- Docker, if planning to use Grafeas Docker image or build one
- openssl, if planning to use certificates
The Go tools require that you clone the repository to the src/github.com/grafeas/kritis
directory
in your GOPATH
.
To check out this repository:
- Create your own fork of this repo
- Clone it to your machine:
GOPATH=$(go env GOPATH)
mkdir -p ${GOPATH}/src/github.com/grafeas
cd ${GOPATH}/src/github.com/grafeas
git clone git@github.com:${YOUR_GITHUB_USERNAME}/grafeas.git
cd grafeas
- (Optional) If you would like to do development work, run the following:
git remote add upstream git@github.com:grafeas/grafeas.git
git remote set-url --push upstream no_push
Adding the upstream
remote sets you up nicely for regularly syncing your
fork.
The following options will start the Grafeas gRPC and REST APIs on localhost:8080
.
To start the Grafeas server from the publicly published Docker image, do:
docker pull us.gcr.io/grafeas/grafeas-server:v0.1.0
docker run -p 8080:8080 --name grafeas \
us.gcr.io/grafeas/grafeas-server:v0.1.0
To start the Grafeas server from the Dockerfile, run the following:
cd ~/go/src/github.com/grafeas/grafeas
docker build --tag=grafeas .
docker run -p 8080:8080 --name grafeas grafeas
In case you see some error during the build which is related to golang/go#37436, you can bypass the kernel issue with:
docker build --ulimit memlock=-1 --tag=grafeas .
grafeas-pgsql provides a way to run the Grafeas server with PostgreSQL. Please refer to the instructions in the repository to bring up the stack in your local environment.
Run the following:
cd ~/go/src/github.com/grafeas/grafeas
cd go/v1beta1
go run main/main.go
Run the following in a separate terminal:
curl https://localhost:8080/v1beta1/projects
NOTE: The steps described in this section is meant for development environments.
-
Generate CA:
openssl genrsa -out ca.key 2048 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
-
Create the server key and CSR. Make sure to set
Common Name
to your domain, e.g.localhost
(without port).openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr
-
Create self-signed server certificate:
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
-
Update
config.yaml
by adding the following:cafile: ca.crt keyfile: server.key certfile: server.crt
-
Run Grafeas server with the key/cert:
go run main/main.go --config config.yaml
When using curl with a self signed certificate you need to add -k/--insecure
and specify the client certificate. To generate the combined certificate, do:
openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
openssl pkcs12 -in server.p12 -out server.pem -clcerts
Now, curl
the endpoint:
curl -k --key server.key --cacert ca.pem --cert server.pem https://localhost:8080/v1beta1/projects
client.go contains a small example of a go
client that connects to Grafeas and outputs the notes in myproject
:
go run go/v1beta1/example/client.go
When using a go client to access Grafeas with a self signed certificate you need to specify the server certificate, server key and the CA certificate. See cert_client.go for an example.
Enable CORS on the server
Add the following to your config.yaml
file below the api
key:
cors\_allowed\_origins:
- "https://some.example.tld"
- "https://*.example.net"