Voravit voraviz

## demo-app-with-node-selector.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo
  annotations:
    app.openshift.io/vcs-ref: master
    app.openshift.io/vcs-uri: 'https://gitlab.com/ocp-demo/backend_quarkus'
  labels:
    app.kubernetes.io/component: demo
    app.kubernetes.io/instance: demo

## demo-pdb.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: demo-pdb
spec:
  maxUnavailable: 40%
  selector:
    matchLabels:
      app: demo

## smcp-security-mtls-snippet.yaml
spec:
  security:
    controlPlane:
      mtls: true
    #Data Plane mTLS config
    dataPlane:
      automtls: false
      mtls: false

## gateway-mtls.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: frontend-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 443

## smcp.yaml
apiVersion: maistra.io/v2
# Istio 1.6.5
kind: ServiceMeshControlPlane
metadata:
  name: basic-install
spec:
  security:
    controlPlane:
      mtls: true
    dataPlane:

## frontend-peer-authentication-and-destination-rule-with-mtls.sh
oc apply -f https://raw.githubusercontent.com/voraviz/openshift-service-mesh-ingress-mtls/main/config/frontend-peer-authentication.yaml
oc apply -f https://raw.githubusercontent.com/voraviz/openshift-service-mesh-ingress-mtls/main/config/frontend-destination-rule-mtls.yaml

## frontend-virtual-service-and-gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: frontend-gateway
  namespace: control-plane
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:

## deploy-sample-app-for-service-mesh-mtls-demo.sh
oc apply -f https://raw.githubusercontent.com/voraviz/openshift-service-mesh-ingress-mtls/main/apps/deployment.yaml -n data-plane

## backend-peer-authentication.yaml
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: backend
  namespace: data-plane
spec:
  selector:
    matchLabels:
      app: backend
  mtls:

## istio-rewrite-http-probers.sh
oc patch deployment/backend-v1 -p '{"spec":{"template":{"metadata":{"annotations":{"sidecar.istio.io/rewriteAppHTTPProbers":"true"}}}}}'
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: demo
	annotations:
	app.openshift.io/vcs-ref: master
	app.openshift.io/vcs-uri: 'https://gitlab.com/ocp-demo/backend_quarkus'
	labels:
	app.kubernetes.io/component: demo
	app.kubernetes.io/instance: demo
	apiVersion: policy/v1beta1
	kind: PodDisruptionBudget
	metadata:
	name: demo-pdb
	spec:
	maxUnavailable: 40%
	selector:
	matchLabels:
	app: demo
	spec:
	security:
	controlPlane:
	mtls: true
	#Data Plane mTLS config
	dataPlane:
	automtls: false
	mtls: false
	apiVersion: networking.istio.io/v1alpha3
	kind: Gateway
	metadata:
	name: frontend-gateway
	spec:
	selector:
	istio: ingressgateway # use istio default controller
	servers:
	- port:
	number: 443
	apiVersion: maistra.io/v2
	# Istio 1.6.5
	kind: ServiceMeshControlPlane
	metadata:
	name: basic-install
	spec:
	security:
	controlPlane:
	mtls: true
	dataPlane:
	oc apply -f https://raw.githubusercontent.com/voraviz/openshift-service-mesh-ingress-mtls/main/config/frontend-peer-authentication.yaml
	oc apply -f https://raw.githubusercontent.com/voraviz/openshift-service-mesh-ingress-mtls/main/config/frontend-destination-rule-mtls.yaml
	apiVersion: security.istio.io/v1beta1
	kind: PeerAuthentication
	metadata:
	name: backend
	namespace: data-plane
	spec:
	selector:
	matchLabels:
	app: backend
	mtls: