# Deployment named "reporting"
# Listens on :8080
apiVersion: apps/v1
kind: Deployment
metadata:
  name: reporting
  namespace: medical
  labels:
    app: reporting
    demo: roadshow
spec:
  replicas: 1
  selector:
    matchLabels:
       app: reporting
  template:
    metadata:
     labels:
       app: reporting
    spec:
      imagePullSecrets:
      - name: rhacs-demo-pull-pull-secret
      containers:
      - image: quay.io/rhacs-demo/reporting:latest
        command: ["/bin/entrypoint"]
        args: ["-listen", "8080", "-connect", "patient-db-service.medical.svc.cluster.local:8080"]
        imagePullPolicy: Always
        name: reporting
        ports:
        - containerPort: 8080
          protocol: TCP

---

# Service named "reporting-service"
# Listens on :8080
apiVersion: v1
kind: Service
metadata:
  labels:
    app: reporting
  name: reporting-service
  namespace: medical
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
    name: http
  selector:
    app: reporting
  type: ClusterIP

---

# Deployment named "patient-db"
# Listens on :8080
apiVersion: apps/v1
kind: Deployment
metadata:
  name: patient-db
  namespace: medical
  labels:
    app: patient-db
spec:
  replicas: 1
  selector:
    matchLabels:
       app: patient-db
  template:
    metadata:
     labels:
       app: patient-db
    spec:
      imagePullSecrets:
      - name: rhacs-demo-pull-pull-secret
      containers:
      - image: quay.io/rhacs-demo/netflow:latest
        command: ["/bin/entrypoint"]
        args: ["-listen", "8080", "-connect", "reporting-service.medical.svc.cluster.local:8080"]
        imagePullPolicy: Always
        name: patient-db
        ports:
        - containerPort: 8080
          protocol: TCP

---

# Service named "patient-db-service"
# Listens on :8080
apiVersion: v1
kind: Service
metadata:
  labels:
    app: patient-db
  name: patient-db-service
  namespace: medical
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
    name: tcp
  selector:
    app: patient-db
  type: ClusterIP

---

# Network policy named "deny-all"
# Denies all ingress and egress traffic
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: deny-all
  namespace: medical
spec:
  policyTypes:
  - Ingress
  - Egress
  podSelector: {}
  egress:
  - ports:
    # Istio-pilot port -- required for istio-proxy registration
    - port: 15010
    to:
    - namespaceSelector:
        matchLabels:
          istio-system: "true"
  - ports:
    - protocol: UDP
      # kube-dns -- required for istio-proxy to find istio-pilot service
      port: 53
    to:
    - namespaceSelector:
        matchLabels:
          kube-system: "true"
  ingress:
  - ports:
    # Istio-proxy status port -- required for Istio to update routing
    - port: 15020
    from:
    - namespaceSelector:
        matchLabels:
          istio-system: "true"
  - ports:
    # Istio-proxy port -- required for Istio to update routing
    - port: 15090
    from:
    - namespaceSelector:
        matchLabels:
          istio-system: "true"

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: proxy
  namespace: medical
  labels:
    app: proxy
spec:
  replicas: 1
  selector:
    matchLabels:
       app: proxy
  template:
    metadata:
     labels:
       app: proxy
    spec:
      imagePullSecrets:
      - name: rhacs-demo-pull-pull-secret
      containers:
      - image: quay.io/rhacs-demo/proxy:latest
        securityContext:
          privileged: true
        command: ["/bin/entrypoint"]
        imagePullPolicy: Always
        name: proxy