|
1 | | -# k8s-contract-provider |
2 | | -Module for WirePact that continuously fetches all valid contracts for its own trust zone and stores them in a local file or a Kubernetes secret. The contracts are used for mTLS connections between mesh participants. |
| 1 | +# WirePact Contract Provider |
| 2 | + |
| 3 | +The contract provider is a module for WirePact that continuously fetches the involved contracts of the |
| 4 | +"main" PKI. The fetched contracts contain public certificates of all participating parties and can |
| 5 | +be used to verify mTLS certificates of off-site services. |
| 6 | + |
| 7 | +## Configuration |
| 8 | + |
| 9 | +The provider can be configured via environment variables or command line arguments. |
| 10 | + |
| 11 | +- `STORAGE` (`-s | --storage <STORAGE>`): The storage adapter to use (defaults to `local`) |
| 12 | + (possible values: `local`, `kubernetes`) |
| 13 | +- `SECRET_NAME` (`--secret-name <NAME>`): The name of the Kubernetes secret to use |
| 14 | + (defaults to `wirepact-contracts`) |
| 15 | +- `COMMON_NAME` (`--common-name <NAME>`): Defines the common name for the own private certificate |
| 16 | + (defaults to `wirepact-contract-provider`) |
| 17 | +- `PKI_ADDRESS` (`--pki-address <URL>`): The URL of the "main" PKI for this participant |
| 18 | +- `PKI_API_KEY` (`--pki-api-key <KEY>`): The API key to authorize calls against the PKI (optional) |
| 19 | +- `REPO_ADDRESS` (`--repo-address <URL>`): The URL of the WirePact contract repository |
| 20 | +- `REPO_API_KEY` (`--repo-api-key <KEY>`): The API key to authorize calls against the contract repository (optional) |
| 21 | +- `FETCH_INTERVAL` (`--fetch-interval <INTERVAL>`): The fetch interval to use, if omitted, the |
| 22 | + provider will fetch everything just once and terminate afterwards. |
| 23 | + Refer to the [Units Section](https://docs.rs/parse_duration/latest/parse_duration/#units) of the |
| 24 | + `parse_duration` crate for the possible units. |
| 25 | + This defaults to `5min` in the Docker image. |
| 26 | +- `DEBUG` (`-d | --debug`): Enables debug logging (defaults to `false`) |
0 commit comments