33 lines
1.2 KiB
Markdown
33 lines
1.2 KiB
Markdown
# Containerization Runbook
|
|
|
|
## Image Build
|
|
|
|
If the repo consumes internal packages from Gitea, pass feed credentials as build args.
|
|
|
|
```bash
|
|
docker build --build-arg NUGET_FEED_USERNAME=<gitea-login> --build-arg NUGET_FEED_TOKEN=<gitea-token> -t agilewebs/thalos-service:dev .
|
|
```
|
|
|
|
## Local Run
|
|
|
|
```bash
|
|
docker run --rm -p 8080:8080 \
|
|
-e ThalosIdentity__Secrets__SessionSigning=<session-signing-secret> \
|
|
-e ThalosIdentity__Secrets__Oidc__Google__ClientId=<google-client-id> \
|
|
-e ThalosIdentity__Secrets__Oidc__Google__Issuer=https://accounts.google.com \
|
|
--name thalos-service agilewebs/thalos-service:dev
|
|
```
|
|
|
|
## Health Probe
|
|
|
|
- Path: `/health`
|
|
- Fallback path: `/healthz`
|
|
- Port: `8080`
|
|
|
|
## Runtime Notes
|
|
|
|
- Exposes internal identity runtime endpoint set and gRPC service.
|
|
- Google OIDC claim validation requires `ThalosIdentity:Secrets:Oidc:Google:ClientId`.
|
|
- Session refresh signing requires `ThalosIdentity:Secrets:SessionSigning`; there is no baked-in production fallback secret.
|
|
- If the host does not provide configuration, `AddThalosServiceRuntime()` supplies a local in-memory session-signing default strictly for isolated tests and developer-only runtime wiring.
|