Skip to content

Commit

Permalink
refactor: wasm32-wasi renamed to wasm32-wasip1 & rust to 1.78
Browse files Browse the repository at this point in the history
  • Loading branch information
antonengelhardt committed Nov 19, 2024
1 parent b9de9fb commit 83fa6a9
Show file tree
Hide file tree
Showing 9 changed files with 57 additions and 19 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
run: rustc --version && cargo --version

- name: Clippy
run: cargo clippy --release --all-targets --target=wasm32-wasi -- -D warnings
run: cargo clippy --release --all-targets --target=wasm32-wasip1 -- -D warnings

fmt:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -110,7 +110,7 @@ jobs:

- name: Build wasm-oidc-plugin
run: |
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
- name: Upload plugin as artifact
uses: actions/upload-artifact@v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:

- name: Build
run: |
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
- name: Archive production artifacts
uses: actions/upload-artifact@v4
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
- name: Clippy
run: |
rustc --version && cargo --version
cargo clippy --release --all-targets --target=wasm32-wasi -- -D warnings
cargo clippy --release --all-targets --target=wasm32-wasip1 -- -D warnings
fmt:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -107,7 +107,7 @@ jobs:

- name: Build wasm-oidc-plugin
run: |
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
- name: Upload plugin as artifact
uses: actions/upload-artifact@v4
Expand Down
8 changes: 4 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
FROM rust:1.75.0 AS builder
FROM rust:1.78.0 AS builder

COPY src/ src/
COPY Cargo.toml Cargo.toml
COPY Cargo.lock Cargo.lock

RUN rustup target add wasm32-wasi
RUN rustup target add wasm32-wasip1

RUN cargo build --target=wasm32-wasi --release
RUN cargo build --target=wasm32-wasip1 --release

##################################################

FROM envoyproxy/envoy:v1.29-latest

COPY --from=builder /target/wasm32-wasi/release/wasm_oidc_plugin.wasm /etc/envoy/proxy-wasm-plugins/wasm_oidc_plugin.wasm
COPY --from=builder /target/wasm32-wasip1/release/wasm_oidc_plugin.wasm /etc/envoy/proxy-wasm-plugins/wasm_oidc_plugin.wasm

CMD [ "envoy", "-c", "/etc/envoy/envoy.yaml" ]
6 changes: 3 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
build:
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
run:
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
docker-compose up
run-background:
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
docker-compose up -d
docker-image:
docker buildx build --platform linux/amd64 -f Dockerfile -t antonengelhardt/wasm-oidc-plugin:latest .
Expand Down
46 changes: 42 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ apt install build-essential
# Install Rustup
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Enable WASM compilation target
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
```

## Run
Expand All @@ -50,7 +50,7 @@ make run
1. **Building the plugin:**

```sh
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
# or
make build
```
Expand All @@ -73,9 +73,10 @@ To deploy the plugin to production, the following steps are needed (either manua

1. Build the plugin

1.1 with `cargo build --target wasm32-wasi --release` - this can be done in a [initContainer](./k8s/deployment.yaml) (see [k8s](./k8s) folder) and then copy the binary to the path `/etc/envoy/proxy-wasm-plugins/` in the envoy container.
1.1 with `cargo build --target wasm32-wasip1 --release` - this can be done in a [initContainer](./k8s/deployment.yaml) (see [k8s](./k8s) folder) and then copy the binary to the path `/etc/envoy/proxy-wasm-plugins/` in the envoy container.

1.2 by using the pre-built Docker image [antonengelhardt/wasm-oidc-plugin](https://hub.docker.com/r/antonengelhardt/wasm-oidc-plugin).

1.2 by using the pre-built Docker image [antonengelhardt/wasm-oidc-plugin](https://hub.docker.com/r/antonengelhardt/wasm-oidc-plugin).
2. Run envoy as a container with the `envoy.yaml` file mounted through the [ConfigMap](./k8s/configmap.yml) as a volume.
3. Set up [Service](./k8s/service.yml), [Certificate](./k8s/certificate-production.yml), [Ingress](./k8s/ingress.yml) to expose the Envoy to the internet.

Expand Down Expand Up @@ -190,3 +191,40 @@ cargo-deny check advisories
```

These commands are also run in the CI pipeline.

## FAQ

> My OpenID provider uses a different endpoint for the jwks_uri. How can I configure this?
Google does exactly that:

```json
{
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs"
}
```

You can add the endpoint in your `envoy.yaml`-file like this:

```yaml
- name: google
connect_timeout: 5s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
load_assignment:
cluster_name: google
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: accounts.google.com
port_value: 443
- endpoint:
address:
socket_address:
address: www.googleapis.com
port_value: 443
```
The rest should work fine.
2 changes: 1 addition & 1 deletion docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ services:
- "10000:10000"
volumes:
- ./envoy.yaml:/etc/envoy/envoy.yaml
- ./target/wasm32-wasi/release:/etc/envoy/proxy-wasm-plugins
- ./target/wasm32-wasip1/release:/etc/envoy/proxy-wasm-plugins
networks:
- envoymesh
# Additional options:
Expand Down
2 changes: 1 addition & 1 deletion k8s/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ jobs:

- name: Build wasm-oidc-plugin
run: |
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
- name: Upload plugin as artifact
uses: actions/upload-artifact@v4
Expand Down
2 changes: 1 addition & 1 deletion k8s/deployment-init-container.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ spec:
apk add git
git clone -b main https://${GITHUB_PAT}@github.com/your-org/your-repo.git #! Change URL and branch
cd your-repo #! Change directory
cargo build --target wasm32-wasi --release
cargo build --target wasm32-wasip1 --release
cp target/wasm32-wasi/release/name_of_your_wasm_plugin.wasm /plugins/name_of_your_wasm_plugin.wasm #! Rename, if necessary
env:
Expand Down

0 comments on commit 83fa6a9

Please sign in to comment.