From 0a6d958f62ea5181c8c00c6428b7b00c56b7e9b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Steinh=C3=A4user?= Date: Thu, 21 Nov 2024 13:57:37 +0100 Subject: [PATCH] feat: add deployment files for service mesh based routing --- management_project.yaml | 3 + ocp/deployments/basic_servicemesh.yaml | 55 +++++++++++++++++ .../application_number_service.yaml | 33 +++++++++++ .../application_status_service.yaml | 33 +++++++++++ .../servicemesh/application_view_service.yaml | 33 +++++++++++ .../number_service/authorization_policy.yaml | 27 +++++++++ .../number_service/deployment.yaml | 54 +++++++++++++++++ .../number_service/kustomization.yaml | 7 +++ .../number_service/peer_authentication.yaml | 14 +++++ .../servicemesh/number_service/service.yaml | 17 ++++++ .../number_service/service_account.yaml | 9 +++ .../servicemesh/number_service/vservice.yaml | 37 ++++++++++++ .../status_service/authorization_policy.yaml | 27 +++++++++ .../status_service/deployment.yaml | 54 +++++++++++++++++ .../external_service_entry.yaml | 36 +++++++++++ .../status_service/kustomization.yaml | 8 +++ .../status_service/peer_authentication.yaml | 14 +++++ .../servicemesh/status_service/service.yaml | 17 ++++++ .../status_service/service_account.yaml | 9 +++ .../servicemesh/status_service/vservice.yaml | 37 ++++++++++++ .../servicemesh/view_service/deployment.yaml | 59 +++++++++++++++++++ .../servicemesh/view_service/gateway.yaml | 21 +++++++ .../view_service/kustomization.yaml | 8 +++ .../view_service/peer_authentication.yaml | 14 +++++ .../servicemesh/view_service/service.yaml | 17 ++++++ .../view_service/service_account.yaml | 9 +++ .../servicemesh/view_service/vservice.yaml | 37 ++++++++++++ .../status-service/templates/deployment.yaml | 3 + 28 files changed, 692 insertions(+) create mode 100644 ocp/deployments/basic_servicemesh.yaml create mode 100644 ocp/deployments/manifests/servicemesh/application_number_service.yaml create mode 100644 ocp/deployments/manifests/servicemesh/application_status_service.yaml create mode 100644 ocp/deployments/manifests/servicemesh/application_view_service.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/authorization_policy.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/deployment.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/kustomization.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/peer_authentication.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/service.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/service_account.yaml create mode 100644 ocp/deployments/manifests/servicemesh/number_service/vservice.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/authorization_policy.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/deployment.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/external_service_entry.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/kustomization.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/peer_authentication.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/service.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/service_account.yaml create mode 100644 ocp/deployments/manifests/servicemesh/status_service/vservice.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/deployment.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/gateway.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/kustomization.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/peer_authentication.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/service.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/service_account.yaml create mode 100644 ocp/deployments/manifests/servicemesh/view_service/vservice.yaml diff --git a/management_project.yaml b/management_project.yaml index 34fe163..69c28a5 100644 --- a/management_project.yaml +++ b/management_project.yaml @@ -14,6 +14,9 @@ spec: - name: in-cluster namespace: example-application-basic server: https://kubernetes.default.svc + - name: in-cluster + namespace: example-application-basic-servicemesh + server: https://kubernetes.default.svc - name: in-cluster namespace: example-application-helm-basic server: https://kubernetes.default.svc diff --git a/ocp/deployments/basic_servicemesh.yaml b/ocp/deployments/basic_servicemesh.yaml new file mode 100644 index 0000000..945845d --- /dev/null +++ b/ocp/deployments/basic_servicemesh.yaml @@ -0,0 +1,55 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: basic-servicemesh + labels: + argocd.argoproj.io/sync-wave: "0" +spec: + sourceNamespaces: + - example-application-basic-servicemesh + clusterResourceWhitelist: + - group: '*' + kind: '*' + destinations: + - name: in-cluster + namespace: example-application-basic-servicemesh + server: https://kubernetes.default.svc + namespaceResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - git@github.com:leonsteinhaeuser/rh-ocp-examples.git +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: app-of-apps + namespace: &ns example-application-basic-servicemesh + labels: + argocd.argoproj.io/sync-wave: "1" +spec: + destination: + namespace: *ns + server: https://kubernetes.default.svc + project: basic-servicemesh + source: + directory: + jsonnet: {} + recurse: true + path: ocp/deployments/manifests/basic + repoURL: git@github.com:leonsteinhaeuser/rh-ocp-examples.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 5 + syncOptions: + - PruneLast=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true diff --git a/ocp/deployments/manifests/servicemesh/application_number_service.yaml b/ocp/deployments/manifests/servicemesh/application_number_service.yaml new file mode 100644 index 0000000..ce45969 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/application_number_service.yaml @@ -0,0 +1,33 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: &name number-service + namespace: &ns example-application-basic-servicemesh + labels: + argocd.argoproj.io/sync-wave: "0" +spec: + destination: + namespace: *ns + server: https://kubernetes.default.svc + project: basic-servicemesh + source: + directory: + jsonnet: {} + recurse: true + path: ocp/deployments/manifests/servicemesh/number_service + repoURL: git@github.com:leonsteinhaeuser/rh-ocp-examples.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 5 + syncOptions: + - PruneLast=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true diff --git a/ocp/deployments/manifests/servicemesh/application_status_service.yaml b/ocp/deployments/manifests/servicemesh/application_status_service.yaml new file mode 100644 index 0000000..48f79bb --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/application_status_service.yaml @@ -0,0 +1,33 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: &name status-service + namespace: &ns example-application-basic-servicemesh + labels: + argocd.argoproj.io/sync-wave: "0" +spec: + destination: + namespace: *ns + server: https://kubernetes.default.svc + project: basic-servicemesh + source: + directory: + jsonnet: {} + recurse: true + path: ocp/deployments/manifests/servicemesh/status_service + repoURL: git@github.com:leonsteinhaeuser/rh-ocp-examples.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 5 + syncOptions: + - PruneLast=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true diff --git a/ocp/deployments/manifests/servicemesh/application_view_service.yaml b/ocp/deployments/manifests/servicemesh/application_view_service.yaml new file mode 100644 index 0000000..088ca62 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/application_view_service.yaml @@ -0,0 +1,33 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: &name view-service + namespace: &ns example-application-basic-servicemesh + labels: + argocd.argoproj.io/sync-wave: "1" +spec: + destination: + namespace: *ns + server: https://kubernetes.default.svc + project: basic-servicemesh + source: + directory: + jsonnet: {} + recurse: true + path: ocp/deployments/manifests/servicemesh/view_service + repoURL: git@github.com:leonsteinhaeuser/rh-ocp-examples.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + limit: 5 + syncOptions: + - PruneLast=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true diff --git a/ocp/deployments/manifests/servicemesh/number_service/authorization_policy.yaml b/ocp/deployments/manifests/servicemesh/number_service/authorization_policy.yaml new file mode 100644 index 0000000..8381214 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/authorization_policy.yaml @@ -0,0 +1,27 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: &name number-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + selector: + matchLabels: *labels + action: ALLOW + rules: + - from: + - source: + selector: + matchLabels: + app.kubernetes.io/name: view-service + app.kubernetes.io/instance: view-service + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + to: + - operation: + methods: ["GET"] + ports: ["8081"] + paths: ["/number"] diff --git a/ocp/deployments/manifests/servicemesh/number_service/deployment.yaml b/ocp/deployments/manifests/servicemesh/number_service/deployment.yaml new file mode 100644 index 0000000..42aec69 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: &name number-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + app.kubernetes.io/version: v1 +spec: + replicas: 1 + selector: + matchLabels: *labels + template: + metadata: + labels: *labels + spec: + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + automountServiceAccountToken: false + serviceAccountName: *name + containers: + - name: *name + image: ghcr.io/leonsteinhaeuser/rh-ocp-examples-number:main + imagePullPolicy: Always + ports: + - containerPort: 8081 + name: http + protocol: TCP + resources: + limits: + cpu: 100m + memory: 32Mi + requests: + cpu: 10m + memory: 32Mi + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /healthz + port: http + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - all diff --git a/ocp/deployments/manifests/servicemesh/number_service/kustomization.yaml b/ocp/deployments/manifests/servicemesh/number_service/kustomization.yaml new file mode 100644 index 0000000..6404802 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml +- service.yaml +- vservice.yaml +- network_policy.yaml diff --git a/ocp/deployments/manifests/servicemesh/number_service/peer_authentication.yaml b/ocp/deployments/manifests/servicemesh/number_service/peer_authentication.yaml new file mode 100644 index 0000000..2469139 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/peer_authentication.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: &name number-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + selector: + matchLabels: *labels + mtls: + mode: STRICT diff --git a/ocp/deployments/manifests/servicemesh/number_service/service.yaml b/ocp/deployments/manifests/servicemesh/number_service/service.yaml new file mode 100644 index 0000000..392d375 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: &name number-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + app.kubernetes.io/version: v1 +spec: + ports: + - port: 8081 + targetPort: http + protocol: TCP + name: http + selector: *labels diff --git a/ocp/deployments/manifests/servicemesh/number_service/service_account.yaml b/ocp/deployments/manifests/servicemesh/number_service/service_account.yaml new file mode 100644 index 0000000..771ebbe --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/service_account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: &name number-service + labels: + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo diff --git a/ocp/deployments/manifests/servicemesh/number_service/vservice.yaml b/ocp/deployments/manifests/servicemesh/number_service/vservice.yaml new file mode 100644 index 0000000..a632a75 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/number_service/vservice.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.istio.io/v1 +kind: VirtualService +metadata: + name: &name number-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + hosts: + - *name + http: + - route: + - destination: + host: *name + subset: v1 + weight: 100 +--- +apiVersion: networking.istio.io/v1 +kind: DestinationRule +metadata: + name: &name number-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + host: *name + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 diff --git a/ocp/deployments/manifests/servicemesh/status_service/authorization_policy.yaml b/ocp/deployments/manifests/servicemesh/status_service/authorization_policy.yaml new file mode 100644 index 0000000..f7ee209 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/authorization_policy.yaml @@ -0,0 +1,27 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: &name status-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + selector: + matchLabels: *labels + action: ALLOW + rules: + - from: + - source: + selector: + matchLabels: + app.kubernetes.io/name: view-service + app.kubernetes.io/instance: view-service + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + to: + - operation: + methods: ["GET"] + ports: ["8082"] + paths: ["/status"] diff --git a/ocp/deployments/manifests/servicemesh/status_service/deployment.yaml b/ocp/deployments/manifests/servicemesh/status_service/deployment.yaml new file mode 100644 index 0000000..70659c6 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: &name status-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + app.kubernetes.io/version: v1 +spec: + replicas: 1 + selector: + matchLabels: *labels + template: + metadata: + labels: *labels + spec: + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + automountServiceAccountToken: false + serviceAccountName: *name + containers: + - name: *name + image: ghcr.io/leonsteinhaeuser/rh-ocp-examples-status:main + imagePullPolicy: Always + ports: + - containerPort: 8082 + name: http + protocol: TCP + resources: + limits: + cpu: 100m + memory: 32Mi + requests: + cpu: 10m + memory: 32Mi + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /healthz + port: http + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - all diff --git a/ocp/deployments/manifests/servicemesh/status_service/external_service_entry.yaml b/ocp/deployments/manifests/servicemesh/status_service/external_service_entry.yaml new file mode 100644 index 0000000..1c39944 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/external_service_entry.yaml @@ -0,0 +1,36 @@ +apiVersion: networking.istio.io/v1 +kind: ServiceEntry +metadata: + name: external-svc-redhat-com + labels: &labels + app.kubernetes.io/name: status-service + app.kubernetes.io/instance: status-service + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + hosts: + - www.redhat.com + location: MESH_EXTERNAL + ports: + - number: 80 + name: example-http + protocol: HTTP + resolution: DNS +--- +apiVersion: networking.istio.io/v1 +kind: VirtualService +metadata: + name: www-redhat-com + labels: &labels + app.kubernetes.io/name: status-service + app.kubernetes.io/instance: status-service + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + hosts: + - www.redhat.com + http: + - timeout: 15s + route: + - destination: + host: www.redhat.com diff --git a/ocp/deployments/manifests/servicemesh/status_service/kustomization.yaml b/ocp/deployments/manifests/servicemesh/status_service/kustomization.yaml new file mode 100644 index 0000000..ac88659 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml +- service.yaml +- vservice.yaml +- network_policy.yaml +- external_service_entry.yaml diff --git a/ocp/deployments/manifests/servicemesh/status_service/peer_authentication.yaml b/ocp/deployments/manifests/servicemesh/status_service/peer_authentication.yaml new file mode 100644 index 0000000..1725fb9 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/peer_authentication.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: &name status-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + selector: + matchLabels: *labels + mtls: + mode: STRICT diff --git a/ocp/deployments/manifests/servicemesh/status_service/service.yaml b/ocp/deployments/manifests/servicemesh/status_service/service.yaml new file mode 100644 index 0000000..95a55b3 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: &name status-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + app.kubernetes.io/version: v1 +spec: + ports: + - port: 8082 + targetPort: http + protocol: TCP + name: http + selector: *labels diff --git a/ocp/deployments/manifests/servicemesh/status_service/service_account.yaml b/ocp/deployments/manifests/servicemesh/status_service/service_account.yaml new file mode 100644 index 0000000..226038e --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/service_account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: &name status-service + labels: + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo diff --git a/ocp/deployments/manifests/servicemesh/status_service/vservice.yaml b/ocp/deployments/manifests/servicemesh/status_service/vservice.yaml new file mode 100644 index 0000000..ccd0398 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/status_service/vservice.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.istio.io/v1 +kind: VirtualService +metadata: + name: &name status-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + hosts: + - *name + http: + - route: + - destination: + host: *name + subset: v1 + weight: 100 +--- +apiVersion: networking.istio.io/v1 +kind: DestinationRule +metadata: + name: &name status-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + host: *name + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 diff --git a/ocp/deployments/manifests/servicemesh/view_service/deployment.yaml b/ocp/deployments/manifests/servicemesh/view_service/deployment.yaml new file mode 100644 index 0000000..042c98b --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: &name view-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + app.kubernetes.io/version: v1 +spec: + replicas: 1 + selector: + matchLabels: *labels + template: + metadata: + labels: *labels + spec: + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + automountServiceAccountToken: false + serviceAccountName: *name + containers: + - name: *name + image: ghcr.io/leonsteinhaeuser/rh-ocp-examples-view:main + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + env: + - name: NUMBER_SERVICE_URL + value: http://number-service:8081 + - name: STATUS_SERVICE_URL + value: http://view-service:8082/status + resources: + limits: + cpu: 100m + memory: 32Mi + requests: + cpu: 10m + memory: 32Mi + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /healthz + port: http + securityContext: + runAsUser: 65535 + runAsGroup: 65535 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - all diff --git a/ocp/deployments/manifests/servicemesh/view_service/gateway.yaml b/ocp/deployments/manifests/servicemesh/view_service/gateway.yaml new file mode 100644 index 0000000..e22bdc5 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/gateway.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: view-service + labels: &labels + app.kubernetes.io/name: view-service + app.kubernetes.io/instance: view-service + app.kubernetes.io/component: gateway + app.kubernetes.io/part-of: microservices-demo +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + hosts: + - view-service-mesh.localhost diff --git a/ocp/deployments/manifests/servicemesh/view_service/kustomization.yaml b/ocp/deployments/manifests/servicemesh/view_service/kustomization.yaml new file mode 100644 index 0000000..ac88659 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml +- service.yaml +- vservice.yaml +- network_policy.yaml +- external_service_entry.yaml diff --git a/ocp/deployments/manifests/servicemesh/view_service/peer_authentication.yaml b/ocp/deployments/manifests/servicemesh/view_service/peer_authentication.yaml new file mode 100644 index 0000000..3fd1e08 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/peer_authentication.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: &name view-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + selector: + matchLabels: *labels + mtls: + mode: STRICT diff --git a/ocp/deployments/manifests/servicemesh/view_service/service.yaml b/ocp/deployments/manifests/servicemesh/view_service/service.yaml new file mode 100644 index 0000000..dd5c485 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: &name view-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo + app.kubernetes.io/version: v1 +spec: + ports: + - port: 8080 + targetPort: http + protocol: TCP + name: http + selector: *labels diff --git a/ocp/deployments/manifests/servicemesh/view_service/service_account.yaml b/ocp/deployments/manifests/servicemesh/view_service/service_account.yaml new file mode 100644 index 0000000..d7116cc --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/service_account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: &name view-service + labels: + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo diff --git a/ocp/deployments/manifests/servicemesh/view_service/vservice.yaml b/ocp/deployments/manifests/servicemesh/view_service/vservice.yaml new file mode 100644 index 0000000..b7d7991 --- /dev/null +++ b/ocp/deployments/manifests/servicemesh/view_service/vservice.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.istio.io/v1 +kind: VirtualService +metadata: + name: &name view-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + hosts: + - *name + http: + - route: + - destination: + host: *name + subset: v1 + weight: 100 +--- +apiVersion: networking.istio.io/v1 +kind: DestinationRule +metadata: + name: &name view-service + labels: &labels + app.kubernetes.io/name: *name + app.kubernetes.io/instance: *name + app.kubernetes.io/component: api + app.kubernetes.io/part-of: microservices-demo +spec: + host: *name + subsets: + - name: v1 + labels: + version: v1 + - name: v2 + labels: + version: v2 diff --git a/ocp/helm-charts/status-service/templates/deployment.yaml b/ocp/helm-charts/status-service/templates/deployment.yaml index 2c1c680..a1bd183 100644 --- a/ocp/helm-charts/status-service/templates/deployment.yaml +++ b/ocp/helm-charts/status-service/templates/deployment.yaml @@ -36,6 +36,9 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: LISTEN_ADDRESS + value: {{ .Values.service.port | quote }} ports: - name: http containerPort: {{ .Values.service.port }}