added contour objects to test

snapp-incubator · Aug 26, 2023 · b586df9 · b586df9
1 parent b16a88f
commit b586df9
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 45 deletions.
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -50,16 +50,3 @@ spec:
               memory: 64Mi
         - name: manager
           image: ghcr.io/snapp-incubator/cerberus:2a3566
-          args:
-            - "--health-probe-bind-address=:8081"
-            - "--metrics-bind-address=127.0.0.1:8080"
-            - "--leader-elect"
-            - "--address=127.0.0.1:8082"
-          resources:
-            limits:
-              cpu: 500m
-              memory: 2Gi
-            requests:
-              cpu: 5m
-              memory: 2Gi
-          ports:
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -66,37 +66,47 @@ spec:
         # seccompProfile:
         #   type: RuntimeDefault
       containers:
-      - command:
-        - /manager
-        args:
-        - --leader-elect
-        image: ghcr.io/snapp-incubator/cerberus:main
-        name: manager
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-              - "ALL"
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
+        - command:
+            - /manager
+          args:
+            - "--health-probe-bind-address=:8081"
+            - "--metrics-bind-address=127.0.0.1:8080"
+            - "--leader-elect"
+            - "--address=127.0.0.1:8082"
+          image: ghcr.io/snapp-incubator/cerberus:main
+          name: manager
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+          ports:
+            - containerPort: 8080
+              name: metrics
+              protocol: TCP
+            - containerPort: 8082
+              name: grpc
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          # TODO(user): Configure the resources accordingly based on the project requirements.
+          # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+          resources:
+            limits:
+              cpu: 1
+              memory: 2Gi
+            requests:
+              cpu: 1
+              memory: 2Gi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/config/samples/cerberus_service.yaml b/config/samples/cerberus_service.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: cerberus
+    app.kubernetes.io/instance: cerberus
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: service
+    app.kubernetes.io/part-of: cerberus
+    control-plane: controller-manager
+  name: cerberus
+spec:
+  ports:
+    - name: https
+      port: 8082
+      protocol: TCP
+      targetPort: grpc
+  selector:
+    control-plane: controller-manager
+  type: ClusterIP
diff --git a/config/samples/projectcontour_v1_extentionservice.yaml b/config/samples/projectcontour_v1_extentionservice.yaml
@@ -0,0 +1,9 @@
+apiVersion: projectcontour.io/v1alpha1
+kind: ExtensionService
+metadata:
+  name: cerberus-auth
+spec:
+  protocol: h2
+  services:
+    - name: cerberus
+      port: 8082
diff --git a/config/samples/projectcontour_v1_httpproxy.yaml b/config/samples/projectcontour_v1_httpproxy.yaml
@@ -0,0 +1,29 @@
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: cerberus-test-route
+  namespace: monitoring
+spec:
+  ingressClassName: private
+  routes:
+    - conditions:
+        - exact: /
+      enableWebsockets: false
+      permitInsecure: false
+      authorization:
+        extensionRef:
+          namespace: cerberus-system
+          name: cerberus-auth
+        authPolicy:
+          context:
+            X-Cerberus-Webservice: "cerberus-webservice-sample"
+      services:
+        - name: health-be
+          port: 8080
+          weight: 100
+      timeoutPolicy:
+        idle: 5m
+        idleConnection: 1h
+        response: 30s
+  virtualhost:
+    fqdn: test.cerberus.snappcloud.io