mirror of
https://github.com/bvanroll/cicdTest.git
synced 2025-08-29 12:02:47 +00:00
727 lines
17 KiB
YAML
727 lines
17 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: server-a
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
expose: "true"
|
|
server: http
|
|
strategy: {}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
|
|
creationTimestamp: null
|
|
labels:
|
|
expose: "true"
|
|
security.istio.io/tlsMode: istio
|
|
server: http
|
|
spec:
|
|
containers:
|
|
- image: beppev/server-a:latest
|
|
name: front-end
|
|
ports:
|
|
- containerPort: 5000
|
|
resources: {}
|
|
- args:
|
|
- proxy
|
|
- sidecar
|
|
- --domain
|
|
- $(POD_NAMESPACE).svc.cluster.local
|
|
- --configPath
|
|
- /etc/istio/proxy
|
|
- --binaryPath
|
|
- /usr/local/bin/envoy
|
|
- --serviceCluster
|
|
- server-a.default
|
|
- --drainDuration
|
|
- 45s
|
|
- --parentShutdownDuration
|
|
- 1m0s
|
|
- --discoveryAddress
|
|
- istio-pilot.istio-system:15010
|
|
- --zipkinAddress
|
|
- zipkin.istio-system:9411
|
|
- --proxyLogLevel=warning
|
|
- --proxyComponentLogLevel=misc:error
|
|
- --connectTimeout
|
|
- 10s
|
|
- --proxyAdminPort
|
|
- "15000"
|
|
- --concurrency
|
|
- "2"
|
|
- --controlPlaneAuthPolicy
|
|
- NONE
|
|
- --dnsRefreshRate
|
|
- 300s
|
|
- --statusPort
|
|
- "15020"
|
|
- --applicationPorts
|
|
- "5000"
|
|
- --trust-domain=cluster.local
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: INSTANCE_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: SERVICE_ACCOUNT
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.serviceAccountName
|
|
- name: HOST_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.hostIP
|
|
- name: ISTIO_META_POD_PORTS
|
|
value: |-
|
|
[
|
|
{"containerPort":5000}
|
|
]
|
|
- name: ISTIO_META_CLUSTER_ID
|
|
value: Kubernetes
|
|
- name: ISTIO_META_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: ISTIO_META_CONFIG_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: SDS_ENABLED
|
|
value: "false"
|
|
- name: ISTIO_META_INTERCEPTION_MODE
|
|
value: REDIRECT
|
|
- name: ISTIO_META_INCLUDE_INBOUND_PORTS
|
|
value: "5000"
|
|
- name: ISTIO_METAJSON_LABELS
|
|
value: |
|
|
{"expose":"true","server":"http"}
|
|
- name: ISTIO_META_WORKLOAD_NAME
|
|
value: server-a
|
|
- name: ISTIO_META_OWNER
|
|
value: kubernetes://apis/apps/v1/namespaces/default/deployments/server-a
|
|
- name: ISTIO_META_MESH_ID
|
|
value: cluster.local
|
|
image: docker.io/istio/proxyv2:1.4.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: istio-proxy
|
|
ports:
|
|
- containerPort: 15090
|
|
name: http-envoy-prom
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 30
|
|
httpGet:
|
|
path: /healthz/ready
|
|
port: 15020
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 2
|
|
resources:
|
|
limits:
|
|
cpu: "2"
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 40Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 1337
|
|
runAsNonRoot: true
|
|
runAsUser: 1337
|
|
volumeMounts:
|
|
- mountPath: /etc/istio/proxy
|
|
name: istio-envoy
|
|
- mountPath: /etc/certs/
|
|
name: istio-certs
|
|
readOnly: true
|
|
initContainers:
|
|
- command:
|
|
- istio-iptables
|
|
- -p
|
|
- "15001"
|
|
- -z
|
|
- "15006"
|
|
- -u
|
|
- "1337"
|
|
- -m
|
|
- REDIRECT
|
|
- -i
|
|
- '*'
|
|
- -x
|
|
- ""
|
|
- -b
|
|
- '*'
|
|
- -d
|
|
- "15020"
|
|
image: docker.io/istio/proxyv2:1.4.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: istio-init
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 50Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 10Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: false
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
volumes:
|
|
- emptyDir:
|
|
medium: Memory
|
|
name: istio-envoy
|
|
- name: istio-certs
|
|
secret:
|
|
optional: true
|
|
secretName: istio.default
|
|
status: {}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: server-b
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: ja
|
|
server: http
|
|
version: v1
|
|
strategy: {}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
|
|
creationTimestamp: null
|
|
labels:
|
|
app: ja
|
|
security.istio.io/tlsMode: istio
|
|
server: http
|
|
version: v1
|
|
spec:
|
|
containers:
|
|
- image: beppev/server-b:latest
|
|
name: front-end
|
|
ports:
|
|
- containerPort: 6000
|
|
resources: {}
|
|
- args:
|
|
- proxy
|
|
- sidecar
|
|
- --domain
|
|
- $(POD_NAMESPACE).svc.cluster.local
|
|
- --configPath
|
|
- /etc/istio/proxy
|
|
- --binaryPath
|
|
- /usr/local/bin/envoy
|
|
- --serviceCluster
|
|
- ja.$(POD_NAMESPACE)
|
|
- --drainDuration
|
|
- 45s
|
|
- --parentShutdownDuration
|
|
- 1m0s
|
|
- --discoveryAddress
|
|
- istio-pilot.istio-system:15010
|
|
- --zipkinAddress
|
|
- zipkin.istio-system:9411
|
|
- --proxyLogLevel=warning
|
|
- --proxyComponentLogLevel=misc:error
|
|
- --connectTimeout
|
|
- 10s
|
|
- --proxyAdminPort
|
|
- "15000"
|
|
- --concurrency
|
|
- "2"
|
|
- --controlPlaneAuthPolicy
|
|
- NONE
|
|
- --dnsRefreshRate
|
|
- 300s
|
|
- --statusPort
|
|
- "15020"
|
|
- --applicationPorts
|
|
- "6000"
|
|
- --trust-domain=cluster.local
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: INSTANCE_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: SERVICE_ACCOUNT
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.serviceAccountName
|
|
- name: HOST_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.hostIP
|
|
- name: ISTIO_META_POD_PORTS
|
|
value: |-
|
|
[
|
|
{"containerPort":6000}
|
|
]
|
|
- name: ISTIO_META_CLUSTER_ID
|
|
value: Kubernetes
|
|
- name: ISTIO_META_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: ISTIO_META_CONFIG_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: SDS_ENABLED
|
|
value: "false"
|
|
- name: ISTIO_META_INTERCEPTION_MODE
|
|
value: REDIRECT
|
|
- name: ISTIO_META_INCLUDE_INBOUND_PORTS
|
|
value: "6000"
|
|
- name: ISTIO_METAJSON_LABELS
|
|
value: |
|
|
{"app":"ja","server":"http","version":"v1"}
|
|
- name: ISTIO_META_WORKLOAD_NAME
|
|
value: server-b
|
|
- name: ISTIO_META_OWNER
|
|
value: kubernetes://apis/apps/v1/namespaces/default/deployments/server-b
|
|
- name: ISTIO_META_MESH_ID
|
|
value: cluster.local
|
|
image: docker.io/istio/proxyv2:1.4.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: istio-proxy
|
|
ports:
|
|
- containerPort: 15090
|
|
name: http-envoy-prom
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 30
|
|
httpGet:
|
|
path: /healthz/ready
|
|
port: 15020
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 2
|
|
resources:
|
|
limits:
|
|
cpu: "2"
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 40Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 1337
|
|
runAsNonRoot: true
|
|
runAsUser: 1337
|
|
volumeMounts:
|
|
- mountPath: /etc/istio/proxy
|
|
name: istio-envoy
|
|
- mountPath: /etc/certs/
|
|
name: istio-certs
|
|
readOnly: true
|
|
initContainers:
|
|
- command:
|
|
- istio-iptables
|
|
- -p
|
|
- "15001"
|
|
- -z
|
|
- "15006"
|
|
- -u
|
|
- "1337"
|
|
- -m
|
|
- REDIRECT
|
|
- -i
|
|
- '*'
|
|
- -x
|
|
- ""
|
|
- -b
|
|
- '*'
|
|
- -d
|
|
- "15020"
|
|
image: docker.io/istio/proxyv2:1.4.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: istio-init
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 50Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 10Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: false
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
volumes:
|
|
- emptyDir:
|
|
medium: Memory
|
|
name: istio-envoy
|
|
- name: istio-certs
|
|
secret:
|
|
optional: true
|
|
secretName: istio.default
|
|
status: {}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: server-c
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: ja
|
|
server: http
|
|
version: v2
|
|
strategy: {}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
sidecar.istio.io/status: '{"version":"b5faac9e6b02231b7db3b29487392a395f1c85c746bf62dc8cb660444af6e0d9","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}'
|
|
creationTimestamp: null
|
|
labels:
|
|
app: ja
|
|
security.istio.io/tlsMode: istio
|
|
server: http
|
|
version: v2
|
|
spec:
|
|
containers:
|
|
- image: beppev/server-c:latest
|
|
name: front-end
|
|
ports:
|
|
- containerPort: 6000
|
|
resources: {}
|
|
- args:
|
|
- proxy
|
|
- sidecar
|
|
- --domain
|
|
- $(POD_NAMESPACE).svc.cluster.local
|
|
- --configPath
|
|
- /etc/istio/proxy
|
|
- --binaryPath
|
|
- /usr/local/bin/envoy
|
|
- --serviceCluster
|
|
- ja.$(POD_NAMESPACE)
|
|
- --drainDuration
|
|
- 45s
|
|
- --parentShutdownDuration
|
|
- 1m0s
|
|
- --discoveryAddress
|
|
- istio-pilot.istio-system:15010
|
|
- --zipkinAddress
|
|
- zipkin.istio-system:9411
|
|
- --proxyLogLevel=warning
|
|
- --proxyComponentLogLevel=misc:error
|
|
- --connectTimeout
|
|
- 10s
|
|
- --proxyAdminPort
|
|
- "15000"
|
|
- --concurrency
|
|
- "2"
|
|
- --controlPlaneAuthPolicy
|
|
- NONE
|
|
- --dnsRefreshRate
|
|
- 300s
|
|
- --statusPort
|
|
- "15020"
|
|
- --applicationPorts
|
|
- "6000"
|
|
- --trust-domain=cluster.local
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: INSTANCE_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: SERVICE_ACCOUNT
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.serviceAccountName
|
|
- name: HOST_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.hostIP
|
|
- name: ISTIO_META_POD_PORTS
|
|
value: |-
|
|
[
|
|
{"containerPort":6000}
|
|
]
|
|
- name: ISTIO_META_CLUSTER_ID
|
|
value: Kubernetes
|
|
- name: ISTIO_META_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: ISTIO_META_CONFIG_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: SDS_ENABLED
|
|
value: "false"
|
|
- name: ISTIO_META_INTERCEPTION_MODE
|
|
value: REDIRECT
|
|
- name: ISTIO_META_INCLUDE_INBOUND_PORTS
|
|
value: "6000"
|
|
- name: ISTIO_METAJSON_LABELS
|
|
value: |
|
|
{"app":"ja","server":"http","version":"v2"}
|
|
- name: ISTIO_META_WORKLOAD_NAME
|
|
value: server-c
|
|
- name: ISTIO_META_OWNER
|
|
value: kubernetes://apis/apps/v1/namespaces/default/deployments/server-c
|
|
- name: ISTIO_META_MESH_ID
|
|
value: cluster.local
|
|
image: docker.io/istio/proxyv2:1.4.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: istio-proxy
|
|
ports:
|
|
- containerPort: 15090
|
|
name: http-envoy-prom
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 30
|
|
httpGet:
|
|
path: /healthz/ready
|
|
port: 15020
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 2
|
|
resources:
|
|
limits:
|
|
cpu: "2"
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 40Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 1337
|
|
runAsNonRoot: true
|
|
runAsUser: 1337
|
|
volumeMounts:
|
|
- mountPath: /etc/istio/proxy
|
|
name: istio-envoy
|
|
- mountPath: /etc/certs/
|
|
name: istio-certs
|
|
readOnly: true
|
|
initContainers:
|
|
- command:
|
|
- istio-iptables
|
|
- -p
|
|
- "15001"
|
|
- -z
|
|
- "15006"
|
|
- -u
|
|
- "1337"
|
|
- -m
|
|
- REDIRECT
|
|
- -i
|
|
- '*'
|
|
- -x
|
|
- ""
|
|
- -b
|
|
- '*'
|
|
- -d
|
|
- "15020"
|
|
image: docker.io/istio/proxyv2:1.4.5
|
|
imagePullPolicy: IfNotPresent
|
|
name: istio-init
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 50Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 10Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: false
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
volumes:
|
|
- emptyDir:
|
|
medium: Memory
|
|
name: istio-envoy
|
|
- name: istio-certs
|
|
secret:
|
|
optional: true
|
|
secretName: istio.default
|
|
status: {}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: server-b-c-service
|
|
spec:
|
|
selector:
|
|
app: "ja"
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
port: 6000
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: expose-server
|
|
spec:
|
|
type: NodePort
|
|
selector:
|
|
expose: "true"
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
targetPort: 5000
|
|
port: 5000
|
|
nodePort: 30036
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: example-loadbalancer
|
|
spec:
|
|
selector:
|
|
expose: "true"
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
targetPort: 5000
|
|
port: 80
|
|
type: LoadBalancer
|
|
---
|
|
apiVersion: networking.istio.io/v1alpha3
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: server-check-destination
|
|
spec:
|
|
host: server-check
|
|
subsets:
|
|
- name: v1
|
|
labels:
|
|
version: v1
|
|
- name: v2
|
|
labels:
|
|
version: v2
|
|
---
|
|
apiVersion: networking.istio.io/v1alpha3
|
|
kind: Gateway
|
|
metadata:
|
|
name: server-check-gateway
|
|
spec:
|
|
selector:
|
|
expose: "true"
|
|
istio: ingressgateway
|
|
servers:
|
|
- port:
|
|
number: 6000
|
|
name: tcp
|
|
protocol: TCP
|
|
hosts:
|
|
- "*"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: server-check
|
|
spec:
|
|
selector:
|
|
expose: "true"
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
targetPort: 6000
|
|
port: 6000
|
|
---
|
|
apiVersion: networking.istio.io/v1alpha3
|
|
kind: VirtualService
|
|
metadata:
|
|
name: server-check-service
|
|
spec:
|
|
hosts:
|
|
- "*"
|
|
gateways:
|
|
- server-check-gateway
|
|
tcp:
|
|
- match:
|
|
- port: 6000
|
|
route:
|
|
- destination:
|
|
host: server-b-c-service
|
|
port:
|
|
number: 6000
|
|
subset: v1
|
|
weight: 50
|
|
- destination:
|
|
host: server-b-c-service
|
|
port:
|
|
number: 6000
|
|
subset: v2
|
|
weight: 50
|
|
---
|