183 lines
3.5 KiB
YAML
183 lines
3.5 KiB
YAML
# Deployment named "reporting"
|
|
# Listens on :8080
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: reporting
|
|
namespace: medical
|
|
labels:
|
|
app: reporting
|
|
demo: roadshow
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: reporting
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: reporting
|
|
spec:
|
|
imagePullSecrets:
|
|
- name: rhacs-demo-pull-pull-secret
|
|
containers:
|
|
- image: quay.io/rhacs-demo/reporting:latest
|
|
command: ["/bin/entrypoint"]
|
|
args: ["-listen", "8080", "-connect", "patient-db-service.medical.svc.cluster.local:8080"]
|
|
imagePullPolicy: Always
|
|
name: reporting
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
|
|
---
|
|
|
|
# Service named "reporting-service"
|
|
# Listens on :8080
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: reporting
|
|
name: reporting-service
|
|
namespace: medical
|
|
spec:
|
|
ports:
|
|
- port: 8080
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
name: http
|
|
selector:
|
|
app: reporting
|
|
type: ClusterIP
|
|
|
|
---
|
|
|
|
# Deployment named "patient-db"
|
|
# Listens on :8080
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: patient-db
|
|
namespace: medical
|
|
labels:
|
|
app: patient-db
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: patient-db
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: patient-db
|
|
spec:
|
|
imagePullSecrets:
|
|
- name: rhacs-demo-pull-pull-secret
|
|
containers:
|
|
- image: quay.io/rhacs-demo/netflow:latest
|
|
command: ["/bin/entrypoint"]
|
|
args: ["-listen", "8080", "-connect", "reporting-service.medical.svc.cluster.local:8080"]
|
|
imagePullPolicy: Always
|
|
name: patient-db
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
|
|
---
|
|
|
|
# Service named "patient-db-service"
|
|
# Listens on :8080
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: patient-db
|
|
name: patient-db-service
|
|
namespace: medical
|
|
spec:
|
|
ports:
|
|
- port: 8080
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
name: tcp
|
|
selector:
|
|
app: patient-db
|
|
type: ClusterIP
|
|
|
|
---
|
|
|
|
# Network policy named "deny-all"
|
|
# Denies all ingress and egress traffic
|
|
kind: NetworkPolicy
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
name: deny-all
|
|
namespace: medical
|
|
spec:
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
podSelector: {}
|
|
egress:
|
|
- ports:
|
|
# Istio-pilot port -- required for istio-proxy registration
|
|
- port: 15010
|
|
to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
istio-system: "true"
|
|
- ports:
|
|
- protocol: UDP
|
|
# kube-dns -- required for istio-proxy to find istio-pilot service
|
|
port: 53
|
|
to:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kube-system: "true"
|
|
ingress:
|
|
- ports:
|
|
# Istio-proxy status port -- required for Istio to update routing
|
|
- port: 15020
|
|
from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
istio-system: "true"
|
|
- ports:
|
|
# Istio-proxy port -- required for Istio to update routing
|
|
- port: 15090
|
|
from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
istio-system: "true"
|
|
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: proxy
|
|
namespace: medical
|
|
labels:
|
|
app: proxy
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: proxy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: proxy
|
|
spec:
|
|
imagePullSecrets:
|
|
- name: rhacs-demo-pull-pull-secret
|
|
containers:
|
|
- image: quay.io/rhacs-demo/proxy:latest
|
|
securityContext:
|
|
privileged: true
|
|
command: ["/bin/entrypoint"]
|
|
imagePullPolicy: Always
|
|
name: proxy
|
|
|
|
|