} + name: onion-service-{{ deploy.stream }} +data: + torrc: | + ## Set DataDirectory + DataDirectory /var/lib/tor + + ## Do not act as a SOCKS proxy + SOCKSPort 0 + + ## Publish a hidden service + HiddenServiceDir /var/lib/tor/onion_service/ +{% for port, svc in deploy.onion_services.items() %} + HiddenServicePort {{ port }} {{ svc.host }}:{{ svc.port }} +{% endfor %} + HiddenServiceNonAnonymousMode 1 + HiddenServiceSingleHopMode 1 diff --git a/templates/default/kubernetes/sfive-deploy.yml.j2 b/templates/default/kubernetes/sfive-deploy.yml.j2 index fe9766b..68d907f 100644 --- a/templates/default/kubernetes/sfive-deploy.yml.j2 +++ b/templates/default/kubernetes/sfive-deploy.yml.j2 @@ -49,16 +49,28 @@ spec: volumeMounts: - name: onion-lib mountPath: /var/lib/tor + - name: generate-onion-key + image: spreadspace/onion-service:{{ desc.globals.deployment.parameter.onion_service_image_version }} + command: ['sh', '-c', '/keygen.py && touch /var/lib/tor/onion_service/onion_service_non_anonymous'] + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: onion-lib + mountPath: /var/lib/tor {% endif %} containers: {% if deploy.worker.flags.sfive == 'proxy' %} - name: proxy image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }} imagePullPolicy: Always - args: - - s5proxy - - -config - - /srv/config/proxy.json + args: [ 's5proxy', '-config', '/srv/config/proxy.json' ] volumeMounts: - name: home mountPath: /srv @@ -68,10 +80,7 @@ spec: - name: proxy-onion image: spreadspace/sfive:{{ desc.globals.deployment.parameter.sfive_image_version }} imagePullPolicy: Always - args: - - s5proxy - - -config - - /srv/config/proxy-onion.json + args: [ 's5proxy', '-config', '/srv/config/proxy-onion.json' ] volumeMounts: - name: home mountPath: /srv @@ -80,23 +89,11 @@ spec: - name: onion-service image: spreadspace/onion-service:{{ desc.globals.deployment.parameter.onion_service_image_version }} imagePullPolicy: Always - env: - - name: ONION_HOST - value: "127.0.0.1" - - name: ONION_PORT - value: "8001" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ] volumeMounts: - name: onion-lib mountPath: /var/lib/tor - - name: proxy-config + - name: onion-config mountPath: /srv/config {% endif %} {% endif %} @@ -125,6 +122,9 @@ spec: - name: onion-lib emptyDir: medium: Memory + - name: onion-config + configMap: + name: onion-service-{{ deploy.worker.flags.stream }} {% endif %} - name: proxy-config configMap: -- cgit v1.2.3