apiVersion: v1 kind: Service metadata: name: api-gateway namespace: egommerce spec: type: NodePort ports: - name: api-gateway-https port: 8443 nodePort: 31800 - name: api-gateway-stats port: 1024 nodePort: 31899 selector: app: api-gateway --- kind: IngressClass apiVersion: networking.k8s.io/v1 metadata: name: haproxy namespace: egommerce spec: controller: haproxy.org/ingress-controller/haproxy --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: api-gateway namespace: egommerce annotations: haproxy.org/server-ssl: "true" haproxy.org/server-ca: "egommerce/ca-root" haproxy.org/path-rewrite: | /api/identity/(.*) /\1 /api/catalog/(.*) /\1 spec: ingressClassName: haproxy tls: - secretName: api-gateway-cert hosts: - egommerce.io # CHANGE TO PROD DOMAIN rules: - host: egommerce.io # CHANGE TO PROD DOMAIN http: paths: - path: /api/identity pathType: Prefix backend: service: name: identity-svc port: number: 443 - path: /api/catalog pathType: Prefix backend: service: name: catalog-svc port: number: 443 --- apiVersion: apps/v1 kind: Deployment metadata: name: api-gateway namespace: egommerce spec: replicas: 1 selector: matchLabels: app: api-gateway template: metadata: labels: app: api-gateway spec: restartPolicy: Always containers: - name: api-gateway image: git.ego.freeddns.org/egommerce/api-gateway:dev imagePullPolicy: Always resources: limits: cpu: 100m memory: 512Mi requests: cpu: 50m memory: 256Mi ports: - containerPort: 8443 args: - --publish-service=egommerce/api-gateway - --ingress.class=haproxy - --https-bind-port=8443 env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP securityContext: capabilities: add: - NET_BIND_SERVICE drop: - ALL # runAsUser: 1000 # runAsGroup: 1000 # runAsNonRoot: true # allowPrivilegeEscalation: false # seccompProfile: # type: RuntimeDefault