├── .gitignore
├── .gitattributes
├── plow-loadgen
├── README.md
├── helm
│ ├── index.yaml
│ ├── Chart.yaml
│ ├── values.yaml
│ └── templates
│ │ └── plow.yaml
└── deploy
│ ├── argo
│ └── plow-loadgen-argo.yaml
│ └── yaml
│ └── plow-loadgen.yaml
├── assets
├── solo-logo-1.jpg
├── solo-logo-2.jpg
├── httpbin-logo-1.jpg
└── petstore-logo-1.jpg
├── httpbin
├── config-examples
│ ├── gloo-mesh
│ │ └── 2.0.x
│ │ │ ├── httpbin-ns.yaml
│ │ │ ├── httpbin-workspace.yaml
│ │ │ ├── httpbin-oidc-client-secret.yaml
│ │ │ ├── httpbin-ratelimitclientconfig.yaml
│ │ │ ├── httpbin-okta-jwks-externalservice.yaml
│ │ │ ├── httpbin-ratelimitserversettings.yaml
│ │ │ ├── httpbin-workspacesettings.yaml
│ │ │ ├── httpbin-okta-jwks-externalendpoint.yaml
│ │ │ ├── httpbin-jwt-transformationpolicy.yaml
│ │ │ ├── httpbin-ratelimitserverconfig.yaml
│ │ │ ├── httpbin-ratelimitpolicy.yaml
│ │ │ ├── httpbin-wafpolicy-log4shell.yaml
│ │ │ ├── httpbin-rt-80.yaml
│ │ │ ├── httpbin-oauth-rt-443.yaml
│ │ │ ├── httpbin-in-mesh.yaml
│ │ │ ├── httpbin-not-in-mesh.yaml
│ │ │ ├── httpbin-ratelimit-transformationpolicy.yaml
│ │ │ ├── httpbin-jwtpolicy.yaml
│ │ │ ├── httpbin-opa-policy.yaml
│ │ │ └── httpbin-extauth-policy.yaml
│ └── edge
│ │ └── httpbin-vs-80.yaml
└── deploy
│ └── yaml
│ └── httpbin.yaml
├── argocd
├── deploy
│ ├── insecure
│ │ ├── overlays
│ │ │ └── argocd-server-insecure.yaml
│ │ └── kustomization.yaml
│ ├── insecure-rootpath-ocp
│ │ ├── overlays
│ │ │ ├── argocd-redis-uid-patch.yaml
│ │ │ └── argocd-server-insecure-rootpath.yaml
│ │ └── kustomization.yaml
│ ├── default
│ │ ├── base
│ │ │ └── rollouts-extension.yaml
│ │ ├── overlays
│ │ │ ├── argocd-cmd-params-cm.yaml
│ │ │ ├── application-controller-status-processors.yaml
│ │ │ └── argocd-cm.yaml
│ │ └── kustomization.yaml
│ ├── insecure-rootpath
│ │ ├── kustomization.yaml
│ │ └── overlays
│ │ │ ├── argocd-server-insecure-rootpath.yaml
│ │ │ └── argocd-cmd-params-cm.yaml
│ └── install-argocd.sh
├── config-examples
│ ├── edge
│ │ ├── argocd-vs-80.yaml
│ │ └── argocd-vs-443.yaml
│ └── gloo-mesh
│ │ └── 2.0.x
│ │ ├── argocd-mgmt-rt-443.yaml
│ │ ├── argocd-mgmt-rt-80.yaml
│ │ ├── argocd-cluster1-rt-80.yaml
│ │ └── argocd-cluster2-rt-80.yaml
└── README.md
├── bombardier-loadgen
├── README.md
├── helm
│ ├── Chart.yaml
│ ├── values.yaml
│ └── templates
│ │ └── bombardier.yaml
└── deploy
│ ├── yaml
│ └── bombardier.yaml
│ └── argo
│ └── bombardier-httpbin-argo.yaml
├── solowallet
├── deploy
│ └── yaml
│ │ ├── bank-demo-ns.yaml
│ │ ├── bank-demo-workspace.yaml
│ │ ├── bank-demo-workspacesettings.yaml
│ │ ├── kustomization.yaml
│ │ ├── bank-config.yaml
│ │ └── bank-contacts.yaml
└── config-examples
│ └── gloo-mesh
│ └── 2.0.x
│ └── bank-demo-rt-443.yaml
├── gloo-edge
├── gloo-gateway-v2
│ └── 2.0.0-beta1
│ │ ├── templates
│ │ ├── NOTES.txt
│ │ ├── gatewayclass.yaml
│ │ ├── serviceaccount.yaml
│ │ ├── service.yaml
│ │ ├── gateway
│ │ │ └── hpa.yaml
│ │ └── rbac.yaml
│ │ ├── .helmignore
│ │ └── Chart.yaml
├── deploy
│ ├── helm-values
│ │ ├── values-fed.yaml
│ │ ├── values-nofed.yaml
│ │ └── README.md
│ └── argo
│ │ ├── crds
│ │ └── gloo-edge-crds.yaml
│ │ ├── oss
│ │ ├── 1.10.x
│ │ │ └── gloo-edge-oss.yaml
│ │ ├── 1.11.x
│ │ │ └── gloo-edge-oss.yaml
│ │ ├── 1.12.x
│ │ │ └── gloo-edge-oss.yaml
│ │ ├── 1.8.x
│ │ │ └── gloo-edge-oss.yaml
│ │ └── 1.9.x
│ │ │ └── gloo-edge-oss.yaml
│ │ └── ee
│ │ ├── 1.8.x
│ │ ├── gloo-edge-ee-fed.yaml
│ │ └── gloo-edge-ee-nofed.yaml
│ │ ├── 1.9.x
│ │ ├── gloo-edge-ee-fed.yaml
│ │ └── gloo-edge-ee-nofed.yaml
│ │ ├── 1.12.x
│ │ ├── gloo-edge-ee-fed.yaml
│ │ └── gloo-edge-ee-nofed.yaml
│ │ ├── 1.10.x
│ │ ├── gloo-edge-ee-fed.yaml
│ │ └── gloo-edge-ee-nofed.yaml
│ │ └── 1.11.x
│ │ ├── gloo-edge-ee-fed.yaml
│ │ └── gloo-edge-ee-nofed.yaml
└── gloo-edge-crds
│ ├── 1.11.50
│ ├── ratelimit_config.yaml
│ ├── fed.enterprise.gloo.solo.io_v1_crds.yaml
│ ├── fed.ratelimit.solo.io_v1alpha1_crds.yaml
│ ├── multicluster.solo.io_v1alpha1_crds.yaml
│ ├── fed.solo.io_v1_crds.yaml
│ └── fed.gloo.solo.io_v1_crds.yaml
│ └── 1.12.44
│ ├── ratelimit_config.yaml
│ ├── fed.enterprise.gloo.solo.io_v1_crds.yaml
│ ├── fed.ratelimit.solo.io_v1alpha1_crds.yaml
│ ├── fed.solo.io_v1_crds.yaml
│ ├── multicluster.solo.io_v1alpha1_crds.yaml
│ └── fed.gloo.solo.io_v1_crds.yaml
├── gloo-mesh
├── deploy
│ ├── helm-values
│ │ ├── values.yaml
│ │ └── README.md
│ └── argo
│ │ ├── gloo-mesh-crds.yaml
│ │ ├── gloo-mesh-addons.yaml
│ │ ├── gloo-mesh-ee-helm-disableca.yaml
│ │ └── gloo-mesh-agent.yaml
└── gloo-mesh-crds
│ ├── 2.1.0
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ ├── 2.1.1
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ ├── 2.1.2
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ ├── 2.2.0
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ ├── 2.2.4
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ ├── 2.2.5
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ ├── 2.2.6
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
│ └── 2.3.0-beta3
│ ├── auth_config.yaml
│ ├── ratelimit.solo.io_v1alpha1_crds.yaml
│ └── install.istio.io_v1alpha1_crds.yaml
├── gloo-portal
└── deploy
│ ├── helm-values
│ ├── values.yaml
│ └── README.md
│ └── argo
│ └── gloo-portal-helm.yaml
├── cert-manager
├── deploy
│ ├── helm-values
│ │ ├── values.yaml
│ │ └── README.md
│ └── argo
│ │ ├── cert-manager.yaml
│ │ └── 1.7-cert-manager-crds.yaml
└── README.md
├── istio
├── deploy
│ ├── addons
│ │ ├── kustomization.yaml
│ │ └── jaeger.yaml
│ ├── argo
│ │ ├── istio-base.yaml
│ │ ├── istio-ingressgateway.yaml
│ │ ├── istiod.yaml
│ │ └── istio-eastwestgateway.yaml
│ └── helm-values
│ │ ├── istiod-values.yaml
│ │ ├── istio-eastwestgateway-values.yaml
│ │ ├── istio-ingressgateway-values.yaml
│ │ └── README.md
└── dashboards
│ └── kustomization.yaml
├── helloworld
├── deploy
│ └── yaml
│ │ ├── kustomization.yaml
│ │ ├── service.yaml
│ │ ├── analysis.yaml
│ │ ├── gateway.yaml
│ │ └── rollout.yaml
├── base
│ └── argo-rollout
│ │ ├── kustomization.yaml
│ │ ├── service.yaml
│ │ ├── analysis.yaml
│ │ ├── gateway.yaml
│ │ └── rollout.yaml
├── overlay
│ └── app
│ │ └── argo-rollout
│ │ └── namespace
│ │ └── default
│ │ └── kustomization.yaml
├── argo
│ └── app
│ │ └── argo-rollout
│ │ └── namespace
│ │ └── default
│ │ └── helloworld-rollout.yaml
└── README.md
├── petstore
└── deploy
│ └── yaml
│ ├── petstore-portal
│ ├── developer1-password.yaml
│ ├── petstore-apidoc-v1-pets.yaml
│ ├── petstore-apidoc-v1-users.yaml
│ ├── petstore-apidoc-v2-full.yaml
│ ├── staticpage-faq.yaml
│ ├── kustomization.yaml
│ ├── developer1-user.yaml
│ ├── developers-group.yaml
│ ├── petstore-v1.yaml
│ ├── petstore-v2.yaml
│ ├── petstore-apiproduct.yaml
│ ├── petstore-dev-environment.yaml
│ └── ecommerce-portal.yaml
│ ├── petstore.yaml
│ └── petstore-swaggerapi.yaml
├── bookinfo
├── config-examples
│ ├── gloo-mesh
│ │ └── 2.0.x
│ │ │ ├── bookinfo-workspace.yaml
│ │ │ ├── bookinfo-ratelimitclientconfig.yaml
│ │ │ ├── bookinfo-ratelimitserversettings.yaml
│ │ │ ├── bookinfo-workspacesettings.yaml
│ │ │ ├── bookinfo-ratelimitserverconfig.yaml
│ │ │ ├── bookinfo-ratelimitpolicy.yaml
│ │ │ ├── bookinfo-wafpolicy-log4shell.yaml
│ │ │ ├── bookinfo-rt-80.yaml
│ │ │ ├── bookinfo-oauth-rt-443.yaml
│ │ │ ├── bookinfo-ratelimit-transformationfilter.yaml
│ │ │ └── bookinfo-extauth-policy.yaml
│ ├── istio
│ │ ├── bookinfo-gateway.yaml
│ │ └── bookinfo-vs.yaml
│ └── edge
│ │ ├── single-destination-vs-80.yaml
│ │ └── multi-destination-vs-80.yaml
└── deploy
│ └── yaml
│ ├── separated-yaml
│ ├── details-serviceaccount.yaml
│ ├── ratings-serviceaccount.yaml
│ ├── reviews-serviceacount.yaml
│ ├── productpage-serviceaccount.yaml
│ ├── details-service.yaml
│ ├── ratings-service.yaml
│ ├── reviews-service.yaml
│ ├── productpage-service.yaml
│ ├── details-deployment.yaml
│ ├── ratings-deployment.yaml
│ ├── productpage-deployment.yaml
│ ├── reviews-v1-deployment.yaml
│ ├── reviews-v3-deployment.yaml
│ └── reviews-v2-deployment.yaml
│ └── bookinfo-frontends-ns
│ └── bookinfo-frontends.yaml
├── argo-rollouts
└── README.md
├── homer-portal
├── deploy
│ └── helm-values
│ │ └── README.md
└── config-examples
│ └── gloo-mesh
│ └── 2.0.x
│ └── homer-rt-443.yaml
├── keycloak
├── config-examples
│ └── edge
│ │ ├── keycloak-vs-80.yaml
│ │ └── keycloak-vs-443.yaml
└── deploy
│ └── yaml
│ ├── keycloak-12.0.4.yaml
│ └── keycloak-15.0.2.yaml
├── flagger
└── deploy
│ ├── helm-values
│ └── README.md
│ └── argo
│ ├── flagger-prometheus.yaml
│ └── flagger.yaml
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 | /template
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/plow-loadgen/README.md:
--------------------------------------------------------------------------------
1 | # Load Gen tool based on Plow
2 | https://github.com/six-ddc/plow
--------------------------------------------------------------------------------
/assets/solo-logo-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/HEAD/assets/solo-logo-1.jpg
--------------------------------------------------------------------------------
/assets/solo-logo-2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/HEAD/assets/solo-logo-2.jpg
--------------------------------------------------------------------------------
/assets/httpbin-logo-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/HEAD/assets/httpbin-logo-1.jpg
--------------------------------------------------------------------------------
/assets/petstore-logo-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/HEAD/assets/petstore-logo-1.jpg
--------------------------------------------------------------------------------
/plow-loadgen/helm/index.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | entries: {}
3 | generated: "2022-09-28T14:33:44.633012-07:00"
4 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: httpbin
--------------------------------------------------------------------------------
/argocd/deploy/insecure/overlays/argocd-server-insecure.yaml:
--------------------------------------------------------------------------------
1 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --insecure}
--------------------------------------------------------------------------------
/bombardier-loadgen/README.md:
--------------------------------------------------------------------------------
1 | # Load Gen tool based on Bombardier
2 | https://github.com/codesenberg/bombardier
3 |
4 | Bombardier in a container
--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-demo-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | labels:
5 | istio.io/rev: 1-13
6 | name: bank-demo
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | 1. Get the status of the these commands:
2 |
3 | kubectl get pods --namespace {{ .Release.Namespace }}
--------------------------------------------------------------------------------
/plow-loadgen/helm/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: plow-loadgen
3 | description: a plow-loadgen tool
4 | type: application
5 | version: 0.1.0
6 | appVersion: "v1.3.1"
--------------------------------------------------------------------------------
/bombardier-loadgen/helm/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: bombardier-loadgen
3 | description: a bombardier-loadgen tool
4 | type: application
5 | version: 0.1.0
6 | appVersion: "v1.2.5"
--------------------------------------------------------------------------------
/gloo-mesh/deploy/helm-values/values.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | cluster: mgmt
3 | mgmtClusterName: mgmt
4 | glooMeshMgmtServer:
5 | serviceType: LoadBalancer
6 | ports:
7 | healthcheck: 8091
8 | glooMeshUi:
9 | serviceType: ClusterIP
10 | enabled: true
--------------------------------------------------------------------------------
/gloo-portal/deploy/helm-values/values.yaml:
--------------------------------------------------------------------------------
1 | glooEdge:
2 | enabled: true
3 | istio:
4 | enabled: false
5 | glooMesh:
6 | enabled: false
7 | licenseKey:
8 | secretRef:
9 | name: license
10 | namespace: gloo-system
11 | key: license-key
--------------------------------------------------------------------------------
/cert-manager/deploy/helm-values/values.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | cluster: mgmt
3 | mgmtClusterName: mgmt
4 | glooMeshMgmtServer:
5 | serviceType: LoadBalancer
6 | ports:
7 | healthcheck: 8091
8 | glooMeshUi:
9 | serviceType: ClusterIP
10 | enabled: true
--------------------------------------------------------------------------------
/istio/deploy/addons/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | # list of Resource Config to be Applied
6 | resources:
7 | - grafana.yaml
8 | - jaeger.yaml
9 | - kiali.yaml
10 | - prometheus.yaml
--------------------------------------------------------------------------------
/helloworld/deploy/yaml/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | # list of Resource Config to be Applied
6 | resources:
7 | - rollout.yaml
8 | - service.yaml
9 | - analysis.yaml
10 | - gateway.yaml
--------------------------------------------------------------------------------
/helloworld/deploy/yaml/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: helloworld
5 | labels:
6 | app: helloworld
7 | service: helloworld
8 | spec:
9 | ports:
10 | - port: 5000
11 | name: http
12 | selector:
13 | app: helloworld
--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | # list of Resource Config to be Applied
6 | resources:
7 | - rollout.yaml
8 | - service.yaml
9 | - analysis.yaml
10 | - gateway.yaml
--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: helloworld
5 | labels:
6 | app: helloworld
7 | service: helloworld
8 | spec:
9 | ports:
10 | - port: 5000
11 | name: http
12 | selector:
13 | app: helloworld
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/developer1-password.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 | password: JDJhJDEwJFYySllBdm9jd1EvOUhHZk44eTlQdU9uWVEvRDIvb1VDbkw1TUtLNkNFTzBEUWJ1WXZNRUhP
4 | kind: Secret
5 | metadata:
6 | name: developer1-password
7 | namespace: gloo-portal
8 | type: Opaque
--------------------------------------------------------------------------------
/gloo-edge/deploy/helm-values/values-fed.yaml:
--------------------------------------------------------------------------------
1 | gloo-fed:
2 | enabled: true
3 | create_license_secret: false
4 | glooFedApiserver:
5 | enable: true
6 | # set extauth requestTimeout to 2s for okta OIDC workflow
7 | global:
8 | extensions:
9 | extAuth:
10 | requestTimeout: 2s
--------------------------------------------------------------------------------
/bombardier-loadgen/helm/values.yaml:
--------------------------------------------------------------------------------
1 | url: https://www.google.com
2 | name_suffix: loadgenerator
3 | namespace: default
4 |
5 | bombardier:
6 | loops: 100
7 | connections: 1
8 | duration_seconds: 30s
9 | rate: 1
10 |
11 | resources:
12 | requests:
13 | cpu: 20m
14 | memory: 60Mi
--------------------------------------------------------------------------------
/gloo-edge/deploy/helm-values/values-nofed.yaml:
--------------------------------------------------------------------------------
1 | gloo-fed:
2 | enabled: false
3 | create_license_secret: false
4 | glooFedApiserver:
5 | enable: true
6 | # set extauth requestTimeout to 2s for okta OIDC workflow
7 | global:
8 | extensions:
9 | extAuth:
10 | requestTimeout: 2s
--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-demo-workspace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: Workspace
3 | metadata:
4 | name: bank-lob
5 | namespace: gloo-mesh
6 | labels:
7 | allow_ingress: "true"
8 | spec:
9 | workloadClusters:
10 | - name: mgmt
11 | namespaces:
12 | - name: bank-demo
--------------------------------------------------------------------------------
/helloworld/overlay/app/argo-rollout/namespace/default/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | # list of Resource Config to be Applied
6 | resources:
7 | - ../../../../../base/argo-rollout/
8 |
9 | namespace: default
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-workspace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: Workspace
3 | metadata:
4 | name: httpbin
5 | namespace: gloo-mesh
6 | labels:
7 | allow_ingress: "true"
8 | spec:
9 | workloadClusters:
10 | - name: mgmt
11 | namespaces:
12 | - name: httpbin
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-oidc-client-secret.yaml:
--------------------------------------------------------------------------------
1 | # secrets must be in each namespace
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: httpbin-oidc-client-secret
6 | namespace: httpbin
7 | type: extauth.solo.io/oauth
8 | data:
9 | client-secret: X01TOVBKNTJOcFVKzzhIajJuRTR6ajkwaFg2QkZrVzYxU2RhWEpmRQ==
--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath-ocp/overlays/argocd-redis-uid-patch.yaml:
--------------------------------------------------------------------------------
1 | # removes default runAsUser: 999
2 | - {op: remove, path: /spec/template/spec/securityContext/runAsUser}
3 |
4 | # replace default runAsUser: 999 with UID within OpenShift restricted SCC range
5 | #- {op: replace, path: /spec/template/spec/securityContext/runAsUser, value: 1000670000}
--------------------------------------------------------------------------------
/argocd/deploy/default/base/rollouts-extension.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: ArgoCDExtension
3 | metadata:
4 | finalizers:
5 | - extensions-finalizer.argocd.argoproj.io
6 | name: argo-rollouts
7 | spec:
8 | sources:
9 | - web:
10 | url: https://github.com/argoproj-labs/rollout-extension/releases/download/v0.3.1/extension.tar
--------------------------------------------------------------------------------
/argocd/deploy/insecure/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - ../default
6 |
7 | namespace: argocd
8 |
9 | patchesJson6902:
10 | - path: overlays/argocd-server-insecure.yaml
11 | target:
12 | group: apps
13 | kind: Deployment
14 | name: argocd-server
15 | version: v1
16 |
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-workspace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: Workspace
3 | metadata:
4 | labels:
5 | allow_ingress: "true"
6 | name: bookinfo
7 | namespace: gloo-mesh
8 | spec:
9 | workloadClusters:
10 | - name: mgmt
11 | namespaces:
12 | - name: bookinfo-frontends
13 | - name: bookinfo-backends
--------------------------------------------------------------------------------
/bookinfo/config-examples/istio/bookinfo-gateway.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1alpha3
2 | kind: Gateway
3 | metadata:
4 | name: bookinfo-gateway
5 | spec:
6 | selector:
7 | istio: ingressgateway # use istio default controller
8 | servers:
9 | - port:
10 | number: 80
11 | name: http
12 | protocol: HTTP
13 | hosts:
14 | - "*"
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apidoc-v1-pets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: APIDoc
3 | metadata:
4 | name: petstore-openapi-v1-pets
5 | namespace: default
6 | spec:
7 | openApi:
8 | content:
9 | fetchUrl: https://raw.githubusercontent.com/solo-io/gitops-library/main/petstore/base/openapi-specs/petstore-openapi-v1-pets.json
10 |
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apidoc-v1-users.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: APIDoc
3 | metadata:
4 | name: petstore-openapi-v1-users
5 | namespace: default
6 | spec:
7 | openApi:
8 | content:
9 | fetchUrl: https://raw.githubusercontent.com/solo-io/gitops-library/main/petstore/base/openapi-specs/petstore-openapi-v1-users.json
10 |
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apidoc-v2-full.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: APIDoc
3 | metadata:
4 | name: petstore-openapi-v2-full
5 | namespace: default
6 | spec:
7 | openApi:
8 | content:
9 | fetchUrl: https://raw.githubusercontent.com/solo-io/gitops-library/main/petstore/base/openapi-specs/petstore-openapi-v2-full.json
10 |
--------------------------------------------------------------------------------
/argo-rollouts/README.md:
--------------------------------------------------------------------------------
1 | # argo rollouts
2 |
3 | deploy argo rollouts to your cluster
4 | ```
5 | kubectl apply -f argo/argo-rollout-1.1.1.yaml
6 | ```
7 |
8 | Check to see if argo rollouts is deployed:
9 | ```
10 | kubectl get pods -n argo-rollouts
11 | NAME READY STATUS RESTARTS AGE
12 | argo-rollouts-6bc46bcfd-47plj 1/1 Running 0 125m
13 | ```
--------------------------------------------------------------------------------
/homer-portal/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Homer Link Portal
4 | ```
5 | helm repo add homer-portal https://k8s-at-home.com/charts/
6 | helm repo update
7 | helm upgrade --install homer k8s-at-home/homer --namespace web-portal --create-namespace --version 7.3.0 --values values.yaml
8 | ```
9 |
10 | ### Uninstall
11 | ```
12 | helm uninstall homer -n web-portal
13 | ```
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/gatewayclass.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controlPlane.enabled -}}
2 | kind: GatewayClass
3 | apiVersion: gateway.networking.k8s.io/v1
4 | metadata:
5 | labels:
6 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
7 | name: {{ .Values.gatewayClass.className }}
8 | spec:
9 | controllerName: {{ .Values.gatewayClass.controllerName }}
10 | {{- end }}
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/details-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Details service
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: ServiceAccount
6 | metadata:
7 | name: bookinfo-details
8 | labels:
9 | account: details
10 |
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/ratings-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Ratings service
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: ServiceAccount
6 | metadata:
7 | name: bookinfo-ratings
8 | labels:
9 | account: ratings
10 |
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-serviceacount.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Reviews service
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: ServiceAccount
6 | metadata:
7 | name: bookinfo-reviews
8 | labels:
9 | account: reviews
10 |
--------------------------------------------------------------------------------
/cert-manager/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Cert Manager
4 | ```
5 | helm repo add jetstack https://charts.jetstack.io
6 | helm repo update
7 | helm upgrade --install jetstack jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.7.2 --set-string installCRDs=true
8 | ```
9 |
10 | ### Uninstall
11 | ```
12 | helm uninstall jetstack -n cert-manager
13 | ```
--------------------------------------------------------------------------------
/gloo-portal/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Gloo Portal
4 | ```
5 | helm repo add gloo-portal https://storage.googleapis.com/dev-portal-helm
6 | helm repo update
7 | helm upgrade --install gloo-portal gloo-portal/gloo-portal --namespace gloo-portal --create-namespace --version 1.2.9 --values values.yaml
8 | ```
9 |
10 | ### Uninstall
11 | ```
12 | helm uninstall gloo-portal -n gloo-portal
13 | ```
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitclientconfig.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: RateLimitClientConfig
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: httpbin
7 | namespace: httpbin
8 | spec:
9 | raw:
10 | rateLimits:
11 | - actions:
12 | - genericKey:
13 | descriptorValue: "per-minute"
14 | - remoteAddress: {}
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/productpage-serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Productpage services
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: ServiceAccount
6 | metadata:
7 | name: bookinfo-productpage
8 | labels:
9 | account: productpage
10 |
--------------------------------------------------------------------------------
/httpbin/config-examples/edge/httpbin-vs-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: httpbin-vs
5 | namespace: gloo-system
6 | spec:
7 | virtualHost:
8 | domains:
9 | - '*'
10 | routes:
11 | - matchers:
12 | - prefix: /
13 | routeAction:
14 | single:
15 | upstream:
16 | name: httpbin-httpbin-8000
17 | namespace: gloo-system
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-okta-jwks-externalservice.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: ExternalService
3 | metadata:
4 | name: okta-jwks
5 | namespace: httpbin
6 | labels:
7 | expose: "true"
8 | spec:
9 | hosts:
10 | - okta-jwks.external
11 | ports:
12 | - name: https
13 | number: 443
14 | protocol: HTTPS
15 | clientsideTls: {}
16 | selector:
17 | host: okta-jwks
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/staticpage-faq.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | binaryData:
3 | faq: UTogSXMgdGhpcyBhIHN0YXRpYyBwYWdlIGZlYXR1cmUgZGVsaXZlcmVkIGJ5IGdsb28tcG9ydGFsPwpBOiBZZXMgaXQgaXMhIFNlZSB0aGlzICoqW3R1dG9yaWFsXShodHRwczovL2RvY3Muc29sby5pby9nbG9vLXBvcnRhbC9sYXRlc3QvZ3VpZGVzL2dldHRpbmdfc3RhcnRlZC9wYXJ0XzMvKSoqIGZvciBtb3JlIGluZm9ybWF0aW9uIA==
4 | kind: ConfigMap
5 | metadata:
6 | name: default-petstore-portal-faq
7 | namespace: default
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitclientconfig.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: RateLimitClientConfig
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: bookinfo
7 | namespace: bookinfo-frontends
8 | spec:
9 | raw:
10 | rateLimits:
11 | - actions:
12 | - genericKey:
13 | descriptorValue: "per-minute"
14 | - remoteAddress: {}
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitserversettings.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: RateLimitServerSettings
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: rate-limit-server
7 | namespace: httpbin
8 | spec:
9 | destinationServer:
10 | port:
11 | name: grpc
12 | ref:
13 | cluster: mgmt
14 | name: rate-limiter
15 | namespace: gloo-mesh-addons
--------------------------------------------------------------------------------
/keycloak/config-examples/edge/keycloak-vs-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: keycloak-http-vs
5 | namespace: gloo-system
6 | spec:
7 | virtualHost:
8 | domains:
9 | - '*'
10 | routes:
11 | - matchers:
12 | - prefix: /
13 | routeAction:
14 | single:
15 | upstream:
16 | name: default-keycloak-8080
17 | namespace: gloo-system
--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - ../default
6 |
7 | namespace: argocd
8 |
9 | patchesStrategicMerge:
10 | - overlays/argocd-cmd-params-cm.yaml
11 |
12 | #patchesJson6902:
13 | #- path: overlays/argocd-server-insecure-rootpath.yaml
14 | # target:
15 | # group: apps
16 | # kind: Deployment
17 | # name: argocd-server
18 | # version: v1
--------------------------------------------------------------------------------
/bookinfo/config-examples/edge/single-destination-vs-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: bookinfo-vs
5 | namespace: gloo-system
6 | spec:
7 | virtualHost:
8 | domains:
9 | - '*'
10 | routes:
11 | - matchers:
12 | - prefix: /
13 | routeAction:
14 | single:
15 | upstream:
16 | name: bookinfo-v1-productpage-9080
17 | namespace: gloo-system
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitserversettings.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: RateLimitServerSettings
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: bookinfo-rate-limit-server
7 | namespace: bookinfo-frontends
8 | spec:
9 | destinationServer:
10 | port:
11 | name: grpc
12 | ref:
13 | cluster: mgmt
14 | name: rate-limiter
15 | namespace: gloo-mesh-addons
--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath/overlays/argocd-server-insecure-rootpath.yaml:
--------------------------------------------------------------------------------
1 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --insecure}
2 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --basehref}
3 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: /argo}
4 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --rootpath}
5 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: /argo}
6 |
--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath-ocp/overlays/argocd-server-insecure-rootpath.yaml:
--------------------------------------------------------------------------------
1 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --insecure}
2 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --basehref}
3 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: /argo}
4 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --rootpath}
5 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: /argo}
6 |
--------------------------------------------------------------------------------
/argocd/config-examples/edge/argocd-vs-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: argo-vs-80
5 | namespace: gloo-system
6 | spec:
7 | virtualHost:
8 | domains:
9 | - '*'
10 | routes:
11 | - matchers:
12 | - prefix: /argo
13 | options:
14 | prefixRewrite: /argo
15 | routeAction:
16 | single:
17 | upstream:
18 | name: argocd-argocd-server-80
19 | namespace: gloo-system
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/details-service.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Details service
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: Service
6 | metadata:
7 | name: details
8 | labels:
9 | app: details
10 | service: details
11 | spec:
12 | ports:
13 | - port: 9080
14 | name: http
15 | selector:
16 | app: details
17 |
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/ratings-service.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Ratings service
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: Service
6 | metadata:
7 | name: ratings
8 | labels:
9 | app: ratings
10 | service: ratings
11 | spec:
12 | ports:
13 | - port: 9080
14 | name: http
15 | selector:
16 | app: ratings
17 |
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-service.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Reviews service
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: Service
6 | metadata:
7 | name: reviews
8 | labels:
9 | app: reviews
10 | service: reviews
11 | spec:
12 | ports:
13 | - port: 9080
14 | name: http
15 | selector:
16 | app: reviews
17 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-workspacesettings.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: WorkspaceSettings
3 | metadata:
4 | name: httpbin
5 | namespace: httpbin
6 | spec:
7 | importFrom:
8 | - workspaces:
9 | - name: gateways
10 | resources:
11 | - kind: SERVICE
12 | exportTo:
13 | - workspaces:
14 | - name: gateways
15 | resources:
16 | - kind: SERVICE
17 | labels:
18 | app: in-mesh
19 | - kind: ALL
20 | labels:
21 | expose: "true"
--------------------------------------------------------------------------------
/istio/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | configMapGenerator:
6 | - name: istio-dashboards
7 | files:
8 | - istio-extension-dashboard.json
9 | - istio-mesh-dashboard.json
10 | - istio-performance-dashboard.json
11 | - istio-service-dashboard.json
12 | - istio-workload-dashboard.json
13 | - pilot-dashboard.json
14 | generatorOptions:
15 | disableNameSuffixHash: true
16 | labels:
17 | grafana_dashboard: "1"
18 |
--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath-ocp/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - ../default
6 |
7 | namespace: argocd
8 |
9 | patchesJson6902:
10 | - path: overlays/argocd-server-insecure-rootpath.yaml
11 | target:
12 | group: apps
13 | kind: Deployment
14 | name: argocd-server
15 | version: v1
16 | - path: overlays/argocd-redis-uid-patch.yaml
17 | target:
18 | group: apps
19 | kind: Deployment
20 | name: argocd-redis
21 | version: v1
--------------------------------------------------------------------------------
/gloo-mesh/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Gloo Mesh Enterprise
4 | ```
5 | helm repo add gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise
6 | helm repo update
7 | helm upgrade --install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise --namespace gloo-mesh --create-namespace --version 2.1.0-beta25 --set-string licenseKey=$GM_LICENSE_KEY --values values.yaml
8 | ```
9 |
10 | ### Uninstall
11 | ```
12 | helm uninstall gloo-mesh-enterprise -n gloo-mesh
13 | ```
--------------------------------------------------------------------------------
/keycloak/config-examples/edge/keycloak-vs-443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: keycloak-http-vs
5 | namespace: gloo-system
6 | spec:
7 | sslConfig:
8 | secretRef:
9 | name: upstream-tls
10 | namespace: gloo-system
11 | virtualHost:
12 | domains:
13 | - '*'
14 | routes:
15 | - matchers:
16 | - prefix: /
17 | routeAction:
18 | single:
19 | upstream:
20 | name: default-keycloak-8080
21 | namespace: gloo-system
--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-demo-workspacesettings.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: WorkspaceSettings
3 | metadata:
4 | name: bank-lob-workspace-settings
5 | namespace: bank-demo
6 | spec:
7 | exportTo:
8 | - resources:
9 | - kind: ALL
10 | labels:
11 | expose: "true"
12 | workspaces:
13 | - name: gateways
14 | importFrom:
15 | - resources:
16 | - kind: SERVICE
17 | workspaces:
18 | - name: gateways
19 | options:
20 | federation:
21 | enabled: true
22 | hostSuffix: global
--------------------------------------------------------------------------------
/solowallet/deploy/yaml/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | # list of resources to be Applied
6 | resources:
7 | - bank-accounts-db.yaml
8 | - bank-balance-reader.yaml
9 | - bank-config.yaml
10 | - bank-contacts.yaml
11 | - bank-demo-ns.yaml
12 | - bank-demo-workspace.yaml
13 | - bank-demo-workspacesettings.yaml
14 | - bank-frontend.yaml
15 | - bank-ledger-db.yaml
16 | - bank-ledger-writer.yaml
17 | - bank-transaction-history.yaml
18 | - bank-userservice.yaml
19 |
20 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-okta-jwks-externalendpoint.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: ExternalEndpoint
3 | metadata:
4 | name: okta-jwks
5 | namespace: httpbin
6 | labels:
7 | host: okta-jwks
8 | spec:
9 | # This external endpoint identifies the host where Okta publishes the jwks_uri endpoint for my dev account
10 | # See https://dev-22653158-admin.okta.com/oauth2/default/.well-known/oauth-authorization-server
11 | address: dev-22653158.okta.com
12 | ports:
13 | - name: https
14 | number: 443
--------------------------------------------------------------------------------
/argocd/deploy/default/overlays/argocd-cmd-params-cm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: argocd-cmd-params-cm
6 | app.kubernetes.io/part-of: argocd
7 | name: argocd-cmd-params-cm
8 | data:
9 | # Number of application status processors (default 20)
10 | controller.status.processors: "60"
11 | # Number of application operation processors (default 10)
12 | controller.operation.processors: "60"
13 | # Repo server RPC call timeout seconds.
14 | controller.repo.server.timeout.seconds: "360"
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/productpage-service.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Productpage services
3 | ##################################################################################################
4 | apiVersion: v1
5 | kind: Service
6 | metadata:
7 | name: productpage
8 | labels:
9 | app: productpage
10 | service: productpage
11 | version: v1
12 | spec:
13 | ports:
14 | - port: 9080
15 | name: http
16 | selector:
17 | app: productpage
18 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/crds/gloo-edge-crds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-crds
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: default
10 | source:
11 | repoURL: https://github.com/solo-io/gitops-library
12 | targetRevision: HEAD
13 | path: gloo-edge/gloo-edge-crds/1.12.44/
14 | destination:
15 | server: https://kubernetes.default.svc
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-crds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-mesh-crds
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: default
10 | source:
11 | repoURL: https://github.com/solo-io/gitops-library
12 | targetRevision: HEAD
13 | path: gloo-mesh/gloo-mesh-crds/2.1.0-beta22/
14 | destination:
15 | server: https://kubernetes.default.svc
16 | syncPolicy:
17 | automated:
18 | prune: true
19 | selfHeal: true
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/kustomization.yaml:
--------------------------------------------------------------------------------
1 | # kustomization.yaml
2 | apiVersion: kustomize.config.k8s.io/v1beta1
3 | kind: Kustomization
4 |
5 | # list of resources to be Applied
6 | resources:
7 | - developer1-password.yaml
8 | - developer1-user.yaml
9 | - developers-group.yaml
10 | - ecommerce-portal.yaml
11 | - petstore-apidoc-v1-pets.yaml
12 | - petstore-apidoc-v1-users.yaml
13 | - petstore-apidoc-v2-full.yaml
14 | - petstore-apiproduct.yaml
15 | - petstore-dev-environment.yaml
16 | - petstore-v1.yaml
17 | - petstore-v2.yaml
18 | - staticpage-faq.yaml
19 |
--------------------------------------------------------------------------------
/plow-loadgen/helm/values.yaml:
--------------------------------------------------------------------------------
1 | plow:
2 | url: https://www.google.com
3 | concurrency: 1
4 | rate: 50
5 | requests: -1
6 | duration: 0
7 | interval: 60
8 | method: GET
9 | insecure: true
10 | host: "google.com"
11 | additionalHeader: "user: solo"
12 |
13 | deployment:
14 | nameSuffix: loadgenerator
15 | namespace: plow
16 | containerPort: 18888
17 | replicas: 1
18 |
19 | istio:
20 | inject: true
21 | revisionLabel: 1-13
22 | holdProxy: true
23 | exportService: true
24 |
25 | resources:
26 | requests:
27 | cpu: 20m
28 | memory: 10Mi
--------------------------------------------------------------------------------
/argocd/config-examples/edge/argocd-vs-443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: argo-http-vs
5 | namespace: gloo-system
6 | spec:
7 | sslConfig:
8 | secretRef:
9 | name: upstream-tls
10 | namespace: gloo-system
11 | virtualHost:
12 | domains:
13 | - '*'
14 | routes:
15 | - matchers:
16 | - prefix: /argo
17 | options:
18 | prefixRewrite: /argo
19 | routeAction:
20 | single:
21 | upstream:
22 | name: argocd-argocd-server-443
23 | namespace: gloo-system
--------------------------------------------------------------------------------
/bookinfo/config-examples/istio/bookinfo-vs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1alpha3
2 | kind: VirtualService
3 | metadata:
4 | name: bookinfo
5 | spec:
6 | hosts:
7 | - "*"
8 | gateways:
9 | - bookinfo-gateway
10 | http:
11 | - match:
12 | - uri:
13 | exact: /productpage
14 | - uri:
15 | prefix: /static
16 | - uri:
17 | exact: /login
18 | - uri:
19 | exact: /logout
20 | - uri:
21 | prefix: /api/v1/products
22 | route:
23 | - destination:
24 | host: productpage
25 | port:
26 | number: 9080
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-workspacesettings.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: WorkspaceSettings
3 | metadata:
4 | name: bookinfo
5 | namespace: bookinfo-frontends
6 | spec:
7 | exportTo:
8 | - resources:
9 | - kind: SERVICE
10 | labels:
11 | app: productpage
12 | - kind: SERVICE
13 | labels:
14 | app: reviews
15 | - kind: ALL
16 | labels:
17 | expose: "true"
18 | workspaces:
19 | - name: gateways
20 | importFrom:
21 | - resources:
22 | - kind: SERVICE
23 | workspaces:
24 | - name: gateways
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/developer1-user.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: User
3 | metadata:
4 | labels:
5 | app.kubernetes.io/instance: petstore-swagger-apiproduct-1-0-2
6 | groups.portal.gloo.solo.io/gloo-portal.developers: "true"
7 | name: developer1
8 | namespace: gloo-portal
9 | spec:
10 | accessLevel:
11 | portals:
12 | - name: ecommerce-portal
13 | namespace: default
14 | basicAuth:
15 | passwordSecretKey: password
16 | passwordSecretName: developer1-password
17 | passwordSecretNamespace: gloo-portal
18 | username: developer1
--------------------------------------------------------------------------------
/bombardier-loadgen/deploy/yaml/bombardier.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | labels:
5 | app: bombardier
6 | name: bombardier
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: bombardier
12 | template:
13 | metadata:
14 | labels:
15 | app: bombardier
16 | spec:
17 | containers:
18 | - name: bombardier
19 | image: alpine/bombardier
20 | imagePullPolicy: IfNotPresent
21 | command: ["/bin/sh"]
22 | args: ["-c", "for run in $(seq 1 10); do bombardier -c 5 -d 20s -r 10 -p i,p,r ${URL}; done"]
--------------------------------------------------------------------------------
/helloworld/argo/app/argo-rollout/namespace/default/helloworld-rollout.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: helloworld-rollout
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: default
10 | source:
11 | repoURL: https://github.com/solo-io/gitops-library
12 | targetRevision: HEAD
13 | path: helloworld/overlay/app/argo-rollout/namespace/default/
14 | destination:
15 | server: https://kubernetes.default.svc
16 | syncPolicy:
17 | automated:
18 | prune: false
19 | selfHeal: false
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controlPlane.enabled -}}
2 | {{- if .Values.controlPlane.serviceAccount.create -}}
3 | apiVersion: v1
4 | kind: ServiceAccount
5 | metadata:
6 | name: {{ include "gloo-gateway.controlPlane.serviceAccountName" . }}
7 | labels:
8 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
9 | {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
10 | {{- with .Values.controlPlane.serviceAccount.annotations }}
11 | annotations:
12 | {{- toYaml . | nindent 4 }}
13 | {{- end }}
14 | {{- end }}
15 | {{- end }}
--------------------------------------------------------------------------------
/istio/deploy/argo/istio-base.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: istio-base
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "-3"
10 | spec:
11 | destination:
12 | server: https://kubernetes.default.svc
13 | namespace: istio-system
14 | project: default
15 | source:
16 | chart: base
17 | repoURL: https://istio-release.storage.googleapis.com/charts
18 | targetRevision: 1.13.4
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-mgmt-rt-443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: mgmt-argo-rt-443
7 | namespace: argocd
8 | spec:
9 | hosts:
10 | - '*'
11 | http:
12 | - forwardTo:
13 | destinations:
14 | - port:
15 | number: 443
16 | ref:
17 | cluster: mgmt
18 | name: argocd-server
19 | namespace: argocd
20 | name: argocd
21 | virtualGateways:
22 | - cluster: mgmt
23 | name: mgmt-north-south-gw-443
24 | namespace: istio-gateways
25 | workloadSelectors: []
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.0/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.1/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.2/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.0/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.4/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.5/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.6/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.3.0-beta3/auth_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: authconfigs.extauth.solo.io
5 | spec:
6 | group: extauth.solo.io
7 | names:
8 | kind: AuthConfig
9 | listKind: AuthConfigList
10 | plural: authconfigs
11 | shortNames:
12 | - ac
13 | singular: authconfig
14 | scope: Namespaced
15 | versions:
16 | - name: v1
17 | schema:
18 | openAPIV3Schema:
19 | type: object
20 | x-kubernetes-preserve-unknown-fields: true
21 | served: true
22 | storage: true
23 | subresources:
24 | status: {}
25 |
--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-mgmt-rt-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: mgmt-argo-rt-80
7 | namespace: argocd
8 | spec:
9 | hosts:
10 | - '*'
11 | http:
12 | - forwardTo:
13 | destinations:
14 | - port:
15 | number: 80
16 | ref:
17 | cluster: mgmt
18 | name: argocd-server
19 | namespace: argocd
20 | labels:
21 | waf: "true"
22 | name: argocd
23 | virtualGateways:
24 | - cluster: mgmt
25 | name: mgmt-north-south-gw-80
26 | namespace: istio-gateways
27 | workloadSelectors: []
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-jwt-transformationpolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: TransformationPolicy
3 | metadata:
4 | name: modify-x-email-header
5 | namespace: httpbin
6 | spec:
7 | applyToRoutes:
8 | - route:
9 | labels:
10 | oauth: "true"
11 | config:
12 | phase:
13 | postAuthz:
14 | priority: 2
15 | request:
16 | injaTemplate:
17 | extractors:
18 | organization:
19 | header: 'X-Email'
20 | regex: '.*@(.*)$'
21 | subgroup: 1
22 | headers:
23 | x-organization:
24 | text: "{{ organization }}"
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controlPlane.enabled -}}
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}
6 | labels:
7 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
8 | {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
9 | spec:
10 | type: {{ .Values.controlPlane.service.type }}
11 | ports:
12 | - port: {{ .Values.controlPlane.service.port }}
13 | targetPort: http
14 | protocol: TCP
15 | name: http
16 | selector:
17 | {{- include "gloo-gateway.controlPlane.selectorLabels" . | nindent 4 }}
18 | {{- end }}
--------------------------------------------------------------------------------
/gloo-edge/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Gloo Edge Open Source
4 | ```
5 | helm repo add gloo https://storage.googleapis.com/solo-public-helm
6 | helm repo update
7 | helm upgrade --install gloo gloo/gloo --namespace gloo-system --create-namespace --version 1.12.16
8 | ```
9 |
10 | ## Gloo Edge Enterprise
11 | ```
12 | helm repo add glooe https://storage.googleapis.com/gloo-ee-helm
13 | helm repo update
14 | helm upgrade --install gloo glooe/gloo-ee --namespace gloo-system --create-namespace --version 1.12.15 --set-string license_key=$LICENSE_KEY --values values-nofed.yaml
15 | ```
16 |
17 | ### Uninstall
18 | ```
19 | helm uninstall gloo -n gloo-system
20 | ```
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitserverconfig.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: RateLimitServerConfig
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: httpbin
7 | namespace: gloo-mesh-addons
8 | spec:
9 | destinationServers:
10 | - port:
11 | name: grpc
12 | ref:
13 | cluster: mgmt
14 | name: rate-limiter
15 | namespace: gloo-mesh-addons
16 | raw:
17 | descriptors:
18 | - key: generic_key
19 | value: "per-minute"
20 | descriptors:
21 | - key: remote_address
22 | rateLimit:
23 | requestsPerUnit: 20
24 | unit: MINUTE
--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-cluster1-rt-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: cluster1-argo-rt-80
7 | namespace: argocd
8 | spec:
9 | hosts:
10 | - '*'
11 | http:
12 | - forwardTo:
13 | destinations:
14 | - port:
15 | number: 80
16 | ref:
17 | cluster: cluster1
18 | name: argocd-server
19 | namespace: argocd
20 | labels:
21 | waf: "true"
22 | name: argocd
23 | virtualGateways:
24 | - cluster: cluster1
25 | name: cluster1-north-south-gw-80
26 | namespace: istio-gateways
27 | workloadSelectors: []
--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-cluster2-rt-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: cluster2-argo-rt-80
7 | namespace: argocd
8 | spec:
9 | hosts:
10 | - '*'
11 | http:
12 | - forwardTo:
13 | destinations:
14 | - port:
15 | number: 80
16 | ref:
17 | cluster: cluster2
18 | name: argocd-server
19 | namespace: argocd
20 | labels:
21 | waf: "true"
22 | name: argocd
23 | virtualGateways:
24 | - cluster: cluster2
25 | name: cluster2-north-south-gw-80
26 | namespace: istio-gateways
27 | workloadSelectors: []
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitserverconfig.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: admin.gloo.solo.io/v2
2 | kind: RateLimitServerConfig
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: bookinfo
7 | namespace: gloo-mesh-addons
8 | spec:
9 | destinationServers:
10 | - port:
11 | name: grpc
12 | ref:
13 | cluster: mgmt
14 | name: rate-limiter
15 | namespace: gloo-mesh-addons
16 | raw:
17 | descriptors:
18 | - key: generic_key
19 | value: "per-minute"
20 | descriptors:
21 | - key: remote_address
22 | rateLimit:
23 | requestsPerUnit: 15
24 | unit: MINUTE
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/ratelimit_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: ratelimitconfigs.ratelimit.solo.io
5 | spec:
6 | group: ratelimit.solo.io
7 | names:
8 | kind: RateLimitConfig
9 | listKind: RateLimitConfigList
10 | plural: ratelimitconfigs
11 | singular: ratelimitconfig
12 | shortNames:
13 | - rlc
14 | - grlc
15 | scope: Namespaced
16 | versions:
17 | - name: v1alpha1
18 | served: true
19 | storage: true
20 | subresources:
21 | status: {}
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/ratelimit_config.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: ratelimitconfigs.ratelimit.solo.io
5 | spec:
6 | group: ratelimit.solo.io
7 | names:
8 | kind: RateLimitConfig
9 | listKind: RateLimitConfigList
10 | plural: ratelimitconfigs
11 | singular: ratelimitconfig
12 | shortNames:
13 | - rlc
14 | - grlc
15 | scope: Namespaced
16 | versions:
17 | - name: v1alpha1
18 | served: true
19 | storage: true
20 | subresources:
21 | status: {}
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 |
--------------------------------------------------------------------------------
/homer-portal/config-examples/gloo-mesh/2.0.x/homer-rt-443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: homer-web-portal-rt-443
7 | namespace: web-portal
8 | spec:
9 | hosts:
10 | - 'homer.glootest.com'
11 | - 'homer-local.glootest.com'
12 | http:
13 | - forwardTo:
14 | destinations:
15 | - port:
16 | number: 8080
17 | ref:
18 | cluster: mgmt
19 | name: homer-portal
20 | namespace: web-portal
21 | name: homer
22 | virtualGateways:
23 | - cluster: mgmt
24 | name: mgmt-north-south-gw-443
25 | namespace: istio-gateways
26 | workloadSelectors: []
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitpolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: RateLimitPolicy
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: httpbin
7 | namespace: httpbin
8 | spec:
9 | applyToRoutes:
10 | - route:
11 | labels:
12 | ratelimited: "true"
13 | config:
14 | ratelimitClientConfig:
15 | cluster: mgmt
16 | name: httpbin
17 | namespace: httpbin
18 | ratelimitServerConfig:
19 | cluster: mgmt
20 | name: httpbin
21 | namespace: gloo-mesh-addons
22 | serverSettings:
23 | cluster: mgmt
24 | name: rate-limit-server
25 | namespace: httpbin
26 |
--------------------------------------------------------------------------------
/bookinfo/config-examples/edge/multi-destination-vs-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.solo.io/v1
2 | kind: VirtualService
3 | metadata:
4 | name: bookinfo-vs
5 | namespace: gloo-system
6 | spec:
7 | virtualHost:
8 | domains:
9 | - '*'
10 | routes:
11 | - matchers:
12 | - prefix: /
13 | routeAction:
14 | multi:
15 | destinations:
16 | - destination:
17 | upstream:
18 | name: bookinfo-v1-productpage-9080
19 | namespace: gloo-system
20 | weight: 5
21 | - destination:
22 | upstream:
23 | name: bookinfo-v2-productpage-9080
24 | namespace: gloo-system
25 | weight: 5
--------------------------------------------------------------------------------
/flagger/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Flagger with default prometheus
4 | ```
5 | helm repo add flagger https://flagger.app
6 |
7 | helm upgrade -i flagger flagger/flagger \
8 | --namespace gloo-system \
9 | --set prometheus.install=true \
10 | --set meshProvider=gloo
11 | ```
12 |
13 | ## Flagger using Gloo Edge Enterprise prometheus
14 | ```
15 | helm repo add flagger https://flagger.app
16 |
17 | helm upgrade -i flagger flagger/flagger \
18 | --namespace gloo-system \
19 | --set prometheus.install=false \
20 | --set metricsServer="http://glooe-prometheus-server.gloo-system:80" \
21 | --set meshProvider=gloo
22 | ```
23 |
24 | ### Uninstall
25 | ```
26 | helm uninstall flagger -n gloo-system
27 | ```
--------------------------------------------------------------------------------
/argocd/deploy/default/overlays/application-controller-status-processors.yaml:
--------------------------------------------------------------------------------
1 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --status-processors}
2 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: "60"}
3 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --operation-processors}
4 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: "60"}
5 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --repo-server-timeout-seconds}
6 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: "360"}
7 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: --app-resync}
8 | - {op: add, path: /spec/template/spec/containers/0/command/-, value: "30"}
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitpolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: RateLimitPolicy
3 | metadata:
4 | labels:
5 | workspace.solo.io/exported: "true"
6 | name: bookinfo
7 | namespace: bookinfo-frontends
8 | spec:
9 | applyToRoutes:
10 | - route:
11 | labels:
12 | ratelimited: "true"
13 | config:
14 | ratelimitClientConfig:
15 | cluster: mgmt
16 | name: bookinfo
17 | namespace: bookinfo-frontends
18 | ratelimitServerConfig:
19 | cluster: mgmt
20 | name: bookinfo
21 | namespace: gloo-mesh-addons
22 | serverSettings:
23 | cluster: mgmt
24 | name: bookinfo-rate-limit-server
25 | namespace: bookinfo-frontends
26 |
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/developers-group.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: Group
3 | metadata:
4 | name: developers
5 | namespace: gloo-portal
6 | spec:
7 | accessLevel:
8 | apis:
9 | - environments:
10 | namespaces:
11 | - '*'
12 | products:
13 | labels:
14 | - key: app
15 | operator: Equals
16 | values:
17 | - petstore
18 | namespaces:
19 | - '*'
20 | usagePlans:
21 | - basic
22 | portals:
23 | - name: ecommerce-portal
24 | namespace: default
25 | displayName: ecommerce developers
26 | userSelector:
27 | matchLabels:
28 | groups.portal.gloo.solo.io/gloo-portal.developers: "true"
29 | namespaces:
30 | - '*'
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-wafpolicy-log4shell.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: security.policy.gloo.solo.io/v2
2 | kind: WAFPolicy
3 | metadata:
4 | name: httpbin-log4shell
5 | namespace: httpbin
6 | spec:
7 | applyToRoutes:
8 | - route:
9 | labels:
10 | waf: "true"
11 | config:
12 | customInterventionMessage: Log4Shell malicious payload
13 | customRuleSets:
14 | - ruleStr: "SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@*
15 | \ \n \"@rx \\${jndi:(?:ldaps?|iiop|dns|rmi)://\" \n \"id:1000,phase:2,deny,status:403,log,msg:'Potential
16 | Remote Command Execution: Log4j CVE-2021-44228'\""
17 | disableCoreRuleSet: true
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-wafpolicy-log4shell.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: security.policy.gloo.solo.io/v2
2 | kind: WAFPolicy
3 | metadata:
4 | name: log4shell
5 | namespace: bookinfo-frontends
6 | spec:
7 | applyToRoutes:
8 | - route:
9 | labels:
10 | waf: "true"
11 | config:
12 | customInterventionMessage: Log4Shell malicious payload
13 | customRuleSets:
14 | - ruleStr: "SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@*
15 | \ \n \"@rx \\${jndi:(?:ldaps?|iiop|dns|rmi)://\" \n \"id:1000,phase:2,deny,status:403,log,msg:'Potential
16 | Remote Command Execution: Log4j CVE-2021-44228'\""
17 | disableCoreRuleSet: true
--------------------------------------------------------------------------------
/cert-manager/deploy/argo/cert-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: cert-manager
5 | namespace: argocd
6 | spec:
7 | destination:
8 | namespace: cert-manager
9 | server: 'https://kubernetes.default.svc'
10 | source:
11 | repoURL: 'https://charts.jetstack.io'
12 | targetRevision: v1.7.2
13 | chart: cert-manager
14 | helm:
15 | parameters:
16 | - name: installCRDs
17 | value: 'true'
18 | project: default
19 | syncPolicy:
20 | automated:
21 | prune: true
22 | selfHeal: true
23 | retry:
24 | limit: 2
25 | backoff:
26 | duration: 5s
27 | maxDuration: 3m0s
28 | factor: 2
29 | syncOptions:
30 | - CreateNamespace=true
31 |
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | labels:
5 | service: petstore
6 | name: petstore
7 | namespace: default
8 | spec:
9 | ports:
10 | - port: 8080
11 | protocol: TCP
12 | selector:
13 | app: petstore
14 | ---
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 | labels:
19 | app: petstore
20 | name: petstore
21 | namespace: default
22 | spec:
23 | replicas: 1
24 | selector:
25 | matchLabels:
26 | app: petstore
27 | template:
28 | metadata:
29 | labels:
30 | app: petstore
31 | spec:
32 | containers:
33 | - image: soloio/petstore-example:latest
34 | name: petstore
35 | ports:
36 | - containerPort: 8080
37 | name: http
--------------------------------------------------------------------------------
/cert-manager/deploy/argo/1.7-cert-manager-crds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: 1.7-cert-manager-crds
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: default
10 | source:
11 | repoURL: https://github.com/solo-io/gitops-library
12 | targetRevision: HEAD
13 | path: cert-manager/crds/1.7
14 | destination:
15 | server: https://kubernetes.default.svc
16 | syncPolicy:
17 | automated:
18 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
19 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
--------------------------------------------------------------------------------
/istio/deploy/helm-values/istiod-values.yaml:
--------------------------------------------------------------------------------
1 | revision: 1-13
2 | global:
3 | meshID: mesh1
4 | multiCluster:
5 | clusterName: cluster1
6 | network: network1
7 | hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
8 | tag: 1.13.4-solo
9 | meshConfig:
10 | trustDomain: cluster1
11 | accessLogFile: /dev/stdout
12 | enableAutoMtls: true
13 | defaultConfig:
14 | envoyMetricsService:
15 | address: gloo-mesh-agent.gloo-mesh:9977
16 | envoyAccessLogService:
17 | address: gloo-mesh-agent.gloo-mesh:9977
18 | proxyMetadata:
19 | ISTIO_META_DNS_CAPTURE: "true"
20 | ISTIO_META_DNS_AUTO_ALLOCATE: "true"
21 | GLOO_MESH_CLUSTER_NAME: cluster1
22 | pilot:
23 | env:
24 | PILOT_ENABLE_K8S_SELECT_WORKLOAD_ENTRIES: "false"
25 | PILOT_SKIP_VALIDATE_TRUST_DOMAIN: "true"
--------------------------------------------------------------------------------
/istio/deploy/helm-values/istio-eastwestgateway-values.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
3 | tag: 1.13.4-solo
4 | gateways:
5 | istio-ingressgateway:
6 | name: istio-eastwestgateway
7 | namespace: istio-gateways
8 | labels:
9 | istio: eastwestgateway
10 | topology.istio.io/network: network1
11 | injectionTemplate: gateway
12 | ports:
13 | - name: tcp-status-port
14 | port: 15021
15 | targetPort: 15021
16 | - name: tls
17 | port: 15443
18 | targetPort: 15443
19 | - name: tcp-istiod
20 | port: 15012
21 | targetPort: 15012
22 | - name: tcp-webhook
23 | port: 15017
24 | targetPort: 15017
25 | env:
26 | ISTIO_META_ROUTER_MODE: "sni-dnat"
27 | ISTIO_META_REQUESTED_NETWORK_VIEW: "network1"
--------------------------------------------------------------------------------
/argocd/deploy/default/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | resources:
5 | - https://raw.githubusercontent.com/argoproj/argo-cd/release-2.8/manifests/install.yaml
6 | - base/rollouts-extension.yaml
7 |
8 | components:
9 | - github.com/argoproj-labs/argocd-extensions/manifests/?ref=main
10 |
11 | namespace: argocd
12 |
13 | images:
14 | - name: quay.io/argoproj/argocd
15 | newTag: v2.8.0
16 | digest: sha256:a7bfe2a512a33c42d85786b52a8c1b0b2d721630505706b201b8963ec57ac6b3
17 |
18 | #patchesJson6902:
19 | #- path: overlays/application-controller-status-processors.yaml
20 | # target:
21 | # group: apps
22 | # kind: StatefulSet
23 | # name: argocd-application-controller
24 | # version: v1
25 |
26 | patchesStrategicMerge:
27 | - overlays/argocd-cm.yaml
28 | - overlays/argocd-cmd-params-cm.yaml
29 |
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-v1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: petstore-v1
5 | namespace: default
6 | spec:
7 | ports:
8 | - name: http
9 | port: 8080
10 | protocol: TCP
11 | targetPort: http
12 | selector:
13 | app: petstore
14 | version: v1
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 | name: petstore-v1
20 | namespace: default
21 | spec:
22 | replicas: 1
23 | selector:
24 | matchLabels:
25 | app: petstore
26 | version: v1
27 | template:
28 | metadata:
29 | labels:
30 | app: petstore
31 | version: v1
32 | spec:
33 | containers:
34 | - image: swaggerapi/petstore
35 | imagePullPolicy: Always
36 | name: petstore
37 | ports:
38 | - containerPort: 8080
39 | name: http
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-v2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: petstore-v2
5 | namespace: default
6 | spec:
7 | ports:
8 | - name: http
9 | port: 8080
10 | protocol: TCP
11 | targetPort: http
12 | selector:
13 | app: petstore
14 | version: v2
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 | name: petstore-v2
20 | namespace: default
21 | spec:
22 | replicas: 1
23 | selector:
24 | matchLabels:
25 | app: petstore
26 | version: v2
27 | template:
28 | metadata:
29 | labels:
30 | app: petstore
31 | version: v2
32 | spec:
33 | containers:
34 | - image: swaggerapi/petstore
35 | imagePullPolicy: Always
36 | name: petstore
37 | ports:
38 | - containerPort: 8080
39 | name: http
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-rt-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | name: httpbin-rt-80
5 | namespace: httpbin
6 | labels:
7 | expose: "true"
8 | spec:
9 | hosts:
10 | - 'httpbin.glootest.com'
11 | - 'httpbin-local.glootest.com'
12 | virtualGateways:
13 | - name: mgmt-north-south-gw-80
14 | namespace: istio-gateways
15 | cluster: mgmt
16 | workloadSelectors: []
17 | http:
18 | - name: httpbin
19 | matchers:
20 | - uri:
21 | exact: /get
22 | - uri:
23 | prefix: /anything
24 | forwardTo:
25 | destinations:
26 | - ref:
27 | name: in-mesh
28 | namespace: httpbin
29 | port:
30 | number: 8000
31 | labels:
32 | ratelimited: "true"
33 | waf: "true"
--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-addons.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-mesh-addons
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | server: https://kubernetes.default.svc
11 | namespace: gloo-mesh-addons
12 | project: default
13 | source:
14 | chart: gloo-mesh-agent
15 | helm:
16 | skipCrds: true
17 | parameters:
18 | - name: ext-auth-service.enabled
19 | value: 'true'
20 | - name: rate-limiter.enabled
21 | value: 'true'
22 | - name: glooMeshAgent.enabled
23 | value: 'false'
24 | repoURL: https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-agent
25 | targetRevision: 2.1.0-beta22
26 | syncPolicy:
27 | automated:
28 | prune: true
29 | selfHeal: true
--------------------------------------------------------------------------------
/cert-manager/README.md:
--------------------------------------------------------------------------------
1 | # cert-manager
2 |
3 | ## Prerequisites
4 | - Kubernetes clusters up and authenticated to kubectl
5 | - argocd - [Follow this Tutorial Here](https://github.com/solo-io/gitops-library/tree/main/argocd)
6 |
7 | ## installing cert-manager
8 | Navigate to the `cert-manager` directory
9 | ```
10 | cd cert-manager
11 | ```
12 |
13 | To install cert-manager on your cluster, deploy the argo app associated with the cert-manager version that you want.
14 |
15 | For example to deploy cert-manager v12.0.4 in the default namespace:
16 | ```
17 | kubectl apply -f argo/deploy/certmanager-1-6-0.yaml
18 | ```
19 |
20 | You can run the `wait-for-rollout.sh` script to watch deployment progress
21 | ```
22 | ../tools/wait-for-rollout.sh deployment cert-manager default 10
23 | ```
24 |
25 | ## uninstall cert-manager
26 | ```
27 | kubectl delete -f argo/deploy/certmanager-1-6-0.yaml
28 | ```
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.enterprise.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 802eb05c33b3851f
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: federatedauthconfigs.fed.enterprise.gloo.solo.io
12 | spec:
13 | group: fed.enterprise.gloo.solo.io
14 | names:
15 | kind: FederatedAuthConfig
16 | listKind: FederatedAuthConfigList
17 | plural: federatedauthconfigs
18 | singular: federatedauthconfig
19 | scope: Namespaced
20 | versions:
21 | - name: v1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.enterprise.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 802eb05c33b3851f
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: federatedauthconfigs.fed.enterprise.gloo.solo.io
12 | spec:
13 | group: fed.enterprise.gloo.solo.io
14 | names:
15 | kind: FederatedAuthConfig
16 | listKind: FederatedAuthConfigList
17 | plural: federatedauthconfigs
18 | singular: federatedauthconfig
19 | scope: Namespaced
20 | versions:
21 | - name: v1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.0/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.1/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.2/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.0/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.4/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.5/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.6/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.3.0-beta3/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 45f64ee3106a37ce
8 | labels:
9 | app: rate-limiter
10 | app.kubernetes.io/name: rate-limiter
11 | name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 | group: ratelimit.solo.io
14 | names:
15 | kind: RateLimitConfig
16 | listKind: RateLimitConfigList
17 | plural: ratelimitconfigs
18 | shortNames:
19 | - rlc
20 | singular: ratelimitconfig
21 | scope: Namespaced
22 | versions:
23 | - name: v1alpha1
24 | schema:
25 | openAPIV3Schema:
26 | type: object
27 | x-kubernetes-preserve-unknown-fields: true
28 | served: true
29 | storage: true
30 | subresources:
31 | status: {}
32 |
--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath/overlays/argocd-cmd-params-cm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | labels:
5 | app.kubernetes.io/name: argocd-cmd-params-cm
6 | app.kubernetes.io/part-of: argocd
7 | name: argocd-cmd-params-cm
8 | data:
9 | # Number of application status processors (default 20)
10 | controller.status.processors: "60"
11 | # Number of application operation processors (default 10)
12 | controller.operation.processors: "60"
13 | # Repo server RPC call timeout seconds.
14 | controller.repo.server.timeout.seconds: "360"
15 | # Run server without TLS
16 | server.insecure: "true"
17 | # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
18 | server.basehref: "/argo"
19 | # Used if Argo CD is running behind reverse proxy under subpath different from /
20 | server.rootpath: "/argo"
--------------------------------------------------------------------------------
/istio/deploy/helm-values/istio-ingressgateway-values.yaml:
--------------------------------------------------------------------------------
1 | # Name allows overriding the release name. Generally this should not be set
2 | name: ""
3 | # revision declares which revision this gateway is a part of
4 | revision: "1-13"
5 |
6 | replicaCount: 1
7 |
8 | service:
9 | # Type of service. Set to "None" to disable the service entirely
10 | type: LoadBalancer
11 | ports:
12 | - name: http2
13 | port: 80
14 | protocol: TCP
15 | targetPort: 80
16 | - name: https
17 | port: 443
18 | protocol: TCP
19 | targetPort: 443
20 | annotations: {}
21 | loadBalancerIP: ""
22 | loadBalancerSourceRanges: []
23 | externalTrafficPolicy: ""
24 |
25 | # Pod environment variables
26 | env:
27 | annotations:
28 | proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
29 |
30 | # Labels to apply to all resources
31 | labels:
32 | istio.io/rev: 1-13
33 | istio: ingressgateway
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 103fa59a1ecf3798
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: federatedratelimitconfigs.fed.ratelimit.solo.io
12 | spec:
13 | group: fed.ratelimit.solo.io
14 | names:
15 | kind: FederatedRateLimitConfig
16 | listKind: FederatedRateLimitConfigList
17 | plural: federatedratelimitconfigs
18 | singular: federatedratelimitconfig
19 | scope: Namespaced
20 | versions:
21 | - name: v1alpha1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 103fa59a1ecf3798
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: federatedratelimitconfigs.fed.ratelimit.solo.io
12 | spec:
13 | group: fed.ratelimit.solo.io
14 | names:
15 | kind: FederatedRateLimitConfig
16 | listKind: FederatedRateLimitConfigList
17 | plural: federatedratelimitconfigs
18 | singular: federatedratelimitconfig
19 | scope: Namespaced
20 | versions:
21 | - name: v1alpha1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
--------------------------------------------------------------------------------
/flagger/deploy/argo/flagger-prometheus.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: flagger
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: flagger
15 | helm:
16 | skipCrds: false
17 | values: |
18 | prometheus:
19 | install: true
20 | meshProvider: gloo
21 | repoURL: https://flagger.app
22 | targetRevision: 1.26.0
23 | syncPolicy:
24 | automated:
25 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
26 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/details-deployment.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Details service
3 | ##################################################################################################
4 | apiVersion: apps/v1
5 | kind: Deployment
6 | metadata:
7 | name: details-v1
8 | labels:
9 | app: details
10 | version: v1
11 | spec:
12 | replicas: 1
13 | selector:
14 | matchLabels:
15 | app: details
16 | version: v1
17 | template:
18 | metadata:
19 | labels:
20 | app: details
21 | version: v1
22 | spec:
23 | serviceAccountName: bookinfo-details
24 | containers:
25 | - name: details
26 | image: docker.io/istio/examples-bookinfo-details-v1:1.16.2
27 | imagePullPolicy: IfNotPresent
28 | ports:
29 | - containerPort: 9080
30 | securityContext:
31 | runAsUser: 1000
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/ratings-deployment.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Ratings service
3 | ##################################################################################################
4 | apiVersion: apps/v1
5 | kind: Deployment
6 | metadata:
7 | name: ratings-v1
8 | labels:
9 | app: ratings
10 | version: v1
11 | spec:
12 | replicas: 1
13 | selector:
14 | matchLabels:
15 | app: ratings
16 | version: v1
17 | template:
18 | metadata:
19 | labels:
20 | app: ratings
21 | version: v1
22 | spec:
23 | serviceAccountName: bookinfo-ratings
24 | containers:
25 | - name: ratings
26 | image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.2
27 | imagePullPolicy: IfNotPresent
28 | ports:
29 | - containerPort: 9080
30 | securityContext:
31 | runAsUser: 1000
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.10.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-oss
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo
15 | helm:
16 | values: |
17 | # no values takes the default values.yaml
18 | repoURL: https://storage.googleapis.com/solo-public-helm
19 | targetRevision: 1.10.37
20 | syncPolicy:
21 | automated:
22 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 | syncOptions:
25 | - CreateNamespace=true
26 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.11.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-oss
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo
15 | helm:
16 | values: |
17 | # no values takes the default values.yaml
18 | repoURL: https://storage.googleapis.com/solo-public-helm
19 | targetRevision: 1.11.36
20 | syncPolicy:
21 | automated:
22 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 | syncOptions:
25 | - CreateNamespace=true
26 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.12.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-oss
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo
15 | helm:
16 | values: |
17 | # no values takes the default values.yaml
18 | repoURL: https://storage.googleapis.com/solo-public-helm
19 | targetRevision: 1.12.16
20 | syncPolicy:
21 | automated:
22 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 | syncOptions:
25 | - CreateNamespace=true
26 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.8.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-oss
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo
15 | helm:
16 | values: |
17 | # no values takes the default values.yaml
18 | repoURL: https://storage.googleapis.com/solo-public-helm
19 | targetRevision: 1.8.37
20 | syncPolicy:
21 | automated:
22 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 | syncOptions:
25 | - CreateNamespace=true
26 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.9.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-oss
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo
15 | helm:
16 | values: |
17 | # no values takes the default values.yaml
18 | repoURL: https://storage.googleapis.com/solo-public-helm
19 | targetRevision: 1.9.26
20 | syncPolicy:
21 | automated:
22 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 | syncOptions:
25 | - CreateNamespace=true
26 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-oauth-rt-443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | name: httpbin-rt-443
5 | namespace: httpbin
6 | labels:
7 | expose: "true"
8 | spec:
9 | hosts:
10 | - 'httpbin.glootest.com'
11 | - 'httpbin-local.glootest.com'
12 | virtualGateways:
13 | - name: mgmt-north-south-gw-443
14 | namespace: istio-gateways
15 | cluster: mgmt
16 | workloadSelectors: []
17 | http:
18 | - name: httpbin
19 | labels:
20 | oauth: "true"
21 | waf: "true"
22 | matchers:
23 | - uri:
24 | exact: /get
25 | - uri:
26 | prefix: /callback
27 | - uri:
28 | prefix: /logout
29 | - uri:
30 | prefix: /anything
31 | forwardTo:
32 | destinations:
33 | - ref:
34 | name: in-mesh
35 | namespace: httpbin
36 | port:
37 | number: 8000
--------------------------------------------------------------------------------
/flagger/deploy/argo/flagger.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: flagger
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: flagger
15 | helm:
16 | skipCrds: false
17 | values: |
18 | prometheus:
19 | install: false
20 | metricsServer: "http://glooe-prometheus-server.gloo-system:80"
21 | meshProvider: gloo
22 | repoURL: https://flagger.app
23 | targetRevision: 1.26.0
24 | syncPolicy:
25 | automated:
26 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
27 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
--------------------------------------------------------------------------------
/bombardier-loadgen/deploy/argo/bombardier-httpbin-argo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: bombardier-httpbin
5 | namespace: argocd
6 | spec:
7 | destination:
8 | namespace: httpbin
9 | server: 'https://kubernetes.default.svc'
10 | source:
11 | repoURL: 'https://github.com/solo-io/gitops-library'
12 | path: bombardier-loadgen/helm
13 | targetRevision: HEAD
14 | helm:
15 | parameters:
16 | - name: url
17 | value: 'https://httpbin.kapoozi.com/anything/unprotected'
18 | - name: name_suffix
19 | value: 'httpbin'
20 | - name: namespace
21 | value: 'httpbin'
22 | - name: loops
23 | value: '10000'
24 | - name: connections
25 | value: '1'
26 | - name: duration_seconds
27 | value: '60s'
28 | - name: rate
29 | value: '6'
30 | project: default
31 | syncPolicy:
32 | automated:
33 | prune: true
34 | selfHeal: true
--------------------------------------------------------------------------------
/helloworld/deploy/yaml/analysis.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AnalysisTemplate
3 | metadata:
4 | name: istio-success-rate
5 | spec:
6 | # this analysis template requires a service name and namespace to be supplied to the query
7 | args:
8 | - name: service
9 | - name: namespace
10 | metrics:
11 | - name: success-rate
12 | initialDelay: 30s
13 | interval: 20s
14 | successCondition: result[0] > 0.95
15 | provider:
16 | prometheus:
17 | address: http://prometheus.istio-system:9090
18 | query: >+
19 | sum(irate(istio_requests_total{
20 | reporter="source",
21 | destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local",
22 | response_code!~"5.*"}[40s])
23 | )
24 | /
25 | sum(irate(istio_requests_total{
26 | reporter="source",
27 | destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local"}[40s])
28 | )
--------------------------------------------------------------------------------
/bombardier-loadgen/helm/templates/bombardier.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | labels:
5 | app: bombardier-{{ .Values.name_suffix }}
6 | name: bombardier
7 | namespace: {{ .Values.namespace }}
8 | spec:
9 | replicas: 1
10 | selector:
11 | matchLabels:
12 | app: bombardier
13 | template:
14 | metadata:
15 | labels:
16 | app: bombardier
17 | spec:
18 | containers:
19 | - args:
20 | - -c
21 | - for run in $(seq 1 {{ .Values.loops }}); do bombardier -c {{ .Values.connections }} -d {{ .Values.duration_seconds }} -r {{ .Values.rate }} -p i,p,r {{ .Values.url }} -l;
22 | done
23 | command:
24 | - /bin/sh
25 | image: alpine/bombardier:v1.2.5
26 | resources:
27 | requests:
28 | memory: {{ .Values.resources.requests.memory }}
29 | cpu: {{ .Values.resources.requests.cpu }}
30 | imagePullPolicy: IfNotPresent
31 | name: bombardier
--------------------------------------------------------------------------------
/argocd/deploy/default/overlays/argocd-cm.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: argocd-cm
6 | labels:
7 | app.kubernetes.io/name: argocd-cm
8 | app.kubernetes.io/part-of: argocd
9 | data:
10 |
11 |
12 |
13 | # Set app resync to a shorter value (default 180s)
14 | timeout.reconciliation: 60s
15 |
16 | resource.customizations: |
17 | argoproj.io/Application:
18 | health.lua: |
19 | hs = {}
20 | hs.status = "Progressing"
21 | hs.message = ""
22 | if obj.status ~= nil then
23 | if obj.status.health ~= nil then
24 | hs.status = obj.status.health.status
25 | if obj.status.health.message ~= nil then
26 | hs.message = obj.status.health.message
27 | end
28 | end
29 | end
30 | return hs
31 | resource.exclusions: |
32 | - apiGroups:
33 | - cilium.io
34 | kinds:
35 | - CiliumIdentity
36 | clusters:
37 | - "*"
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-rt-80.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: productpage
7 | namespace: bookinfo-frontends
8 | spec:
9 | hosts:
10 | - 'bookinfo.glootest.com'
11 | - 'bookinfo-local.glootest.com'
12 | http:
13 | - forwardTo:
14 | destinations:
15 | - port:
16 | number: 9080
17 | ref:
18 | name: productpage
19 | namespace: bookinfo-frontends
20 | labels:
21 | waf: "true"
22 | ratelimited: "true"
23 | matchers:
24 | - uri:
25 | exact: /productpage
26 | - uri:
27 | prefix: /static
28 | - uri:
29 | exact: /login
30 | - uri:
31 | exact: /logout
32 | - uri:
33 | prefix: /api/v1/products
34 | name: productpage
35 | virtualGateways:
36 | - cluster: cluster1
37 | name: mgmt-north-south-gw-80
38 | namespace: istio-gateways
39 | workloadSelectors: []
--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/analysis.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AnalysisTemplate
3 | metadata:
4 | name: istio-success-rate
5 | spec:
6 | # this analysis template requires a service name and namespace to be supplied to the query
7 | args:
8 | - name: service
9 | - name: namespace
10 | metrics:
11 | - name: success-rate
12 | initialDelay: 30s
13 | interval: 20s
14 | successCondition: result[0] > 0.95
15 | provider:
16 | prometheus:
17 | address: http://prometheus.istio-system:9090
18 | query: >+
19 | sum(irate(istio_requests_total{
20 | reporter="source",
21 | destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local",
22 | response_code!~"5.*"}[40s])
23 | )
24 | /
25 | sum(irate(istio_requests_total{
26 | reporter="source",
27 | destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local"}[40s])
28 | )
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-in-mesh.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: in-mesh
5 | namespace: httpbin
6 | ---
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: in-mesh
11 | namespace: httpbin
12 | labels:
13 | app: in-mesh
14 | service: in-mesh
15 | spec:
16 | ports:
17 | - name: http
18 | port: 8000
19 | targetPort: 80
20 | selector:
21 | app: in-mesh
22 | ---
23 | apiVersion: apps/v1
24 | kind: Deployment
25 | metadata:
26 | name: in-mesh
27 | namespace: httpbin
28 | spec:
29 | replicas: 1
30 | selector:
31 | matchLabels:
32 | app: in-mesh
33 | version: v1
34 | template:
35 | metadata:
36 | labels:
37 | app: in-mesh
38 | version: v1
39 | istio.io/rev: 1-13
40 | spec:
41 | serviceAccountName: in-mesh
42 | containers:
43 | - image: docker.io/kennethreitz/httpbin
44 | imagePullPolicy: IfNotPresent
45 | name: in-mesh
46 | ports:
47 | - containerPort: 80
--------------------------------------------------------------------------------
/httpbin/deploy/yaml/httpbin.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: httpbin
5 | ---
6 | apiVersion: v1
7 | kind: ServiceAccount
8 | metadata:
9 | name: httpbin
10 | namespace: httpbin
11 | ---
12 | apiVersion: v1
13 | kind: Service
14 | metadata:
15 | labels:
16 | app: httpbin
17 | name: httpbin
18 | namespace: httpbin
19 | spec:
20 | ports:
21 | - name: http
22 | port: 8000
23 | targetPort: 80
24 | selector:
25 | app: httpbin
26 | ---
27 | apiVersion: apps/v1
28 | kind: Deployment
29 | metadata:
30 | name: httpbin
31 | namespace: httpbin
32 | spec:
33 | replicas: 1
34 | selector:
35 | matchLabels:
36 | app: httpbin
37 | version: v1
38 | template:
39 | metadata:
40 | labels:
41 | app: httpbin
42 | version: v1
43 | spec:
44 | containers:
45 | - image: docker.io/kennethreitz/httpbin
46 | imagePullPolicy: IfNotPresent
47 | name: httpbin
48 | ports:
49 | - containerPort: 80
50 | serviceAccountName: httpbin
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-oauth-rt-443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.gloo.solo.io/v2
2 | kind: RouteTable
3 | metadata:
4 | labels:
5 | expose: "true"
6 | name: productpage-rt-443
7 | namespace: bookinfo-frontends
8 | spec:
9 | hosts:
10 | - 'bookinfo.glootest.com'
11 | - 'bookinfo-local.glootest.com'
12 | http:
13 | - forwardTo:
14 | destinations:
15 | - port:
16 | number: 9080
17 | ref:
18 | name: productpage
19 | namespace: bookinfo-frontends
20 | labels:
21 | waf: "true"
22 | oauth: "true"
23 | matchers:
24 | - uri:
25 | exact: /productpage
26 | - uri:
27 | prefix: /static
28 | - uri:
29 | exact: /login
30 | - uri:
31 | exact: /logout
32 | - uri:
33 | prefix: /api/v1/products
34 | - uri:
35 | prefix: /callback
36 | name: productpage
37 | virtualGateways:
38 | - cluster: mgmt
39 | name: mgmt-north-south-gw-443
40 | namespace: istio-gateways
41 | workloadSelectors: []
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-not-in-mesh.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: not-in-mesh
5 | namespace: httpbin
6 | ---
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: not-in-mesh
11 | namespace: httpbin
12 | labels:
13 | app: not-in-mesh
14 | service: not-in-mesh
15 | spec:
16 | ports:
17 | - name: http
18 | port: 8000
19 | targetPort: 80
20 | selector:
21 | app: not-in-mesh
22 | ---
23 | apiVersion: apps/v1
24 | kind: Deployment
25 | metadata:
26 | name: not-in-mesh
27 | namespace: httpbin
28 | spec:
29 | replicas: 1
30 | selector:
31 | matchLabels:
32 | app: not-in-mesh
33 | version: v1
34 | template:
35 | metadata:
36 | labels:
37 | app: not-in-mesh
38 | version: v1
39 | spec:
40 | serviceAccountName: not-in-mesh
41 | containers:
42 | - image: docker.io/kennethreitz/httpbin
43 | imagePullPolicy: IfNotPresent
44 | name: not-in-mesh
45 | ports:
46 | - containerPort: 80
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apiproduct.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: APIProduct
3 | metadata:
4 | labels:
5 | app: petstore
6 | name: petstore-product
7 | namespace: default
8 | spec:
9 | displayInfo:
10 | description: Fabulous API product for the Petstore
11 | title: Petstore Product
12 | versions:
13 | - apis:
14 | - apiDoc:
15 | name: petstore-openapi-v1-pets
16 | namespace: default
17 | - apiDoc:
18 | name: petstore-openapi-v1-users
19 | namespace: default
20 | gatewayConfig:
21 | route:
22 | inlineRoute:
23 | backends:
24 | - upstream:
25 | name: default-petstore-v1-8080
26 | namespace: gloo-system
27 | name: v1
28 | - apis:
29 | - apiDoc:
30 | name: petstore-openapi-v2-full
31 | namespace: default
32 | gatewayConfig:
33 | route:
34 | inlineRoute:
35 | backends:
36 | - upstream:
37 | name: default-petstore-v2-8080
38 | namespace: gloo-system
39 | name: v2
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/productpage-deployment.yaml:
--------------------------------------------------------------------------------
1 | ##################################################################################################
2 | # Productpage services
3 | ##################################################################################################
4 | apiVersion: apps/v1
5 | kind: Deployment
6 | metadata:
7 | name: productpage-v1
8 | labels:
9 | app: productpage
10 | version: v1
11 | spec:
12 | replicas: 1
13 | selector:
14 | matchLabels:
15 | app: productpage
16 | version: v1
17 | template:
18 | metadata:
19 | labels:
20 | app: productpage
21 | version: v1
22 | spec:
23 | serviceAccountName: bookinfo-productpage
24 | containers:
25 | - name: productpage
26 | image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2
27 | imagePullPolicy: IfNotPresent
28 | ports:
29 | - containerPort: 9080
30 | volumeMounts:
31 | - name: tmp
32 | mountPath: /tmp
33 | securityContext:
34 | runAsUser: 1000
35 | volumes:
36 | - name: tmp
37 | emptyDir: {}
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.8.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-enterprise-helm
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo-ee
15 | helm:
16 | values: |
17 | create_license_secret: false
18 | license_secret_name: license
19 | gloo-fed:
20 | enabled: true
21 | create_license_secret: false
22 | glooFedApiserver:
23 | enable: false
24 | repoURL: http://storage.googleapis.com/gloo-ee-helm
25 | targetRevision: 1.8.35
26 | syncPolicy:
27 | automated:
28 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 | syncOptions:
31 | - CreateNamespace=true
32 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.9.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-enterprise-helm
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo-ee
15 | helm:
16 | values: |
17 | create_license_secret: false
18 | license_secret_name: license
19 | gloo-fed:
20 | enabled: true
21 | create_license_secret: false
22 | glooFedApiserver:
23 | enable: false
24 | repoURL: http://storage.googleapis.com/gloo-ee-helm
25 | targetRevision: 1.9.24
26 | syncPolicy:
27 | automated:
28 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 | syncOptions:
31 | - CreateNamespace=true
32 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimit-transformationpolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: TransformationPolicy
3 | metadata:
4 | name: ratelimit-transformation
5 | namespace: httpbin
6 | spec:
7 | applyToRoutes:
8 | - route:
9 | labels:
10 | ratelimited: "true"
11 | config:
12 | phase:
13 | preAuthz:
14 | priority: 0
15 | response:
16 | injaTemplate:
17 | #headers:
18 | # ":status":
19 | # text: '{% if header(":status") == "405" %}201{% else if header(":status") == "429" %}529{% else %}{{ header(":status") }}{% endif %}'
20 | #body:
21 | # text: '{% if header(":status") == "429" %}{ "response_code": "529" }{% else if header(":status") == "405" %}{ "response_code": "201" }{% else %}{ "response_code": "201" }{% endif %}'
22 | body:
23 | text: '{% if header(":status") == "429" %}Too
24 | many Requests!
Try again after a minute
{%
25 | else %}{{ body() }}{% endif %}'
26 | parseBodyBehavior: DontParse
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.8.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-enterprise-helm
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo-ee
15 | helm:
16 | values: |
17 | create_license_secret: false
18 | license_secret_name: license
19 | gloo-fed:
20 | enabled: false
21 | create_license_secret: false
22 | glooFedApiserver:
23 | enable: false
24 | repoURL: http://storage.googleapis.com/gloo-ee-helm
25 | targetRevision: 1.8.35
26 | syncPolicy:
27 | automated:
28 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 | syncOptions:
31 | - CreateNamespace=true
32 |
--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.9.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-edge-enterprise-helm
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-system
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo-ee
15 | helm:
16 | values: |
17 | create_license_secret: false
18 | license_secret_name: license
19 | gloo-fed:
20 | enabled: false
21 | create_license_secret: false
22 | glooFedApiserver:
23 | enable: false
24 | repoURL: http://storage.googleapis.com/gloo-ee-helm
25 | targetRevision: 1.9.24
26 | syncPolicy:
27 | automated:
28 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 | syncOptions:
31 | - CreateNamespace=true
32 |
--------------------------------------------------------------------------------
/gloo-portal/deploy/argo/gloo-portal-helm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gloo-portal-helm
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | destination:
10 | namespace: gloo-portal
11 | server: https://kubernetes.default.svc
12 | project: default
13 | source:
14 | chart: gloo-portal
15 | helm:
16 | values: |
17 | glooEdge:
18 | enabled: true
19 | istio:
20 | enabled: false
21 | glooMesh:
22 | enabled: false
23 | licenseKey:
24 | secretRef:
25 | name: license
26 | namespace: gloo-system
27 | key: license-key
28 | repoURL: https://storage.googleapis.com/dev-portal-helm
29 | targetRevision: 1.2.9
30 | syncPolicy:
31 | automated:
32 | prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
33 | selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
34 |
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-jwtpolicy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: security.policy.gloo.solo.io/v2
2 | kind: JWTPolicy
3 | metadata:
4 | name: httpbin
5 | namespace: httpbin
6 | spec:
7 | applyToRoutes:
8 | - route:
9 | labels:
10 | oauth: "true"
11 | config:
12 | phase:
13 | postAuthz:
14 | priority: 1
15 | providers:
16 | okta:
17 | issuer: https://dev-22653158.okta.com/oauth2/default
18 | tokenSource:
19 | headers:
20 | - name: jwt
21 | remote:
22 | # url grabbed from https://dev-22653158.okta.com/oauth2/default/.well-known/oauth-authorization-server
23 | url: "https://dev-22653158.okta.com/oauth2/default/v1/keys/"
24 | destinationRef:
25 | ref:
26 | name: okta-jwks
27 | namespace: httpbin
28 | cluster: mgmt
29 | kind: EXTERNAL_SERVICE
30 | port:
31 | number: 443
32 | enableAsyncFetch: true
33 | claimsToHeaders:
34 | - claim: email
35 | header: X-Email
36 | - claim: groups
37 | header: X-Groups
--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimit-transformationfilter.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
2 | kind: TransformationPolicy
3 | metadata:
4 | name: bookinfo-ratelimit-transformation
5 | namespace: bookinfo-frontends
6 | spec:
7 | applyToRoutes:
8 | - route:
9 | labels:
10 | ratelimited: "true"
11 | config:
12 | phase:
13 | preAuthz:
14 | priority: 0
15 | response:
16 | injaTemplate:
17 | #headers:
18 | # ":status":
19 | # text: '{% if header(":status") == "405" %}201{% else if header(":status") == "429" %}529{% else %}{{ header(":status") }}{% endif %}'
20 | #body:
21 | # text: '{% if header(":status") == "429" %}{ "response_code": "529" }{% else if header(":status") == "405" %}{ "response_code": "201" }{% else %}{ "response_code": "201" }{% endif %}'
22 | body:
23 | text: '{% if header(":status") == "429" %}Too
24 | many Requests!
Try again after a minute
{%
25 | else %}{{ body() }}{% endif %}'
26 | parseBodyBehavior: DontParse
--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-opa-policy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: httpbin-opa
5 | namespace: httpbin
6 | data:
7 | policy.rego: |-
8 | package ehs
9 |
10 | default allow = false
11 |
12 | allow {
13 | [header, payload, signature] = io.jwt.decode(input.state.jwt)
14 | endswith(payload["email"], "@solo.io")
15 | any({input.http_request.path == "/get",
16 | startswith(input.http_request.path, "/anything")
17 | })
18 | any({input.http_request.method == "GET",
19 | input.http_request.method == "POST",
20 | input.http_request.method == "PUT",
21 | input.http_request.method == "DELETE",
22 | })
23 | }
24 | allow {
25 | [header, payload, signature] = io.jwt.decode(input.state.jwt)
26 | endswith(payload["email"], "@gmail.com")
27 | input.http_request.path == "/anything/protected"
28 | any({input.http_request.method == "GET",
29 | input.http_request.method == "POST",
30 | input.http_request.method == "PUT",
31 | input.http_request.method == "DELETE",
32 | })
33 | }
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-dev-environment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: Environment
3 | metadata:
4 | name: dev
5 | namespace: default
6 | spec:
7 | apiProducts:
8 | - basePath: '{%version%}'
9 | labels:
10 | - key: app
11 | operator: In
12 | values:
13 | - petstore
14 | namespaces:
15 | - '*'
16 | usagePlans:
17 | - basic
18 | versions:
19 | names:
20 | - v1
21 | - v2
22 | basePath: /ecommerce
23 | displayInfo:
24 | description: This environment is meant for developers to deploy and test their
25 | APIs.
26 | displayName: Development
27 | domains:
28 | - api-local.glootest.com
29 | gatewayConfig:
30 | disableRoutes: false
31 | tls:
32 | config:
33 | secretRef:
34 | name: upstream-tls
35 | namespace: gloo-system
36 | sniDomains:
37 | - '*'
38 | enabled: true
39 | parameters:
40 | usagePlans:
41 | basic:
42 | authPolicy:
43 | apiKey: {}
44 | displayName: Basic plan with API key auth
45 | rateLimit:
46 | requestsPerUnit: 3
47 | unit: MINUTE
48 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/gateway/hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.gateway.autoscaling.enabled }}
2 | apiVersion: autoscaling/v2beta1
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "gloo-gateway.gateway.fullname" . }}
6 | labels:
7 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
8 | {{- include "gloo-gateway.gateway.labels" . | nindent 4 }}
9 | spec:
10 | scaleTargetRef:
11 | apiVersion: apps/v1
12 | kind: Deployment
13 | name: {{ include "gloo-gateway.gateway.fullname" . }}
14 | minReplicas: {{ .Values.gateway.autoscaling.minReplicas }}
15 | maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }}
16 | metrics:
17 | {{- if .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
18 | - type: Resource
19 | resource:
20 | name: cpu
21 | targetAverageUtilization: {{ .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
22 | {{- end }}
23 | {{- if .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
24 | - type: Resource
25 | resource:
26 | name: memory
27 | targetAverageUtilization: {{ .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
28 | {{- end }}
29 | {{- end }}
30 |
--------------------------------------------------------------------------------
/keycloak/deploy/yaml/keycloak-12.0.4.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | labels:
5 | app: keycloak
6 | name: keycloak
7 | spec:
8 | ports:
9 | - name: http
10 | port: 8080
11 | targetPort: 8080
12 | selector:
13 | app: keycloak
14 | type: ClusterIP
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 | labels:
20 | app: keycloak
21 | name: keycloak
22 | spec:
23 | replicas: 1
24 | selector:
25 | matchLabels:
26 | app: keycloak
27 | template:
28 | metadata:
29 | labels:
30 | app: keycloak
31 | spec:
32 | containers:
33 | - env:
34 | - name: KEYCLOAK_USER
35 | value: admin
36 | - name: KEYCLOAK_PASSWORD
37 | value: admin
38 | - name: PROXY_ADDRESS_FORWARDING
39 | value: "true"
40 | image: quay.io/keycloak/keycloak:12.0.4
41 | name: keycloak
42 | ports:
43 | - containerPort: 8080
44 | name: http
45 | - containerPort: 8443
46 | name: https
47 | readinessProbe:
48 | httpGet:
49 | path: /auth/realms/master
50 | port: 8080
51 | initialDelaySeconds: 10
52 | timeoutSeconds: 10
--------------------------------------------------------------------------------
/keycloak/deploy/yaml/keycloak-15.0.2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | labels:
5 | app: keycloak
6 | name: keycloak
7 | spec:
8 | ports:
9 | - name: http
10 | port: 8080
11 | targetPort: 8080
12 | selector:
13 | app: keycloak
14 | type: ClusterIP
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 | labels:
20 | app: keycloak
21 | name: keycloak
22 | spec:
23 | replicas: 1
24 | selector:
25 | matchLabels:
26 | app: keycloak
27 | template:
28 | metadata:
29 | labels:
30 | app: keycloak
31 | spec:
32 | containers:
33 | - env:
34 | - name: KEYCLOAK_USER
35 | value: admin
36 | - name: KEYCLOAK_PASSWORD
37 | value: admin
38 | - name: PROXY_ADDRESS_FORWARDING
39 | value: "true"
40 | image: quay.io/keycloak/keycloak:15.0.2
41 | name: keycloak
42 | ports:
43 | - containerPort: 8080
44 | name: http
45 | - containerPort: 8443
46 | name: https
47 | readinessProbe:
48 | httpGet:
49 | path: /auth/realms/master
50 | port: 8080
51 | initialDelaySeconds: 10
52 | timeoutSeconds: 10
--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/ecommerce-portal.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: portal.gloo.solo.io/v1beta1
2 | kind: Portal
3 | metadata:
4 | name: ecommerce-portal
5 | namespace: default
6 | spec:
7 | allApisPublicViewable: false
8 | banner:
9 | fetchUrl: https://raw.githubusercontent.com/solo-io/gloo/main/docs/content/img/portal/banner.png
10 | customStyling: {}
11 | description: The Gloo Portal for the Petstore API and much more!
12 | displayName: E-commerce Portal
13 | domains:
14 | - portal-local.glootest.com
15 | favicon:
16 | fetchUrl: https://raw.githubusercontent.com/solo-io/gloo/main/docs/content/img/portal/favicon.png
17 | primaryLogo:
18 | fetchUrl: https://raw.githubusercontent.com/solo-io/gloo/main/docs/content/img/portal/primaryLogo.png
19 | publishedEnvironments:
20 | - name: dev
21 | namespace: default
22 | staticPages:
23 | - content:
24 | configMap:
25 | key: faq
26 | name: default-petstore-portal-faq
27 | namespace: default
28 | description: Frequently Asked Questions
29 | displayOnHomepage: true
30 | name: faq
31 | navigationLinkName: FAQ
32 | path: /faq
33 | tls:
34 | secretRef:
35 | name: upstream-tls
36 | namespace: gloo-system
37 |
--------------------------------------------------------------------------------
/argocd/deploy/install-argocd.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | INSTALL_TYPE=$1 # default/insecure/insecure-rootpath
4 | CONTEXT=$2
5 |
6 | # argo install type
7 | if [[ ${INSTALL_TYPE} == "" ]]
8 | then
9 | INSTALL_TYPE="default"
10 | fi
11 |
12 | echo "Beginning install on context ${CONTEXT}...."
13 |
14 | # create argocd namespace
15 | kubectl --context ${CONTEXT} create namespace argocd
16 |
17 | # deploy argocd
18 | until kubectl --context ${CONTEXT} apply -k ${INSTALL_TYPE}/; do sleep 2; done
19 |
20 | # bcrypt(password)=$2a$10$79yaoOg9dL5MO8pn8hGqtO4xQDejSEVNWAGQR268JHLdrCw6UCYmy
21 | # password: solo.io
22 | kubectl --context ${CONTEXT} -n argocd patch secret argocd-secret \
23 | -p '{"stringData": {
24 | "admin.password": "$2a$10$79yaoOg9dL5MO8pn8hGqtO4xQDejSEVNWAGQR268JHLdrCw6UCYmy",
25 | "admin.passwordMtime": "'$(date +%FT%T%Z)'"
26 | }}'
27 |
28 | # create argo app-of-apps project
29 | kubectl apply --context ${CONTEXT} -f- <
11 | export CONTEXT=
12 | ```
13 |
14 | ## Navigate to the argocd directory
15 | ```
16 | cd argocd/install
17 | ```
18 |
19 | ## install argocd
20 | If you have done the above, just simply run the script to install argocd and optionally set the context.
21 | ```
22 | ./install-argocd.sh
23 | ```
24 |
25 | ### input options
26 | You can provide the inputs below to specify a configuration of argocd
27 | ```
28 | ./install-argocd.sh {SECURITY} {CONTEXT}
29 | ```
30 |
31 | SECURITY options: `default`/`insecure`
32 | - If undefined, the install will use the default install of argocd
33 | - `insecure` option allows us to terminate TLS at the edge, and expose argocd using a VirtualService instead of port-forward commands
34 |
35 | ### access argoCD UI
36 | using port forward, access argocd at localhost:8080 if using the `default` or `insecure` overlay; localhost:8080/argo if using the `insecure-rootpath` overlay
37 | ```
38 | kubectl port-forward svc/argocd-server -n argocd 8080:443
39 | ```
40 |
41 | Username: admin
42 | Password: solo.io
43 |
44 | ## Back to Table of Contents
45 | [Back to Table of Contents](https://github.com/solo-io/gitops-library#table-of-contents---labs)
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/multicluster.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 54ed1cff486dda39
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: multiclusterroles.multicluster.solo.io
12 | spec:
13 | group: multicluster.solo.io
14 | names:
15 | kind: MultiClusterRole
16 | listKind: MultiClusterRoleList
17 | plural: multiclusterroles
18 | singular: multiclusterrole
19 | scope: Namespaced
20 | versions:
21 | - name: v1alpha1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 | annotations:
36 | crd.solo.io/specHash: 5ba37de2460422b
37 | labels:
38 | app: gloo-fed
39 | app.kubernetes.io/name: gloo-fed
40 | name: multiclusterrolebindings.multicluster.solo.io
41 | spec:
42 | group: multicluster.solo.io
43 | names:
44 | kind: MultiClusterRoleBinding
45 | listKind: MultiClusterRoleBindingList
46 | plural: multiclusterrolebindings
47 | singular: multiclusterrolebinding
48 | scope: Namespaced
49 | versions:
50 | - name: v1alpha1
51 | schema:
52 | openAPIV3Schema:
53 | type: object
54 | x-kubernetes-preserve-unknown-fields: true
55 | served: true
56 | storage: true
57 | subresources:
58 | status: {}
59 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.0/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.1/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.2/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.0/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.4/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.5/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.6/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.3.0-beta3/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
1 | # SYNC WITH manifests/charts/base/files
2 | apiVersion: apiextensions.k8s.io/v1
3 | kind: CustomResourceDefinition
4 | metadata:
5 | name: istiooperators.install.istio.io
6 | labels:
7 | release: istio
8 | spec:
9 | conversion:
10 | strategy: None
11 | group: install.istio.io
12 | names:
13 | kind: IstioOperator
14 | listKind: IstioOperatorList
15 | plural: istiooperators
16 | singular: istiooperator
17 | shortNames:
18 | - iop
19 | - io
20 | scope: Namespaced
21 | versions:
22 | - additionalPrinterColumns:
23 | - description: Istio control plane revision
24 | jsonPath: .spec.revision
25 | name: Revision
26 | type: string
27 | - description: IOP current state
28 | jsonPath: .status.status
29 | name: Status
30 | type: string
31 | - description: 'CreationTimestamp is a timestamp representing the server time
32 | when this object was created. It is not guaranteed to be set in happens-before
33 | order across separate operations. Clients may not set this value. It is represented
34 | in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 | lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 | jsonPath: .metadata.creationTimestamp
37 | name: Age
38 | type: date
39 | name: v1alpha1
40 | subresources:
41 | status: {}
42 | schema:
43 | openAPIV3Schema:
44 | type: object
45 | x-kubernetes-preserve-unknown-fields: true
46 | served: true
47 | storage: true
48 | ---
49 |
--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-agent.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: gm-enterprise-agent-mgmt
5 | namespace: argocd
6 | spec:
7 | destination:
8 | server: https://kubernetes.default.svc
9 | namespace: gloo-mesh
10 | source:
11 | repoURL: 'https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-agent'
12 | targetRevision: 2.1.0-beta22
13 | chart: gloo-mesh-agent
14 | helm:
15 | skipCrds: true
16 | #valueFiles:
17 | # - values.yaml
18 | parameters:
19 | - name: cluster
20 | value: 'mgmt'
21 | - name: relay.serverAddress
22 | value: 'gloo-mesh-mgmt-server.gloo-mesh.svc.cluster.local:9900'
23 | - name: relay.authority
24 | value: 'gloo-mesh-mgmt-server.gloo-mesh'
25 | - name: relay.clientTlsSecret.name
26 | value: 'gloo-mesh-agent-mgmt-tls-cert'
27 | - name: relay.clientTlsSecret.namespace
28 | value: 'gloo-mesh'
29 | - name: relay.rootTlsSecret.name
30 | value: 'relay-root-tls-secret'
31 | - name: relay.rootTlsSecret.namespace
32 | value: 'gloo-mesh'
33 | - name: ext-auth-service.enabled
34 | value: 'false'
35 | - name: rate-limiter.enabled
36 | value: 'false'
37 | - name: glooMeshAgent.enabled
38 | value: 'true'
39 | # enabled for future vault integration
40 | - name: istiodSidecar.createRoleBinding
41 | value: 'false'
42 | syncPolicy:
43 | automated:
44 | prune: true
45 | selfHeal: true
46 | syncOptions:
47 | - Replace=true
48 | - ApplyOutOfSyncOnly=true
49 | project: default
50 |
--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/bookinfo-frontends-ns/bookinfo-frontends.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | labels:
5 | account: productpage
6 | name: bookinfo-productpage
7 | namespace: bookinfo-frontends
8 | ---
9 | apiVersion: v1
10 | kind: Service
11 | metadata:
12 | labels:
13 | app: productpage
14 | service: productpage
15 | version: v1
16 | name: productpage
17 | namespace: bookinfo-frontends
18 | spec:
19 | ports:
20 | - name: http
21 | port: 9080
22 | targetPort: 9080
23 | selector:
24 | app: productpage
25 | ---
26 | apiVersion: apps/v1
27 | kind: Deployment
28 | metadata:
29 | labels:
30 | app: productpage
31 | version: v1
32 | name: productpage-v1
33 | namespace: bookinfo-frontends
34 | spec:
35 | replicas: 1
36 | selector:
37 | matchLabels:
38 | app: productpage
39 | version: v1
40 | template:
41 | metadata:
42 | labels:
43 | app: productpage
44 | version: v1
45 | spec:
46 | containers:
47 | - env:
48 | - name: DETAILS_HOSTNAME
49 | value: details.bookinfo-backends.svc.cluster.local
50 | - name: REVIEWS_HOSTNAME
51 | value: reviews.bookinfo-backends.svc.cluster.local
52 | image: us-central1-docker.pkg.dev/solo-test-236622/jmunozro/examples-bookinfo-productpage-v1:1.16.2
53 | imagePullPolicy: IfNotPresent
54 | name: productpage
55 | ports:
56 | - containerPort: 9080
57 | securityContext:
58 | runAsUser: 1000
59 | volumeMounts:
60 | - mountPath: /tmp
61 | name: tmp
62 | serviceAccountName: bookinfo-productpage
63 | volumes:
64 | - emptyDir: {}
65 | name: tmp
--------------------------------------------------------------------------------
/istio/deploy/argo/istio-ingressgateway.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: istio-ingressgateway
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "-1"
10 | spec:
11 | destination:
12 | server: https://kubernetes.default.svc
13 | namespace: istio-gateways
14 | project: default
15 | source:
16 | chart: gateway
17 | repoURL: https://istio-release.storage.googleapis.com/charts
18 | targetRevision: 1.13.4
19 | helm:
20 | values: |
21 | # Name allows overriding the release name. Generally this should not be set
22 | name: ""
23 | # revision declares which revision this gateway is a part of
24 | revision: "1-13"
25 |
26 | replicaCount: 1
27 |
28 | service:
29 | # Type of service. Set to "None" to disable the service entirely
30 | type: LoadBalancer
31 | ports:
32 | - name: http2
33 | port: 80
34 | protocol: TCP
35 | targetPort: 80
36 | - name: https
37 | port: 443
38 | protocol: TCP
39 | targetPort: 443
40 | annotations: {}
41 | loadBalancerIP: ""
42 | loadBalancerSourceRanges: []
43 | externalTrafficPolicy: ""
44 |
45 | # Pod environment variables
46 | env: {}
47 |
48 | annotations:
49 | proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
50 |
51 | # Labels to apply to all resources
52 | labels:
53 | istio.io/rev: 1-13
54 | istio: ingressgateway
55 | syncPolicy:
56 | automated: {}
--------------------------------------------------------------------------------
/istio/deploy/argo/istiod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: istiod
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "-2"
10 | spec:
11 | destination:
12 | server: https://kubernetes.default.svc
13 | namespace: istio-system
14 | project: default
15 | source:
16 | chart: istiod
17 | repoURL: https://istio-release.storage.googleapis.com/charts
18 | targetRevision: 1.13.4
19 | helm:
20 | values: |
21 | revision: 1-13
22 | global:
23 | meshID: mesh1
24 | multiCluster:
25 | clusterName: cluster1
26 | network: network1
27 | hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
28 | tag: 1.13.4-solo
29 | meshConfig:
30 | trustDomain: cluster1
31 | accessLogFile: /dev/stdout
32 | enableAutoMtls: true
33 | defaultConfig:
34 | envoyMetricsService:
35 | address: gloo-mesh-agent.gloo-mesh:9977
36 | envoyAccessLogService:
37 | address: gloo-mesh-agent.gloo-mesh:9977
38 | proxyMetadata:
39 | ISTIO_META_DNS_CAPTURE: "true"
40 | ISTIO_META_DNS_AUTO_ALLOCATE: "true"
41 | GLOO_MESH_CLUSTER_NAME: cluster1
42 | pilot:
43 | env:
44 | PILOT_ENABLE_K8S_SELECT_WORKLOAD_ENTRIES: "false"
45 | PILOT_SKIP_VALIDATE_TRUST_DOMAIN: "true"
46 | syncPolicy:
47 | #automated:
48 | # prune: false
49 | # selfHeal: false
50 | automated: {}
51 | ignoreDifferences:
52 | - group: '*'
53 | kind: '*'
54 | managedFieldsManagers:
55 | - argocd-application-controller
--------------------------------------------------------------------------------
/helloworld/deploy/yaml/rollout.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Rollout
3 | metadata:
4 | name: helloworld
5 | spec:
6 | revisionHistoryLimit: 2
7 | selector:
8 | matchLabels:
9 | app: helloworld
10 | template:
11 | metadata:
12 | labels:
13 | app: helloworld
14 | spec:
15 | containers:
16 | - name: helloworld
17 | image: docker.io/istio/examples-helloworld-v1
18 | imagePullPolicy: IfNotPresent #Always
19 | ports:
20 | - containerPort: 5000
21 | resources:
22 | requests:
23 | cpu: "100m"
24 | strategy:
25 | canary:
26 | # analysis will be performed in background, while rollout is progressing through its steps
27 | analysis:
28 | startingStep: 1 # index of step list, of when to start this analysis
29 | templates:
30 | - templateName: istio-success-rate
31 | args: # arguments allow AnalysisTemplates to be re-used
32 | - name: service
33 | value: helloworld
34 | - name: namespace
35 | valueFrom:
36 | fieldRef:
37 | fieldPath: metadata.namespace
38 | trafficRouting:
39 | istio:
40 | virtualService:
41 | name: helloworld-vsvc
42 | routes:
43 | - primary
44 | destinationRule:
45 | name: rollout-destrule # required
46 | canarySubsetName: canary # required
47 | stableSubsetName: stable # required
48 | steps:
49 | - setWeight: 20
50 | - pause: {duration: 30s}
51 | - setWeight: 40
52 | - pause: {duration: 30s}
53 | - setWeight: 60
54 | - pause: {duration: 30s}
55 | - setWeight: 80
56 | - pause: {duration: 30s}
--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/rollout.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Rollout
3 | metadata:
4 | name: helloworld
5 | spec:
6 | revisionHistoryLimit: 2
7 | selector:
8 | matchLabels:
9 | app: helloworld
10 | template:
11 | metadata:
12 | labels:
13 | app: helloworld
14 | spec:
15 | containers:
16 | - name: helloworld
17 | image: docker.io/istio/examples-helloworld-v1
18 | imagePullPolicy: IfNotPresent #Always
19 | ports:
20 | - containerPort: 5000
21 | resources:
22 | requests:
23 | cpu: "100m"
24 | strategy:
25 | canary:
26 | # analysis will be performed in background, while rollout is progressing through its steps
27 | analysis:
28 | startingStep: 1 # index of step list, of when to start this analysis
29 | templates:
30 | - templateName: istio-success-rate
31 | args: # arguments allow AnalysisTemplates to be re-used
32 | - name: service
33 | value: helloworld
34 | - name: namespace
35 | valueFrom:
36 | fieldRef:
37 | fieldPath: metadata.namespace
38 | trafficRouting:
39 | istio:
40 | virtualService:
41 | name: helloworld-vsvc
42 | routes:
43 | - primary
44 | destinationRule:
45 | name: rollout-destrule # required
46 | canarySubsetName: canary # required
47 | stableSubsetName: stable # required
48 | steps:
49 | - setWeight: 20
50 | - pause: {duration: 30s}
51 | - setWeight: 40
52 | - pause: {duration: 30s}
53 | - setWeight: 60
54 | - pause: {duration: 30s}
55 | - setWeight: 80
56 | - pause: {duration: 30s}
--------------------------------------------------------------------------------
/plow-loadgen/deploy/argo/plow-loadgen-argo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: plow-httpbin
5 | namespace: argocd
6 | spec:
7 | destination:
8 | namespace: httpbin
9 | server: 'https://kubernetes.default.svc'
10 | source:
11 | repoURL: 'https://github.com/solo-io/gitops-library'
12 | path: plow-loadgen/helm
13 | targetRevision: HEAD
14 | helm:
15 | parameters:
16 | - name: plow.url
17 | value: 'https://httpbin.kapoozi.com/anything/unprotected'
18 | - name: plow.host
19 | value: 'httpbin.kapoozi.com'
20 | #- name: plow.additionalHeader
21 | # value: 'user: solo'
22 | - name: plow.concurrency
23 | value: '1'
24 | - name: plow.rate
25 | value: '50'
26 | - name: plow.requests
27 | value: '-1'
28 | - name: plow.duration
29 | value: '0'
30 | - name: plow.interval
31 | value: '60'
32 | - name: plow.method
33 | value: 'GET'
34 | - name: plow.insecure
35 | value: 'true'
36 | - name: deployment.nameSuffix
37 | value: 'httpbin'
38 | - name: deployment.namespace
39 | value: 'plow'
40 | - name: deployment.containerPort
41 | value: '18888'
42 | - name: deployment.replicas
43 | value: '1'
44 | - name: istio.inject
45 | values: 'true'
46 | - name: istio.revisionLabel
47 | values: '1-13'
48 | - name: istio.holdProxy
49 | values: 'true'
50 | - name: istio.exportService
51 | values: 'true'
52 | - name: resources.requests.cpu
53 | value: '20m'
54 | - name: resources.requests.mem
55 | value: '10Mi'
56 | project: default
57 | syncPolicy:
58 | automated:
59 | prune: true
60 | selfHeal: true
--------------------------------------------------------------------------------
/plow-loadgen/deploy/yaml/plow-loadgen.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: plow
5 | ---
6 | apiVersion: v1
7 | kind: ServiceAccount
8 | metadata:
9 | name: plow
10 | namespace: plow
11 | ---
12 | apiVersion: v1
13 | kind: Service
14 | metadata:
15 | name: plow
16 | namespace: plow
17 | labels:
18 | app: plow
19 | service: plow
20 | spec:
21 | ports:
22 | - port: 18888
23 | name: http
24 | selector:
25 | app: plow
26 | ---
27 | apiVersion: apps/v1
28 | kind: Deployment
29 | metadata:
30 | labels:
31 | app: plow
32 | name: plow
33 | namespace: plow
34 | spec:
35 | replicas: 1
36 | selector:
37 | matchLabels:
38 | app: plow
39 | template:
40 | metadata:
41 | labels:
42 | app: plow
43 | istio.io/rev: 1-13
44 | sidecar.istio.io/inject: "true"
45 | annotations:
46 | proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
47 | spec:
48 | containers:
49 | - name: plow
50 | image: ghcr.io/six-ddc/plow
51 | imagePullPolicy: IfNotPresent
52 | resources:
53 | requests:
54 | memory: "10Mi"
55 | cpu: "20m"
56 | ports:
57 | - containerPort: 18888
58 | name: http-plow
59 | args:
60 | - https://httpbin.kapoozi.com/anything/unprotected
61 | env:
62 | - name: PLOW_CONCURRENCY
63 | value: "1"
64 | - name: PLOW_RATE
65 | value: "50"
66 | - name: PLOW_REQUESTS
67 | value: "-1"
68 | - name: PLOW_DURATION
69 | value: "0"
70 | - name: PLOW_INTERVAL
71 | value: "60s"
72 | - name: PLOW_METHOD
73 | value: "GET"
74 | - name: PLOW_INSECURE
75 | value: "TRUE"
76 | #- name: PLOW_HEADER
77 | # value: "user: solo"
78 | #- name: PLOW_HOST
79 | # value: "httpbin.kapoozi.com"
80 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # gitops-library
2 | This Repo is meant to store useful application and config example references for deploying Solo products, example applications, and related config
3 |
4 | ## Table of Contents
5 | - argo-rollouts
6 | - argocd
7 | - bombardier-loadgen
8 | - bookinfo
9 | - cert-manager
10 | - gloo-edge
11 | - gloo-mesh
12 | - gloo-portal
13 | - helloworld
14 | - homer-portal
15 | - httpbin
16 | - istio
17 | - keycloak
18 | - petstore
19 | - solowallet
20 |
21 | ## Repo Structure
22 | Each application example is broken down into two directories: `deploy` for the application deployments and `config-examples` which provide examples for edge, mesh, or portal configuration examples for the respective app. Where possible, deployment options using ArgoCD, Helm, as well as the direct YAML manifests are provided
23 |
24 | ## Getting Started
25 |
26 | ### Prerequisites
27 | - Kubernetes cluster up and authenticated to kubectl
28 |
29 | ## Install ArgoCD
30 | ```
31 | cd argocd/deploy
32 | ./install-argocd.sh
33 | ```
34 |
35 | ### input options
36 | You can provide the inputs below to specify a configuration of argocd
37 | ```
38 | ./install-argocd.sh {SECURITY} {CONTEXT}
39 | ```
40 |
41 | SECURITY options: `default`/`insecure`
42 | - If undefined, the install will use the default install of argocd
43 | - `insecure` option allows us to terminate TLS at the edge, and expose argocd using a VirtualService instead of port-forward commands
44 |
45 | ### access argoCD UI
46 | using port forward, access argocd at localhost:8080 if using the `default` or `insecure` overlay; localhost:8080/argo if using the `insecure-rootpath` overlay
47 | ```
48 | kubectl port-forward svc/argocd-server -n argocd 8080:443
49 | ```
50 |
51 | Username: admin
52 | Password: solo.io
53 |
54 | ### Next Steps
55 | Once ArgoCD is deployed, feel free to navigate around the example deployments and their respective Gloo Edge / Gloo Mesh / Gloo Portal configurations. You can start by deploying the yaml manifests directly, or try the Helm or Argo Application deploy options!
--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-config.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2020 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # [START gke_boa_kubernetes_manifests_config_configmap_environment_config]
16 | apiVersion: v1
17 | kind: ConfigMap
18 | metadata:
19 | name: environment-config
20 | namespace: bank-demo
21 | data:
22 | LOCAL_ROUTING_NUM: "883745000"
23 | PUB_KEY_PATH: "/root/.ssh/publickey"
24 | # [END gke_boa_kubernetes_manifests_config_configmap_environment_config]
25 | ---
26 | # [START gke_boa_kubernetes_manifests_config_configmap_service_api_config]
27 | apiVersion: v1
28 | kind: ConfigMap
29 | metadata:
30 | name: service-api-config
31 | namespace: bank-demo
32 | data:
33 | TRANSACTIONS_API_ADDR: "ledgerwriter.bank-demo:8080"
34 | BALANCES_API_ADDR: "balancereader.bank-demo:8080"
35 | HISTORY_API_ADDR: "transactionhistory.bank-demo:8080"
36 | CONTACTS_API_ADDR: "contacts.bank-demo:8080"
37 | USERSERVICE_API_ADDR: "userservice.bank-demo:8080"
38 | # [END gke_boa_kubernetes_manifests_config_configmap_service_api_config]
39 | ---
40 | # [START gke_boa_kubernetes_manifests_config_configmap_demo_data_config]
41 | apiVersion: v1
42 | kind: ConfigMap
43 | metadata:
44 | name: demo-data-config
45 | namespace: bank-demo
46 | data:
47 | USE_DEMO_DATA: "True"
48 | DEMO_LOGIN_USERNAME: "testuser"
49 | # All demo user accounts are hardcoded to use the login password 'bankofanthos'
50 | DEMO_LOGIN_PASSWORD: "bankofanthos"
51 | # [END gke_boa_kubernetes_manifests_config_configmap_demo_data_config]
--------------------------------------------------------------------------------
/istio/deploy/argo/istio-eastwestgateway.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: istio-eastwestgateway
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | annotations:
9 | argocd.argoproj.io/sync-wave: "0"
10 | spec:
11 | destination:
12 | server: https://kubernetes.default.svc
13 | namespace: istio-gateways
14 | project: default
15 | source:
16 | chart: gateway
17 | repoURL: https://istio-release.storage.googleapis.com/charts
18 | targetRevision: 1.13.4
19 | helm:
20 | values: |
21 | # Name allows overriding the release name. Generally this should not be set
22 | name: "istio-eastwestgateway"
23 | # revision declares which revision this gateway is a part of
24 | revision: "1-13"
25 |
26 | replicaCount: 1
27 |
28 | service:
29 | # Type of service. Set to "None" to disable the service entirely
30 | type: LoadBalancer
31 | ports:
32 | - name: tcp-status-port
33 | port: 15021
34 | targetPort: 15021
35 | - name: tls
36 | port: 15443
37 | targetPort: 15443
38 | - name: tcp-istiod
39 | port: 15012
40 | targetPort: 15012
41 | - name: tcp-webhook
42 | port: 15017
43 | targetPort: 15017
44 | annotations: {}
45 | loadBalancerIP: ""
46 | loadBalancerSourceRanges: []
47 | externalTrafficPolicy: ""
48 |
49 | # Pod environment variables
50 | env:
51 | ISTIO_META_ROUTER_MODE: "sni-dnat"
52 | ISTIO_META_REQUESTED_NETWORK_VIEW: "network1"
53 |
54 | annotations:
55 | proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
56 |
57 | # Labels to apply to all resources
58 | labels:
59 | istio.io/rev: 1-13
60 | istio: eastwestgateway
61 | topology.istio.io/network: network1
62 | syncPolicy:
63 | automated: {}
--------------------------------------------------------------------------------
/istio/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
1 | # Installing with Helm
2 |
3 | ## Istio and Istio Ingress Gateways
4 |
5 | First of all, let's Download the Istio release 1.13.4:
6 | ```bash
7 | export ISTIO_VERSION=1.13.4
8 | curl -L https://istio.io/downloadIstio | sh -
9 | ```
10 |
11 | Then, you need to create the `istio-system` and the `istio-gateways` namespaces on the first cluster.
12 | ```bash
13 | kubectl create ns istio-system
14 | kubectl create ns istio-gateways
15 | ```
16 |
17 | Now, let's deploy the Istio control plane on the first cluster:
18 | ```bash
19 | helm upgrade --install istio-base ./istio-1.13.4/manifests/charts/base -n istio-system --set defaultRevision=1-13
20 |
21 | helm upgrade --install istio-1.13.4 ./istio-1.13.4/manifests/charts/istio-control/istio-discovery -n istio-system --values istiod-values.yaml
22 | ```
23 |
24 | After that, you can deploy the gateway(s):
25 | ```bash
26 | kubectl label namespace istio-gateways istio.io/rev=1-13
27 |
28 | helm upgrade --install istio-ingressgateway ./istio-1.13.4/manifests/charts/gateways/istio-ingress -n istio-gateways --values istio-ingressgateway-values.yaml
29 |
30 | helm upgrade --install istio-eastwestgateway ./istio-1.13.4/manifests/charts/gateways/istio-ingress -n istio-gateways --values istio-eastwestgateway-values.yaml
31 | ```
32 |
33 | As you can see, we deploy the control plane (istiod) in the `istio-system` and gateway(s) in the `istio-gateways` namespace.
34 |
35 | One gateway will be used for ingress traffic while the other one will be used for cross cluster communications. It's not mandatory to use separate gateways, but it's a best practice.
36 |
37 | Run the following command until all the Istio Pods are ready:
38 | ```bash
39 | kubectl get pods -n istio-system && kubectl get pods -n istio-gateways
40 | ```
41 |
42 | When they are ready, you should get this output:
43 | ```
44 | NAME READY STATUS RESTARTS AGE
45 | istiod-5c669bcf6f-2hn6c 1/1 Running 0 3m7s
46 | NAME READY STATUS RESTARTS AGE
47 | istio-eastwestgateway-77f79cdb47-f4r7k 1/1 Running 0 2m53s
48 | istio-ingressgateway-744fcf4fb-5dc7q 1/1 Running 0 2m44s
49 | ```
50 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 3178916e889c4346
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: federatedupstreams.fed.gloo.solo.io
12 | spec:
13 | group: fed.gloo.solo.io
14 | names:
15 | kind: FederatedUpstream
16 | listKind: FederatedUpstreamList
17 | plural: federatedupstreams
18 | singular: federatedupstream
19 | scope: Namespaced
20 | versions:
21 | - name: v1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 | annotations:
36 | crd.solo.io/specHash: 283590c73022e570
37 | labels:
38 | app: gloo-fed
39 | app.kubernetes.io/name: gloo-fed
40 | name: federatedupstreamgroups.fed.gloo.solo.io
41 | spec:
42 | group: fed.gloo.solo.io
43 | names:
44 | kind: FederatedUpstreamGroup
45 | listKind: FederatedUpstreamGroupList
46 | plural: federatedupstreamgroups
47 | singular: federatedupstreamgroup
48 | scope: Namespaced
49 | versions:
50 | - name: v1
51 | schema:
52 | openAPIV3Schema:
53 | type: object
54 | x-kubernetes-preserve-unknown-fields: true
55 | served: true
56 | storage: true
57 | subresources:
58 | status: {}
59 |
60 | ---
61 | apiVersion: apiextensions.k8s.io/v1
62 | kind: CustomResourceDefinition
63 | metadata:
64 | annotations:
65 | crd.solo.io/specHash: 737f24beaf107458
66 | labels:
67 | app: gloo-fed
68 | app.kubernetes.io/name: gloo-fed
69 | name: federatedsettings.fed.gloo.solo.io
70 | spec:
71 | group: fed.gloo.solo.io
72 | names:
73 | kind: FederatedSettings
74 | listKind: FederatedSettingsList
75 | plural: federatedsettings
76 | singular: federatedsettings
77 | scope: Namespaced
78 | versions:
79 | - name: v1
80 | schema:
81 | openAPIV3Schema:
82 | type: object
83 | x-kubernetes-preserve-unknown-fields: true
84 | served: true
85 | storage: true
86 | subresources:
87 | status: {}
88 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
1 | # Code generated by skv2. DO NOT EDIT.
2 |
3 | apiVersion: apiextensions.k8s.io/v1
4 | kind: CustomResourceDefinition
5 | metadata:
6 | annotations:
7 | crd.solo.io/specHash: 3178916e889c4346
8 | labels:
9 | app: gloo-fed
10 | app.kubernetes.io/name: gloo-fed
11 | name: federatedupstreams.fed.gloo.solo.io
12 | spec:
13 | group: fed.gloo.solo.io
14 | names:
15 | kind: FederatedUpstream
16 | listKind: FederatedUpstreamList
17 | plural: federatedupstreams
18 | singular: federatedupstream
19 | scope: Namespaced
20 | versions:
21 | - name: v1
22 | schema:
23 | openAPIV3Schema:
24 | type: object
25 | x-kubernetes-preserve-unknown-fields: true
26 | served: true
27 | storage: true
28 | subresources:
29 | status: {}
30 |
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 | annotations:
36 | crd.solo.io/specHash: 283590c73022e570
37 | labels:
38 | app: gloo-fed
39 | app.kubernetes.io/name: gloo-fed
40 | name: federatedupstreamgroups.fed.gloo.solo.io
41 | spec:
42 | group: fed.gloo.solo.io
43 | names:
44 | kind: FederatedUpstreamGroup
45 | listKind: FederatedUpstreamGroupList
46 | plural: federatedupstreamgroups
47 | singular: federatedupstreamgroup
48 | scope: Namespaced
49 | versions:
50 | - name: v1
51 | schema:
52 | openAPIV3Schema:
53 | type: object
54 | x-kubernetes-preserve-unknown-fields: true
55 | served: true
56 | storage: true
57 | subresources:
58 | status: {}
59 |
60 | ---
61 | apiVersion: apiextensions.k8s.io/v1
62 | kind: CustomResourceDefinition
63 | metadata:
64 | annotations:
65 | crd.solo.io/specHash: 737f24beaf107458
66 | labels:
67 | app: gloo-fed
68 | app.kubernetes.io/name: gloo-fed
69 | name: federatedsettings.fed.gloo.solo.io
70 | spec:
71 | group: fed.gloo.solo.io
72 | names:
73 | kind: FederatedSettings
74 | listKind: FederatedSettingsList
75 | plural: federatedsettings
76 | singular: federatedsettings
77 | scope: Namespaced
78 | versions:
79 | - name: v1
80 | schema:
81 | openAPIV3Schema:
82 | type: object
83 | x-kubernetes-preserve-unknown-fields: true
84 | served: true
85 | storage: true
86 | subresources:
87 | status: {}
88 |
--------------------------------------------------------------------------------
/plow-loadgen/helm/templates/plow.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: plow-{{ .Values.deployment.nameSuffix }}
5 | namespace: {{ .Release.Namespace }}
6 | ---
7 | apiVersion: v1
8 | kind: Service
9 | metadata:
10 | name: plow-{{ .Values.deployment.nameSuffix }}
11 | namespace: {{ .Release.Namespace }}
12 | labels:
13 | app: plow-{{ .Values.deployment.nameSuffix }}
14 | service: plow-{{ .Values.deployment.nameSuffix }}
15 | expose: "{{ .Values.istio.exportService }}"
16 | spec:
17 | ports:
18 | - port: {{ .Values.deployment.containerPort }}
19 | name: plow-http
20 | selector:
21 | app: plow-{{ .Values.deployment.nameSuffix }}
22 | ---
23 | apiVersion: apps/v1
24 | kind: Deployment
25 | metadata:
26 | labels:
27 | app: plow-{{ .Values.deployment.nameSuffix }}
28 | name: plow-{{ .Values.deployment.nameSuffix }}
29 | namespace: {{ .Release.Namespace }}
30 | spec:
31 | replicas: {{ .Values.deployment.replicas }}
32 | selector:
33 | matchLabels:
34 | app: plow-{{ .Values.deployment.nameSuffix }}
35 | template:
36 | metadata:
37 | labels:
38 | app: plow-{{ .Values.deployment.nameSuffix }}
39 | istio.io/rev: {{ .Values.istio.revisionLabel }}
40 | sidecar.istio.io/inject: "{{ .Values.istio.inject }}"
41 | annotations:
42 | proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": {{ .Values.istio.holdProxy }} }'
43 | spec:
44 | serviceAccountName: plow-{{ .Values.deployment.nameSuffix }}
45 | containers:
46 | - name: plow-{{ .Values.deployment.nameSuffix }}
47 | image: ghcr.io/six-ddc/plow
48 | imagePullPolicy: IfNotPresent
49 | resources:
50 | requests:
51 | memory: "{{ .Values.resources.requests.memory }}"
52 | cpu: "{{ .Values.resources.requests.cpu }}"
53 | ports:
54 | - containerPort: {{ .Values.deployment.containerPort }}
55 | name: http-plow
56 | args:
57 | - {{ .Values.plow.url }}
58 | env:
59 | - name: PLOW_CONCURRENCY
60 | value: "{{ .Values.plow.concurrency }}"
61 | - name: PLOW_RATE
62 | value: "{{ .Values.plow.rate }}"
63 | - name: PLOW_REQUESTS
64 | value: "{{ .Values.plow.requests }}"
65 | - name: PLOW_DURATION
66 | value: "{{ .Values.plow.duration }}"
67 | - name: PLOW_INTERVAL
68 | value: "{{ .Values.plow.interval }}"
69 | - name: PLOW_METHOD
70 | value: "{{ .Values.plow.method }}"
71 | - name: PLOW_INSECURE
72 | value: "{{ .Values.plow.insecure }}"
73 | - name: PLOW_HEADER
74 | value: "{{ .Values.plow.additionalHeader }}"
75 | - name: PLOW_HOST
76 | value: "{{ .Values.plow.host }}"
77 |
--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/rbac.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.controlPlane.enabled -}}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}.{{.Release.Namespace}}
6 | labels:
7 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
8 | {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
9 | rules:
10 | - apiGroups:
11 | - "gateway.networking.k8s.io"
12 | resources:
13 | - gatewayclasses
14 | - gateways
15 | - httproutes
16 | - referencegrants
17 | verbs: ["get", "list", "watch"]
18 | - apiGroups:
19 | - ""
20 | resources:
21 | - services
22 | - pods
23 | - endpoints
24 | - secrets
25 | - namespaces
26 | verbs: ["get", "list", "watch"]
27 | - apiGroups:
28 | - "discovery.k8s.io"
29 | resources:
30 | - endpointslices
31 | verbs: ["get", "list", "watch"]
32 | - apiGroups:
33 | - "gateway.networking.k8s.io"
34 | resources:
35 | - gatewayclasses/status
36 | - gateways/status
37 | - httproutes/status
38 | verbs: ["update", "patch"]
39 | ---
40 | apiVersion: rbac.authorization.k8s.io/v1
41 | kind: ClusterRoleBinding
42 | metadata:
43 | labels:
44 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
45 | {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
46 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}.{{.Release.Namespace}}-binding
47 | subjects:
48 | - kind: ServiceAccount
49 | name: {{ include "gloo-gateway.controlPlane.serviceAccountName" . }}
50 | namespace: {{ .Release.Namespace }}
51 | roleRef:
52 | kind: ClusterRole
53 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}.{{.Release.Namespace}}
54 | apiGroup: rbac.authorization.k8s.io
55 | ---
56 | apiVersion: rbac.authorization.k8s.io/v1
57 | kind: ClusterRole
58 | metadata:
59 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}-deploy.{{.Release.Namespace}}
60 | labels:
61 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
62 | {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
63 | rules:
64 | - apiGroups:
65 | - ""
66 | resources:
67 | - services
68 | - serviceaccounts
69 | - configmaps
70 | verbs: ["get", "list", "watch", "patch", "create"]
71 | - apiGroups:
72 | - "apps"
73 | resources:
74 | - deployments
75 | verbs: ["get", "list", "watch", "patch", "create"]
76 | ---
77 | apiVersion: rbac.authorization.k8s.io/v1
78 | kind: ClusterRoleBinding
79 | metadata:
80 | labels:
81 | {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
82 | {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
83 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}-deploy.{{.Release.Namespace}}-binding
84 | subjects:
85 | - kind: ServiceAccount
86 | name: {{ include "gloo-gateway.controlPlane.serviceAccountName" . }}
87 | namespace: {{ .Release.Namespace }}
88 | roleRef:
89 | kind: ClusterRole
90 | name: {{ include "gloo-gateway.controlPlane.fullname" . }}-deploy.{{.Release.Namespace}}
91 | apiGroup: rbac.authorization.k8s.io
92 | {{- end }}
--------------------------------------------------------------------------------
/istio/deploy/addons/jaeger.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: jaeger
5 | namespace: istio-system
6 | labels:
7 | app: jaeger
8 | spec:
9 | selector:
10 | matchLabels:
11 | app: jaeger
12 | template:
13 | metadata:
14 | labels:
15 | app: jaeger
16 | annotations:
17 | sidecar.istio.io/inject: "false"
18 | prometheus.io/scrape: "true"
19 | prometheus.io/port: "14269"
20 | spec:
21 | containers:
22 | - name: jaeger
23 | image: "docker.io/jaegertracing/all-in-one:1.23"
24 | env:
25 | - name: BADGER_EPHEMERAL
26 | value: "false"
27 | - name: SPAN_STORAGE_TYPE
28 | value: "badger"
29 | - name: BADGER_DIRECTORY_VALUE
30 | value: "/badger/data"
31 | - name: BADGER_DIRECTORY_KEY
32 | value: "/badger/key"
33 | - name: COLLECTOR_ZIPKIN_HOST_PORT
34 | value: ":9411"
35 | - name: MEMORY_MAX_TRACES
36 | value: "50000"
37 | - name: QUERY_BASE_PATH
38 | value: /jaeger
39 | livenessProbe:
40 | httpGet:
41 | path: /
42 | port: 14269
43 | readinessProbe:
44 | httpGet:
45 | path: /
46 | port: 14269
47 | volumeMounts:
48 | - name: data
49 | mountPath: /badger
50 | resources:
51 | requests:
52 | cpu: 10m
53 | volumes:
54 | - name: data
55 | emptyDir: {}
56 | ---
57 | apiVersion: v1
58 | kind: Service
59 | metadata:
60 | name: tracing
61 | namespace: istio-system
62 | labels:
63 | app: jaeger
64 | spec:
65 | type: ClusterIP
66 | ports:
67 | - name: http-query
68 | port: 80
69 | protocol: TCP
70 | targetPort: 16686
71 | # Note: Change port name if you add '--query.grpc.tls.enabled=true'
72 | - name: grpc-query
73 | port: 16685
74 | protocol: TCP
75 | targetPort: 16685
76 | selector:
77 | app: jaeger
78 | ---
79 | # Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
80 | apiVersion: v1
81 | kind: Service
82 | metadata:
83 | labels:
84 | name: zipkin
85 | name: zipkin
86 | namespace: istio-system
87 | spec:
88 | ports:
89 | - port: 9411
90 | targetPort: 9411
91 | name: http-query
92 | selector:
93 | app: jaeger
94 | ---
95 | apiVersion: v1
96 | kind: Service
97 | metadata:
98 | name: jaeger-collector
99 | namespace: istio-system
100 | labels:
101 | app: jaeger
102 | spec:
103 | type: ClusterIP
104 | ports:
105 | - name: jaeger-collector-http
106 | port: 14268
107 | targetPort: 14268
108 | protocol: TCP
109 | - name: jaeger-collector-grpc
110 | port: 14250
111 | targetPort: 14250
112 | protocol: TCP
113 | - port: 9411
114 | targetPort: 9411
115 | name: http-zipkin
116 | selector:
117 | app: jaeger
118 |
--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-contacts.yaml:
--------------------------------------------------------------------------------
1 | # Copyright 2019 Google LLC
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # [START gke_boa_kubernetes_manifests_contacts_deployment_contacts]
16 | apiVersion: v1
17 | kind: ServiceAccount
18 | metadata:
19 | labels:
20 | account: contacts
21 | name: contacts
22 | namespace: bank-demo
23 | ---
24 | apiVersion: apps/v1
25 | kind: Deployment
26 | metadata:
27 | name: contacts
28 | namespace: bank-demo
29 | spec:
30 | selector:
31 | matchLabels:
32 | app: contacts
33 | template:
34 | metadata:
35 | labels:
36 | app: contacts
37 | annotations:
38 | proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
39 | spec:
40 | serviceAccountName: contacts
41 | terminationGracePeriodSeconds: 5
42 | containers:
43 | - name: contacts
44 | image: gcr.io/bank-of-anthos-ci/contacts:v0.5.5
45 | volumeMounts:
46 | - name: publickey
47 | mountPath: "/root/.ssh"
48 | readOnly: true
49 | env:
50 | - name: VERSION
51 | value: "v0.5.5"
52 | - name: PORT
53 | value: "8080"
54 | - name: ENABLE_TRACING
55 | value: "false"
56 | # Valid levels are debug, info, warning, error, critical.
57 | # If no valid level is set, will default to info.
58 | - name: LOG_LEVEL
59 | value: "info"
60 | envFrom:
61 | - configMapRef:
62 | name: environment-config
63 | - configMapRef:
64 | name: accounts-db-config
65 | resources:
66 | requests:
67 | cpu: 100m
68 | memory: 64Mi
69 | limits:
70 | cpu: 250m
71 | memory: 128Mi
72 | #readinessProbe:
73 | # httpGet:
74 | # path: /ready
75 | # port: 8080
76 | # initialDelaySeconds: 10
77 | # periodSeconds: 5
78 | # timeoutSeconds: 10
79 | volumes:
80 | - name: publickey
81 | secret:
82 | secretName: jwt-key
83 | items:
84 | - key: jwtRS256.key.pub
85 | path: publickey
86 | # [END gke_boa_kubernetes_manifests_contacts_deployment_contacts]
87 | ---
88 | # [START gke_boa_kubernetes_manifests_contacts_service_contacts]
89 | apiVersion: v1
90 | kind: Service
91 | metadata:
92 | name: contacts
93 | namespace: bank-demo
94 | spec:
95 | type: ClusterIP
96 | selector:
97 | app: contacts
98 | ports:
99 | - name: http
100 | port: 8080
101 | targetPort: 8080
102 | # [END gke_boa_kubernetes_manifests_contacts_service_contacts]
--------------------------------------------------------------------------------