pub/well-known
1
0
Fork 0
Code Releases Activity Actions
well-known/README.md
tommy 817fb3c11e
Update README.md 
Add helm install instructions.
2024-09-25 15:32:56 +00:00

3.7 KiB
Raw Permalink Blame History

Well-known

A tiny service collecting and aggregating well-known data from services in the same Kubernetes namespace. The data is merged and exposed as JSON object or plain text.

We support one subdirectory level, which is not according to spec, but required by some applications.

Usage

Add an annotation to a service:

annotation directory description
well-known.252.no/[file] .well-known/[file] filename/key
well-known.252.no/directory .well-known/[directory]/[file] subdirectory
well-known.252.no/format - json or text

Installation

Find the Helm OCI for Kubernetes in charts/well-known.

Examples

Nostr

apiVersion: v1
kind: Service
metadata:
  name: well-known-nostr
  annotations:
    well-known.252.no/nostr.json: |
      {
        "names":  { "${NOSTR_NICK}": "${NOSTR_PUBLIC_KEY_HEX}" },
        "relays": {"${NOSTR_PUBLIC_KEY_HEX}": [ "wss://nostr.${PUBLIC_DOMAIN}" ] }
      }      
spec:
  selector:
    app: dummy-app
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080

security.txt

apiVersion: v1
kind: Service
metadata:
  name: well-known-securitytxt
  annotations:
    well-known.252.no/security.txt: |
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA512


      Canonical: https://252.no/.well-known/security.txt

      # In case of security issue, please contact:
      Contact: mailto:tommy@252.no
      Encryption: openpgp4fpr:088194F806EBADEE1B48B1CBC0A38C49BB2258E8
      Preferred-Languages: en, no
      # other means of encryption at: https://keyoxide.org/tommy@252.no

      Expires: 2025-09-25T08:00:00.000Z


      -----BEGIN PGP SIGNATURE-----

      iHUEARYKAB0WIQQIgZT4Buut7htIscvAo4xJuyJY6AUCZvOjwQAKCRDAo4xJuyJY
      6JHoAQC2o7ABiFi0EdYtw/2YdFvBvVG9lv6ZK2PYS7GlGGsN/QD9Ee82Fd0/yiCO
      kDSN/3PhZqnWAHIltG3Fnshf/x0NDAg=
      =Meg5
      -----END PGP SIGNATURE-----      
spec:
  selector:
    app: dummy-app
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080

Matrix Synapse

apiVersion: v1
kind: Service
metadata:
  name: well-known-matrix
  annotations:
    well-known.252.no/directory: matrix
    well-known.252.no/format: json
    well-known.252.no/client: |
      {
        "m.homeserver": {
            "base_url": "https://synapse.${PUBLIC_DOMAIN}"
        },
        "org.matrix.msc3575.proxy": {
          "url": "https://slidingsync.${PUBLIC_DOMAIN}"
        },
        "org.matrix.msc2965.authentication": {
          "issuer": "https://auth.matrix.${PUBLIC_DOMAIN}/",
          "account": "https://auth.matrix.${PUBLIC_DOMAIN}/account/"
        }
      }      
    well-known.252.no/server: |
      {"m.server":"synapse.${PUBLIC_DOMAIN}:443"}      
spec:
  selector:
    app: dummy-app
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: webfinger-oidc
  annotations:
    well-known.252.no/webfinger.json: |
      {
        "subject": "acct:${PUBLIC_EMAIL}",
        "links": [
          {
            "rel": "http://openid.net/specs/connect/1.0/issuer",
            "href": "https://auth.${PUBLIC_DOMAIN}"
          }
        ]
      }      
spec:
  selector:
    app: dummy-app
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080

Query Example

curl https://[ingress]/.well-known/test.json

{
    "example": "value"
}

Gratitude

This version of well-known is based on the work by Stenic.