-
-
Save ebeigarts/e129f7bd44ef06fbbb5ce028af8c9cdf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: efgs-federation-gateway-config | |
data: | |
envoy.yaml: | | |
static_resources: | |
listeners: | |
- address: | |
socket_address: | |
address: 0.0.0.0 | |
port_value: 8443 | |
access_log: | |
- name: "envoy.access_loggers.file" | |
typed_config: | |
"@type": "type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog" | |
path: /dev/stdout | |
filter_chains: | |
- filters: | |
- name: envoy.filters.network.http_connection_manager | |
typed_config: | |
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager | |
codec_type: auto | |
stat_prefix: ingress_http | |
route_config: | |
name: local_route | |
virtual_hosts: | |
- name: backend | |
domains: | |
- "*" | |
routes: | |
- match: | |
prefix: "/" | |
route: | |
cluster: backend | |
request_headers_to_add: | |
- header: | |
key: "X-SSL-Client-SHA256" | |
value: "%DOWNSTREAM_PEER_FINGERPRINT_256%" | |
append: true | |
- header: | |
key: "X-SSL-Client-DN" | |
value: "%DOWNSTREAM_PEER_SUBJECT%" | |
append: true | |
- header: | |
key: "X-Request-Start" | |
value: "%START_TIME(%s.%3f)%" | |
append: true | |
http_filters: | |
- name: envoy.filters.http.router | |
typed_config: {} | |
transport_socket: | |
name: envoy.transport_sockets.tls | |
typed_config: | |
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext | |
require_client_certificate: true | |
common_tls_context: | |
validation_context: | |
trust_chain_verification: ACCEPT_UNTRUSTED | |
tls_certificates: | |
certificate_chain: | |
inline_string: | | |
-----BEGIN CERTIFICATE----- | |
MIICqDCCAZACCQCquzpHNpqBcDANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtm | |
cm9udC1lbnZveTAeFw0yMDA3MDgwMTMxNDZaFw0zMDA3MDYwMTMxNDZaMBYxFDAS | |
BgNVBAMMC2Zyb250LWVudm95MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | |
AQEAthnYkqVQBX+Wg7aQWyCCb87hBce1hAFhbRM8Y9dQTqxoMXZiA2n8G089hUou | |
oQpEdJgitXVS6YMFPFUUWfwcqxYAynLK4X5im26Yfa1eO8La8sZUS+4Bjao1gF5/ | |
VJxSEo2yZ7fFBo8M4E44ZehIIocipCRS+YZehFs6dmHoq/MGvh2eAHIa+O9xssPt | |
ofFcQMR8rwBHVbKy484O10tNCouX4yUkyQXqCRy6HRu7kSjOjNKSGtjfG+h5M8bh | |
10W7ZrsJ1hWhzBulSaMZaUY3vh5ngpws1JATQVSK1Jm/dmMRciwlTK7KfzgxHlSX | |
58ENpS7yPTISkEICcLbXkkKGEQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmj6Hg | |
vwOxWz0xu+6fSfRL6PGJUGq6wghCfUvjfwZ7zppDUqU47fk+yqPIOzuGZMdAqi7N | |
v1DXkeO4A3hnMD22Rlqt25vfogAaZVToBeQxCPd/ALBLFrvLUFYuSlS3zXSBpQqQ | |
Ny2IKFYsMllz5RSROONHBjaJOn5OwqenJ91MPmTAG7ujXKN6INSBM0PjX9Jy4Xb9 | |
zT+I85jRDQHnTFce1WICBDCYidTIvJtdSSokGSuy4/xyxAAc/BpZAfOjBQ4G1QRe | |
9XwOi790LyNUYFJVyeOvNJwveloWuPLHb9idmY5YABwikUY6QNcXwyHTbRCkPB2I | |
m+/R4XnmL4cKQ+5Z | |
-----END CERTIFICATE----- | |
private_key: | |
inline_string: | | |
-----BEGIN PRIVATE KEY----- | |
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2GdiSpVAFf5aD | |
tpBbIIJvzuEFx7WEAWFtEzxj11BOrGgxdmIDafwbTz2FSi6hCkR0mCK1dVLpgwU8 | |
VRRZ/ByrFgDKcsrhfmKbbph9rV47wtryxlRL7gGNqjWAXn9UnFISjbJnt8UGjwzg | |
Tjhl6EgihyKkJFL5hl6EWzp2Yeir8wa+HZ4Achr473Gyw+2h8VxAxHyvAEdVsrLj | |
zg7XS00Ki5fjJSTJBeoJHLodG7uRKM6M0pIa2N8b6HkzxuHXRbtmuwnWFaHMG6VJ | |
oxlpRje+HmeCnCzUkBNBVIrUmb92YxFyLCVMrsp/ODEeVJfnwQ2lLvI9MhKQQgJw | |
tteSQoYRAgMBAAECggEAeDGdEkYNCGQLe8pvg8Z0ccoSGpeTxpqGrNEKhjfi6NrB | |
NwyVav10iq4FxEmPd3nobzDPkAftfvWc6hKaCT7vyTkPspCMOsQJ39/ixOk+jqFx | |
lNa1YxyoZ9IV2DIHR1iaj2Z5gB367PZUoGTgstrbafbaNY9IOSyojCIO935ubbcx | |
DWwL24XAf51ez6sXnI8V5tXmrFlNXhbhJdH8iIxNyM45HrnlUlOk0lCK4gmLJjy9 | |
10IS2H2Wh3M5zsTpihH1JvM56oAH1ahrhMXs/rVFXXkg50yD1KV+HQiEbglYKUxO | |
eMYtfaY9i2CuLwhDnWp3oxP3HfgQQhD09OEN3e0IlQKBgQDZ/3poG9TiMZSjfKqL | |
xnCABMXGVQsfFWNC8THoW6RRx5Rqi8q08yJrmhCu32YKvccsOljDQJQQJdQO1g09 | |
e/adJmCnTrqxNtjPkX9txV23Lp6Ak7emjiQ5ICu7iWxrcO3zf7hmKtj7z+av8sjO | |
mDI7NkX5vnlE74nztBEjp3eC0wKBgQDV2GeJV028RW3b/QyP3Gwmax2+cKLR9PKR | |
nJnmO5bxAT0nQ3xuJEAqMIss/Rfb/macWc2N/6CWJCRT6a2vgy6xBW+bqG6RdQMB | |
xEZXFZl+sSKhXPkc5Wjb4lQ14YWyRPrTjMlwez3k4UolIJhJmwl+D7OkMRrOUERO | |
EtUvc7odCwKBgBi+nhdZKWXveM7B5N3uzXBKmmRz3MpPdC/yDtcwJ8u8msUpTv4R | |
JxQNrd0bsIqBli0YBmFLYEMg+BwjAee7vXeDFq+HCTv6XMva2RsNryCO4yD3I359 | |
XfE6DJzB8ZOUgv4Dvluie3TB2Y6ZQV/p+LGt7G13yG4hvofyJYvlg3RPAoGAcjDg | |
+OH5zLN2eqah8qBN0CYa9/rFt0AJ19+7/smLTJ7QvQq4g0gwS1couplcCEnNGWiK | |
72y1n/ckvvplmPeAE19HveMvR9UoCeV5ej86fACy8V/oVpnaaLBvL2aCMjPLjPP9 | |
DWeCIZp8MV86cvOrGfngf6kJG2qZTueXl4NAuwkCgYEArKkhlZVXjwBoVvtHYmN2 | |
o+F6cGMlRJTLhNc391WApsgDZfTZSdeJsBsvvzS/Nc0burrufJg0wYioTlpReSy4 | |
ohhtprnQQAddfjHP7rh2LGt+irFzhdXXQ1ybGaGM9D764KUNCXLuwdly0vzXU4HU | |
q5sGxGrC1RECGB5Zwx2S2ZY= | |
-----END PRIVATE KEY----- | |
clusters: | |
- name: backend | |
connect_timeout: 0.25s | |
type: LOGICAL_DNS | |
dns_lookup_family: V4_ONLY | |
lb_policy: ROUND_ROBIN | |
load_assignment: | |
cluster_name: backend | |
endpoints: | |
- lb_endpoints: | |
- endpoint: | |
address: | |
socket_address: | |
address: efgs-federation-gateway-backend | |
port_value: 8080 | |
admin: | |
access_log_path: "/dev/stdout" | |
address: | |
socket_address: | |
address: 0.0.0.0 | |
port_value: 8001 | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: efgs-federation-gateway | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: efgs-federation-gateway | |
template: | |
metadata: | |
labels: | |
app: efgs-federation-gateway | |
spec: | |
volumes: | |
- name: efgs-federation-gateway-config-volume | |
configMap: | |
name: efgs-federation-gateway-config | |
items: | |
- key: envoy.yaml | |
path: envoy.yaml | |
containers: | |
- name: efgs-federation-gateway | |
image: envoyproxy/envoy-dev:latest | |
resources: | |
requests: | |
cpu: 0.5 | |
memory: 256Mi | |
limits: | |
cpu: 0.5 | |
memory: 512Mi | |
volumeMounts: | |
- name: efgs-federation-gateway-config-volume | |
mountPath: /etc/envoy | |
ports: | |
- containerPort: 8443 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: efgs-federation-gateway | |
spec: | |
ports: | |
- port: 443 | |
targetPort: 8443 | |
selector: | |
app: efgs-federation-gateway | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: efgs-federation-gateway-backend | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: efgs-federation-gateway-backend | |
template: | |
metadata: | |
labels: | |
app: efgs-federation-gateway-backend | |
spec: | |
imagePullSecrets: | |
- name: apturicovid-registry-credentials | |
containers: | |
- name: efgs-federation-gateway-backend | |
image: docker.pkg.github.com/apturicovid/efgs-federation-gateway/backend:latest | |
resources: | |
requests: | |
cpu: 0.1 | |
memory: 256Mi | |
limits: | |
cpu: 0.5 | |
memory: 1024Mi | |
ports: | |
- containerPort: 8080 | |
env: | |
- name: MYSQL_ROOT_PASSWORD | |
value: admin | |
- name: SPRING_PROFILES_ACTIVE | |
value: "mysql" | |
- name: SPRING_DATASOURCE_URL | |
value: "jdbc:mysql://efgs-federation-gateway-mysql:3306/fg" | |
- name: SPRING_DATASOURCE_USERNAME | |
value: "fg_user" | |
- name: SPRING_DATASOURCE_PASSWORD | |
value: "pass" | |
- name: SPRING_LIQUIBASE_USER | |
value: "fg_adm" | |
- name: SPRING_LIQUIBASE_PASSWORD | |
value: "admin" | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: efgs-federation-gateway-backend | |
spec: | |
ports: | |
- port: 8080 | |
selector: | |
app: efgs-federation-gateway-backend | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: efgs-federation-gateway-mysql-data-disk | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: efgs-federation-gateway-mysql | |
labels: | |
app: efgs-federation-gateway-mysql | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: efgs-federation-gateway-mysql | |
template: | |
metadata: | |
labels: | |
app: efgs-federation-gateway-mysql | |
spec: | |
containers: | |
- name: mysql | |
image: mysql:5.7 | |
ports: | |
- containerPort: 3306 | |
volumeMounts: | |
- mountPath: "/var/lib/mysql" | |
subPath: "mysql" | |
name: efgs-federation-gateway-mysql-data | |
env: | |
- name: MYSQL_DATABASE | |
value: "fg" | |
- name: MYSQL_ROOT_PASSWORD | |
value: "admin" | |
- name: MYSQL_USER | |
value: "fg_adm" | |
- name: MYSQL_PASSWORD | |
value: "admin" | |
volumes: | |
- name: efgs-federation-gateway-mysql-data | |
persistentVolumeClaim: | |
claimName: efgs-federation-gateway-mysql-data-disk | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: efgs-federation-gateway-mysql | |
spec: | |
selector: | |
app: efgs-federation-gateway-mysql | |
ports: | |
- protocol: TCP | |
port: 3306 | |
targetPort: 3306 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
kubectl apply -f efgs-federation-gateway.yml