Update
This commit is contained in:
@@ -1,4 +1,20 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: api-gateway-config
|
||||
namespace: egommerce
|
||||
data:
|
||||
global-config-snippet: |
|
||||
# lua-prepend-path /usr/local/lib/lua/5.4/?.lua
|
||||
# set-dumpable
|
||||
log 127.0.0.1 local0 debug
|
||||
lua-load /etc/haproxy/lua/jwt_auth.lua
|
||||
frontend-config-snippet: |
|
||||
http-request lua.jwt_auth
|
||||
http-response lua.jwt_auth
|
||||
# http-request deny if !{ var(txn.authenticated) -m bool }
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: api-gateway
|
||||
@@ -18,11 +34,10 @@ spec:
|
||||
kind: IngressClass
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: haproxy
|
||||
name: api-gateway
|
||||
namespace: egommerce
|
||||
spec:
|
||||
controller: haproxy.org/ingress-controller/haproxy
|
||||
# PROBABLY NOT NEEDED :D
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
@@ -32,18 +47,23 @@ metadata:
|
||||
annotations:
|
||||
haproxy.org/server-ssl: "true"
|
||||
haproxy.org/server-ca: "egommerce/ca-root"
|
||||
haproxy.org/server-alpn: "h2,http/1.1"
|
||||
haproxy.org/enable-lua: "true"
|
||||
haproxy.org/backend-config-snippet: |
|
||||
http-response set-header X-Custom-Backend-Header "value"
|
||||
haproxy.org/path-rewrite: |
|
||||
/api/identity/(.*) /\1
|
||||
/api/catalog/(.*) /\1
|
||||
/api/basket/(.*) /\1
|
||||
/api/config/(.*) /\1
|
||||
spec:
|
||||
ingressClassName: haproxy
|
||||
ingressClassName: api-gateway
|
||||
tls:
|
||||
- secretName: api-gateway-cert
|
||||
hosts:
|
||||
- egommerce.io # CHANGE TO PROD DOMAIN
|
||||
- egommerce.io # CHANGE TO THE PROD DOMAIN
|
||||
rules:
|
||||
- host: egommerce.io # CHANGE TO PROD DOMAIN
|
||||
- host: egommerce.io # CHANGE TO THE PROD DOMAIN
|
||||
http:
|
||||
paths:
|
||||
- path: /api/identity
|
||||
@@ -67,6 +87,13 @@ spec:
|
||||
name: basket-svc
|
||||
port:
|
||||
number: 443
|
||||
- path: /api/config
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: config-svc
|
||||
port:
|
||||
number: 443
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
@@ -88,19 +115,13 @@ spec:
|
||||
- name: api-gateway
|
||||
image: git.ego.freeddns.org/egommerce/api-gateway:dev
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 512M
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 256M
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
args:
|
||||
- --publish-service=egommerce/api-gateway
|
||||
- --configmap=egommerce/api-gateway-config
|
||||
- --ingress.class=haproxy
|
||||
- --https-bind-port=8443
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
@@ -112,22 +133,34 @@ spec:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
drop:
|
||||
- ALL
|
||||
# - name: POD_IP
|
||||
# valueFrom:
|
||||
# fieldRef:
|
||||
# apiVersion: v1
|
||||
# fieldPath: status.podIP
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 512M
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 256M
|
||||
# securityContext:
|
||||
# capabilities:
|
||||
# add:
|
||||
# - NET_BIND_SERVICE
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: false
|
||||
# runAsUser: 1000
|
||||
# runAsGroup: 1000
|
||||
# runAsNonRoot: true
|
||||
# allowPrivilegeEscalation: false
|
||||
# seccompProfile:
|
||||
# type: RuntimeDefault
|
||||
volumes:
|
||||
- name: api-gateway-config
|
||||
configMap:
|
||||
name: api-gateway-config
|
||||
imagePullSecrets:
|
||||
- name: regcred
|
||||
Reference in New Issue
Block a user