diff --git a/README-cn.md b/README-cn.md index 7f4217a..194f269 100644 --- a/README-cn.md +++ b/README-cn.md @@ -12,6 +12,7 @@ - Vagrant 2.0+ - Virtualbox 5.0 + - 提前下载kubernetes1.9.1以上版本的release压缩包 +- Mac/Linux,**不支持Windows** ## 集群 diff --git a/README.md b/README.md index 163ddd3..fbfada9 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,12 @@ The container network range is `170.33.0.0/16` owned by flanneld with `host-gw` ### Prerequisite * Host server with 8G+ mem(More is better), 60G disk, 8 core cpu at lease -* vagrant 2.0+ -* virtualbox 5.0+ -* Maybe need to access the internet through GFW to download the kubernetes files +* Vagrant 2.0+ +* Virtualbox 5.0+ +* Across GFW to download the kubernetes files (For China users) +* MacOS/Linux (**Windows is not supported**) -### Support Addon +### Support Addons **Required** diff --git a/addon/jenkins/Dockerfile b/addon/jenkins/Dockerfile new file mode 100644 index 0000000..994ddeb --- /dev/null +++ b/addon/jenkins/Dockerfile @@ -0,0 +1,18 @@ +FROM jenkins/jenkins:lts +MAINTAINER Jimmy Song +EXPOSE 8080 50000 +USER root +# Install prerequisites for Docker +RUN apt-get update && apt-get install -y sudo maven iptables libsystemd-journal0 init-system-helpers libapparmor1 libltdl7 libseccomp2 libdevmapper1.02.1 && rm -rf /var/lib/apt/lists/* +ENV DOCKER_VERSION=docker-ce_17.03.0~ce-0~ubuntu-trusty_amd64.deb +ENV KUBERNETES_VERSION=v1.9.1 +# Set up Docker +RUN wget https://download.docker.com/linux/ubuntu/dists/trusty/pool/stable/amd64/$DOCKER_VERSION +RUN dpkg -i $DOCKER_VERSION +# Set up Kubernetes +RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBERNETES_VERSION/bin/linux/amd64/kubectl +RUN chmod +x ./kubectl +RUN mv ./kubectl /usr/local/bin/kubectl +# Configure access to the Kubernetes Cluster +ADD ../../conf/config ~/.kube +ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"] diff --git a/addon/rook/mysql.yaml b/addon/rook/mysql.yaml new file mode 100644 index 0000000..231ee81 --- /dev/null +++ b/addon/rook/mysql.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress-mysql + labels: + app: wordpress +spec: + ports: + - port: 3306 + selector: + app: wordpress + tier: mysql + clusterIP: None +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim + labels: + app: wordpress +spec: + storageClassName: rook-block + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: wordpress-mysql + labels: + app: wordpress +spec: + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: mysql + spec: + containers: + - image: mysql:5.6 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: changeme + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/addon/rook/rook-agent-clusterrolebinding.yaml b/addon/rook/rook-agent-clusterrolebinding.yaml new file mode 100644 index 0000000..17dca4f --- /dev/null +++ b/addon/rook/rook-agent-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rookagent-clusterrolebinding +subjects: + - kind: ServiceAccount + name: rook-agent + namespace: rook-system +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: "" diff --git a/addon/rook/rook-cluster.yaml b/addon/rook/rook-cluster.yaml new file mode 100644 index 0000000..9e6f6ea --- /dev/null +++ b/addon/rook/rook-cluster.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: rook +--- +apiVersion: rook.io/v1alpha1 +kind: Cluster +metadata: + name: rook + namespace: rook +spec: + versionTag: v0.6.2 + dataDirHostPath: /var/lib/rook + storage: + useAllNodes: true + useAllDevices: false + storeConfig: + storeType: bluestore + databaseSizeMB: 512 + journalSizeMB: 512 diff --git a/addon/rook/rook-operator.yaml b/addon/rook/rook-operator.yaml new file mode 100644 index 0000000..5b45dcf --- /dev/null +++ b/addon/rook/rook-operator.yaml @@ -0,0 +1,158 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: rook-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-operator +rules: +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + - secrets + - pods + - services + - nodes + - nodes/proxy + - configmaps + - events + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - create + - update + - delete +- apiGroups: + - extensions + resources: + - thirdpartyresources + - deployments + - daemonsets + - replicasets + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - delete +- apiGroups: + - rook.io + resources: + - "*" + verbs: + - "*" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-operator + namespace: rook-system +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-operator + namespace: rook-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-operator +subjects: +- kind: ServiceAccount + name: rook-operator + namespace: rook-system +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: rook-operator + namespace: rook-system +spec: + replicas: 1 + template: + metadata: + labels: + app: rook-operator + spec: + serviceAccountName: rook-operator + containers: + - name: rook-operator + image: rook/rook:master + args: ["operator"] + env: + # To disable RBAC, uncomment the following: + # - name: RBAC_ENABLED + # value: "false" + # Rook Agent toleration. Will tolerate all taints with all keys. + # Choose between NoSchedule, PreferNoSchedule and NoExecute: + # - name: AGENT_TOLERATION + # value: "NoSchedule" + # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate + # - name: AGENT_TOLERATION_KEY + # value: "" + # Set the path where the Rook agent can find the flex volumes + # - name: FLEXVOLUME_DIR_PATH + # value: "" + # The interval to check if every mon is in the quorum. + - name: ROOK_MON_HEALTHCHECK_INTERVAL + value: "45s" + - name: FLEXVOLUME_DIR_PATH + value: "/var/lib/kubelet/volumeplugins" + # The duration to wait before trying to failover or remove/replace the + # current mon with a new mon (useful for compensating flapping network). + - name: ROOK_MON_OUT_TIMEOUT + value: "300s" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/addon/rook/rook-storageclass.yaml b/addon/rook/rook-storageclass.yaml new file mode 100644 index 0000000..2ec3b83 --- /dev/null +++ b/addon/rook/rook-storageclass.yaml @@ -0,0 +1,27 @@ +apiVersion: rook.io/v1alpha1 +kind: Pool +metadata: + name: replicapool + namespace: rook +spec: + replicated: + size: 1 + # For an erasure-coded pool, comment out the replication size above and uncomment the following settings. + # Make sure you have enough OSDs to support the replica size or erasure code chunks. + #erasureCoded: + # dataChunks: 2 + # codingChunks: 1 +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: rook-block +provisioner: rook.io/block +parameters: + pool: replicapool + # Specify the Rook cluster from which to create volumes. + # If not specified, it will use `rook` as the name of the cluster. + # This is also the namespace where the cluster will be + clusterName: rook + # Specify the filesystem type of the volume. If not specified, it will use `ext4`. + # fstype: ext4 diff --git a/addon/rook/rook-tools.yaml b/addon/rook/rook-tools.yaml new file mode 100644 index 0000000..fe4bcfe --- /dev/null +++ b/addon/rook/rook-tools.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Pod +metadata: + name: rook-tools + namespace: rook +spec: + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: rook-tools + image: rook/toolbox:master + imagePullPolicy: IfNotPresent + env: + - name: ROOK_ADMIN_SECRET + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: admin-secret + securityContext: + privileged: true + volumeMounts: + - mountPath: /dev + name: dev + - mountPath: /sys/bus + name: sysbus + - mountPath: /lib/modules + name: libmodules + - name: mon-endpoint-volume + mountPath: /etc/rook + hostNetwork: false + volumes: + - name: dev + hostPath: + path: /dev + - name: sysbus + hostPath: + path: /sys/bus + - name: libmodules + hostPath: + path: /lib/modules + - name: mon-endpoint-volume + configMap: + name: rook-ceph-mon-endpoints + items: + - key: data + path: mon-endpoints diff --git a/addon/rook/wordpress.yaml b/addon/rook/wordpress.yaml new file mode 100644 index 0000000..469a20b --- /dev/null +++ b/addon/rook/wordpress.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress + labels: + app: wordpress +spec: + ports: + - port: 80 + selector: + app: wordpress + tier: frontend +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wp-pv-claim + labels: + app: wordpress +spec: + storageClassName: rook-block + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: wordpress + labels: + app: wordpress +spec: + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: frontend + spec: + containers: + - image: wordpress:4.6.1-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-mysql + - name: WORDPRESS_DB_PASSWORD + value: changeme + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wp-pv-claim +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: wordpress-ingress +spec: + rules: + - host: wp.jimmysong.io + http: + paths: + - path: / + backend: + serviceName: wordpress + servicePort: 80 diff --git a/yaml/istio-bookinfo/istio-book-info.yaml b/yaml/istio-bookinfo/istio-book-info.yaml new file mode 100644 index 0000000..a6e3f31 --- /dev/null +++ b/yaml/istio-bookinfo/istio-book-info.yaml @@ -0,0 +1,792 @@ +# Copyright 2017 Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################################################## +# Details service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: details + labels: + app: details +spec: + ports: + - port: 9080 + name: http + selector: + app: details +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + name: details-v1 +spec: + replicas: 1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"1e8f480eee0d2c455cb96c4acc9a723ca2b4bff32a7837e65787a5ef6853c820","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"]}' + creationTimestamp: null + labels: + app: details + version: v1 + spec: + containers: + - image: istio/examples-bookinfo-details-v1:1.5.0 + imagePullPolicy: IfNotPresent + name: details + ports: + - containerPort: 9080 + resources: {} + - args: + - proxy + - sidecar + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - details + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15003 + - --discoveryRefreshDelay + - 1s + - --zipkinAddress + - zipkin.istio-system:9411 + - --connectTimeout + - 10s + - --statsdUdpAddress + - istio-mixer.istio-system:9125 + - --proxyAdminPort + - "15000" + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: docker.io/istio/proxy:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-proxy + resources: {} + securityContext: + privileged: false + readOnlyRootFilesystem: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - args: + - -p + - "15001" + - -u + - "1337" + image: docker.io/istio/proxy_init:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-init + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - args: + - -c + - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c + unlimited + command: + - /bin/sh + image: alpine + imagePullPolicy: IfNotPresent + name: enable-core-dump + resources: {} + securityContext: + privileged: true + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +################################################################################################## +# Ratings service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: ratings + labels: + app: ratings +spec: + ports: + - port: 9080 + name: http + selector: + app: ratings +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + name: ratings-v1 +spec: + replicas: 1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"1e8f480eee0d2c455cb96c4acc9a723ca2b4bff32a7837e65787a5ef6853c820","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"]}' + creationTimestamp: null + labels: + app: ratings + version: v1 + spec: + containers: + - image: istio/examples-bookinfo-ratings-v1:1.5.0 + imagePullPolicy: IfNotPresent + name: ratings + ports: + - containerPort: 9080 + resources: {} + - args: + - proxy + - sidecar + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - ratings + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15003 + - --discoveryRefreshDelay + - 1s + - --zipkinAddress + - zipkin.istio-system:9411 + - --connectTimeout + - 10s + - --statsdUdpAddress + - istio-mixer.istio-system:9125 + - --proxyAdminPort + - "15000" + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: docker.io/istio/proxy:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-proxy + resources: {} + securityContext: + privileged: false + readOnlyRootFilesystem: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - args: + - -p + - "15001" + - -u + - "1337" + image: docker.io/istio/proxy_init:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-init + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - args: + - -c + - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c + unlimited + command: + - /bin/sh + image: alpine + imagePullPolicy: IfNotPresent + name: enable-core-dump + resources: {} + securityContext: + privileged: true + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +################################################################################################## +# Reviews service +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: reviews + labels: + app: reviews +spec: + ports: + - port: 9080 + name: http + selector: + app: reviews +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + name: reviews-v1 +spec: + replicas: 1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"1e8f480eee0d2c455cb96c4acc9a723ca2b4bff32a7837e65787a5ef6853c820","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"]}' + creationTimestamp: null + labels: + app: reviews + version: v1 + spec: + containers: + - image: istio/examples-bookinfo-reviews-v1:1.5.0 + imagePullPolicy: IfNotPresent + name: reviews + ports: + - containerPort: 9080 + resources: {} + - args: + - proxy + - sidecar + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - reviews + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15003 + - --discoveryRefreshDelay + - 1s + - --zipkinAddress + - zipkin.istio-system:9411 + - --connectTimeout + - 10s + - --statsdUdpAddress + - istio-mixer.istio-system:9125 + - --proxyAdminPort + - "15000" + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: docker.io/istio/proxy:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-proxy + resources: {} + securityContext: + privileged: false + readOnlyRootFilesystem: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - args: + - -p + - "15001" + - -u + - "1337" + image: docker.io/istio/proxy_init:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-init + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - args: + - -c + - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c + unlimited + command: + - /bin/sh + image: alpine + imagePullPolicy: IfNotPresent + name: enable-core-dump + resources: {} + securityContext: + privileged: true + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + name: reviews-v2 +spec: + replicas: 1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"1e8f480eee0d2c455cb96c4acc9a723ca2b4bff32a7837e65787a5ef6853c820","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"]}' + creationTimestamp: null + labels: + app: reviews + version: v2 + spec: + containers: + - image: istio/examples-bookinfo-reviews-v2:1.5.0 + imagePullPolicy: IfNotPresent + name: reviews + ports: + - containerPort: 9080 + resources: {} + - args: + - proxy + - sidecar + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - reviews + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15003 + - --discoveryRefreshDelay + - 1s + - --zipkinAddress + - zipkin.istio-system:9411 + - --connectTimeout + - 10s + - --statsdUdpAddress + - istio-mixer.istio-system:9125 + - --proxyAdminPort + - "15000" + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: docker.io/istio/proxy:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-proxy + resources: {} + securityContext: + privileged: false + readOnlyRootFilesystem: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - args: + - -p + - "15001" + - -u + - "1337" + image: docker.io/istio/proxy_init:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-init + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - args: + - -c + - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c + unlimited + command: + - /bin/sh + image: alpine + imagePullPolicy: IfNotPresent + name: enable-core-dump + resources: {} + securityContext: + privileged: true + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + name: reviews-v3 +spec: + replicas: 1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"1e8f480eee0d2c455cb96c4acc9a723ca2b4bff32a7837e65787a5ef6853c820","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"]}' + creationTimestamp: null + labels: + app: reviews + version: v3 + spec: + containers: + - image: istio/examples-bookinfo-reviews-v3:1.5.0 + imagePullPolicy: IfNotPresent + name: reviews + ports: + - containerPort: 9080 + resources: {} + - args: + - proxy + - sidecar + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - reviews + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15003 + - --discoveryRefreshDelay + - 1s + - --zipkinAddress + - zipkin.istio-system:9411 + - --connectTimeout + - 10s + - --statsdUdpAddress + - istio-mixer.istio-system:9125 + - --proxyAdminPort + - "15000" + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: docker.io/istio/proxy:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-proxy + resources: {} + securityContext: + privileged: false + readOnlyRootFilesystem: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - args: + - -p + - "15001" + - -u + - "1337" + image: docker.io/istio/proxy_init:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-init + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - args: + - -c + - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c + unlimited + command: + - /bin/sh + image: alpine + imagePullPolicy: IfNotPresent + name: enable-core-dump + resources: {} + securityContext: + privileged: true + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +################################################################################################## +# Productpage services +################################################################################################## +apiVersion: v1 +kind: Service +metadata: + name: productpage + labels: + app: productpage +spec: + ports: + - port: 9080 + name: http + selector: + app: productpage +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + name: productpage-v1 +spec: + replicas: 1 + strategy: {} + template: + metadata: + annotations: + sidecar.istio.io/status: '{"version":"1e8f480eee0d2c455cb96c4acc9a723ca2b4bff32a7837e65787a5ef6853c820","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"]}' + creationTimestamp: null + labels: + app: productpage + version: v1 + spec: + containers: + - image: istio/examples-bookinfo-productpage-v1:1.5.0 + imagePullPolicy: IfNotPresent + name: productpage + ports: + - containerPort: 9080 + resources: {} + - args: + - proxy + - sidecar + - --configPath + - /etc/istio/proxy + - --binaryPath + - /usr/local/bin/envoy + - --serviceCluster + - productpage + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --discoveryAddress + - istio-pilot.istio-system:15003 + - --discoveryRefreshDelay + - 1s + - --zipkinAddress + - zipkin.istio-system:9411 + - --connectTimeout + - 10s + - --statsdUdpAddress + - istio-mixer.istio-system:9125 + - --proxyAdminPort + - "15000" + - --controlPlaneAuthPolicy + - NONE + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: docker.io/istio/proxy:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-proxy + resources: {} + securityContext: + privileged: false + readOnlyRootFilesystem: true + runAsUser: 1337 + volumeMounts: + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + initContainers: + - args: + - -p + - "15001" + - -u + - "1337" + image: docker.io/istio/proxy_init:0.6.0 + imagePullPolicy: IfNotPresent + name: istio-init + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - args: + - -c + - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c + unlimited + command: + - /bin/sh + image: alpine + imagePullPolicy: IfNotPresent + name: enable-core-dump + resources: {} + securityContext: + privileged: true + volumes: + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-certs + secret: + optional: true + secretName: istio.default +status: {} +--- +########################################################################### +# Ingress resource (gateway) +########################################################################## +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: gateway + annotations: + kubernetes.io/ingress.class: "istio" +spec: + rules: + - http: + paths: + - path: /productpage + backend: + serviceName: productpage + servicePort: 9080 + - path: /login + backend: + serviceName: productpage + servicePort: 9080 + - path: /logout + backend: + serviceName: productpage + servicePort: 9080 + - path: /api/v1/products.* + backend: + serviceName: productpage + servicePort: 9080 +---