diff --git a/k8s/infra/vpn/netbird/management/config/check-oidc-keys.sh b/k8s/infra/vpn/netbird/management/config/check-oidc-keys.sh deleted file mode 100644 index 6ce53c7..0000000 --- a/k8s/infra/vpn/netbird/management/config/check-oidc-keys.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -OIDC_ENDPOINT=$(jq -r '.HttpConfig.OIDCConfigEndpoint' /etc/netbird/management.json) -KEY_CHECK_INTERVAL_SECONDS="${KEY_CHECK_INTERVAL_SECONDS:-3600}" -KEYS_FILE="/data/oidc_keys.json" - -fetch_keys() { - config=$(curl -s "$OIDC_ENDPOINT") - jwks_uri=$(echo "$config" | jq -r '.jwks_uri') - curl -s "$jwks_uri" -} - -keys_changed() { - local new_keys="$1" - if [ ! -f "$KEYS_FILE" ]; then - return 0 - fi - local old_keys=$(cat "$KEYS_FILE") - [ "$new_keys" != "$old_keys" ] -} - -restart_pod() { - echo "Restarting pod..." - kill 1 -} - -while true; do - echo "Fetching OIDC keys..." - new_keys=$(fetch_keys) - - if keys_changed "$new_keys"; then - echo "Keys have changed. Updating stored keys..." - echo "$new_keys" > "$KEYS_FILE" - restart_pod - else - echo "Keys have not changed. No action required." - fi - - echo "Sleeping for $KEY_CHECK_INTERVAL_SECONDS seconds..." - sleep "$KEY_CHECK_INTERVAL_SECONDS" -done diff --git a/k8s/infra/vpn/netbird/management/deployment.yaml b/k8s/infra/vpn/netbird/management/deployment.yaml index 8d6e810..b9b0669 100644 --- a/k8s/infra/vpn/netbird/management/deployment.yaml +++ b/k8s/infra/vpn/netbird/management/deployment.yaml @@ -55,38 +55,9 @@ spec: - name: config-template mountPath: /tmp/netbird containers: - - name: oidc-key-checker - image: registry.gitlab.com/gitlab-ci-utils/curl-jq:3.1.0 # renovate: docker=registry.gitlab.com/gitlab-ci-utils/curl-jq - command: [ /bin/bash, -c ] - args: [ /opt/bin/check-oidc-keys.sh ] - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: false - capabilities: - drop: [ ALL ] - envFrom: - - configMapRef: - name: management-oidc-key-check-config - optional: true - volumeMounts: - - name: check-oidc-keys - mountPath: /opt/bin/check-oidc-keys.sh - subPath: check-oidc-keys.sh - - name: config - mountPath: /etc/netbird - - name: data - mountPath: /data - resources: - requests: - memory: 16Mi - cpu: 10m - limits: - memory: 64Mi - cpu: 200m - name: management image: docker.io/netbirdio/management:0.35.2 # renovate: docker=docker.io/netbirdio/management - args: [ --dns-domain, $(DNS_DOMAIN), --log-level, $(LOG_LEVEL), --log-file, console ] + args: [ --dns-domain, $(DNS_DOMAIN), --log-level, $(LOG_LEVEL), --log-file, console, --idp-sign-key-refresh-enabled ] securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: false @@ -113,8 +84,6 @@ spec: memory: 512Mi cpu: 4000m volumes: - - name: data - emptyDir: { } - name: config emptyDir: medium: Memory @@ -122,10 +91,6 @@ spec: configMap: defaultMode: 0644 name: management-config-template - - name: check-oidc-keys - configMap: - defaultMode: 0744 - name: check-oidc-keys - name: management persistentVolumeClaim: claimName: management \ No newline at end of file diff --git a/k8s/infra/vpn/netbird/management/kustomization.yaml b/k8s/infra/vpn/netbird/management/kustomization.yaml index 8984279..8697c8e 100644 --- a/k8s/infra/vpn/netbird/management/kustomization.yaml +++ b/k8s/infra/vpn/netbird/management/kustomization.yaml @@ -2,10 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: - - name: check-oidc-keys - namespace: netbird - files: - - config/check-oidc-keys.sh - name: management-config-template namespace: netbird files: