terug naar start

deploy.istio.yaml

@@ -0,0 +1,428 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
+  creationTimestamp: null
+  labels:
+    expose: "true"
+    security.istio.io/tlsMode: istio
+    server: http
+  name: server-a
+spec:
+  containers:
+  - image: beppev/server-a:latest
+    name: front-end
+    ports:
+    - containerPort: 5000
+    resources: {}
+  - args:
+    - proxy
+    - sidecar
+    - --domain
+    - $(POD_NAMESPACE).svc.cluster.local
+    - --configPath
+    - /etc/istio/proxy
+    - --binaryPath
+    - /usr/local/bin/envoy
+    - --serviceCluster
+    - server-a.default
+    - --drainDuration
+    - 45s
+    - --parentShutdownDuration
+    - 1m0s
+    - --discoveryAddress
+    - istio-pilot.istio-system:15010
+    - --zipkinAddress
+    - zipkin.istio-system:9411
+    - --proxyLogLevel=warning
+    - --proxyComponentLogLevel=misc:error
+    - --connectTimeout
+    - 10s
+    - --proxyAdminPort
+    - "15000"
+    - --concurrency
+    - "2"
+    - --controlPlaneAuthPolicy
+    - NONE
+    - --dnsRefreshRate
+    - 300s
+    - --statusPort
+    - "15020"
+    - --applicationPorts
+    - "5000"
+    - --trust-domain=cluster.local
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: POD_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: INSTANCE_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    - name: SERVICE_ACCOUNT
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.serviceAccountName
+    - name: HOST_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+    - name: ISTIO_META_POD_PORTS
+      value: |-
+        [
+            {"containerPort":5000}
+        ]
+    - name: ISTIO_META_CLUSTER_ID
+      value: Kubernetes
+    - name: ISTIO_META_POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: ISTIO_META_CONFIG_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: SDS_ENABLED
+      value: "false"
+    - name: ISTIO_META_INTERCEPTION_MODE
+      value: REDIRECT
+    - name: ISTIO_META_INCLUDE_INBOUND_PORTS
+      value: "5000"
+    - name: ISTIO_METAJSON_LABELS
+      value: |
+        {"expose":"true","server":"http"}
+    - name: ISTIO_META_WORKLOAD_NAME
+      value: server-a
+    - name: ISTIO_META_OWNER
+      value: kubernetes://apis/v1/namespaces/default/pods/server-a
+    - name: ISTIO_META_MESH_ID
+      value: cluster.local
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-proxy
+    ports:
+    - containerPort: 15090
+      name: http-envoy-prom
+      protocol: TCP
+    readinessProbe:
+      failureThreshold: 30
+      httpGet:
+        path: /healthz/ready
+        port: 15020
+      initialDelaySeconds: 1
+      periodSeconds: 2
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 1337
+      runAsNonRoot: true
+      runAsUser: 1337
+    volumeMounts:
+    - mountPath: /etc/istio/proxy
+      name: istio-envoy
+    - mountPath: /etc/certs/
+      name: istio-certs
+      readOnly: true
+  initContainers:
+  - command:
+    - istio-iptables
+    - -p
+    - "15001"
+    - -z
+    - "15006"
+    - -u
+    - "1337"
+    - -m
+    - REDIRECT
+    - -i
+    - '*'
+    - -x
+    - ""
+    - -b
+    - '*'
+    - -d
+    - "15020"
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: 100m
+        memory: 50Mi
+      requests:
+        cpu: 10m
+        memory: 10Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 0
+      runAsNonRoot: false
+      runAsUser: 0
+  volumes:
+  - emptyDir:
+      medium: Memory
+    name: istio-envoy
+  - name: istio-certs
+    secret:
+      optional: true
+      secretName: istio.default
+status: {}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
+  creationTimestamp: null
+  labels:
+    security.istio.io/tlsMode: istio
+    server: http
+  name: server-b
+spec:
+  containers:
+  - image: beppev/server-b:latest
+    name: front-end
+    ports:
+    - containerPort: 6000
+    resources: {}
+  - args:
+    - proxy
+    - sidecar
+    - --domain
+    - $(POD_NAMESPACE).svc.cluster.local
+    - --configPath
+    - /etc/istio/proxy
+    - --binaryPath
+    - /usr/local/bin/envoy
+    - --serviceCluster
+    - server-b.default
+    - --drainDuration
+    - 45s
+    - --parentShutdownDuration
+    - 1m0s
+    - --discoveryAddress
+    - istio-pilot.istio-system:15010
+    - --zipkinAddress
+    - zipkin.istio-system:9411
+    - --proxyLogLevel=warning
+    - --proxyComponentLogLevel=misc:error
+    - --connectTimeout
+    - 10s
+    - --proxyAdminPort
+    - "15000"
+    - --concurrency
+    - "2"
+    - --controlPlaneAuthPolicy
+    - NONE
+    - --dnsRefreshRate
+    - 300s
+    - --statusPort
+    - "15020"
+    - --applicationPorts
+    - "6000"
+    - --trust-domain=cluster.local
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: POD_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: INSTANCE_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    - name: SERVICE_ACCOUNT
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.serviceAccountName
+    - name: HOST_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+    - name: ISTIO_META_POD_PORTS
+      value: |-
+        [
+            {"containerPort":6000}
+        ]
+    - name: ISTIO_META_CLUSTER_ID
+      value: Kubernetes
+    - name: ISTIO_META_POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: ISTIO_META_CONFIG_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: SDS_ENABLED
+      value: "false"
+    - name: ISTIO_META_INTERCEPTION_MODE
+      value: REDIRECT
+    - name: ISTIO_META_INCLUDE_INBOUND_PORTS
+      value: "6000"
+    - name: ISTIO_METAJSON_LABELS
+      value: |
+        {"server":"http"}
+    - name: ISTIO_META_WORKLOAD_NAME
+      value: server-b
+    - name: ISTIO_META_OWNER
+      value: kubernetes://apis/v1/namespaces/default/pods/server-b
+    - name: ISTIO_META_MESH_ID
+      value: cluster.local
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-proxy
+    ports:
+    - containerPort: 15090
+      name: http-envoy-prom
+      protocol: TCP
+    readinessProbe:
+      failureThreshold: 30
+      httpGet:
+        path: /healthz/ready
+        port: 15020
+      initialDelaySeconds: 1
+      periodSeconds: 2
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 10m
+        memory: 40Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 1337
+      runAsNonRoot: true
+      runAsUser: 1337
+    volumeMounts:
+    - mountPath: /etc/istio/proxy
+      name: istio-envoy
+    - mountPath: /etc/certs/
+      name: istio-certs
+      readOnly: true
+  initContainers:
+  - command:
+    - istio-iptables
+    - -p
+    - "15001"
+    - -z
+    - "15006"
+    - -u
+    - "1337"
+    - -m
+    - REDIRECT
+    - -i
+    - '*'
+    - -x
+    - ""
+    - -b
+    - '*'
+    - -d
+    - "15020"
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: 100m
+        memory: 50Mi
+      requests:
+        cpu: 10m
+        memory: 10Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 0
+      runAsNonRoot: false
+      runAsUser: 0
+  volumes:
+  - emptyDir:
+      medium: Memory
+    name: istio-envoy
+  - name: istio-certs
+    secret:
+      optional: true
+      secretName: istio.default
+status: {}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: server-check
+spec:
+  selector:
+    server: "http"
+  ports:
+    - name: http
+      protocol: TCP
+      port: 6000
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: expose-server
+spec:
+  type: NodePort
+  selector:
+    expose: "true"
+  ports:
+    - name: http
+      protocol: TCP
+      targetPort: 5000
+      port: 5000
+      nodePort: 30036
+---
+kind: Service
+apiVersion: v1
+metadata:
+    name: example-loadbalancer
+spec:
+    selector:
+        expose: "true"
+    ports:
+        - name: http
+          protocol: TCP
+          targetPort: 5000
+          port: 80
+    type: LoadBalancer
+---

deploy.yaml

@@ -19,6 +19,8 @@ metadata:
   name: server-b
   labels:
     server: "http"
+    app: "ja"
+    version: v1
 spec:
   containers:
     - name: front-end
@@ -26,13 +28,28 @@ spec:
       ports:
         - containerPort: 6000
 ---
-kind: Service
 apiVersion: v1
+kind: Pod
 metadata:
-  name: server-check
+  name: server-c
+  labels:
+    server: "http"
+    app: "ja"
+    version: v2
+spec:
+  containers:
+    - name: front-end
+      image: beppev/server-c:latest
+      ports:
+        - containerPort: 6000
+---
+apiVersion: v1
+kind: Service
+metedata:
+  name: server-b-c-service
 spec:
   selector:
-    server: "http"
+    app: "ja"
   ports:
     - name: http
       protocol: TCP
@@ -52,4 +69,17 @@ spec:
       targetPort: 5000
       port: 5000
       nodePort: 30036
-
+---
+kind: Service
+apiVersion: v1
+metadata:
+    name: example-loadbalancer
+spec:
+    selector:
+        expose: "true"
+    ports:
+        - name: http
+          protocol: TCP
+          targetPort: 5000
+          port: 80
+    type: LoadBalancer

gateway.yaml

@@ -0,0 +1,516 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
+  creationTimestamp: null
+  labels:
+    expose: "true"
+    security.istio.io/tlsMode: istio
+    server: http
+    name: "a"
+  name: server-a
+spec:
+  containers:
+  - image: beppev/server-a:latest
+    name: front-end
+    ports:
+    - containerPort: 5000
+    resources: {}
+  - args:
+    - proxy
+    - sidecar
+    - --domain
+    - $(POD_NAMESPACE).svc.cluster.local
+    - --configPath
+    - /etc/istio/proxy
+    - --binaryPath
+    - /usr/local/bin/envoy
+    - --serviceCluster
+    - server-a.default
+    - --drainDuration
+    - 45s
+    - --parentShutdownDuration
+    - 1m0s
+    - --discoveryAddress
+    - istio-pilot.istio-system:15011
+    - --zipkinAddress
+    - zipkin.istio-system:9411
+    - --proxyLogLevel=warning
+    - --proxyComponentLogLevel=misc:error
+    - --connectTimeout
+    - 10s
+    - --proxyAdminPort
+    - "15000"
+    - --concurrency
+    - "2"
+    - --controlPlaneAuthPolicy
+    - MUTUAL_TLS
+    - --dnsRefreshRate
+    - 300s
+    - --statusPort
+    - "15020"
+    - --applicationPorts
+    - "5000"
+    - --trust-domain=cluster.local
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: POD_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: INSTANCE_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    - name: SERVICE_ACCOUNT
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.serviceAccountName
+    - name: HOST_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+    - name: ISTIO_META_POD_PORTS
+      value: |-
+        [
+            {"containerPort":5000}
+        ]
+    - name: ISTIO_META_CLUSTER_ID
+      value: Kubernetes
+    - name: ISTIO_META_POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: ISTIO_META_CONFIG_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: SDS_ENABLED
+      value: "false"
+    - name: ISTIO_META_INTERCEPTION_MODE
+      value: REDIRECT
+    - name: ISTIO_META_INCLUDE_INBOUND_PORTS
+      value: "5000"
+    - name: ISTIO_METAJSON_LABELS
+      value: |
+        {"expose":"true","server":"http"}
+    - name: ISTIO_META_WORKLOAD_NAME
+      value: server-a
+    - name: ISTIO_META_OWNER
+      value: kubernetes://apis/v1/namespaces/default/pods/server-a
+    - name: ISTIO_META_MESH_ID
+      value: cluster.local
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-proxy
+    ports:
+    - containerPort: 15090
+      name: http-envoy-prom
+      protocol: TCP
+    readinessProbe:
+      failureThreshold: 30
+      httpGet:
+        path: /healthz/ready
+        port: 15020
+      initialDelaySeconds: 1
+      periodSeconds: 2
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 1337
+      runAsNonRoot: true
+      runAsUser: 1337
+    volumeMounts:
+    - mountPath: /etc/istio/proxy
+      name: istio-envoy
+    - mountPath: /etc/certs/
+      name: istio-certs
+      readOnly: true
+  initContainers:
+  - command:
+    - istio-iptables
+    - -p
+    - "15001"
+    - -z
+    - "15006"
+    - -u
+    - "1337"
+    - -m
+    - REDIRECT
+    - -i
+    - '*'
+    - -x
+    - ""
+    - -b
+    - '*'
+    - -d
+    - "15020"
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: 100m
+        memory: 50Mi
+      requests:
+        cpu: 10m
+        memory: 10Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 0
+      runAsNonRoot: false
+      runAsUser: 0
+  volumes:
+  - emptyDir:
+      medium: Memory
+    name: istio-envoy
+  - name: istio-certs
+    secret:
+      optional: true
+      secretName: istio.default
+status: {}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
+  creationTimestamp: null
+  labels:
+    security.istio.io/tlsMode: istio
+    server: http
+    name: "b"
+  name: server-b
+spec:
+  containers:
+  - image: beppev/server-b:latest
+    name: front-end
+    ports:
+    - containerPort: 6000
+    resources: {}
+  - args:
+    - proxy
+    - sidecar
+    - --domain
+    - $(POD_NAMESPACE).svc.cluster.local
+    - --configPath
+    - /etc/istio/proxy
+    - --binaryPath
+    - /usr/local/bin/envoy
+    - --serviceCluster
+    - server-b.default
+    - --drainDuration
+    - 45s
+    - --parentShutdownDuration
+    - 1m0s
+    - --discoveryAddress
+    - istio-pilot.istio-system:15011
+    - --zipkinAddress
+    - zipkin.istio-system:9411
+    - --proxyLogLevel=warning
+    - --proxyComponentLogLevel=misc:error
+    - --connectTimeout
+    - 10s
+    - --proxyAdminPort
+    - "15000"
+    - --concurrency
+    - "2"
+    - --controlPlaneAuthPolicy
+    - MUTUAL_TLS
+    - --dnsRefreshRate
+    - 300s
+    - --statusPort
+    - "15020"
+    - --applicationPorts
+    - "6000"
+    - --trust-domain=cluster.local
+    env:
+    - name: POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: POD_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: INSTANCE_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.podIP
+    - name: SERVICE_ACCOUNT
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.serviceAccountName
+    - name: HOST_IP
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+    - name: ISTIO_META_POD_PORTS
+      value: |-
+        [
+            {"containerPort":6000}
+        ]
+    - name: ISTIO_META_CLUSTER_ID
+      value: Kubernetes
+    - name: ISTIO_META_POD_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.name
+    - name: ISTIO_META_CONFIG_NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: SDS_ENABLED
+      value: "false"
+    - name: ISTIO_META_INTERCEPTION_MODE
+      value: REDIRECT
+    - name: ISTIO_META_INCLUDE_INBOUND_PORTS
+      value: "6000"
+    - name: ISTIO_METAJSON_LABELS
+      value: |
+        {"server":"http"}
+    - name: ISTIO_META_WORKLOAD_NAME
+      value: server-b
+    - name: ISTIO_META_OWNER
+      value: kubernetes://apis/v1/namespaces/default/pods/server-b
+    - name: ISTIO_META_MESH_ID
+      value: cluster.local
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-proxy
+    ports:
+    - containerPort: 15090
+      name: http-envoy-prom
+      protocol: TCP
+    readinessProbe:
+      failureThreshold: 30
+      httpGet:
+        path: /healthz/ready
+        port: 15020
+      initialDelaySeconds: 1
+      periodSeconds: 2
+    resources:
+      limits:
+        cpu: "2"
+        memory: 1Gi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: true
+      runAsGroup: 1337
+      runAsNonRoot: true
+      runAsUser: 1337
+    volumeMounts:
+    - mountPath: /etc/istio/proxy
+      name: istio-envoy
+    - mountPath: /etc/certs/
+      name: istio-certs
+      readOnly: true
+  initContainers:
+  - command:
+    - istio-iptables
+    - -p
+    - "15001"
+    - -z
+    - "15006"
+    - -u
+    - "1337"
+    - -m
+    - REDIRECT
+    - -i
+    - '*'
+    - -x
+    - ""
+    - -b
+    - '*'
+    - -d
+    - "15020"
+    image: docker.io/istio/proxyv2:1.4.5
+    imagePullPolicy: IfNotPresent
+    name: istio-init
+    resources:
+      limits:
+        cpu: 100m
+        memory: 50Mi
+      requests:
+        cpu: 10m
+        memory: 10Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        add:
+        - NET_ADMIN
+        - NET_RAW
+        drop:
+        - ALL
+      privileged: false
+      readOnlyRootFilesystem: false
+      runAsGroup: 0
+      runAsNonRoot: false
+      runAsUser: 0
+  volumes:
+  - emptyDir:
+      medium: Memory
+    name: istio-envoy
+  - name: istio-certs
+    secret:
+      optional: true
+      secretName: istio.default
+status: {}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: server-a-service
+spec:
+  selector:
+    name: "a"
+  ports:
+    - name: http
+      protocol: TCP
+      port: 5000
+    - name: sb
+      protocol: TCP
+      port: 6000
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: server-b-service
+spec:
+  selector:
+    name: "b"
+  ports:
+    - name: http
+      protocol: TCP
+      port: 6000
+
+---
+kind: VirtualService
+apiVersion: networking.istio.io/v1alpha3
+metadata:
+  name: link-servers
+spec:
+  hosts:
+  -  server-a-service
+  http:
+    - match:
+        - headers:
+            end-user:
+              exact: jason
+      route:
+        - destination:
+            host: server-b-service
+    - route:
+        - destination:
+            host: server-b-service
+
+
+
+
+#kind: Service
+#apiVersion: v1
+#metadata:
+#  name: server-a-service
+#spec:
+#  selector:
+#    server: "http"
+#  ports:
+#    - name: http
+#      protocol: TCP
+#      port: 6000
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: expose-server
+spec:
+  type: NodePort
+  selector:
+    expose: "true"
+  ports:
+    - name: http
+      protocol: TCP
+      targetPort: 5000
+      port: 5000
+      nodePort: 30036
+#---
+#apiVersion: networking.istio.io/v1alpha3
+#kind: VirtualService
+#metadata:
+#  name: virtual-service
+#spec:
+#  host:
+#    - expose-server
+#  http:
+#    - match:
+#        - headers:
+#            end-user:
+#              exact: jason
+#        - route:
+#            - destination:
+#              host: expose-server
+#        - route:
+#              - destination:
+#                host: expose-server
+#
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: ext-host-gwy
+spec:
+  selector:
+    expose: "true"
+  servers:
+  - port:
+      number: 5000
+      name: http
+      protocol: HTTP
+    hosts:
+    - expose-server.cluster.local
+
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: virtual-svc
+spec:
+  hosts:
+  - '*'
+  gateways:
+    - ext-host-gwy
+  http:
+    - name: "help"
+      route:
+        - destination:
+            host: expose-server.cluster.local

manifests/pipeline/pipeline.yaml

@@ -31,6 +31,16 @@ spec:
     - name: pathToContext-b
       description: The path to the build context, used by Kaniko - within the workspace
       default: .
+    - name: imageUrl-c
+      description: Url of image repository
+      default: deploy_target
+    - name: imageTag-c
+      description: Tag to apply to the built image
+      default: latest
+    - name: pathToContext-c
+      description: The path to the build context, used by Kaniko - within the workspace
+      default: .
+
   tasks:
   - name: build-and-push-a
     taskRef:
@@ -62,11 +72,23 @@ spec:
       inputs:
         - name: git-source
           resource: git-source
+  - name: build-and-push-c
+    taskRef:
+      name: build-and-push
+    runAfter:
+      - build-and-push-b
+    params:
+      - name: pathToContext
+        value: "$(params.pathToContext-c)"
+      - name: imageUrl
+        value: "$(params.imageUrl-c)"
+      - name: imageTag
+        value: "$(params.imageTag-c)"
   - name: deploy-application
     taskRef:
       name: deploy-application
     runAfter:
-      - build-and-push-b
+      - build-and-push-c
     params:
       - name: pathToContext
         value: "."

manifests/pipeline/pipelineRun.yaml

@@ -27,4 +27,10 @@ spec:
       value: "latest"
     - name: pathToContext-b
       value: "./serverB"
+    - name: imageUrl-c
+      value: "server-c"
+    - name: imageTag-c
+      value: "latest"
+    - name: pathToContext-c
+      value: "./serverC"
 

serverC/app.py

@@ -0,0 +1,16 @@
+from flask import Flask
+from flask import jsonify
+app = Flask(__name__)
+
+
+@app.route('/')
+def doRequest():
+    data = {
+        "serverName": "serverC",
+        "success": "true"
+    }
+    return jsonify(data)
+
+
+if __name__ == '__main__':
+    app.run(debug=True, host="0.0.0.0", port=6000)

serverC/dockerfile

@@ -0,0 +1,10 @@
+from python:3.7
+
+copy . /app
+workdir /app
+
+run pip install -r requirements.txt
+expose 6000
+entrypoint [ "python" ]
+
+cmd [ "app.py" ]

serverC/requirements.txt

@@ -0,0 +1 @@
+Flask