Skip to content
/ docker-wkd Public
forked from drGrove/docker-wkd

A Web Key Directory generating docker image

License

GPL-3.0 license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hashbang/docker-wkd

1 Branch0 Tags
This branch is 4 commits behind drGrove/docker-wkd:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

drGrovedrGrove
Merge remote-tracking branch 'origin/refs/pull/4/head'
Jul 26, 2021
9e0721e · Jul 26, 2021

History

39 Commits
kustomize
kustomize
Jul 26, 2021
test
test
Jun 13, 2021
.dockerignore
.dockerignore
Jun 13, 2021
.gitignore
.gitignore
Apr 27, 2021
.travis.yml
.travis.yml
Nov 12, 2018
Dockerfile
Dockerfile
Jun 13, 2021
LICENSE
LICENSE
Jun 13, 2021
Makefile
Makefile
Apr 27, 2021
README.md
README.md
Jul 23, 2021
generate-wkd
generate-wkd
Jun 13, 2021
wkd-sync
wkd-sync
Jun 13, 2021

Repository files navigation

docker-wkd

A OpenPGP WKD (Web Key Directory) generating docker image.

Usage

ENV VAR Required Defaults Description
MAIL_DOMAIN * The domain you'd like to generate key files for. (ex. drgrovellc.com)
DATA_FILE_PATH /data/keys.txt The path to the datafile
HU_FOLDER /data/ The folder you'd like to generate the wkd in 
# Make your folders
mkdir data hu .gnupg

# Make your keys.txt file

# This will pull the key from a keyserver and then generate the correct file for WKD.
# If you'd like to provide your own keys use the folder option

echo "C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD # Danny Grove" > data/keys.txt

# Using folder.
gpg --export --armour <FINGERPRINT> > data/<email-username>.asc

docker run --rm \
  -v $PWD/data:/data/ -v $PWD/hu:/root/hu -v $PWD/.gnupg:/root/.gnupg \
  -e MAIL_DOMAIN=drgrovellc.com
  drgrove/wkd

Deploying in Kubernetes

You can use the kustomization provided as a base, but you will need to add a few overrides.

Adding a Key

To add a key to WKD you simpely create a configmap for that key with the label wkd: enroll. The example below with use a configMapGenerator

# kustomization.yaml
...
configMapGenerator:
  - name: mykey
    options:
      labels:
        wkd: 'enroll'
      files:
      - pgp/mykey.asc

Assumed folder structure of above example:

kustomize
|- kustomization.yaml
|- pgp/
   |- mykey.asc

Patching your ingress

The example below is using nginx-ingress-controller. This is binding /.well-known/openpgp to the wkd service.

# ingess.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wkd
  labels:
    app.kubernetes.io/name: wkd
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  tls:
    - hosts:
      - mywebsite.com
      secretName: mywebsite-tls
  rules:
    - host: mywebsite.com
      http:
        paths:
        - path: /.well-known/openpgpkey/
          pathType: Prefix
          backend:
            service:
              name: wkd
              port:
                number: 80

Cluster Install

If you'd like to be able in aggregate PGP keys that have been installed in other namespaces you can do so by adding cluster-rbac to your install

# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: wkd
resources:
  - github.com/drGrove/docker-wkd/kustomize/direct
  - github.com/drGrove/docker-wkd/kustomize/cluster-rbac

About

A Web Key Directory generating docker image

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 85.6%
  • Dockerfile 12.4%
  • Makefile 2.0%