add example docker-compose and k8s files. (#75)

mmou · web-flow · commit 20cee2616fed · 2020-01-03T16:47:06.000-08:00
* add example docker-compose and k8s files.
diff --git a/docs/deploy_options.md b/docs/deploy_options.md
@@ -0,0 +1,6 @@
+# Alternate Deploy Options
+
+We include example docker-compose and kubernetes files for deploying the SSH CA:
+
+- [docker-compose-ca.yml.example](./docker-compose-ca.yml.example)
+- [sshca.yml.example](./sshca.yml.example)
diff --git a/docs/docker-compose-ca.yml.example b/docs/docker-compose-ca.yml.example
@@ -0,0 +1,16 @@
+# Example docker-compose file for the SSH CA.
+version: '3.7'
+services:
+  kbsshca:
+    image: ca:latest
+    container_name: kbsshca
+    # use the corresponding entrypoint script for your purpose
+    command: ["./docker/entrypoint-generate.sh"]
+    #command: ["./docker/entrypoint-server.sh"]
+    environment:
+      TEAMS: 'list,of,teams'
+      KEYBASE_USERNAME: 'yourusername'
+      KEYBASE_PAPERKEY: 'your paper key' # ideally, add this as a docker secret, and not in plaintext here
+      FORCE_WRITE: 'false'
+    volumes: 
+      - "./docker/example-keybaseca-volume:/mnt"
diff --git a/docs/sshca.yml.example b/docs/sshca.yml.example
@@ -0,0 +1,56 @@
+# Example kubernetes file for the SSH CA.
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ namespace: sshca
+ name: kbsshca
+spec:
+ accessModes:
+  - ReadWriteOnce
+ resources:
+   requests:
+     storage: 1Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: sshca
+  name: kbsshca
+  labels:
+    app: kbsshca
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbsshca
+  template:
+    metadata:
+      labels:
+        app: kbsshca
+    spec:
+      containers:
+      - name: kbsshca
+        image: yourregistry/ca:latest
+        command: ["./entrypoint-server.sh"]
+        env:
+        - name: TEAMS
+          value: "list,of,teams"
+        - name: KEYBASE_USERNAME
+          value: "yourusername"
+        - name: KEYBASE_PAPERKEY
+          value: "your paper key" # ideally, add this as a kubernetes secret, and not in plaintext here
+        - name: FORCE_WRITE
+          value: "false"
+        volumeMounts:
+        - mountPath: /mnt
+          name: ssh-data
+        resources:
+          limits:
+            memory: 700Mi
+          requests:
+            memory: 300Mi
+      volumes:
+      - name: ssh-data
+        persistentVolumeClaim:
+          claimName: kbsshca
