From 65345c895c5aa1345c2f6c63293f783b9373611a Mon Sep 17 00:00:00 2001 From: biondizzle Date: Thu, 11 Dec 2025 06:15:26 -0500 Subject: [PATCH] better line up of pipes --- README.md | 100 +++++++++++++++++++++++++++--------------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index c6c308d..1c20636 100644 --- a/README.md +++ b/README.md @@ -291,25 +291,25 @@ go build -o webhook main.go ## The Full Flow with Both Tokens ``` ┌──────────────────────────────────────────────────────────────────────────────┐ -│ YOUR CLUSTER │ -│ │ -│ Kubernetes API Server (configured with your issuer) │ -│ ├─ Generates TOKEN #1 (ServiceAccount JWT) │ -│ │ Signed with: cluster's private key │ -│ │ Claims: │ -│ │ iss: "https://api.vultr.com/v2/oidc" │ -│ │ aud: "vultr" │ -│ │ sub: "system:serviceaccount:default:test-sa" │ -│ └─ Mounts TOKEN #1 in pod at: │ -│ /var/run/secrets/kubernetes.io/serviceaccount/token │ -│ │ -│ ┌────────────────────────────────────────────────────────────────────────┐ │ -│ │ Pod: my-app │ │ -│ │ │ │ -│ │ 1. Application starts │ │ -│ │ 2. SDK reads TOKEN #1 from file │ │ -│ │ 3. SDK calls Vultr STS with TOKEN #1 │ │ -│ └────────────────────────────────────────────────────────────────────────┘ │ +│ YOUR CLUSTER │ +│ │ +│ Kubernetes API Server (configured with your issuer) │ +│ ├─ Generates TOKEN #1 (ServiceAccount JWT) │ +│ │ Signed with: cluster's private key │ +│ │ Claims: │ +│ │ iss: "https://api.vultr.com/v2/oidc" │ +│ │ aud: "vultr" │ +│ │ sub: "system:serviceaccount:default:test-sa" │ +│ └─ Mounts TOKEN #1 in pod at: │ +│ /var/run/secrets/kubernetes.io/serviceaccount/token │ +│ │ +│ ┌────────────────────────────────────────────────────────────────────────┐ │ +│ │ Pod: my-app │ │ +│ │ │ │ +│ │ 1. Application starts │ │ +│ │ 2. SDK reads TOKEN #1 from file │ │ +│ │ 3. SDK calls Vultr STS with TOKEN #1 │ │ +│ └────────────────────────────────────────────────────────────────────────┘ │ └──────────────────────────────────────────────────────────────────────────────┘ │ @@ -317,20 +317,20 @@ TOKEN #1 (K8s JWT) sent to Vultr platform ──────────── ↓ ┌──────────────────────────────────────────────────────────────────────────────┐ -│ VULTR PLATFORM (api.vultr.com) │ -│ │ -│ STS Service │ -│ ├─ Receives TOKEN #1 from pod │ -│ ├─ Validates TOKEN #1: │ -│ │ └─ Fetches public key from /v2/oidc/jwks │ -│ │ └─ Verifies signature │ -│ │ └─ Checks issuer, audience, expiration │ -│ │ └─ Checks role trust policy │ -│ ├─ Generates TOKEN #2 (Temporary Credentials) │ -│ │ └─ AccessKeyId: VKAEXAMPLE123ABC │ -│ │ └─ SecretAccessKey: secretKEY789XYZ │ -│ │ └─ SessionToken: sessionTOKEN456DEF │ -│ └─ Returns TOKEN #2 to pod │ +│ VULTR PLATFORM (api.vultr.com) │ +│ │ +│ STS Service │ +│ ├─ Receives TOKEN #1 from pod │ +│ ├─ Validates TOKEN #1: │ +│ │ └─ Fetches public key from /v2/oidc/jwks │ +│ │ └─ Verifies signature │ +│ │ └─ Checks issuer, audience, expiration │ +│ │ └─ Checks role trust policy │ +│ ├─ Generates TOKEN #2 (Temporary Credentials) │ +│ │ └─ AccessKeyId: VKAEXAMPLE123ABC │ +│ │ └─ SecretAccessKey: secretKEY789XYZ │ +│ │ └─ SessionToken: sessionTOKEN456DEF │ +│ └─ Returns TOKEN #2 to pod │ └──────────────────────────────────────────────────────────────────────────────┘ │ @@ -338,17 +338,17 @@ TOKEN #2 (Temporary credentials) sent back to pod ────────── ↓ ┌──────────────────────────────────────────────────────────────────────────────┐ -│ YOUR CLUSTER │ -│ │ +│ YOUR CLUSTER │ +│ │ │ ┌────────────────────────────────────────────────────────────────────────┐ │ -│ │ Pod: my-app │ │ -│ │ │ │ -│ │ 4. SDK receives TOKEN #2 (credentials) │ │ -│ │ 5. SDK caches TOKEN #2 │ │ -│ │ 6. SDK uses TOKEN #2 for all API calls: │ │ -│ │ - List buckets │ │ -│ │ - Upload objects │ │ -│ │ - etc. │ │ +│ │ Pod: my-app │ │ +│ │ │ │ +│ │ 4. SDK receives TOKEN #2 (credentials) │ │ +│ │ 5. SDK caches TOKEN #2 │ │ +│ │ 6. SDK uses TOKEN #2 for all API calls: │ │ +│ │ - List buckets │ │ +│ │ - Upload objects │ │ +│ │ - etc. │ │ │ └────────────────────────────────────────────────────────────────────────┘ │ └──────────────────────────────────────────────────────────────────────────────┘ @@ -357,13 +357,13 @@ All API calls use TOKEN #2 (credentials) ───────────── ↓ ┌──────────────────────────────────────────────────────────────────────────────┐ -│ VULTR PLATFORM APIs (api.vultr.com/v2/*) │ -│ │ -│ Object Storage API, Compute API, etc. │ -│ ├─ Receives request with TOKEN #2 (SessionToken) │ -│ ├─ Validates TOKEN #2 against session database │ -│ ├─ Checks permissions from role │ -│ └─ Executes API operation │ +│ VULTR PLATFORM APIs (api.vultr.com/v2/*) │ +│ │ +│ Object Storage API, Compute API, etc. │ +│ ├─ Receives request with TOKEN #2 (SessionToken) │ +│ ├─ Validates TOKEN #2 against session database │ +│ ├─ Checks permissions from role │ +│ └─ Executes API operation │ └──────────────────────────────────────────────────────────────────────────────┘ ```