Create an HTTP server in the Gitlab-agent
Proposal
Create an HTTP server in the Gitlab-agent that will do the following:
- Start independently in a separate thread.
-
During init the HTTPs server is using a TLS certificate specified during init.- ~~The server will need to create a TLS cert and TLS key and keep it in memory. CN for TLS cert should be the name of the node service. ~~~~https://go.dev/src/crypto/tls/generate_cert.go~~ We will do this part with #431334 (closed)
- During inti the HTTP server creates a
ed25519public and private key pair ( #431331 (comment 1647482012)) . The public key can be stored as a config and the private key pair is stored as a secret. This secret will be mounted in the scanning pods so that they can sign the JWT. - Serve one endpoint
/update. This endpoint receives a json file. It expects an Authorization header with a Bearer JWT token that is signed with the private key. The server verifies the JWT using the public key. - Another service (scanner job) can register a hook. This hook will basically say that if you receive a call from a certain
userId(this info needs to be in the basic auth mechanism) then give me the result. - When the server gets a call in
/updateit serves the response to the corresponding hook. If no hook is present it prints a warning message and discard the result. - Update the helm chart to provide a K8S Service that exposes port
80.
Related links
Edited by Nick Ilieskou