From 24d45cd7d1b2fed3da412b522da9584c91d26bf9 Mon Sep 17 00:00:00 2001 From: beppe Date: Sun, 1 Mar 2020 16:35:19 +0100 Subject: [PATCH 1/2] erges is er iets da misloopt en kheb geen id waarom --- deploy.istio.yaml | 1168 +++++++++++++++++++++++---------------------- deploy.yaml | 4 +- 2 files changed, 602 insertions(+), 570 deletions(-) diff --git a/deploy.istio.yaml b/deploy.istio.yaml index b2ef13e..9d0ce54 100644 --- a/deploy.istio.yaml +++ b/deploy.istio.yaml @@ -1,585 +1,617 @@ -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: - annotations: - sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' creationTimestamp: null - labels: - expose: "true" - security.istio.io/tlsMode: istio - server: http name: server-a spec: - containers: - - image: beppev/server-a:latest - name: front-end - ports: - - containerPort: 5000 - resources: {} - - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.cluster.local - - --configPath - - /etc/istio/proxy - - --binaryPath - - /usr/local/bin/envoy - - --serviceCluster - - server-a.default - - --drainDuration - - 45s - - --parentShutdownDuration - - 1m0s - - --discoveryAddress - - istio-pilot.istio-system:15010 - - --zipkinAddress - - zipkin.istio-system:9411 - - --proxyLogLevel=warning - - --proxyComponentLogLevel=misc:error - - --connectTimeout - - 10s - - --proxyAdminPort - - "15000" - - --concurrency - - "2" - - --controlPlaneAuthPolicy - - NONE - - --dnsRefreshRate - - 300s - - --statusPort - - "15020" - - --applicationPorts - - "5000" - - --trust-domain=cluster.local - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_META_POD_PORTS - value: |- - [ - {"containerPort":5000} - ] - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: "false" - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "5000" - - name: ISTIO_METAJSON_LABELS - value: | - {"expose":"true","server":"http"} - - name: ISTIO_META_WORKLOAD_NAME - value: server-a - - name: ISTIO_META_OWNER - value: kubernetes://apis/v1/namespaces/default/pods/server-a - - name: ISTIO_META_MESH_ID - value: cluster.local - image: docker.io/istio/proxyv2:1.4.5 - imagePullPolicy: IfNotPresent - name: istio-proxy - ports: - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: 1 - periodSeconds: 2 - resources: - limits: - cpu: "2" - memory: 1Gi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - volumeMounts: - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - initContainers: - - command: - - istio-iptables - - -p - - "15001" - - -z - - "15006" - - -u - - "1337" - - -m - - REDIRECT - - -i - - '*' - - -x - - "" - - -b - - '*' - - -d - - "15020" - image: docker.io/istio/proxyv2:1.4.5 - imagePullPolicy: IfNotPresent - name: istio-init - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - drop: - - ALL - privileged: false - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumes: - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-certs - secret: - optional: true - secretName: istio.default + replicas: 1 + selector: + matchLabels: + expose: "true" + server: http + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' + creationTimestamp: null + labels: + expose: "true" + security.istio.io/tlsMode: istio + server: http + spec: + containers: + - image: beppev/server-a:latest + name: front-end + ports: + - containerPort: 5000 + resources: {} + - args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - server-a.default + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15010 + - --zipkinAddress + - zipkin.istio-system:9411 + - --proxyLogLevel=warning + - --proxyComponentLogLevel=misc:error + - --connectTimeout + - 10s + - --proxyAdminPort + - "15000" + - --concurrency + - "2" + - --controlPlaneAuthPolicy + - NONE + - --dnsRefreshRate + - 300s + - --statusPort + - "15020" + - --applicationPorts + - "5000" + - --trust-domain=cluster.local + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_META_POD_PORTS + value: |- + [ + {"containerPort":5000} + ] + - name: ISTIO_META_CLUSTER_ID + value: Kubernetes + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: "false" + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_INCLUDE_INBOUND_PORTS + value: "5000" + - name: ISTIO_METAJSON_LABELS + value: | + {"expose":"true","server":"http"} + - name: ISTIO_META_WORKLOAD_NAME + value: server-a + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/default/deployments/server-a + - name: ISTIO_META_MESH_ID + value: cluster.local + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: 1 + periodSeconds: 2 + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: 10m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - command: + - istio-iptables + - -p + - "15001" + - -z + - "15006" + - -u + - "1337" + - -m + - REDIRECT + - -i + - '*' + - -x + - "" + - -b + - '*' + - -d + - "15020" + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-init + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default status: {} --- -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: - annotations: - sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' creationTimestamp: null - labels: - app: ja - security.istio.io/tlsMode: istio - server: http - version: v1 name: server-b spec: - containers: - - image: beppev/server-b:latest - name: front-end - ports: - - containerPort: 6000 - resources: {} - - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.cluster.local - - --configPath - - /etc/istio/proxy - - --binaryPath - - /usr/local/bin/envoy - - --serviceCluster - - ja.$(POD_NAMESPACE) - - --drainDuration - - 45s - - --parentShutdownDuration - - 1m0s - - --discoveryAddress - - istio-pilot.istio-system:15010 - - --zipkinAddress - - zipkin.istio-system:9411 - - --proxyLogLevel=warning - - --proxyComponentLogLevel=misc:error - - --connectTimeout - - 10s - - --proxyAdminPort - - "15000" - - --concurrency - - "2" - - --controlPlaneAuthPolicy - - NONE - - --dnsRefreshRate - - 300s - - --statusPort - - "15020" - - --applicationPorts - - "6000" - - --trust-domain=cluster.local - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_META_POD_PORTS - value: |- - [ - {"containerPort":6000} - ] - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: "false" - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "6000" - - name: ISTIO_METAJSON_LABELS - value: | - {"app":"ja","server":"http","version":"v1"} - - name: ISTIO_META_WORKLOAD_NAME - value: server-b - - name: ISTIO_META_OWNER - value: kubernetes://apis/v1/namespaces/default/pods/server-b - - name: ISTIO_META_MESH_ID - value: cluster.local - image: docker.io/istio/proxyv2:1.4.5 - imagePullPolicy: IfNotPresent - name: istio-proxy - ports: - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: 1 - periodSeconds: 2 - resources: - limits: - cpu: "2" - memory: 1Gi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - volumeMounts: - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - initContainers: - - command: - - istio-iptables - - -p - - "15001" - - -z - - "15006" - - -u - - "1337" - - -m - - REDIRECT - - -i - - '*' - - -x - - "" - - -b - - '*' - - -d - - "15020" - image: docker.io/istio/proxyv2:1.4.5 - imagePullPolicy: IfNotPresent - name: istio-init - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - drop: - - ALL - privileged: false - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumes: - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-certs - secret: - optional: true - secretName: istio.default + replicas: 1 + selector: + matchLabels: + app: ja + server: http + version: v1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' + creationTimestamp: null + labels: + app: ja + security.istio.io/tlsMode: istio + server: http + version: v1 + spec: + containers: + - image: beppev/server-b:latest + name: front-end + ports: + - containerPort: 6000 + resources: {} + - args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - ja.$(POD_NAMESPACE) + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15010 + - --zipkinAddress + - zipkin.istio-system:9411 + - --proxyLogLevel=warning + - --proxyComponentLogLevel=misc:error + - --connectTimeout + - 10s + - --proxyAdminPort + - "15000" + - --concurrency + - "2" + - --controlPlaneAuthPolicy + - NONE + - --dnsRefreshRate + - 300s + - --statusPort + - "15020" + - --applicationPorts + - "6000" + - --trust-domain=cluster.local + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_META_POD_PORTS + value: |- + [ + {"containerPort":6000} + ] + - name: ISTIO_META_CLUSTER_ID + value: Kubernetes + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: "false" + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_INCLUDE_INBOUND_PORTS + value: "6000" + - name: ISTIO_METAJSON_LABELS + value: | + {"app":"ja","server":"http","version":"v1"} + - name: ISTIO_META_WORKLOAD_NAME + value: server-b + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/default/deployments/server-b + - name: ISTIO_META_MESH_ID + value: cluster.local + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: 1 + periodSeconds: 2 + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: 10m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - command: + - istio-iptables + - -p + - "15001" + - -z + - "15006" + - -u + - "1337" + - -m + - REDIRECT + - -i + - '*' + - -x + - "" + - -b + - '*' + - -d + - "15020" + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-init + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default status: {} --- -apiVersion: v1 -kind: Pod +apiVersion: apps/v1 +kind: Deployment metadata: - annotations: - sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' creationTimestamp: null - labels: - app: ja - security.istio.io/tlsMode: istio - server: http - version: v2 name: server-c spec: - containers: - - image: beppev/server-c:latest - name: front-end - ports: - - containerPort: 6000 - resources: {} - - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.cluster.local - - --configPath - - /etc/istio/proxy - - --binaryPath - - /usr/local/bin/envoy - - --serviceCluster - - ja.$(POD_NAMESPACE) - - --drainDuration - - 45s - - --parentShutdownDuration - - 1m0s - - --discoveryAddress - - istio-pilot.istio-system:15010 - - --zipkinAddress - - zipkin.istio-system:9411 - - --proxyLogLevel=warning - - --proxyComponentLogLevel=misc:error - - --connectTimeout - - 10s - - --proxyAdminPort - - "15000" - - --concurrency - - "2" - - --controlPlaneAuthPolicy - - NONE - - --dnsRefreshRate - - 300s - - --statusPort - - "15020" - - --applicationPorts - - "6000" - - --trust-domain=cluster.local - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_META_POD_PORTS - value: |- - [ - {"containerPort":6000} - ] - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - - name: ISTIO_META_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: ISTIO_META_CONFIG_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SDS_ENABLED - value: "false" - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_INCLUDE_INBOUND_PORTS - value: "6000" - - name: ISTIO_METAJSON_LABELS - value: | - {"app":"ja","server":"http","version":"v2"} - - name: ISTIO_META_WORKLOAD_NAME - value: server-c - - name: ISTIO_META_OWNER - value: kubernetes://apis/v1/namespaces/default/pods/server-c - - name: ISTIO_META_MESH_ID - value: cluster.local - image: docker.io/istio/proxyv2:1.4.5 - imagePullPolicy: IfNotPresent - name: istio-proxy - ports: - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: 1 - periodSeconds: 2 - resources: - limits: - cpu: "2" - memory: 1Gi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - volumeMounts: - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - initContainers: - - command: - - istio-iptables - - -p - - "15001" - - -z - - "15006" - - -u - - "1337" - - -m - - REDIRECT - - -i - - '*' - - -x - - "" - - -b - - '*' - - -d - - "15020" - image: docker.io/istio/proxyv2:1.4.5 - imagePullPolicy: IfNotPresent - name: istio-init - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 10m - memory: 10Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_ADMIN - - NET_RAW - drop: - - ALL - privileged: false - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - volumes: - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-certs - secret: - optional: true - secretName: istio.default + replicas: 1 + selector: + matchLabels: + app: ja + server: http + version: v2 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' + creationTimestamp: null + labels: + app: ja + security.istio.io/tlsMode: istio + server: http + version: v2 + spec: + containers: + - image: beppev/server-c:latest + name: front-end + ports: + - containerPort: 6000 + resources: {} + - args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - ja.$(POD_NAMESPACE) + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15010 + - --zipkinAddress + - zipkin.istio-system:9411 + - --proxyLogLevel=warning + - --proxyComponentLogLevel=misc:error + - --connectTimeout + - 10s + - --proxyAdminPort + - "15000" + - --concurrency + - "2" + - --controlPlaneAuthPolicy + - NONE + - --dnsRefreshRate + - 300s + - --statusPort + - "15020" + - --applicationPorts + - "6000" + - --trust-domain=cluster.local + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_META_POD_PORTS + value: |- + [ + {"containerPort":6000} + ] + - name: ISTIO_META_CLUSTER_ID + value: Kubernetes + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: "false" + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_INCLUDE_INBOUND_PORTS + value: "6000" + - name: ISTIO_METAJSON_LABELS + value: | + {"app":"ja","server":"http","version":"v2"} + - name: ISTIO_META_WORKLOAD_NAME + value: server-c + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/default/deployments/server-c + - name: ISTIO_META_MESH_ID + value: cluster.local + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: 1 + periodSeconds: 2 + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: 10m + memory: 40Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - command: + - istio-iptables + - -p + - "15001" + - -z + - "15006" + - -u + - "1337" + - -m + - REDIRECT + - -i + - '*' + - -x + - "" + - -b + - '*' + - -d + - "15020" + image: docker.io/istio/proxyv2:1.4.5 + imagePullPolicy: IfNotPresent + name: istio-init + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 10m + memory: 10Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_ADMIN + - NET_RAW + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default status: {} --- apiVersion: v1 @@ -647,8 +679,8 @@ spec: servers: - port: number: 6000 - name: tcp - protocol: TCP + name: http + protocol: HTTP hosts: - "*" --- diff --git a/deploy.yaml b/deploy.yaml index 07fe6fd..9a3999e 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -134,8 +134,8 @@ spec: servers: - port: number: 6000 - name: tcp - protocol: TCP + name: http + protocol: HTTP hosts: - "*" --- From 83a58c41f4f81b10cb187b3f8d5c8d17cfa3c31d Mon Sep 17 00:00:00 2001 From: beppe Date: Sun, 1 Mar 2020 16:38:50 +0100 Subject: [PATCH 2/2] mmmmmmmmmmmmm --- serverA/app.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/serverA/app.py b/serverA/app.py index fd6f1fc..884cfe7 100644 --- a/serverA/app.py +++ b/serverA/app.py @@ -14,6 +14,11 @@ def doRequest(): def itWorks(): return requests.get(URL).json() +@app.route('/text') +def hope(): + return requests.get(URL).text + + @app.route('/find//') def findServer(name, port): return requests.get("http://"+name+":"+port)