From b586df9f9f6662497a4fec1e712d1d392e29d5d7 Mon Sep 17 00:00:00 2001 From: Saman Mahdanian Date: Sat, 26 Aug 2023 18:43:45 +0330 Subject: [PATCH] added contour objects to test --- config/default/manager_auth_proxy_patch.yaml | 13 ---- config/manager/manager.yaml | 74 +++++++++++-------- config/samples/cerberus_service.yaml | 21 ++++++ .../projectcontour_v1_extentionservice.yaml | 9 +++ .../samples/projectcontour_v1_httpproxy.yaml | 29 ++++++++ 5 files changed, 101 insertions(+), 45 deletions(-) create mode 100644 config/samples/cerberus_service.yaml create mode 100644 config/samples/projectcontour_v1_extentionservice.yaml create mode 100644 config/samples/projectcontour_v1_httpproxy.yaml diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 04b5893..a88a7bb 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -50,16 +50,3 @@ spec: memory: 64Mi - name: manager image: ghcr.io/snapp-incubator/cerberus:2a3566 - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--address=127.0.0.1:8082" - resources: - limits: - cpu: 500m - memory: 2Gi - requests: - cpu: 5m - memory: 2Gi - ports: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 4fb4f82..45fbbc2 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -66,37 +66,47 @@ spec: # seccompProfile: # type: RuntimeDefault containers: - - command: - - /manager - args: - - --leader-elect - image: ghcr.io/snapp-incubator/cerberus:main - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi + - command: + - /manager + args: + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--address=127.0.0.1:8082" + image: ghcr.io/snapp-incubator/cerberus:main + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + - containerPort: 8082 + name: grpc + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 1 + memory: 2Gi serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/samples/cerberus_service.yaml b/config/samples/cerberus_service.yaml new file mode 100644 index 0000000..bc5e087 --- /dev/null +++ b/config/samples/cerberus_service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: cerberus + app.kubernetes.io/instance: cerberus + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: cerberus + control-plane: controller-manager + name: cerberus +spec: + ports: + - name: https + port: 8082 + protocol: TCP + targetPort: grpc + selector: + control-plane: controller-manager + type: ClusterIP diff --git a/config/samples/projectcontour_v1_extentionservice.yaml b/config/samples/projectcontour_v1_extentionservice.yaml new file mode 100644 index 0000000..48451f3 --- /dev/null +++ b/config/samples/projectcontour_v1_extentionservice.yaml @@ -0,0 +1,9 @@ +apiVersion: projectcontour.io/v1alpha1 +kind: ExtensionService +metadata: + name: cerberus-auth +spec: + protocol: h2 + services: + - name: cerberus + port: 8082 diff --git a/config/samples/projectcontour_v1_httpproxy.yaml b/config/samples/projectcontour_v1_httpproxy.yaml new file mode 100644 index 0000000..779ea1c --- /dev/null +++ b/config/samples/projectcontour_v1_httpproxy.yaml @@ -0,0 +1,29 @@ +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: cerberus-test-route + namespace: monitoring +spec: + ingressClassName: private + routes: + - conditions: + - exact: / + enableWebsockets: false + permitInsecure: false + authorization: + extensionRef: + namespace: cerberus-system + name: cerberus-auth + authPolicy: + context: + X-Cerberus-Webservice: "cerberus-webservice-sample" + services: + - name: health-be + port: 8080 + weight: 100 + timeoutPolicy: + idle: 5m + idleConnection: 1h + response: 30s + virtualhost: + fqdn: test.cerberus.snappcloud.io