Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/broadinstitute/iam_kernel_poc

https://github.com/broadinstitute/iam_kernel_poc

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (5.8%) to scientific vocabulary
Last synced: 9 months ago · JSON representation

Repository

Basic Info
  • Host: GitHub
  • Owner: broadinstitute
  • License: bsd-3-clause
  • Language: Python
  • Default Branch: master
  • Size: 35.2 KB
Statistics
  • Stars: 0
  • Watchers: 49
  • Forks: 0
  • Open Issues: 2
  • Releases: 0
Created over 6 years ago · Last pushed about 3 years ago
Metadata Files
Readme License

README.md

IAM POC

Used for https://broadworkbench.atlassian.net/browse/CA-660

Build and Run Docker image: docker build -f docker/Dockerfile -t iam_poc/flask_app . docker run --rm -p 5000:5000 iam_poc/flask_app

Access the app at: http://localhost:5000/

This will be reused for 4 different apps, i.e. a applayer, core app and two kernel apps.

Deploy to GKE

kubectl apply -f config/coreapp.yaml -n edv kubectl apply -f config/kernel_1.yaml -n edv kubectl apply -f config/kernel_2.yaml -n edv kernel1 apply -f config/applayer.yaml -n edv

Setup Ingress Gateway to expose application layer app:

Following along from https://istio.io/docs/tasks/traffic-management/ingress/ingress-control/

Trying to curl our coreapp:

Bring up our coreapp and our istio gateway. Cluster needs to be set up for automatic istio sidecar injection. See IAM POC notes about setitng up clusters.

kubectl apply -f config/istio_gateway.yaml

Grab the location of the gateway. Curl it asking it to redirect to our "coreapp.com".

```

export INGRESSHOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') export INGRESSPORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}') export SECUREINGRESSPORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')

```

Authentication

Enable JWT verification:

kubectl apply -f config/jwt-verification.yaml Call core services with token, use:

curl -H "Authorization: Bearer ${TOKEN}" -v -i http://$INGRESS_HOST/appToCoreToKernel1

Call kernel1 service from coreapp in k8s cluster:

kubectl exec $(kubectl get pod -l app=coreapp -n dev -o jsonpath={.items..metadata.name}) -c coreapp -n dev -- curl -i http://kernel1:8001/kernel

Call kernel2 service from coreapp in k8s cluster:

kubectl exec $(kubectl get pod -l app=coreapp -n dev -o jsonpath={.items..metadata.name}) -c coreapp -n dev -- curl -i http://kernel2:8002/kernel

Authorization

Run this command to app layer 's check identity of the client certificate kubectl exec $(kubectl get pod -l app=coreapp -n dev -o jsonpath={.items..metadata.name}) -c istio-proxy -n dev -- cat /etc/cer ts/cert-chain.pem | openssl x509 -text -noout | grep 'Subject Alternative Name' -A 1

Owner

  • Name: Broad Institute
  • Login: broadinstitute
  • Kind: organization
  • Location: Cambridge, MA

Broad Institute of MIT and Harvard

GitHub Events

Total
Last Year

Issues and Pull Requests

Last synced: about 1 year ago

All Time
  • Total issues: 0
  • Total pull requests: 3
  • Average time to close issues: N/A
  • Average time to close pull requests: 4 minutes
  • Total issue authors: 0
  • Total pull request authors: 2
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 1
  • Bot issues: 0
  • Bot pull requests: 2
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
  • dependabot[bot] (2)
  • yonghaoy (1)
Top Labels
Issue Labels
Pull Request Labels
dependencies (2)

Dependencies

docker/Dockerfile docker
  • python 3.7 build
requirements.txt pypi
  • Flask ==1.1.1
  • requests ==2.20.0