├── .gitattributes
├── .gitignore
├── README.md
├── argo-rollouts
    ├── README.md
    └── deploy
    │   └── yaml
    │       ├── argo-rollouts-1.1.1.yaml
    │       └── argo-rollouts-1.3.1.yaml
├── argocd
    ├── README.md
    ├── config-examples
    │   ├── edge
    │   │   ├── argocd-vs-443.yaml
    │   │   └── argocd-vs-80.yaml
    │   └── gloo-mesh
    │   │   └── 2.0.x
    │   │       ├── argocd-cluster1-rt-80.yaml
    │   │       ├── argocd-cluster2-rt-80.yaml
    │   │       ├── argocd-mgmt-rt-443.yaml
    │   │       └── argocd-mgmt-rt-80.yaml
    └── deploy
    │   ├── default
    │       ├── base
    │       │   └── rollouts-extension.yaml
    │       ├── kustomization.yaml
    │       └── overlays
    │       │   ├── application-controller-status-processors.yaml
    │       │   ├── argocd-cm.yaml
    │       │   └── argocd-cmd-params-cm.yaml
    │   ├── insecure-rootpath-ocp
    │       ├── kustomization.yaml
    │       └── overlays
    │       │   ├── argocd-redis-uid-patch.yaml
    │       │   └── argocd-server-insecure-rootpath.yaml
    │   ├── insecure-rootpath
    │       ├── kustomization.yaml
    │       └── overlays
    │       │   ├── argocd-cmd-params-cm.yaml
    │       │   └── argocd-server-insecure-rootpath.yaml
    │   ├── insecure
    │       ├── kustomization.yaml
    │       └── overlays
    │       │   └── argocd-server-insecure.yaml
    │   └── install-argocd.sh
├── assets
    ├── httpbin-logo-1.jpg
    ├── petstore-logo-1.jpg
    ├── solo-logo-1.jpg
    └── solo-logo-2.jpg
├── bombardier-loadgen
    ├── README.md
    ├── deploy
    │   ├── argo
    │   │   └── bombardier-httpbin-argo.yaml
    │   └── yaml
    │   │   └── bombardier.yaml
    └── helm
    │   ├── Chart.yaml
    │   ├── templates
    │       └── bombardier.yaml
    │   └── values.yaml
├── bookinfo
    ├── config-examples
    │   ├── edge
    │   │   ├── extauth-vs-443.yaml
    │   │   ├── multi-destination-ratelimitconfig-vs-443.yaml
    │   │   ├── multi-destination-vs-443.yaml
    │   │   ├── multi-destination-vs-80.yaml
    │   │   ├── ratelimitbasic-vs-443.yaml
    │   │   ├── single-destination-multi-waf-vs-443.yaml
    │   │   ├── single-destination-single-waf-vs-443.yaml
    │   │   ├── single-destination-vs-443.yaml
    │   │   ├── single-destination-vs-80.yaml
    │   │   └── transformations-ratelimit-vs-443.yaml
    │   ├── gloo-mesh
    │   │   └── 2.0.x
    │   │   │   ├── bookinfo-extauth-policy.yaml
    │   │   │   ├── bookinfo-oauth-rt-443.yaml
    │   │   │   ├── bookinfo-ratelimit-transformationfilter.yaml
    │   │   │   ├── bookinfo-ratelimitclientconfig.yaml
    │   │   │   ├── bookinfo-ratelimitpolicy.yaml
    │   │   │   ├── bookinfo-ratelimitserverconfig.yaml
    │   │   │   ├── bookinfo-ratelimitserversettings.yaml
    │   │   │   ├── bookinfo-rt-80.yaml
    │   │   │   ├── bookinfo-wafpolicy-log4shell.yaml
    │   │   │   ├── bookinfo-workspace.yaml
    │   │   │   └── bookinfo-workspacesettings.yaml
    │   └── istio
    │   │   ├── bookinfo-gateway.yaml
    │   │   └── bookinfo-vs.yaml
    └── deploy
    │   └── yaml
    │       ├── bookinfo-backends-ns
    │           └── bookinfo-backends.yaml
    │       ├── bookinfo-frontends-ns
    │           └── bookinfo-frontends.yaml
    │       ├── istio-rollout
    │           └── bookinfo-rollout.yaml
    │       └── separated-yaml
    │           ├── details-deployment.yaml
    │           ├── details-service.yaml
    │           ├── details-serviceaccount.yaml
    │           ├── productpage-deployment.yaml
    │           ├── productpage-service.yaml
    │           ├── productpage-serviceaccount.yaml
    │           ├── ratings-deployment.yaml
    │           ├── ratings-service.yaml
    │           ├── ratings-serviceaccount.yaml
    │           ├── reviews-service.yaml
    │           ├── reviews-serviceacount.yaml
    │           ├── reviews-v1-deployment.yaml
    │           ├── reviews-v2-deployment.yaml
    │           └── reviews-v3-deployment.yaml
├── cert-manager
    ├── README.md
    ├── crds
    │   └── 1.7
    │   │   └── crds.yaml
    └── deploy
    │   ├── argo
    │       ├── 1.7-cert-manager-crds.yaml
    │       └── cert-manager.yaml
    │   └── helm-values
    │       ├── README.md
    │       └── values.yaml
├── flagger
    └── deploy
    │   ├── argo
    │       ├── flagger-prometheus.yaml
    │       └── flagger.yaml
    │   └── helm-values
    │       └── README.md
├── gloo-edge
    ├── deploy
    │   ├── argo
    │   │   ├── crds
    │   │   │   └── gloo-edge-crds.yaml
    │   │   ├── ee
    │   │   │   ├── 1.10.x
    │   │   │   │   ├── gloo-edge-ee-fed.yaml
    │   │   │   │   └── gloo-edge-ee-nofed.yaml
    │   │   │   ├── 1.11.x
    │   │   │   │   ├── gloo-edge-ee-fed.yaml
    │   │   │   │   └── gloo-edge-ee-nofed.yaml
    │   │   │   ├── 1.12.x
    │   │   │   │   ├── gloo-edge-ee-fed.yaml
    │   │   │   │   └── gloo-edge-ee-nofed.yaml
    │   │   │   ├── 1.8.x
    │   │   │   │   ├── gloo-edge-ee-fed.yaml
    │   │   │   │   └── gloo-edge-ee-nofed.yaml
    │   │   │   └── 1.9.x
    │   │   │   │   ├── gloo-edge-ee-fed.yaml
    │   │   │   │   └── gloo-edge-ee-nofed.yaml
    │   │   └── oss
    │   │   │   ├── 1.10.x
    │   │   │       └── gloo-edge-oss.yaml
    │   │   │   ├── 1.11.x
    │   │   │       └── gloo-edge-oss.yaml
    │   │   │   ├── 1.12.x
    │   │   │       └── gloo-edge-oss.yaml
    │   │   │   ├── 1.8.x
    │   │   │       └── gloo-edge-oss.yaml
    │   │   │   └── 1.9.x
    │   │   │       └── gloo-edge-oss.yaml
    │   └── helm-values
    │   │   ├── README.md
    │   │   ├── values-fed.yaml
    │   │   └── values-nofed.yaml
    ├── gloo-edge-crds
    │   ├── 1.11.50
    │   │   ├── enterprise.gloo.solo.io_v1_AuthConfig.yaml
    │   │   ├── fed.enterprise.gloo.solo.io_v1_crds.yaml
    │   │   ├── fed.gateway.solo.io_v1_crds.yaml
    │   │   ├── fed.gloo.solo.io_v1_crds.yaml
    │   │   ├── fed.ratelimit.solo.io_v1alpha1_crds.yaml
    │   │   ├── fed.solo.io_v1_crds.yaml
    │   │   ├── gateway.solo.io_v1_Gateway.yaml
    │   │   ├── gateway.solo.io_v1_MatchableHttpGateway.yaml
    │   │   ├── gateway.solo.io_v1_RouteOption.yaml
    │   │   ├── gateway.solo.io_v1_RouteTable.yaml
    │   │   ├── gateway.solo.io_v1_VirtualHostOption.yaml
    │   │   ├── gateway.solo.io_v1_VirtualService.yaml
    │   │   ├── gloo.solo.io_v1_Proxy.yaml
    │   │   ├── gloo.solo.io_v1_Settings.yaml
    │   │   ├── gloo.solo.io_v1_Upstream.yaml
    │   │   ├── gloo.solo.io_v1_UpstreamGroup.yaml
    │   │   ├── graphql.gloo.solo.io_v1beta1_GraphQLApi.yaml
    │   │   ├── multicluster.solo.io_v1alpha1_crds.yaml
    │   │   ├── multicluster.solo.io_v1alpha1_imported_crds.yaml
    │   │   └── ratelimit_config.yaml
    │   └── 1.12.44
    │   │   ├── enterprise.gloo.solo.io_v1_AuthConfig.yaml
    │   │   ├── fed.enterprise.gloo.solo.io_v1_crds.yaml
    │   │   ├── fed.gateway.solo.io_v1_crds.yaml
    │   │   ├── fed.gloo.solo.io_v1_crds.yaml
    │   │   ├── fed.ratelimit.solo.io_v1alpha1_crds.yaml
    │   │   ├── fed.solo.io_v1_crds.yaml
    │   │   ├── gateway.solo.io_v1_Gateway.yaml
    │   │   ├── gateway.solo.io_v1_MatchableHttpGateway.yaml
    │   │   ├── gateway.solo.io_v1_RouteOption.yaml
    │   │   ├── gateway.solo.io_v1_RouteTable.yaml
    │   │   ├── gateway.solo.io_v1_VirtualHostOption.yaml
    │   │   ├── gateway.solo.io_v1_VirtualService.yaml
    │   │   ├── gloo.solo.io_v1_Proxy.yaml
    │   │   ├── gloo.solo.io_v1_Settings.yaml
    │   │   ├── gloo.solo.io_v1_Upstream.yaml
    │   │   ├── gloo.solo.io_v1_UpstreamGroup.yaml
    │   │   ├── graphql.gloo.solo.io_v1beta1_GraphQLApi.yaml
    │   │   ├── multicluster.solo.io_v1alpha1_crds.yaml
    │   │   ├── multicluster.solo.io_v1alpha1_imported_crds.yaml
    │   │   └── ratelimit_config.yaml
    └── gloo-gateway-v2
    │   └── 2.0.0-beta1
    │       ├── .helmignore
    │       ├── Chart.yaml
    │       ├── templates
    │           ├── NOTES.txt
    │           ├── _helpers.tpl
    │           ├── deployment.yaml
    │           ├── gateway
    │           │   ├── hpa.yaml
    │           │   └── proxy-deployment.yaml
    │           ├── gatewayclass.yaml
    │           ├── rbac.yaml
    │           ├── service.yaml
    │           └── serviceaccount.yaml
    │       ├── values.schema.json
    │       └── values.yaml
├── gloo-mesh
    ├── deploy
    │   ├── argo
    │   │   ├── gloo-mesh-addons.yaml
    │   │   ├── gloo-mesh-agent.yaml
    │   │   ├── gloo-mesh-crds.yaml
    │   │   └── gloo-mesh-ee-helm-disableca.yaml
    │   └── helm-values
    │   │   ├── README.md
    │   │   └── values.yaml
    └── gloo-mesh-crds
    │   ├── 2.1.0
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   ├── 2.1.1
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   ├── 2.1.2
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   ├── 2.2.0
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── admin.gloo.solo.io_v2alpha1_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   ├── 2.2.4
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── admin.gloo.solo.io_v2alpha1_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   ├── 2.2.5
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── admin.gloo.solo.io_v2alpha1_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   ├── 2.2.6
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── admin.gloo.solo.io_v2alpha1_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
    │   └── 2.3.0-beta3
    │       ├── admin.gloo.solo.io_v2_crds.yaml
    │       ├── admin.gloo.solo.io_v2alpha1_crds.yaml
    │       ├── apimanagement.gloo.solo.io_v2_crds.yaml
    │       ├── auth_config.yaml
    │       ├── extensions.policy.gloo.solo.io_v2_crds.yaml
    │       ├── install.istio.io_v1alpha1_crds.yaml
    │       ├── internal.gloo.solo.io_v2_crds.yaml
    │       ├── networking.gloo.solo.io_v2_crds.yaml
    │       ├── observability.policy.gloo.solo.io_v2_crds.yaml
    │       ├── ratelimit.solo.io_v1alpha1_crds.yaml
    │       ├── resilience.policy.gloo.solo.io_v2_crds.yaml
    │       ├── security.policy.gloo.solo.io_v2_crds.yaml
    │       └── trafficcontrol.policy.gloo.solo.io_v2_crds.yaml
├── gloo-portal
    └── deploy
    │   ├── argo
    │       └── gloo-portal-helm.yaml
    │   └── helm-values
    │       ├── README.md
    │       └── values.yaml
├── helloworld
    ├── README.md
    ├── argo
    │   └── app
    │   │   └── argo-rollout
    │   │       └── namespace
    │   │           └── default
    │   │               └── helloworld-rollout.yaml
    ├── base
    │   └── argo-rollout
    │   │   ├── analysis.yaml
    │   │   ├── gateway.yaml
    │   │   ├── kustomization.yaml
    │   │   ├── rollout.yaml
    │   │   └── service.yaml
    ├── deploy
    │   └── yaml
    │   │   ├── analysis.yaml
    │   │   ├── gateway.yaml
    │   │   ├── kustomization.yaml
    │   │   ├── rollout.yaml
    │   │   └── service.yaml
    └── overlay
    │   └── app
    │       └── argo-rollout
    │           └── namespace
    │               └── default
    │                   └── kustomization.yaml
├── homer-portal
    ├── config-examples
    │   └── gloo-mesh
    │   │   └── 2.0.x
    │   │       └── homer-rt-443.yaml
    └── deploy
    │   ├── argo
    │       └── homer-portal.yaml
    │   └── helm-values
    │       ├── README.md
    │       └── values.yaml
├── httpbin
    ├── config-examples
    │   ├── edge
    │   │   ├── extauth-ratelimit-waf-transformations-vs-443.yaml
    │   │   ├── httpbin-vs-443.yaml
    │   │   └── httpbin-vs-80.yaml
    │   └── gloo-mesh
    │   │   └── 2.0.x
    │   │       ├── httpbin-extauth-policy.yaml
    │   │       ├── httpbin-in-mesh.yaml
    │   │       ├── httpbin-jwt-transformationpolicy.yaml
    │   │       ├── httpbin-jwtpolicy.yaml
    │   │       ├── httpbin-not-in-mesh.yaml
    │   │       ├── httpbin-ns.yaml
    │   │       ├── httpbin-oauth-rt-443.yaml
    │   │       ├── httpbin-oidc-client-secret.yaml
    │   │       ├── httpbin-okta-jwks-externalendpoint.yaml
    │   │       ├── httpbin-okta-jwks-externalservice.yaml
    │   │       ├── httpbin-opa-policy.yaml
    │   │       ├── httpbin-ratelimit-transformationpolicy.yaml
    │   │       ├── httpbin-ratelimitclientconfig.yaml
    │   │       ├── httpbin-ratelimitpolicy.yaml
    │   │       ├── httpbin-ratelimitserverconfig.yaml
    │   │       ├── httpbin-ratelimitserversettings.yaml
    │   │       ├── httpbin-rt-80.yaml
    │   │       ├── httpbin-wafpolicy-log4shell.yaml
    │   │       ├── httpbin-workspace.yaml
    │   │       └── httpbin-workspacesettings.yaml
    ├── deploy
    │   └── yaml
    │   │   └── httpbin.yaml
    └── openapi-specs
    │   └── httpbin-swagger-v1.json
├── istio
    ├── dashboards
    │   ├── istio-extension-dashboard.json
    │   ├── istio-mesh-dashboard.json
    │   ├── istio-performance-dashboard.json
    │   ├── istio-service-dashboard.json
    │   ├── istio-workload-dashboard.json
    │   ├── kustomization.yaml
    │   └── pilot-dashboard.json
    └── deploy
    │   ├── addons
    │       ├── grafana.yaml
    │       ├── jaeger.yaml
    │       ├── kiali.yaml
    │       ├── kustomization.yaml
    │       └── prometheus.yaml
    │   ├── argo
    │       ├── istio-base.yaml
    │       ├── istio-eastwestgateway.yaml
    │       ├── istio-ingressgateway.yaml
    │       └── istiod.yaml
    │   └── helm-values
    │       ├── README.md
    │       ├── istio-eastwestgateway-values.yaml
    │       ├── istio-ingressgateway-values.yaml
    │       └── istiod-values.yaml
├── keycloak
    ├── config-examples
    │   └── edge
    │   │   ├── keycloak-vs-443.yaml
    │   │   └── keycloak-vs-80.yaml
    └── deploy
    │   └── yaml
    │       ├── keycloak-12.0.4.yaml
    │       └── keycloak-15.0.2.yaml
├── petstore
    ├── deploy
    │   └── yaml
    │   │   ├── petstore-portal
    │   │       ├── developer1-password.yaml
    │   │       ├── developer1-user.yaml
    │   │       ├── developers-group.yaml
    │   │       ├── ecommerce-portal.yaml
    │   │       ├── kustomization.yaml
    │   │       ├── petstore-apidoc-v1-pets.yaml
    │   │       ├── petstore-apidoc-v1-users.yaml
    │   │       ├── petstore-apidoc-v2-full.yaml
    │   │       ├── petstore-apiproduct.yaml
    │   │       ├── petstore-dev-environment.yaml
    │   │       ├── petstore-v1.yaml
    │   │       ├── petstore-v2.yaml
    │   │       └── staticpage-faq.yaml
    │   │   ├── petstore-swaggerapi.yaml
    │   │   └── petstore.yaml
    └── openapi-specs
    │   ├── petstore-openapi-v1-pets.json
    │   ├── petstore-openapi-v1-users.json
    │   └── petstore-openapi-v2-full.json
├── plow-loadgen
    ├── README.md
    ├── deploy
    │   ├── argo
    │   │   └── plow-loadgen-argo.yaml
    │   └── yaml
    │   │   └── plow-loadgen.yaml
    └── helm
    │   ├── Chart.yaml
    │   ├── index.yaml
    │   ├── templates
    │       └── plow.yaml
    │   └── values.yaml
└── solowallet
    ├── config-examples
        └── gloo-mesh
        │   └── 2.0.x
        │       └── bank-demo-rt-443.yaml
    └── deploy
        └── yaml
            ├── bank-accounts-db.yaml
            ├── bank-balance-reader.yaml
            ├── bank-config.yaml
            ├── bank-contacts.yaml
            ├── bank-demo-ns.yaml
            ├── bank-demo-workspace.yaml
            ├── bank-demo-workspacesettings.yaml
            ├── bank-frontend.yaml
            ├── bank-ledger-db.yaml
            ├── bank-ledger-writer.yaml
            ├── bank-transaction-history.yaml
            ├── bank-userservice.yaml
            └── kustomization.yaml


/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /template


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # gitops-library
 2 | This Repo is meant to store useful application and config example references for deploying Solo products, example applications, and related config
 3 | 
 4 | ## Table of Contents
 5 | - argo-rollouts
 6 | - argocd
 7 | - bombardier-loadgen
 8 | - bookinfo
 9 | - cert-manager
10 | - gloo-edge
11 | - gloo-mesh
12 | - gloo-portal
13 | - helloworld
14 | - homer-portal
15 | - httpbin
16 | - istio
17 | - keycloak
18 | - petstore
19 | - solowallet
20 | 
21 | ## Repo Structure
22 | Each application example is broken down into two directories: `deploy` for the application deployments and `config-examples` which provide examples for edge, mesh, or portal configuration examples for the respective app. Where possible, deployment options using ArgoCD, Helm, as well as the direct YAML manifests are provided
23 | 
24 | ## Getting Started
25 | 
26 | ### Prerequisites
27 | - Kubernetes cluster up and authenticated to kubectl
28 | 
29 | ## Install ArgoCD
30 | ```
31 | cd argocd/deploy
32 | ./install-argocd.sh
33 | ```
34 | 
35 | ### input options
36 | You can provide the inputs below to specify a configuration of argocd
37 | ```
38 | ./install-argocd.sh {SECURITY} {CONTEXT}
39 | ```
40 | 
41 | SECURITY options: `default`/`insecure`
42 | - If undefined, the install will use the default install of argocd
43 | - `insecure` option allows us to terminate TLS at the edge, and expose argocd using a VirtualService instead of port-forward commands
44 | 
45 | ### access argoCD UI
46 | using port forward, access argocd at localhost:8080 if using the `default` or `insecure` overlay; localhost:8080/argo if using the `insecure-rootpath` overlay
47 | ```
48 | kubectl port-forward svc/argocd-server -n argocd 8080:443
49 | ```
50 | 
51 | Username: admin
52 | Password: solo.io
53 | 
54 | ### Next Steps
55 | Once ArgoCD is deployed, feel free to navigate around the example deployments and their respective Gloo Edge / Gloo Mesh / Gloo Portal configurations. You can start by deploying the yaml manifests directly, or try the Helm or Argo Application deploy options!


--------------------------------------------------------------------------------
/argo-rollouts/README.md:
--------------------------------------------------------------------------------
 1 | # argo rollouts
 2 | 
 3 | deploy argo rollouts to your cluster
 4 | ```
 5 | kubectl apply -f argo/argo-rollout-1.1.1.yaml
 6 | ```
 7 | 
 8 | Check to see if argo rollouts is deployed:
 9 | ```
10 | kubectl get pods -n argo-rollouts
11 | NAME                            READY   STATUS    RESTARTS   AGE
12 | argo-rollouts-6bc46bcfd-47plj   1/1     Running   0          125m
13 | ```


--------------------------------------------------------------------------------
/argocd/README.md:
--------------------------------------------------------------------------------
 1 | # Prerequisites
 2 | - Kubernetes clusters up and authenticated to kubectl
 3 | 
 4 | ## kubectl contexts
 5 | If you are using single cluster installation, then the script will use the default context so you can ignore this section.
 6 | 
 7 | Since we will potentially be using multiple clusters/contexts, it is useful to rename your contexts for a better experience
 8 | ```
 9 | kubectl config get-contexts
10 | kubectl config rename-contexts <current_name> <new_name>
11 | export CONTEXT=<new_name>
12 | ```
13 | 
14 | ## Navigate to the argocd directory
15 | ```
16 | cd argocd/install
17 | ```
18 | 
19 | ## install argocd
20 | If you have done the above, just simply run the script to install argocd and optionally set the context.
21 | ```
22 | ./install-argocd.sh
23 | ```
24 | 
25 | ### input options
26 | You can provide the inputs below to specify a configuration of argocd
27 | ```
28 | ./install-argocd.sh {SECURITY} {CONTEXT}
29 | ```
30 | 
31 | SECURITY options: `default`/`insecure`
32 | - If undefined, the install will use the default install of argocd
33 | - `insecure` option allows us to terminate TLS at the edge, and expose argocd using a VirtualService instead of port-forward commands
34 | 
35 | ### access argoCD UI
36 | using port forward, access argocd at localhost:8080 if using the `default` or `insecure` overlay; localhost:8080/argo if using the `insecure-rootpath` overlay
37 | ```
38 | kubectl port-forward svc/argocd-server -n argocd 8080:443
39 | ```
40 | 
41 | Username: admin
42 | Password: solo.io
43 | 
44 | ## Back to Table of Contents
45 | [Back to Table of Contents](https://github.com/solo-io/gitops-library#table-of-contents---labs)


--------------------------------------------------------------------------------
/argocd/config-examples/edge/argocd-vs-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: argo-http-vs
 5 |   namespace: gloo-system
 6 | spec:
 7 |   sslConfig:
 8 |     secretRef:
 9 |       name: upstream-tls
10 |       namespace: gloo-system
11 |   virtualHost:
12 |     domains:
13 |     - '*'
14 |     routes:
15 |     - matchers:
16 |       - prefix: /argo
17 |       options:
18 |         prefixRewrite: /argo
19 |       routeAction:
20 |         single:
21 |           upstream:
22 |             name: argocd-argocd-server-443
23 |             namespace: gloo-system


--------------------------------------------------------------------------------
/argocd/config-examples/edge/argocd-vs-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: argo-vs-80
 5 |   namespace: gloo-system
 6 | spec:
 7 |   virtualHost:
 8 |     domains:
 9 |     - '*'
10 |     routes:
11 |     - matchers:
12 |       - prefix: /argo
13 |       options:
14 |         prefixRewrite: /argo
15 |       routeAction:
16 |         single:
17 |           upstream:
18 |             name: argocd-argocd-server-80
19 |             namespace: gloo-system


--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-cluster1-rt-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: cluster1-argo-rt-80
 7 |   namespace: argocd
 8 | spec:
 9 |   hosts:
10 |   - '*'
11 |   http:
12 |   - forwardTo:
13 |       destinations:
14 |       - port:
15 |           number: 80
16 |         ref:
17 |           cluster: cluster1
18 |           name: argocd-server
19 |           namespace: argocd
20 |     labels:
21 |       waf: "true"
22 |     name: argocd
23 |   virtualGateways:
24 |   - cluster: cluster1
25 |     name: cluster1-north-south-gw-80
26 |     namespace: istio-gateways
27 |   workloadSelectors: []


--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-cluster2-rt-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: cluster2-argo-rt-80
 7 |   namespace: argocd
 8 | spec:
 9 |   hosts:
10 |   - '*'
11 |   http:
12 |   - forwardTo:
13 |       destinations:
14 |       - port:
15 |           number: 80
16 |         ref:
17 |           cluster: cluster2
18 |           name: argocd-server
19 |           namespace: argocd
20 |     labels:
21 |       waf: "true"
22 |     name: argocd
23 |   virtualGateways:
24 |   - cluster: cluster2
25 |     name: cluster2-north-south-gw-80
26 |     namespace: istio-gateways
27 |   workloadSelectors: []


--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-mgmt-rt-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: mgmt-argo-rt-443
 7 |   namespace: argocd
 8 | spec:
 9 |   hosts:
10 |   - '*'
11 |   http:
12 |   - forwardTo:
13 |       destinations:
14 |       - port:
15 |           number: 443
16 |         ref:
17 |           cluster: mgmt
18 |           name: argocd-server
19 |           namespace: argocd
20 |     name: argocd
21 |   virtualGateways:
22 |   - cluster: mgmt
23 |     name: mgmt-north-south-gw-443
24 |     namespace: istio-gateways
25 |   workloadSelectors: []


--------------------------------------------------------------------------------
/argocd/config-examples/gloo-mesh/2.0.x/argocd-mgmt-rt-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: mgmt-argo-rt-80
 7 |   namespace: argocd
 8 | spec:
 9 |   hosts:
10 |   - '*'
11 |   http:
12 |   - forwardTo:
13 |       destinations:
14 |       - port:
15 |           number: 80
16 |         ref:
17 |           cluster: mgmt
18 |           name: argocd-server
19 |           namespace: argocd
20 |     labels:
21 |       waf: "true"
22 |     name: argocd
23 |   virtualGateways:
24 |   - cluster: mgmt
25 |     name: mgmt-north-south-gw-80
26 |     namespace: istio-gateways
27 |   workloadSelectors: []


--------------------------------------------------------------------------------
/argocd/deploy/default/base/rollouts-extension.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: ArgoCDExtension
 3 | metadata:
 4 |   finalizers:
 5 |   - extensions-finalizer.argocd.argoproj.io
 6 |   name: argo-rollouts
 7 | spec:
 8 |   sources:
 9 |   - web:
10 |       url: https://github.com/argoproj-labs/rollout-extension/releases/download/v0.3.1/extension.tar


--------------------------------------------------------------------------------
/argocd/deploy/default/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | 
 4 | resources:
 5 | - https://raw.githubusercontent.com/argoproj/argo-cd/release-2.8/manifests/install.yaml
 6 | - base/rollouts-extension.yaml
 7 | 
 8 | components:
 9 | - github.com/argoproj-labs/argocd-extensions/manifests/?ref=main
10 | 
11 | namespace: argocd
12 |   
13 | images:
14 | - name: quay.io/argoproj/argocd
15 |   newTag: v2.8.0
16 |   digest: sha256:a7bfe2a512a33c42d85786b52a8c1b0b2d721630505706b201b8963ec57ac6b3
17 | 
18 | #patchesJson6902:
19 | #- path: overlays/application-controller-status-processors.yaml
20 | #  target:
21 | #    group: apps
22 | #    kind: StatefulSet
23 | #    name: argocd-application-controller
24 | #    version: v1
25 | 
26 | patchesStrategicMerge:
27 | - overlays/argocd-cm.yaml
28 | - overlays/argocd-cmd-params-cm.yaml
29 | 


--------------------------------------------------------------------------------
/argocd/deploy/default/overlays/application-controller-status-processors.yaml:
--------------------------------------------------------------------------------
1 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --status-processors}
2 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: "60"}
3 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --operation-processors}
4 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: "60"}
5 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --repo-server-timeout-seconds}
6 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: "360"}
7 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --app-resync}
8 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: "30"}


--------------------------------------------------------------------------------
/argocd/deploy/default/overlays/argocd-cm.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: ConfigMap
 4 | metadata:
 5 |   name: argocd-cm
 6 |   labels:
 7 |     app.kubernetes.io/name: argocd-cm
 8 |     app.kubernetes.io/part-of: argocd
 9 | data:
10 |   
11 |   
12 |   
13 |   # Set app resync to a shorter value (default 180s)
14 |   timeout.reconciliation: 60s
15 | 
16 |   resource.customizations: |
17 |     argoproj.io/Application:
18 |       health.lua: |
19 |         hs = {}
20 |         hs.status = "Progressing"
21 |         hs.message = ""
22 |         if obj.status ~= nil then
23 |           if obj.status.health ~= nil then
24 |             hs.status = obj.status.health.status
25 |             if obj.status.health.message ~= nil then
26 |               hs.message = obj.status.health.message
27 |             end
28 |           end
29 |         end
30 |         return hs
31 |   resource.exclusions: |
32 |     - apiGroups:
33 |       - cilium.io
34 |       kinds:
35 |       - CiliumIdentity
36 |       clusters:
37 |       - "*"


--------------------------------------------------------------------------------
/argocd/deploy/default/overlays/argocd-cmd-params-cm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   labels:
 5 |     app.kubernetes.io/name: argocd-cmd-params-cm
 6 |     app.kubernetes.io/part-of: argocd
 7 |   name: argocd-cmd-params-cm
 8 | data:
 9 |   # Number of application status processors (default 20)
10 |   controller.status.processors: "60"
11 |   # Number of application operation processors (default 10)
12 |   controller.operation.processors: "60"
13 |   # Repo server RPC call timeout seconds.
14 |   controller.repo.server.timeout.seconds: "360"


--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath-ocp/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | 
 4 | resources:
 5 | - ../default
 6 | 
 7 | namespace: argocd
 8 | 
 9 | patchesJson6902:
10 | - path: overlays/argocd-server-insecure-rootpath.yaml
11 |   target:
12 |     group: apps
13 |     kind: Deployment
14 |     name: argocd-server
15 |     version: v1
16 | - path: overlays/argocd-redis-uid-patch.yaml
17 |   target:
18 |     group: apps
19 |     kind: Deployment
20 |     name: argocd-redis
21 |     version: v1


--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath-ocp/overlays/argocd-redis-uid-patch.yaml:
--------------------------------------------------------------------------------
1 | # removes default runAsUser: 999
2 | - {op: remove,  path: /spec/template/spec/securityContext/runAsUser}
3 | 
4 | # replace default runAsUser: 999 with UID within OpenShift restricted SCC range
5 | #- {op: replace,  path: /spec/template/spec/securityContext/runAsUser, value: 1000670000}


--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath-ocp/overlays/argocd-server-insecure-rootpath.yaml:
--------------------------------------------------------------------------------
1 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --insecure}
2 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --basehref}
3 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: /argo}
4 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --rootpath}
5 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: /argo}
6 | 


--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | 
 4 | resources:
 5 | - ../default
 6 | 
 7 | namespace: argocd
 8 | 
 9 | patchesStrategicMerge:
10 | - overlays/argocd-cmd-params-cm.yaml
11 | 
12 | #patchesJson6902:
13 | #- path: overlays/argocd-server-insecure-rootpath.yaml
14 | #  target:
15 | #    group: apps
16 | #    kind: Deployment
17 | #    name: argocd-server
18 | #    version: v1


--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath/overlays/argocd-cmd-params-cm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   labels:
 5 |     app.kubernetes.io/name: argocd-cmd-params-cm
 6 |     app.kubernetes.io/part-of: argocd
 7 |   name: argocd-cmd-params-cm
 8 | data:
 9 |   # Number of application status processors (default 20)
10 |   controller.status.processors: "60"
11 |   # Number of application operation processors (default 10)
12 |   controller.operation.processors: "60"
13 |   # Repo server RPC call timeout seconds.
14 |   controller.repo.server.timeout.seconds: "360"
15 |   # Run server without TLS
16 |   server.insecure: "true"
17 |   # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
18 |   server.basehref: "/argo"
19 |   # Used if Argo CD is running behind reverse proxy under subpath different from /
20 |   server.rootpath: "/argo"


--------------------------------------------------------------------------------
/argocd/deploy/insecure-rootpath/overlays/argocd-server-insecure-rootpath.yaml:
--------------------------------------------------------------------------------
1 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --insecure}
2 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --basehref}
3 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: /argo}
4 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --rootpath}
5 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: /argo}
6 | 


--------------------------------------------------------------------------------
/argocd/deploy/insecure/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | 
 4 | resources:
 5 | - ../default
 6 | 
 7 | namespace: argocd
 8 | 
 9 | patchesJson6902:
10 | - path: overlays/argocd-server-insecure.yaml
11 |   target:
12 |     group: apps
13 |     kind: Deployment
14 |     name: argocd-server
15 |     version: v1
16 | 


--------------------------------------------------------------------------------
/argocd/deploy/insecure/overlays/argocd-server-insecure.yaml:
--------------------------------------------------------------------------------
1 | - {op: add,  path: /spec/template/spec/containers/0/command/-, value: --insecure}


--------------------------------------------------------------------------------
/argocd/deploy/install-argocd.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | INSTALL_TYPE=$1 # default/insecure/insecure-rootpath
 4 | CONTEXT=$2
 5 | 
 6 | # argo install type
 7 | if [[ ${INSTALL_TYPE} == "" ]]
 8 |   then
 9 |     INSTALL_TYPE="default"
10 | fi
11 |   
12 | echo "Beginning install on context ${CONTEXT}...."
13 | 
14 | # create argocd namespace
15 | kubectl --context ${CONTEXT} create namespace argocd
16 | 
17 | # deploy argocd
18 | until kubectl --context ${CONTEXT} apply -k ${INSTALL_TYPE}/; do sleep 2; done
19 | 
20 | # bcrypt(password)=$2a$10$79yaoOg9dL5MO8pn8hGqtO4xQDejSEVNWAGQR268JHLdrCw6UCYmy
21 | # password: solo.io
22 | kubectl --context ${CONTEXT} -n argocd patch secret argocd-secret \
23 |   -p '{"stringData": {
24 |     "admin.password": "$2a$10$79yaoOg9dL5MO8pn8hGqtO4xQDejSEVNWAGQR268JHLdrCw6UCYmy",
25 |     "admin.passwordMtime": "'$(date +%FT%T%Z)'"
26 |   }}'
27 | 
28 | # create argo app-of-apps project
29 | kubectl apply --context ${CONTEXT} -f- <<EOF
30 | apiVersion: argoproj.io/v1alpha1
31 | kind: AppProject
32 | metadata:
33 |   name: app-of-apps
34 |   namespace: argocd
35 | spec:
36 |   clusterResourceWhitelist:
37 |   - group: '*'
38 |     kind: '*'
39 |   destinations:
40 |   - namespace: '*'
41 |     server: '*'
42 |   sourceRepos:
43 |   - '*'
44 | EOF


--------------------------------------------------------------------------------
/assets/httpbin-logo-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/f77a213ef53d0abe7c63f82da7f92df3fc817c85/assets/httpbin-logo-1.jpg


--------------------------------------------------------------------------------
/assets/petstore-logo-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/f77a213ef53d0abe7c63f82da7f92df3fc817c85/assets/petstore-logo-1.jpg


--------------------------------------------------------------------------------
/assets/solo-logo-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/f77a213ef53d0abe7c63f82da7f92df3fc817c85/assets/solo-logo-1.jpg


--------------------------------------------------------------------------------
/assets/solo-logo-2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/solo-io/gitops-library/f77a213ef53d0abe7c63f82da7f92df3fc817c85/assets/solo-logo-2.jpg


--------------------------------------------------------------------------------
/bombardier-loadgen/README.md:
--------------------------------------------------------------------------------
1 | # Load Gen tool based on Bombardier
2 | https://github.com/codesenberg/bombardier
3 | 
4 | Bombardier in a container


--------------------------------------------------------------------------------
/bombardier-loadgen/deploy/argo/bombardier-httpbin-argo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: bombardier-httpbin
 5 |   namespace: argocd
 6 | spec:
 7 |   destination:
 8 |     namespace: httpbin
 9 |     server: 'https://kubernetes.default.svc'
10 |   source:
11 |     repoURL: 'https://github.com/solo-io/gitops-library'
12 |     path: bombardier-loadgen/helm
13 |     targetRevision: HEAD
14 |     helm:
15 |       parameters:
16 |       - name: url
17 |         value: 'https://httpbin.kapoozi.com/anything/unprotected'
18 |       - name: name_suffix
19 |         value: 'httpbin'
20 |       - name: namespace
21 |         value: 'httpbin'
22 |       - name: loops
23 |         value: '10000'
24 |       - name: connections
25 |         value: '1'
26 |       - name: duration_seconds
27 |         value: '60s'
28 |       - name: rate
29 |         value: '6'
30 |   project: default
31 |   syncPolicy:
32 |     automated:
33 |       prune: true
34 |       selfHeal: true


--------------------------------------------------------------------------------
/bombardier-loadgen/deploy/yaml/bombardier.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: bombardier
 6 |   name: bombardier
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: bombardier
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: bombardier
16 |     spec:
17 |       containers:
18 |       - name: bombardier
19 |         image: alpine/bombardier
20 |         imagePullPolicy: IfNotPresent
21 |         command: ["/bin/sh"]
22 |         args: ["-c", "for run in $(seq 1 10); do bombardier -c 5 -d 20s -r 10 -p i,p,r ${URL}; done"]


--------------------------------------------------------------------------------
/bombardier-loadgen/helm/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: bombardier-loadgen
3 | description: a bombardier-loadgen tool
4 | type: application
5 | version: 0.1.0
6 | appVersion: "v1.2.5"


--------------------------------------------------------------------------------
/bombardier-loadgen/helm/templates/bombardier.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: bombardier-{{ .Values.name_suffix }}
 6 |   name: bombardier
 7 |   namespace: {{ .Values.namespace }}
 8 | spec:
 9 |   replicas: 1
10 |   selector:
11 |     matchLabels:
12 |       app: bombardier
13 |   template:
14 |     metadata:
15 |       labels:
16 |         app: bombardier
17 |     spec:
18 |       containers:
19 |       - args:
20 |         - -c
21 |         - for run in $(seq 1 {{ .Values.loops }}); do bombardier -c {{ .Values.connections }} -d {{ .Values.duration_seconds }} -r {{ .Values.rate }} -p i,p,r {{ .Values.url }} -l;
22 |           done
23 |         command:
24 |         - /bin/sh
25 |         image: alpine/bombardier:v1.2.5
26 |         resources:
27 |           requests:
28 |             memory: {{ .Values.resources.requests.memory }}
29 |             cpu: {{ .Values.resources.requests.cpu }}
30 |         imagePullPolicy: IfNotPresent
31 |         name: bombardier


--------------------------------------------------------------------------------
/bombardier-loadgen/helm/values.yaml:
--------------------------------------------------------------------------------
 1 | url: https://www.google.com
 2 | name_suffix: loadgenerator
 3 | namespace: default
 4 | 
 5 | bombardier:
 6 |   loops: 100
 7 |   connections: 1
 8 |   duration_seconds: 30s
 9 |   rate: 1
10 | 
11 | resources:
12 |   requests: 
13 |     cpu: 20m
14 |     memory: 60Mi


--------------------------------------------------------------------------------
/bookinfo/config-examples/edge/multi-destination-vs-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: bookinfo-vs
 5 |   namespace: gloo-system
 6 | spec:
 7 |   virtualHost:
 8 |     domains:
 9 |     - '*'
10 |     routes:
11 |     - matchers:
12 |       - prefix: /
13 |       routeAction:
14 |         multi:
15 |           destinations:
16 |           - destination:
17 |               upstream:
18 |                 name: bookinfo-v1-productpage-9080
19 |                 namespace: gloo-system
20 |             weight: 5
21 |           - destination:
22 |               upstream:
23 |                 name: bookinfo-v2-productpage-9080
24 |                 namespace: gloo-system
25 |             weight: 5


--------------------------------------------------------------------------------
/bookinfo/config-examples/edge/single-destination-vs-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: bookinfo-vs
 5 |   namespace: gloo-system
 6 | spec:
 7 |   virtualHost:
 8 |     domains:
 9 |     - '*'
10 |     routes:
11 |     - matchers:
12 |       - prefix: /
13 |       routeAction:
14 |         single:
15 |           upstream:
16 |             name: bookinfo-v1-productpage-9080
17 |             namespace: gloo-system


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-extauth-policy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: security.policy.gloo.solo.io/v2
 2 | kind: ExtAuthPolicy
 3 | metadata:
 4 |   name: bookinfo
 5 |   namespace: bookinfo-frontends
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         oauth: "true"
11 |   config:
12 |     server:
13 |       name: mgmt-ext-auth-server
14 |       namespace: gloo-mesh
15 |       cluster: mgmt
16 |     glooAuth:
17 |       configs:
18 |       - oauth2:
19 |           oidcAuthorizationCode:
20 |             appUrl: https://bookinfo-local.glootest.com
21 |             callbackPath: /callback
22 |             clientId: 0oa5zoq0xoGKtOSpg5d7
23 |             clientSecretRef:
24 |               name: bookinfo-oidc-client-secret
25 |               namespace: bookinfo-frontends
26 |             issuerUrl: https://dev-22653158.okta.com/oauth2/default
27 |             session:
28 |               failOnFetchFailure: false
29 |               redis:
30 |                 cookieName: bookinfo-oidc-session
31 |                 options:
32 |                   host: redis.gloo-mesh-addons:6379
33 |                 allowRefreshing: false
34 |               cookieOptions:
35 |                 maxAge: "1800"
36 |             scopes:
37 |             - email
38 |             logoutPath: /logout
39 |             #afterLogoutUrl: /get
40 |             headers:
41 |               idTokenHeader: Jwt
42 |               #idTokenHeader: x-id-token
43 |               #accessTokenHeader: x-access-token


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-oauth-rt-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: productpage-rt-443
 7 |   namespace: bookinfo-frontends
 8 | spec:
 9 |   hosts:
10 |   - 'bookinfo.glootest.com'
11 |   - 'bookinfo-local.glootest.com'
12 |   http:
13 |   - forwardTo:
14 |       destinations:
15 |       - port:
16 |           number: 9080
17 |         ref:
18 |           name: productpage
19 |           namespace: bookinfo-frontends
20 |     labels:
21 |       waf: "true"
22 |       oauth: "true"
23 |     matchers:
24 |     - uri:
25 |         exact: /productpage
26 |     - uri:
27 |         prefix: /static
28 |     - uri:
29 |         exact: /login
30 |     - uri:
31 |         exact: /logout
32 |     - uri:
33 |         prefix: /api/v1/products
34 |     - uri:
35 |         prefix: /callback
36 |     name: productpage
37 |   virtualGateways:
38 |   - cluster: mgmt
39 |     name: mgmt-north-south-gw-443
40 |     namespace: istio-gateways
41 |   workloadSelectors: []


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimit-transformationfilter.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: TransformationPolicy
 3 | metadata:
 4 |   name: bookinfo-ratelimit-transformation
 5 |   namespace: bookinfo-frontends
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         ratelimited: "true"
11 |   config:
12 |     phase:
13 |       preAuthz:
14 |         priority: 0
15 |     response:
16 |       injaTemplate:
17 |         #headers:
18 |         #  ":status":
19 |         #    text: '{% if header(":status") == "405" %}201{% else if header(":status") == "429" %}529{% else %}{{ header(":status") }}{% endif %}'  
20 |         #body:
21 |         #  text: '{% if header(":status") == "429" %}{ "response_code": "529" }{% else if header(":status") == "405" %}{ "response_code": "201" }{% else %}{ "response_code": "201" }{% endif %}'
22 |         body:
23 |           text: '{% if header(":status") == "429" %}<html><body style="background-color:powderblue;"><h1>Too
24 |             many Requests!</h1><p>Try again after a minute</p></body></html>{%
25 |             else %}{{ body() }}{% endif %}'
26 |         parseBodyBehavior: DontParse


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitclientconfig.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: RateLimitClientConfig
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: bookinfo
 7 |   namespace: bookinfo-frontends
 8 | spec:
 9 |   raw:
10 |     rateLimits:
11 |     - actions:
12 |       - genericKey:
13 |           descriptorValue: "per-minute"
14 |       - remoteAddress: {}


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitpolicy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: RateLimitPolicy
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: bookinfo
 7 |   namespace: bookinfo-frontends
 8 | spec:
 9 |   applyToRoutes:
10 |   - route:
11 |       labels:
12 |         ratelimited: "true"
13 |   config:
14 |     ratelimitClientConfig:
15 |       cluster: mgmt
16 |       name: bookinfo
17 |       namespace: bookinfo-frontends
18 |     ratelimitServerConfig:
19 |       cluster: mgmt
20 |       name: bookinfo
21 |       namespace: gloo-mesh-addons
22 |     serverSettings:
23 |       cluster: mgmt
24 |       name: bookinfo-rate-limit-server
25 |       namespace: bookinfo-frontends
26 | 


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitserverconfig.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: RateLimitServerConfig
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: bookinfo
 7 |   namespace: gloo-mesh-addons
 8 | spec:
 9 |   destinationServers:
10 |   - port:
11 |       name: grpc
12 |     ref:
13 |       cluster: mgmt
14 |       name: rate-limiter
15 |       namespace: gloo-mesh-addons
16 |   raw:
17 |     descriptors:
18 |       - key: generic_key
19 |         value: "per-minute"
20 |         descriptors:
21 |           - key: remote_address
22 |             rateLimit:
23 |               requestsPerUnit: 15
24 |               unit: MINUTE


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-ratelimitserversettings.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: RateLimitServerSettings
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: bookinfo-rate-limit-server
 7 |   namespace: bookinfo-frontends
 8 | spec:
 9 |   destinationServer:
10 |     port:
11 |       name: grpc
12 |     ref:
13 |       cluster: mgmt
14 |       name: rate-limiter
15 |       namespace: gloo-mesh-addons


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-rt-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: productpage
 7 |   namespace: bookinfo-frontends
 8 | spec:
 9 |   hosts:
10 |   - 'bookinfo.glootest.com'
11 |   - 'bookinfo-local.glootest.com'
12 |   http:
13 |   - forwardTo:
14 |       destinations:
15 |       - port:
16 |           number: 9080
17 |         ref:
18 |           name: productpage
19 |           namespace: bookinfo-frontends
20 |     labels:
21 |       waf: "true"
22 |       ratelimited: "true"
23 |     matchers:
24 |     - uri:
25 |         exact: /productpage
26 |     - uri:
27 |         prefix: /static
28 |     - uri:
29 |         exact: /login
30 |     - uri:
31 |         exact: /logout
32 |     - uri:
33 |         prefix: /api/v1/products
34 |     name: productpage
35 |   virtualGateways:
36 |   - cluster: cluster1
37 |     name: mgmt-north-south-gw-80
38 |     namespace: istio-gateways
39 |   workloadSelectors: []


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-wafpolicy-log4shell.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: security.policy.gloo.solo.io/v2
 2 | kind: WAFPolicy
 3 | metadata:
 4 |   name: log4shell
 5 |   namespace: bookinfo-frontends
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         waf: "true"
11 |   config:
12 |     customInterventionMessage: Log4Shell malicious payload
13 |     customRuleSets:
14 |     - ruleStr: "SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@*
15 |         \ \n  \"@rx \\${jndi:(?:ldaps?|iiop|dns|rmi)://\" \n  \"id:1000,phase:2,deny,status:403,log,msg:'Potential
16 |         Remote Command Execution: Log4j CVE-2021-44228'\""
17 |     disableCoreRuleSet: true


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-workspace.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: Workspace
 3 | metadata:
 4 |   labels:
 5 |     allow_ingress: "true"
 6 |   name: bookinfo
 7 |   namespace: gloo-mesh
 8 | spec:
 9 |   workloadClusters:
10 |   - name: mgmt
11 |     namespaces:
12 |     - name: bookinfo-frontends
13 |     - name: bookinfo-backends


--------------------------------------------------------------------------------
/bookinfo/config-examples/gloo-mesh/2.0.x/bookinfo-workspacesettings.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: WorkspaceSettings
 3 | metadata:
 4 |   name: bookinfo
 5 |   namespace: bookinfo-frontends
 6 | spec:
 7 |   exportTo:
 8 |   - resources:
 9 |     - kind: SERVICE
10 |       labels:
11 |         app: productpage
12 |     - kind: SERVICE
13 |       labels:
14 |         app: reviews
15 |     - kind: ALL
16 |       labels:
17 |         expose: "true"
18 |     workspaces:
19 |     - name: gateways
20 |   importFrom:
21 |   - resources:
22 |     - kind: SERVICE
23 |     workspaces:
24 |     - name: gateways


--------------------------------------------------------------------------------
/bookinfo/config-examples/istio/bookinfo-gateway.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.istio.io/v1alpha3
 2 | kind: Gateway
 3 | metadata:
 4 |   name: bookinfo-gateway
 5 | spec:
 6 |   selector:
 7 |     istio: ingressgateway # use istio default controller
 8 |   servers:
 9 |   - port:
10 |       number: 80
11 |       name: http
12 |       protocol: HTTP
13 |     hosts:
14 |     - "*"


--------------------------------------------------------------------------------
/bookinfo/config-examples/istio/bookinfo-vs.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.istio.io/v1alpha3
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: bookinfo
 5 | spec:
 6 |   hosts:
 7 |   - "*"
 8 |   gateways:
 9 |   - bookinfo-gateway
10 |   http:
11 |   - match:
12 |     - uri:
13 |         exact: /productpage
14 |     - uri:
15 |         prefix: /static
16 |     - uri:
17 |         exact: /login
18 |     - uri:
19 |         exact: /logout
20 |     - uri:
21 |         prefix: /api/v1/products
22 |     route:
23 |     - destination:
24 |         host: productpage
25 |         port:
26 |           number: 9080


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/bookinfo-frontends-ns/bookinfo-frontends.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   labels:
 5 |     account: productpage
 6 |   name: bookinfo-productpage
 7 |   namespace: bookinfo-frontends
 8 | ---
 9 | apiVersion: v1
10 | kind: Service
11 | metadata:
12 |   labels:
13 |     app: productpage
14 |     service: productpage
15 |     version: v1
16 |   name: productpage
17 |   namespace: bookinfo-frontends
18 | spec:
19 |   ports:
20 |   - name: http
21 |     port: 9080
22 |     targetPort: 9080
23 |   selector:
24 |     app: productpage
25 | ---
26 | apiVersion: apps/v1
27 | kind: Deployment
28 | metadata:
29 |   labels:
30 |     app: productpage
31 |     version: v1
32 |   name: productpage-v1
33 |   namespace: bookinfo-frontends
34 | spec:
35 |   replicas: 1
36 |   selector:
37 |     matchLabels:
38 |       app: productpage
39 |       version: v1
40 |   template:
41 |     metadata:
42 |       labels:
43 |         app: productpage
44 |         version: v1
45 |     spec:
46 |       containers:
47 |       - env:
48 |         - name: DETAILS_HOSTNAME
49 |           value: details.bookinfo-backends.svc.cluster.local
50 |         - name: REVIEWS_HOSTNAME
51 |           value: reviews.bookinfo-backends.svc.cluster.local
52 |         image: us-central1-docker.pkg.dev/solo-test-236622/jmunozro/examples-bookinfo-productpage-v1:1.16.2
53 |         imagePullPolicy: IfNotPresent
54 |         name: productpage
55 |         ports:
56 |         - containerPort: 9080
57 |         securityContext:
58 |           runAsUser: 1000
59 |         volumeMounts:
60 |         - mountPath: /tmp
61 |           name: tmp
62 |       serviceAccountName: bookinfo-productpage
63 |       volumes:
64 |       - emptyDir: {}
65 |         name: tmp


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/details-deployment.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Details service
 3 | ##################################################################################################
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: details-v1
 8 |   labels:
 9 |     app: details
10 |     version: v1
11 | spec:
12 |   replicas: 1
13 |   selector:
14 |     matchLabels:
15 |       app: details
16 |       version: v1
17 |   template:
18 |     metadata:
19 |       labels:
20 |         app: details
21 |         version: v1
22 |     spec:
23 |       serviceAccountName: bookinfo-details
24 |       containers:
25 |       - name: details
26 |         image: docker.io/istio/examples-bookinfo-details-v1:1.16.2
27 |         imagePullPolicy: IfNotPresent
28 |         ports:
29 |         - containerPort: 9080
30 |         securityContext:
31 |           runAsUser: 1000


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/details-service.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Details service
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: Service
 6 | metadata:
 7 |   name: details
 8 |   labels:
 9 |     app: details
10 |     service: details
11 | spec:
12 |   ports:
13 |   - port: 9080
14 |     name: http
15 |   selector:
16 |     app: details
17 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/details-serviceaccount.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Details service
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: ServiceAccount
 6 | metadata:
 7 |   name: bookinfo-details
 8 |   labels:
 9 |     account: details
10 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/productpage-deployment.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Productpage services
 3 | ##################################################################################################
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: productpage-v1
 8 |   labels:
 9 |     app: productpage
10 |     version: v1
11 | spec:
12 |   replicas: 1
13 |   selector:
14 |     matchLabels:
15 |       app: productpage
16 |       version: v1
17 |   template:
18 |     metadata:
19 |       labels:
20 |         app: productpage
21 |         version: v1
22 |     spec:
23 |       serviceAccountName: bookinfo-productpage
24 |       containers:
25 |       - name: productpage
26 |         image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2
27 |         imagePullPolicy: IfNotPresent
28 |         ports:
29 |         - containerPort: 9080
30 |         volumeMounts:
31 |         - name: tmp
32 |           mountPath: /tmp
33 |         securityContext:
34 |           runAsUser: 1000
35 |       volumes:
36 |       - name: tmp
37 |         emptyDir: {}


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/productpage-service.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Productpage services
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: Service
 6 | metadata:
 7 |   name: productpage
 8 |   labels:
 9 |     app: productpage
10 |     service: productpage
11 |     version: v1
12 | spec:
13 |   ports:
14 |   - port: 9080
15 |     name: http
16 |   selector:
17 |     app: productpage
18 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/productpage-serviceaccount.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Productpage services
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: ServiceAccount
 6 | metadata:
 7 |   name: bookinfo-productpage
 8 |   labels:
 9 |     account: productpage
10 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/ratings-deployment.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Ratings service
 3 | ##################################################################################################
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: ratings-v1
 8 |   labels:
 9 |     app: ratings
10 |     version: v1
11 | spec:
12 |   replicas: 1
13 |   selector:
14 |     matchLabels:
15 |       app: ratings
16 |       version: v1
17 |   template:
18 |     metadata:
19 |       labels:
20 |         app: ratings
21 |         version: v1
22 |     spec:
23 |       serviceAccountName: bookinfo-ratings
24 |       containers:
25 |       - name: ratings
26 |         image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.2
27 |         imagePullPolicy: IfNotPresent
28 |         ports:
29 |         - containerPort: 9080
30 |         securityContext:
31 |           runAsUser: 1000


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/ratings-service.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Ratings service
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: Service
 6 | metadata:
 7 |   name: ratings
 8 |   labels:
 9 |     app: ratings
10 |     service: ratings
11 | spec:
12 |   ports:
13 |   - port: 9080
14 |     name: http
15 |   selector:
16 |     app: ratings
17 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/ratings-serviceaccount.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Ratings service
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: ServiceAccount
 6 | metadata:
 7 |   name: bookinfo-ratings
 8 |   labels:
 9 |     account: ratings
10 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-service.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Reviews service
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: Service
 6 | metadata:
 7 |   name: reviews
 8 |   labels:
 9 |     app: reviews
10 |     service: reviews
11 | spec:
12 |   ports:
13 |   - port: 9080
14 |     name: http
15 |   selector:
16 |     app: reviews
17 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-serviceacount.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Reviews service
 3 | ##################################################################################################
 4 | apiVersion: v1
 5 | kind: ServiceAccount
 6 | metadata:
 7 |   name: bookinfo-reviews
 8 |   labels:
 9 |     account: reviews
10 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-v1-deployment.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Reviews service
 3 | ##################################################################################################
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: reviews-v1
 8 |   labels:
 9 |     app: reviews
10 |     version: v1
11 | spec:
12 |   replicas: 1
13 |   selector:
14 |     matchLabels:
15 |       app: reviews
16 |       version: v1
17 |   template:
18 |     metadata:
19 |       labels:
20 |         app: reviews
21 |         version: v1
22 |     spec:
23 |       serviceAccountName: bookinfo-reviews
24 |       containers:
25 |       - name: reviews
26 |         image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2
27 |         imagePullPolicy: IfNotPresent
28 |         env:
29 |         - name: LOG_DIR
30 |           value: "/tmp/logs"
31 |         ports:
32 |         - containerPort: 9080
33 |         volumeMounts:
34 |         - name: tmp
35 |           mountPath: /tmp
36 |         - name: wlp-output
37 |           mountPath: /opt/ibm/wlp/output
38 |         securityContext:
39 |           runAsUser: 1000
40 |       volumes:
41 |       - name: wlp-output
42 |         emptyDir: {}
43 |       - name: tmp
44 |         emptyDir: {}


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-v2-deployment.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Reviews service
 3 | ##################################################################################################
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: reviews-v2
 8 |   labels:
 9 |     app: reviews
10 |     version: v2
11 | spec:
12 |   replicas: 1
13 |   selector:
14 |     matchLabels:
15 |       app: reviews
16 |       version: v2
17 |   template:
18 |     metadata:
19 |       labels:
20 |         app: reviews
21 |         version: v2
22 |     spec:
23 |       serviceAccountName: bookinfo-reviews
24 |       containers:
25 |       - name: reviews
26 |         image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2
27 |         imagePullPolicy: IfNotPresent
28 |         env:
29 |         - name: LOG_DIR
30 |           value: "/tmp/logs"
31 |         ports:
32 |         - containerPort: 9080
33 |         volumeMounts:
34 |         - name: tmp
35 |           mountPath: /tmp
36 |         - name: wlp-output
37 |           mountPath: /opt/ibm/wlp/output
38 |         securityContext:
39 |           runAsUser: 1000
40 |       volumes:
41 |       - name: wlp-output
42 |         emptyDir: {}
43 |       - name: tmp
44 |         emptyDir: {}
45 | 


--------------------------------------------------------------------------------
/bookinfo/deploy/yaml/separated-yaml/reviews-v3-deployment.yaml:
--------------------------------------------------------------------------------
 1 | ##################################################################################################
 2 | # Reviews service
 3 | ##################################################################################################
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: reviews-v3
 8 |   labels:
 9 |     app: reviews
10 |     version: v3
11 | spec:
12 |   replicas: 1
13 |   selector:
14 |     matchLabels:
15 |       app: reviews
16 |       version: v3
17 |   template:
18 |     metadata:
19 |       labels:
20 |         app: reviews
21 |         version: v3
22 |     spec:
23 |       serviceAccountName: bookinfo-reviews
24 |       containers:
25 |       - name: reviews
26 |         image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.2
27 |         imagePullPolicy: IfNotPresent
28 |         env:
29 |         - name: LOG_DIR
30 |           value: "/tmp/logs"
31 |         ports:
32 |         - containerPort: 9080
33 |         volumeMounts:
34 |         - name: tmp
35 |           mountPath: /tmp
36 |         - name: wlp-output
37 |           mountPath: /opt/ibm/wlp/output
38 |         securityContext:
39 |           runAsUser: 1000
40 |       volumes:
41 |       - name: wlp-output
42 |         emptyDir: {}
43 |       - name: tmp
44 |         emptyDir: {}


--------------------------------------------------------------------------------
/cert-manager/README.md:
--------------------------------------------------------------------------------
 1 | # cert-manager
 2 | 
 3 | ## Prerequisites
 4 | - Kubernetes clusters up and authenticated to kubectl
 5 | - argocd - [Follow this Tutorial Here](https://github.com/solo-io/gitops-library/tree/main/argocd)
 6 | 
 7 | ## installing cert-manager
 8 | Navigate to the `cert-manager` directory
 9 | ```
10 | cd cert-manager
11 | ```
12 | 
13 | To install cert-manager on your cluster, deploy the argo app associated with the cert-manager version that you want. 
14 | 
15 | For example to deploy cert-manager v12.0.4 in the default namespace:
16 | ```
17 | kubectl apply -f argo/deploy/certmanager-1-6-0.yaml
18 | ```
19 | 
20 | You can run the `wait-for-rollout.sh` script to watch deployment progress
21 | ```
22 | ../tools/wait-for-rollout.sh deployment cert-manager default 10
23 | ```
24 | 
25 | ## uninstall cert-manager
26 | ```
27 | kubectl delete -f argo/deploy/certmanager-1-6-0.yaml
28 | ```


--------------------------------------------------------------------------------
/cert-manager/deploy/argo/1.7-cert-manager-crds.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: 1.7-cert-manager-crds
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   source:
11 |     repoURL: https://github.com/solo-io/gitops-library
12 |     targetRevision: HEAD
13 |     path: cert-manager/crds/1.7
14 |   destination:
15 |     server: https://kubernetes.default.svc
16 |   syncPolicy:
17 |     automated:
18 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
19 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).


--------------------------------------------------------------------------------
/cert-manager/deploy/argo/cert-manager.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: cert-manager
 5 |   namespace: argocd
 6 | spec:
 7 |   destination:
 8 |     namespace: cert-manager
 9 |     server: 'https://kubernetes.default.svc'
10 |   source:
11 |     repoURL: 'https://charts.jetstack.io'
12 |     targetRevision: v1.7.2
13 |     chart: cert-manager
14 |     helm:
15 |       parameters:
16 |         - name: installCRDs
17 |           value: 'true'
18 |   project: default
19 |   syncPolicy:
20 |     automated:
21 |       prune: true
22 |       selfHeal: true
23 |     retry:
24 |       limit: 2
25 |       backoff:
26 |         duration: 5s
27 |         maxDuration: 3m0s
28 |         factor: 2
29 |     syncOptions:
30 |       - CreateNamespace=true
31 | 


--------------------------------------------------------------------------------
/cert-manager/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Cert Manager
 4 | ```
 5 | helm repo add jetstack https://charts.jetstack.io
 6 | helm repo update
 7 | helm upgrade --install jetstack jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.7.2 --set-string installCRDs=true
 8 | ```
 9 | 
10 | ### Uninstall
11 | ```
12 | helm uninstall jetstack -n cert-manager
13 | ```


--------------------------------------------------------------------------------
/cert-manager/deploy/helm-values/values.yaml:
--------------------------------------------------------------------------------
 1 | global:
 2 |   cluster: mgmt
 3 | mgmtClusterName: mgmt
 4 | glooMeshMgmtServer:
 5 |   serviceType: LoadBalancer
 6 |   ports:
 7 |     healthcheck: 8091
 8 | glooMeshUi:
 9 |   serviceType: ClusterIP
10 |   enabled: true


--------------------------------------------------------------------------------
/flagger/deploy/argo/flagger-prometheus.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: flagger
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: flagger
15 |     helm:
16 |       skipCrds: false
17 |       values: |
18 |         prometheus:
19 |           install: true
20 |         meshProvider: gloo
21 |     repoURL: https://flagger.app
22 |     targetRevision: 1.26.0
23 |   syncPolicy:
24 |     automated:
25 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
26 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).


--------------------------------------------------------------------------------
/flagger/deploy/argo/flagger.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: flagger
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: flagger
15 |     helm:
16 |       skipCrds: false
17 |       values: |
18 |         prometheus:
19 |           install: false
20 |         metricsServer: "http://glooe-prometheus-server.gloo-system:80"
21 |         meshProvider: gloo
22 |     repoURL: https://flagger.app
23 |     targetRevision: 1.26.0
24 |   syncPolicy:
25 |     automated:
26 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
27 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).


--------------------------------------------------------------------------------
/flagger/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Flagger with default prometheus
 4 | ```
 5 | helm repo add flagger https://flagger.app
 6 | 
 7 | helm upgrade -i flagger flagger/flagger \
 8 | --namespace gloo-system \
 9 | --set prometheus.install=true \
10 | --set meshProvider=gloo
11 | ```
12 | 
13 | ## Flagger using Gloo Edge Enterprise prometheus
14 | ```
15 | helm repo add flagger https://flagger.app
16 | 
17 | helm upgrade -i flagger flagger/flagger \
18 | --namespace gloo-system \
19 | --set prometheus.install=false \
20 | --set metricsServer="http://glooe-prometheus-server.gloo-system:80" \
21 | --set meshProvider=gloo
22 | ```
23 | 
24 | ### Uninstall
25 | ```
26 | helm uninstall flagger -n gloo-system
27 | ```


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/crds/gloo-edge-crds.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-crds
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   source:
11 |     repoURL: https://github.com/solo-io/gitops-library
12 |     targetRevision: HEAD
13 |     path: gloo-edge/gloo-edge-crds/1.12.44/
14 |   destination:
15 |     server: https://kubernetes.default.svc
16 |   syncPolicy:
17 |     automated:
18 |       prune: true
19 |       selfHeal: true


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.10.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         gloo:
19 |           license_secret_name: license
20 |         gloo-fed:
21 |           enabled: true
22 |           create_license_secret: false
23 |           glooFedApiserver:
24 |             enable: false
25 |         # set extauth requestTimeout to 2s for okta OIDC workflow
26 |         global:
27 |           extensions:
28 |             extAuth:
29 |               requestTimeout: 2s
30 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
31 |     targetRevision: 1.10.30
32 |   syncPolicy:
33 |     automated:
34 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
35 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
36 |     syncOptions:
37 |       - CreateNamespace=true
38 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.10.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         gloo:
19 |           license_secret_name: license
20 |         gloo-fed:
21 |           enabled: false
22 |           create_license_secret: false
23 |           glooFedApiserver:
24 |             enable: false
25 |         # set extauth requestTimeout to 2s for okta OIDC workflow
26 |         global:
27 |           extensions:
28 |             extAuth:
29 |               requestTimeout: 2s
30 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
31 |     targetRevision: 1.10.30
32 |   syncPolicy:
33 |     automated:
34 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
35 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
36 |     syncOptions:
37 |       - CreateNamespace=true
38 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.11.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         gloo:
19 |           license_secret_name: license
20 |         gloo-fed:
21 |           enabled: true
22 |           create_license_secret: false
23 |           glooFedApiserver:
24 |             enable: false
25 |         # set extauth requestTimeout to 2s for okta OIDC workflow
26 |         global:
27 |           extensions:
28 |             extAuth:
29 |               requestTimeout: 2s
30 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
31 |     targetRevision: 1.11.40
32 |   syncPolicy:
33 |     automated:
34 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
35 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
36 |     syncOptions:
37 |       - CreateNamespace=true
38 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.11.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         gloo:
19 |           license_secret_name: license
20 |         gloo-fed:
21 |           enabled: false
22 |           create_license_secret: false
23 |           glooFedApiserver:
24 |             enable: false
25 |         # set extauth requestTimeout to 2s for okta OIDC workflow
26 |         global:
27 |           extensions:
28 |             extAuth:
29 |               requestTimeout: 2s
30 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
31 |     targetRevision: 1.11.40
32 |   syncPolicy:
33 |     automated:
34 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
35 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
36 |     syncOptions:
37 |       - CreateNamespace=true
38 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.12.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       skipCrds: false
17 |       values: |
18 |         create_license_secret: false
19 |         gloo:
20 |           license_secret_name: license
21 |         gloo-fed:
22 |           enabled: true
23 |           create_license_secret: false
24 |           glooFedApiserver:
25 |             enable: true
26 |         # set extauth requestTimeout to 2s for okta OIDC workflow
27 |         global:
28 |           extensions:
29 |             extAuth:
30 |               requestTimeout: 2s
31 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
32 |     targetRevision: 1.12.15
33 |   syncPolicy:
34 |     automated:
35 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
36 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.12.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       skipCrds: false
17 |       values: |
18 |         create_license_secret: false
19 |         gloo:
20 |           license_secret_name: license
21 |         gloo-fed:
22 |           enabled: false
23 |           create_license_secret: false
24 |           glooFedApiserver:
25 |             enable: true
26 |         # set extauth requestTimeout to 2s for okta OIDC workflow
27 |         global:
28 |           extensions:
29 |             extAuth:
30 |               requestTimeout: 2s
31 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
32 |     targetRevision: 1.12.15
33 |   syncPolicy:
34 |     automated:
35 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
36 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.8.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         license_secret_name: license
19 |         gloo-fed:
20 |           enabled: true
21 |           create_license_secret: false
22 |           glooFedApiserver:
23 |             enable: false
24 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
25 |     targetRevision: 1.8.35
26 |   syncPolicy:
27 |     automated:
28 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 |     syncOptions:
31 |       - CreateNamespace=true
32 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.8.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         license_secret_name: license
19 |         gloo-fed:
20 |           enabled: false
21 |           create_license_secret: false
22 |           glooFedApiserver:
23 |             enable: false
24 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
25 |     targetRevision: 1.8.35
26 |   syncPolicy:
27 |     automated:
28 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 |     syncOptions:
31 |       - CreateNamespace=true
32 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.9.x/gloo-edge-ee-fed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         license_secret_name: license
19 |         gloo-fed:
20 |           enabled: true
21 |           create_license_secret: false
22 |           glooFedApiserver:
23 |             enable: false
24 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
25 |     targetRevision: 1.9.24
26 |   syncPolicy:
27 |     automated:
28 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 |     syncOptions:
31 |       - CreateNamespace=true
32 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/ee/1.9.x/gloo-edge-ee-nofed.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-ee
15 |     helm:
16 |       values: |
17 |         create_license_secret: false
18 |         license_secret_name: license
19 |         gloo-fed:
20 |           enabled: false
21 |           create_license_secret: false
22 |           glooFedApiserver:
23 |             enable: false
24 |     repoURL: http://storage.googleapis.com/gloo-ee-helm
25 |     targetRevision: 1.9.24
26 |   syncPolicy:
27 |     automated:
28 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
29 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
30 |     syncOptions:
31 |       - CreateNamespace=true
32 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.10.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-oss
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo
15 |     helm:
16 |       values: |
17 |         # no values takes the default values.yaml
18 |     repoURL: https://storage.googleapis.com/solo-public-helm
19 |     targetRevision: 1.10.37
20 |   syncPolicy:
21 |     automated:
22 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 |     syncOptions:
25 |       - CreateNamespace=true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.11.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-oss
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo
15 |     helm:
16 |       values: |
17 |         # no values takes the default values.yaml
18 |     repoURL: https://storage.googleapis.com/solo-public-helm
19 |     targetRevision: 1.11.36
20 |   syncPolicy:
21 |     automated:
22 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 |     syncOptions:
25 |       - CreateNamespace=true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.12.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-oss
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo
15 |     helm:
16 |       values: |
17 |         # no values takes the default values.yaml
18 |     repoURL: https://storage.googleapis.com/solo-public-helm
19 |     targetRevision: 1.12.16
20 |   syncPolicy:
21 |     automated:
22 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 |     syncOptions:
25 |       - CreateNamespace=true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.8.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-oss
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo
15 |     helm:
16 |       values: |
17 |         # no values takes the default values.yaml
18 |     repoURL: https://storage.googleapis.com/solo-public-helm
19 |     targetRevision: 1.8.37
20 |   syncPolicy:
21 |     automated:
22 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 |     syncOptions:
25 |       - CreateNamespace=true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/argo/oss/1.9.x/gloo-edge-oss.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-edge-oss
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-system
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo
15 |     helm:
16 |       values: |
17 |         # no values takes the default values.yaml
18 |     repoURL: https://storage.googleapis.com/solo-public-helm
19 |     targetRevision: 1.9.26
20 |   syncPolicy:
21 |     automated:
22 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
23 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
24 |     syncOptions:
25 |       - CreateNamespace=true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Gloo Edge Open Source
 4 | ```
 5 | helm repo add gloo https://storage.googleapis.com/solo-public-helm
 6 | helm repo update
 7 | helm upgrade --install gloo gloo/gloo --namespace gloo-system --create-namespace --version 1.12.16
 8 | ```
 9 | 
10 | ## Gloo Edge Enterprise
11 | ```
12 | helm repo add glooe https://storage.googleapis.com/gloo-ee-helm
13 | helm repo update
14 | helm upgrade --install gloo glooe/gloo-ee --namespace gloo-system --create-namespace --version 1.12.15 --set-string license_key=$LICENSE_KEY --values values-nofed.yaml
15 | ```
16 | 
17 | ### Uninstall
18 | ```
19 | helm uninstall gloo -n gloo-system
20 | ```


--------------------------------------------------------------------------------
/gloo-edge/deploy/helm-values/values-fed.yaml:
--------------------------------------------------------------------------------
 1 | gloo-fed:
 2 |   enabled: true
 3 |   create_license_secret: false
 4 |   glooFedApiserver:
 5 |     enable: true
 6 | # set extauth requestTimeout to 2s for okta OIDC workflow
 7 | global:
 8 |   extensions:
 9 |     extAuth:
10 |       requestTimeout: 2s


--------------------------------------------------------------------------------
/gloo-edge/deploy/helm-values/values-nofed.yaml:
--------------------------------------------------------------------------------
 1 | gloo-fed:
 2 |   enabled: false
 3 |   create_license_secret: false
 4 |   glooFedApiserver:
 5 |     enable: true
 6 | # set extauth requestTimeout to 2s for okta OIDC workflow
 7 | global:
 8 |   extensions:
 9 |     extAuth:
10 |       requestTimeout: 2s


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.enterprise.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 802eb05c33b3851f
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: federatedauthconfigs.fed.enterprise.gloo.solo.io
12 | spec:
13 |   group: fed.enterprise.gloo.solo.io
14 |   names:
15 |     kind: FederatedAuthConfig
16 |     listKind: FederatedAuthConfigList
17 |     plural: federatedauthconfigs
18 |     singular: federatedauthconfig
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 3178916e889c4346
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: federatedupstreams.fed.gloo.solo.io
12 | spec:
13 |   group: fed.gloo.solo.io
14 |   names:
15 |     kind: FederatedUpstream
16 |     listKind: FederatedUpstreamList
17 |     plural: federatedupstreams
18 |     singular: federatedupstream
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 |   annotations:
36 |     crd.solo.io/specHash: 283590c73022e570
37 |   labels:
38 |     app: gloo-fed
39 |     app.kubernetes.io/name: gloo-fed
40 |   name: federatedupstreamgroups.fed.gloo.solo.io
41 | spec:
42 |   group: fed.gloo.solo.io
43 |   names:
44 |     kind: FederatedUpstreamGroup
45 |     listKind: FederatedUpstreamGroupList
46 |     plural: federatedupstreamgroups
47 |     singular: federatedupstreamgroup
48 |   scope: Namespaced
49 |   versions:
50 |   - name: v1
51 |     schema:
52 |       openAPIV3Schema:
53 |         type: object
54 |         x-kubernetes-preserve-unknown-fields: true
55 |     served: true
56 |     storage: true
57 |     subresources:
58 |       status: {}
59 | 
60 | ---
61 | apiVersion: apiextensions.k8s.io/v1
62 | kind: CustomResourceDefinition
63 | metadata:
64 |   annotations:
65 |     crd.solo.io/specHash: 737f24beaf107458
66 |   labels:
67 |     app: gloo-fed
68 |     app.kubernetes.io/name: gloo-fed
69 |   name: federatedsettings.fed.gloo.solo.io
70 | spec:
71 |   group: fed.gloo.solo.io
72 |   names:
73 |     kind: FederatedSettings
74 |     listKind: FederatedSettingsList
75 |     plural: federatedsettings
76 |     singular: federatedsettings
77 |   scope: Namespaced
78 |   versions:
79 |   - name: v1
80 |     schema:
81 |       openAPIV3Schema:
82 |         type: object
83 |         x-kubernetes-preserve-unknown-fields: true
84 |     served: true
85 |     storage: true
86 |     subresources:
87 |       status: {}
88 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 103fa59a1ecf3798
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: federatedratelimitconfigs.fed.ratelimit.solo.io
12 | spec:
13 |   group: fed.ratelimit.solo.io
14 |   names:
15 |     kind: FederatedRateLimitConfig
16 |     listKind: FederatedRateLimitConfigList
17 |     plural: federatedratelimitconfigs
18 |     singular: federatedratelimitconfig
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1alpha1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/fed.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: d7ae658f711612dc
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: glooinstances.fed.solo.io
12 | spec:
13 |   group: fed.solo.io
14 |   names:
15 |     kind: GlooInstance
16 |     listKind: GlooInstanceList
17 |     plural: glooinstances
18 |     singular: glooinstance
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 |   annotations:
36 |     crd.solo.io/specHash: eeba2f523791e753
37 |   labels:
38 |     app: gloo-fed
39 |     app.kubernetes.io/name: gloo-fed
40 |   name: failoverschemes.fed.solo.io
41 | spec:
42 |   group: fed.solo.io
43 |   names:
44 |     kind: FailoverScheme
45 |     listKind: FailoverSchemeList
46 |     plural: failoverschemes
47 |     singular: failoverscheme
48 |   scope: Namespaced
49 |   versions:
50 |   - name: v1
51 |     schema:
52 |       openAPIV3Schema:
53 |         type: object
54 |         x-kubernetes-preserve-unknown-fields: true
55 |     served: true
56 |     storage: true
57 |     subresources:
58 |       status: {}
59 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/multicluster.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   labels:
 7 |     app: gloo-fed
 8 |     app.kubernetes.io/name: gloo-fed
 9 |   name: multiclusterroles.multicluster.solo.io
10 | spec:
11 |   group: multicluster.solo.io
12 |   names:
13 |     kind: MultiClusterRole
14 |     listKind: MultiClusterRoleList
15 |     plural: multiclusterroles
16 |     singular: multiclusterrole
17 |   scope: Namespaced
18 |   versions:
19 |   - name: v1alpha1
20 |     schema:
21 |       openAPIV3Schema:
22 |         type: object
23 |         x-kubernetes-preserve-unknown-fields: true
24 |     served: true
25 |     storage: true
26 |     subresources:
27 |       status: {}
28 | 
29 | ---
30 | apiVersion: apiextensions.k8s.io/v1
31 | kind: CustomResourceDefinition
32 | metadata:
33 |   labels:
34 |     app: gloo-fed
35 |     app.kubernetes.io/name: gloo-fed
36 |   name: multiclusterrolebindings.multicluster.solo.io
37 | spec:
38 |   group: multicluster.solo.io
39 |   names:
40 |     kind: MultiClusterRoleBinding
41 |     listKind: MultiClusterRoleBindingList
42 |     plural: multiclusterrolebindings
43 |     singular: multiclusterrolebinding
44 |   scope: Namespaced
45 |   versions:
46 |   - name: v1alpha1
47 |     schema:
48 |       openAPIV3Schema:
49 |         type: object
50 |         x-kubernetes-preserve-unknown-fields: true
51 |     served: true
52 |     storage: true
53 |     subresources:
54 |       status: {}


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.11.50/ratelimit_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: ratelimitconfigs.ratelimit.solo.io
 5 | spec:
 6 |   group: ratelimit.solo.io
 7 |   names:
 8 |     kind: RateLimitConfig
 9 |     listKind: RateLimitConfigList
10 |     plural: ratelimitconfigs
11 |     singular: ratelimitconfig
12 |     shortNames:
13 |     - rlc
14 |     - grlc
15 |   scope: Namespaced
16 |   versions:
17 |   - name: v1alpha1
18 |     served: true
19 |     storage: true
20 |     subresources:
21 |       status: {}
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.enterprise.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 802eb05c33b3851f
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: federatedauthconfigs.fed.enterprise.gloo.solo.io
12 | spec:
13 |   group: fed.enterprise.gloo.solo.io
14 |   names:
15 |     kind: FederatedAuthConfig
16 |     listKind: FederatedAuthConfigList
17 |     plural: federatedauthconfigs
18 |     singular: federatedauthconfig
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.gloo.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 3178916e889c4346
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: federatedupstreams.fed.gloo.solo.io
12 | spec:
13 |   group: fed.gloo.solo.io
14 |   names:
15 |     kind: FederatedUpstream
16 |     listKind: FederatedUpstreamList
17 |     plural: federatedupstreams
18 |     singular: federatedupstream
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 |   annotations:
36 |     crd.solo.io/specHash: 283590c73022e570
37 |   labels:
38 |     app: gloo-fed
39 |     app.kubernetes.io/name: gloo-fed
40 |   name: federatedupstreamgroups.fed.gloo.solo.io
41 | spec:
42 |   group: fed.gloo.solo.io
43 |   names:
44 |     kind: FederatedUpstreamGroup
45 |     listKind: FederatedUpstreamGroupList
46 |     plural: federatedupstreamgroups
47 |     singular: federatedupstreamgroup
48 |   scope: Namespaced
49 |   versions:
50 |   - name: v1
51 |     schema:
52 |       openAPIV3Schema:
53 |         type: object
54 |         x-kubernetes-preserve-unknown-fields: true
55 |     served: true
56 |     storage: true
57 |     subresources:
58 |       status: {}
59 | 
60 | ---
61 | apiVersion: apiextensions.k8s.io/v1
62 | kind: CustomResourceDefinition
63 | metadata:
64 |   annotations:
65 |     crd.solo.io/specHash: 737f24beaf107458
66 |   labels:
67 |     app: gloo-fed
68 |     app.kubernetes.io/name: gloo-fed
69 |   name: federatedsettings.fed.gloo.solo.io
70 | spec:
71 |   group: fed.gloo.solo.io
72 |   names:
73 |     kind: FederatedSettings
74 |     listKind: FederatedSettingsList
75 |     plural: federatedsettings
76 |     singular: federatedsettings
77 |   scope: Namespaced
78 |   versions:
79 |   - name: v1
80 |     schema:
81 |       openAPIV3Schema:
82 |         type: object
83 |         x-kubernetes-preserve-unknown-fields: true
84 |     served: true
85 |     storage: true
86 |     subresources:
87 |       status: {}
88 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 103fa59a1ecf3798
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: federatedratelimitconfigs.fed.ratelimit.solo.io
12 | spec:
13 |   group: fed.ratelimit.solo.io
14 |   names:
15 |     kind: FederatedRateLimitConfig
16 |     listKind: FederatedRateLimitConfigList
17 |     plural: federatedratelimitconfigs
18 |     singular: federatedratelimitconfig
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1alpha1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/fed.solo.io_v1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: d7ae658f711612dc
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: glooinstances.fed.solo.io
12 | spec:
13 |   group: fed.solo.io
14 |   names:
15 |     kind: GlooInstance
16 |     listKind: GlooInstanceList
17 |     plural: glooinstances
18 |     singular: glooinstance
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 |   annotations:
36 |     crd.solo.io/specHash: eeba2f523791e753
37 |   labels:
38 |     app: gloo-fed
39 |     app.kubernetes.io/name: gloo-fed
40 |   name: failoverschemes.fed.solo.io
41 | spec:
42 |   group: fed.solo.io
43 |   names:
44 |     kind: FailoverScheme
45 |     listKind: FailoverSchemeList
46 |     plural: failoverschemes
47 |     singular: failoverscheme
48 |   scope: Namespaced
49 |   versions:
50 |   - name: v1
51 |     schema:
52 |       openAPIV3Schema:
53 |         type: object
54 |         x-kubernetes-preserve-unknown-fields: true
55 |     served: true
56 |     storage: true
57 |     subresources:
58 |       status: {}
59 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/multicluster.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 54ed1cff486dda39
 8 |   labels:
 9 |     app: gloo-fed
10 |     app.kubernetes.io/name: gloo-fed
11 |   name: multiclusterroles.multicluster.solo.io
12 | spec:
13 |   group: multicluster.solo.io
14 |   names:
15 |     kind: MultiClusterRole
16 |     listKind: MultiClusterRoleList
17 |     plural: multiclusterroles
18 |     singular: multiclusterrole
19 |   scope: Namespaced
20 |   versions:
21 |   - name: v1alpha1
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 |     served: true
27 |     storage: true
28 |     subresources:
29 |       status: {}
30 | 
31 | ---
32 | apiVersion: apiextensions.k8s.io/v1
33 | kind: CustomResourceDefinition
34 | metadata:
35 |   annotations:
36 |     crd.solo.io/specHash: 5ba37de2460422b
37 |   labels:
38 |     app: gloo-fed
39 |     app.kubernetes.io/name: gloo-fed
40 |   name: multiclusterrolebindings.multicluster.solo.io
41 | spec:
42 |   group: multicluster.solo.io
43 |   names:
44 |     kind: MultiClusterRoleBinding
45 |     listKind: MultiClusterRoleBindingList
46 |     plural: multiclusterrolebindings
47 |     singular: multiclusterrolebinding
48 |   scope: Namespaced
49 |   versions:
50 |   - name: v1alpha1
51 |     schema:
52 |       openAPIV3Schema:
53 |         type: object
54 |         x-kubernetes-preserve-unknown-fields: true
55 |     served: true
56 |     storage: true
57 |     subresources:
58 |       status: {}
59 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-edge-crds/1.12.44/ratelimit_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: ratelimitconfigs.ratelimit.solo.io
 5 | spec:
 6 |   group: ratelimit.solo.io
 7 |   names:
 8 |     kind: RateLimitConfig
 9 |     listKind: RateLimitConfigList
10 |     plural: ratelimitconfigs
11 |     singular: ratelimitconfig
12 |     shortNames:
13 |     - rlc
14 |     - grlc
15 |   scope: Namespaced
16 |   versions:
17 |   - name: v1alpha1
18 |     served: true
19 |     storage: true
20 |     subresources:
21 |       status: {}
22 |     schema:
23 |       openAPIV3Schema:
24 |         type: object
25 |         x-kubernetes-preserve-unknown-fields: true
26 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/.helmignore:
--------------------------------------------------------------------------------
 1 | # Patterns to ignore when building packages.
 2 | # This supports shell glob matching, relative path matching, and
 3 | # negation (prefixed with !). Only one pattern per line.
 4 | .DS_Store
 5 | # Common VCS dirs
 6 | .git/
 7 | .gitignore
 8 | .bzr/
 9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/Chart.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v2
 2 | name: gloo-gateway
 3 | description: A Helm chart for Kubernetes
 4 | 
 5 | # A chart can be either an 'application' or a 'library' chart.
 6 | #
 7 | # Application charts are a collection of templates that can be packaged into versioned archives
 8 | # to be deployed.
 9 | #
10 | # Library charts provide useful utilities or functions for the chart developer. They're included as
11 | # a dependency of application charts to inject those utilities and functions into the rendering
12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
13 | type: application
14 | 
15 | # This is the chart version. This version number should be incremented each time you make changes
16 | # to the chart and its templates, including the app version.
17 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
18 | version: 0.0.1-alpha1
19 | 
20 | # This is the version number of the application being deployed. This version number should be
21 | # incremented each time you make changes to the application. Versions are not expected to
22 | # follow Semantic Versioning. They should reflect the version the application is using.
23 | # It is recommended to use it with quotes.
24 | appVersion: "2.0.0-alpha1"
25 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | 1. Get the status of the these commands:
2 | 
3 |   kubectl get pods --namespace {{ .Release.Namespace }}


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/gateway/hpa.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.gateway.autoscaling.enabled }}
 2 | apiVersion: autoscaling/v2beta1
 3 | kind: HorizontalPodAutoscaler
 4 | metadata:
 5 |   name: {{ include "gloo-gateway.gateway.fullname" . }}
 6 |   labels:
 7 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
 8 |     {{- include "gloo-gateway.gateway.labels" . | nindent 4 }}
 9 | spec:
10 |   scaleTargetRef:
11 |     apiVersion: apps/v1
12 |     kind: Deployment
13 |     name: {{ include "gloo-gateway.gateway.fullname" . }}
14 |   minReplicas: {{ .Values.gateway.autoscaling.minReplicas }}
15 |   maxReplicas: {{ .Values.gateway.autoscaling.maxReplicas }}
16 |   metrics:
17 |     {{- if .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
18 |     - type: Resource
19 |       resource:
20 |         name: cpu
21 |         targetAverageUtilization: {{ .Values.gateway.autoscaling.targetCPUUtilizationPercentage }}
22 |     {{- end }}
23 |     {{- if .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
24 |     - type: Resource
25 |       resource:
26 |         name: memory
27 |         targetAverageUtilization: {{ .Values.gateway.autoscaling.targetMemoryUtilizationPercentage }}
28 |     {{- end }}
29 | {{- end }}
30 | 


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/gatewayclass.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.controlPlane.enabled -}}
 2 | kind: GatewayClass
 3 | apiVersion: gateway.networking.k8s.io/v1
 4 | metadata:
 5 |   labels:
 6 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
 7 |   name: {{ .Values.gatewayClass.className }}
 8 | spec:
 9 |   controllerName: {{ .Values.gatewayClass.controllerName }}
10 | {{- end }}


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/rbac.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.controlPlane.enabled -}}
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | kind: ClusterRole
 4 | metadata:
 5 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}.{{.Release.Namespace}}
 6 |   labels:
 7 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
 8 |     {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
 9 | rules:
10 | - apiGroups:
11 |   - "gateway.networking.k8s.io"
12 |   resources:
13 |   - gatewayclasses
14 |   - gateways
15 |   - httproutes
16 |   - referencegrants
17 |   verbs: ["get", "list", "watch"]
18 | - apiGroups:
19 |   - ""
20 |   resources:
21 |   - services
22 |   - pods
23 |   - endpoints
24 |   - secrets
25 |   - namespaces
26 |   verbs: ["get", "list", "watch"]
27 | - apiGroups:
28 |   - "discovery.k8s.io"
29 |   resources:
30 |   - endpointslices
31 |   verbs: ["get", "list", "watch"]
32 | - apiGroups:
33 |   - "gateway.networking.k8s.io"
34 |   resources:
35 |   - gatewayclasses/status
36 |   - gateways/status
37 |   - httproutes/status
38 |   verbs: ["update", "patch"]
39 | ---
40 | apiVersion: rbac.authorization.k8s.io/v1
41 | kind: ClusterRoleBinding
42 | metadata:
43 |   labels:
44 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
45 |     {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
46 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}.{{.Release.Namespace}}-binding
47 | subjects:
48 | - kind: ServiceAccount
49 |   name: {{ include "gloo-gateway.controlPlane.serviceAccountName" . }}
50 |   namespace: {{ .Release.Namespace }}
51 | roleRef:
52 |   kind: ClusterRole
53 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}.{{.Release.Namespace}}
54 |   apiGroup: rbac.authorization.k8s.io
55 | ---
56 | apiVersion: rbac.authorization.k8s.io/v1
57 | kind: ClusterRole
58 | metadata:
59 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}-deploy.{{.Release.Namespace}}
60 |   labels:
61 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
62 |     {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
63 | rules:
64 | - apiGroups:
65 |   - ""
66 |   resources:
67 |   - services
68 |   - serviceaccounts
69 |   - configmaps
70 |   verbs: ["get", "list", "watch", "patch", "create"]
71 | - apiGroups:
72 |   - "apps"
73 |   resources:
74 |   - deployments
75 |   verbs: ["get", "list", "watch", "patch", "create"]
76 | ---
77 | apiVersion: rbac.authorization.k8s.io/v1
78 | kind: ClusterRoleBinding
79 | metadata:
80 |   labels:
81 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
82 |     {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
83 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}-deploy.{{.Release.Namespace}}-binding
84 | subjects:
85 | - kind: ServiceAccount
86 |   name: {{ include "gloo-gateway.controlPlane.serviceAccountName" . }}
87 |   namespace: {{ .Release.Namespace }}
88 | roleRef:
89 |   kind: ClusterRole
90 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}-deploy.{{.Release.Namespace}}
91 |   apiGroup: rbac.authorization.k8s.io
92 | {{- end }}


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/service.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.controlPlane.enabled -}}
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: {{ include "gloo-gateway.controlPlane.fullname" . }}
 6 |   labels:
 7 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
 8 |     {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
 9 | spec:
10 |   type: {{ .Values.controlPlane.service.type }}
11 |   ports:
12 |     - port: {{ .Values.controlPlane.service.port }}
13 |       targetPort: http
14 |       protocol: TCP
15 |       name: http
16 |   selector:
17 |     {{- include "gloo-gateway.controlPlane.selectorLabels" . | nindent 4 }}
18 | {{- end }}


--------------------------------------------------------------------------------
/gloo-edge/gloo-gateway-v2/2.0.0-beta1/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.controlPlane.enabled -}}
 2 | {{- if .Values.controlPlane.serviceAccount.create -}}
 3 | apiVersion: v1
 4 | kind: ServiceAccount
 5 | metadata:
 6 |   name: {{ include "gloo-gateway.controlPlane.serviceAccountName" . }}
 7 |   labels:
 8 |     {{- include "gloo-gateway.gateway.const_labels" . | nindent 4 }}
 9 |     {{- include "gloo-gateway.controlPlane.labels" . | nindent 4 }}
10 |   {{- with .Values.controlPlane.serviceAccount.annotations }}
11 |   annotations:
12 |     {{- toYaml . | nindent 4 }}
13 |   {{- end }}
14 | {{- end }}
15 | {{- end }}


--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-addons.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-mesh-addons
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     server: https://kubernetes.default.svc
11 |     namespace: gloo-mesh-addons
12 |   project: default
13 |   source:
14 |     chart: gloo-mesh-agent
15 |     helm:
16 |       skipCrds: true
17 |       parameters:
18 |       - name: ext-auth-service.enabled
19 |         value: 'true'
20 |       - name: rate-limiter.enabled
21 |         value: 'true'
22 |       - name: glooMeshAgent.enabled
23 |         value: 'false'
24 |     repoURL: https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-agent
25 |     targetRevision: 2.1.0-beta22
26 |   syncPolicy:
27 |     automated:
28 |       prune: true
29 |       selfHeal: true


--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-agent.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gm-enterprise-agent-mgmt
 5 |   namespace: argocd
 6 | spec:
 7 |   destination:
 8 |     server: https://kubernetes.default.svc
 9 |     namespace: gloo-mesh
10 |   source:
11 |     repoURL: 'https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-agent'
12 |     targetRevision: 2.1.0-beta22
13 |     chart: gloo-mesh-agent
14 |     helm:
15 |       skipCrds: true
16 |       #valueFiles:
17 |       #  - values.yaml
18 |       parameters:
19 |         - name: cluster
20 |           value: 'mgmt'
21 |         - name: relay.serverAddress
22 |           value: 'gloo-mesh-mgmt-server.gloo-mesh.svc.cluster.local:9900'
23 |         - name: relay.authority
24 |           value: 'gloo-mesh-mgmt-server.gloo-mesh'
25 |         - name: relay.clientTlsSecret.name
26 |           value: 'gloo-mesh-agent-mgmt-tls-cert'
27 |         - name: relay.clientTlsSecret.namespace
28 |           value: 'gloo-mesh'
29 |         - name: relay.rootTlsSecret.name
30 |           value: 'relay-root-tls-secret'
31 |         - name: relay.rootTlsSecret.namespace
32 |           value: 'gloo-mesh'
33 |         - name: ext-auth-service.enabled
34 |           value: 'false'
35 |         - name: rate-limiter.enabled
36 |           value: 'false'
37 |         - name: glooMeshAgent.enabled
38 |           value: 'true'
39 |         # enabled for future vault integration
40 |         - name: istiodSidecar.createRoleBinding
41 |           value: 'false'
42 |   syncPolicy:
43 |     automated:
44 |       prune: true
45 |       selfHeal: true
46 |     syncOptions:
47 |     - Replace=true
48 |     - ApplyOutOfSyncOnly=true
49 |   project: default
50 | 


--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-crds.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-mesh-crds
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   source:
11 |     repoURL: https://github.com/solo-io/gitops-library
12 |     targetRevision: HEAD
13 |     path: gloo-mesh/gloo-mesh-crds/2.1.0-beta22/
14 |   destination:
15 |     server: https://kubernetes.default.svc
16 |   syncPolicy:
17 |     automated:
18 |       prune: true
19 |       selfHeal: true


--------------------------------------------------------------------------------
/gloo-mesh/deploy/argo/gloo-mesh-ee-helm-disableca.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-mesh-enterprise-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     server: https://kubernetes.default.svc
11 |     namespace: gloo-mesh
12 |   project: default
13 |   source:
14 |     chart: gloo-mesh-enterprise
15 |     helm:
16 |       skipCrds: true
17 |       values: |
18 |         licenseSecretName: gloo-mesh-license
19 |         global:
20 |           cluster: mgmt
21 |         mgmtClusterName: mgmt
22 |         glooMeshMgmtServer:
23 |           serviceType: ClusterIP
24 |           relay:
25 |             disableCa: true
26 |             disableCaCertGeneration: true
27 |             tlsSecret:
28 |               name: relay-server-tls-secret
29 |           ports:
30 |             healthcheck: 8091
31 |         glooMeshUi:
32 |           serviceType: ClusterIP
33 |           enabled: true
34 |           deploymentOverrides:
35 |             spec:
36 |               template:
37 |                 metadata:
38 |                   annotations:
39 |                     sidecar.istio.io/inject: "true"
40 |                   labels:
41 |                     istio.io/rev: "1-13"
42 |     repoURL: https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise
43 |     targetRevision: 2.1.0-beta22
44 |   syncPolicy:
45 |     automated:
46 |       prune: true
47 |       selfHeal: true
48 |   # ignore the self-signed certs that are being generated automatically    
49 |   ignoreDifferences:
50 |   - group: v1
51 |     kind: Secret


--------------------------------------------------------------------------------
/gloo-mesh/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Gloo Mesh Enterprise
 4 | ```
 5 | helm repo add gloo-mesh-enterprise https://storage.googleapis.com/gloo-mesh-enterprise/gloo-mesh-enterprise
 6 | helm repo update
 7 | helm upgrade --install gloo-mesh-enterprise gloo-mesh-enterprise/gloo-mesh-enterprise --namespace gloo-mesh --create-namespace --version 2.1.0-beta25 --set-string licenseKey=$GM_LICENSE_KEY --values values.yaml
 8 | ```
 9 | 
10 | ### Uninstall
11 | ```
12 | helm uninstall gloo-mesh-enterprise -n gloo-mesh
13 | ```


--------------------------------------------------------------------------------
/gloo-mesh/deploy/helm-values/values.yaml:
--------------------------------------------------------------------------------
 1 | global:
 2 |   cluster: mgmt
 3 | mgmtClusterName: mgmt
 4 | glooMeshMgmtServer:
 5 |   serviceType: LoadBalancer
 6 |   ports:
 7 |     healthcheck: 8091
 8 | glooMeshUi:
 9 |   serviceType: ClusterIP
10 |   enabled: true


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.0/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.0/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.0/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.1/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.1/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.1/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.2/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.2/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.1.2/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.0/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.0/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.0/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.4/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.4/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.4/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.5/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.5/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.5/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.6/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.6/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.2.6/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.3.0-beta3/auth_config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: authconfigs.extauth.solo.io
 5 | spec:
 6 |   group: extauth.solo.io
 7 |   names:
 8 |     kind: AuthConfig
 9 |     listKind: AuthConfigList
10 |     plural: authconfigs
11 |     shortNames:
12 |       - ac
13 |     singular: authconfig
14 |   scope: Namespaced
15 |   versions:
16 |     - name: v1
17 |       schema:
18 |         openAPIV3Schema:
19 |           type: object
20 |           x-kubernetes-preserve-unknown-fields: true
21 |       served: true
22 |       storage: true
23 |       subresources:
24 |         status: {}
25 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.3.0-beta3/install.istio.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # SYNC WITH manifests/charts/base/files
 2 | apiVersion: apiextensions.k8s.io/v1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: istiooperators.install.istio.io
 6 |   labels:
 7 |     release: istio
 8 | spec:
 9 |   conversion:
10 |     strategy: None
11 |   group: install.istio.io
12 |   names:
13 |     kind: IstioOperator
14 |     listKind: IstioOperatorList
15 |     plural: istiooperators
16 |     singular: istiooperator
17 |     shortNames:
18 |     - iop
19 |     - io
20 |   scope: Namespaced
21 |   versions:
22 |   - additionalPrinterColumns:
23 |     - description: Istio control plane revision
24 |       jsonPath: .spec.revision
25 |       name: Revision
26 |       type: string
27 |     - description: IOP current state
28 |       jsonPath: .status.status
29 |       name: Status
30 |       type: string
31 |     - description: 'CreationTimestamp is a timestamp representing the server time
32 |         when this object was created. It is not guaranteed to be set in happens-before
33 |         order across separate operations. Clients may not set this value. It is represented
34 |         in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
35 |         lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
36 |       jsonPath: .metadata.creationTimestamp
37 |       name: Age
38 |       type: date
39 |     name: v1alpha1
40 |     subresources:
41 |       status: {}
42 |     schema:
43 |       openAPIV3Schema:
44 |         type: object
45 |         x-kubernetes-preserve-unknown-fields: true
46 |     served: true
47 |     storage: true
48 | ---
49 | 


--------------------------------------------------------------------------------
/gloo-mesh/gloo-mesh-crds/2.3.0-beta3/ratelimit.solo.io_v1alpha1_crds.yaml:
--------------------------------------------------------------------------------
 1 | # Code generated by skv2. DO NOT EDIT.
 2 | 
 3 | apiVersion: apiextensions.k8s.io/v1
 4 | kind: CustomResourceDefinition
 5 | metadata:
 6 |   annotations:
 7 |     crd.solo.io/specHash: 45f64ee3106a37ce
 8 |   labels:
 9 |     app: rate-limiter
10 |     app.kubernetes.io/name: rate-limiter
11 |   name: ratelimitconfigs.ratelimit.solo.io
12 | spec:
13 |   group: ratelimit.solo.io
14 |   names:
15 |     kind: RateLimitConfig
16 |     listKind: RateLimitConfigList
17 |     plural: ratelimitconfigs
18 |     shortNames:
19 |     - rlc
20 |     singular: ratelimitconfig
21 |   scope: Namespaced
22 |   versions:
23 |   - name: v1alpha1
24 |     schema:
25 |       openAPIV3Schema:
26 |         type: object
27 |         x-kubernetes-preserve-unknown-fields: true
28 |     served: true
29 |     storage: true
30 |     subresources:
31 |       status: {}
32 | 


--------------------------------------------------------------------------------
/gloo-portal/deploy/argo/gloo-portal-helm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: gloo-portal-helm
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   destination:
10 |     namespace: gloo-portal
11 |     server: https://kubernetes.default.svc
12 |   project: default
13 |   source:
14 |     chart: gloo-portal
15 |     helm:
16 |       values: |
17 |         glooEdge:
18 |           enabled: true
19 |         istio:
20 |           enabled: false
21 |         glooMesh:
22 |           enabled: false
23 |         licenseKey: 
24 |           secretRef:
25 |             name: license
26 |             namespace: gloo-system
27 |             key: license-key
28 |     repoURL: https://storage.googleapis.com/dev-portal-helm
29 |     targetRevision: 1.2.9
30 |   syncPolicy:
31 |     automated:
32 |       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
33 |       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
34 | 


--------------------------------------------------------------------------------
/gloo-portal/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Gloo Portal
 4 | ```
 5 | helm repo add gloo-portal https://storage.googleapis.com/dev-portal-helm
 6 | helm repo update
 7 | helm upgrade --install gloo-portal gloo-portal/gloo-portal --namespace gloo-portal --create-namespace --version 1.2.9 --values values.yaml
 8 | ```
 9 | 
10 | ### Uninstall
11 | ```
12 | helm uninstall gloo-portal -n gloo-portal
13 | ```


--------------------------------------------------------------------------------
/gloo-portal/deploy/helm-values/values.yaml:
--------------------------------------------------------------------------------
 1 | glooEdge:
 2 |   enabled: true
 3 | istio:
 4 |   enabled: false
 5 | glooMesh:
 6 |   enabled: false
 7 | licenseKey: 
 8 |   secretRef:
 9 |     name: license
10 |     namespace: gloo-system
11 |     key: license-key


--------------------------------------------------------------------------------
/helloworld/README.md:
--------------------------------------------------------------------------------
 1 | # helloworld argo rollouts
 2 | 
 3 | deploy helloworld argo rollout
 4 | ```
 5 | kubectl apply -f argo/app/argo-rollout/namespace/default/helloworld-rollout.yaml
 6 | ```
 7 | 
 8 | observe rollout
 9 | ```
10 | % kubectl get ro
11 | NAME         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE
12 | helloworld   1         1         1            1
13 | ```
14 | 
15 | watch rollout (in another terminal is recommended)
16 | ```
17 | kubectl argo rollouts get rollout helloworld --watch   
18 | ```
19 | 
20 | update rollout image to v2
21 | ```
22 | kubectl argo rollouts set image helloworld \
23 |   helloworld=docker.io/istio/examples-helloworld-v2
24 | ```
25 | 
26 | visualize trafficshift in virtualservice
27 | 
28 | in another tab you can watch your virtualservice to observe traffic shifting. You should see the weights shift from 100% stable incrementally to 100% canary, and then result in setting the canary to the stable tag once complete.
29 | ```
30 | kubectl get virtualservice helloworld-vsvc -o yaml -w
31 | ```
32 | 
33 | ## if you need to abort rollout
34 | ```
35 | kubectl argo rollouts abort helloworld
36 | ```
37 | 
38 | ## revert to desired state to complete abort
39 | ```
40 | kubectl argo rollouts set image helloworld \
41 |   helloworld=docker.io/istio/examples-helloworld-v1
42 | ```


--------------------------------------------------------------------------------
/helloworld/argo/app/argo-rollout/namespace/default/helloworld-rollout.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: helloworld-rollout
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   source:
11 |     repoURL: https://github.com/solo-io/gitops-library
12 |     targetRevision: HEAD
13 |     path: helloworld/overlay/app/argo-rollout/namespace/default/
14 |   destination:
15 |     server: https://kubernetes.default.svc
16 |   syncPolicy:
17 |     automated:
18 |       prune: false
19 |       selfHeal: false


--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/analysis.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: AnalysisTemplate
 3 | metadata:
 4 |   name: istio-success-rate
 5 | spec:
 6 |   # this analysis template requires a service name and namespace to be supplied to the query
 7 |   args:
 8 |   - name: service
 9 |   - name: namespace
10 |   metrics:
11 |   - name: success-rate
12 |     initialDelay: 30s
13 |     interval: 20s
14 |     successCondition: result[0] > 0.95
15 |     provider:
16 |       prometheus:
17 |         address: http://prometheus.istio-system:9090
18 |         query: >+
19 |           sum(irate(istio_requests_total{
20 |             reporter="source",
21 |             destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local",
22 |             response_code!~"5.*"}[40s])
23 |           )
24 |           /
25 |           sum(irate(istio_requests_total{
26 |             reporter="source",
27 |             destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local"}[40s])
28 |           )


--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/gateway.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.istio.io/v1alpha3
 2 | kind: Gateway
 3 | metadata:
 4 |   name: helloworld-gateway
 5 | spec:
 6 |   selector:
 7 |     istio: ingressgateway # use istio default controller
 8 |   servers:
 9 |   - port:
10 |       number: 80
11 |       name: http
12 |       protocol: HTTP
13 |     hosts:
14 |     - "*"
15 | ---
16 | apiVersion: networking.istio.io/v1alpha3
17 | kind: VirtualService
18 | metadata:
19 |   name: helloworld-vsvc
20 | spec:
21 |   gateways:
22 |   - helloworld-gateway
23 |   hosts:
24 |   - '*'
25 |   http:
26 |   - name: primary
27 |     match:
28 |     - uri:
29 |         exact: /hello
30 |     route:
31 |     - destination:
32 |         host: helloworld
33 |         port:
34 |           number: 5000
35 |         subset: stable  # referenced in canary.trafficRouting.istio.destinationRule.stableSubsetName
36 |       weight: 100
37 |     - destination:
38 |         host: helloworld
39 |         port:
40 |           number: 5000
41 |         subset: canary  # referenced in canary.trafficRouting.istio.destinationRule.canarySubsetName
42 |       weight: 0
43 | ---
44 | apiVersion: networking.istio.io/v1alpha3
45 | kind: DestinationRule
46 | metadata:
47 |   name: rollout-destrule
48 | spec:
49 |   host: helloworld
50 |   subsets:
51 |   - name: canary
52 |   - name: stable


--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | # list of Resource Config to be Applied
 6 | resources:
 7 | - rollout.yaml
 8 | - service.yaml
 9 | - analysis.yaml
10 | - gateway.yaml


--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/rollout.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Rollout
 3 | metadata:
 4 |   name: helloworld
 5 | spec:
 6 |   revisionHistoryLimit: 2
 7 |   selector:
 8 |     matchLabels:
 9 |       app: helloworld
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: helloworld
14 |     spec:
15 |       containers:
16 |       - name: helloworld
17 |         image: docker.io/istio/examples-helloworld-v1
18 |         imagePullPolicy: IfNotPresent #Always
19 |         ports:
20 |         - containerPort: 5000
21 |         resources:
22 |           requests:
23 |             cpu: "100m"
24 |   strategy:
25 |     canary:
26 |       # analysis will be performed in background, while rollout is progressing through its steps
27 |       analysis:
28 |         startingStep: 1   # index of step list, of when to start this analysis
29 |         templates:
30 |         - templateName: istio-success-rate
31 |         args:             # arguments allow AnalysisTemplates to be re-used
32 |         - name: service
33 |           value: helloworld
34 |         - name: namespace
35 |           valueFrom:
36 |             fieldRef:
37 |               fieldPath: metadata.namespace
38 |       trafficRouting:
39 |         istio:
40 |           virtualService:
41 |             name: helloworld-vsvc
42 |             routes:
43 |             - primary
44 |           destinationRule:
45 |             name: rollout-destrule    # required
46 |             canarySubsetName: canary  # required
47 |             stableSubsetName: stable  # required
48 |       steps:
49 |       - setWeight: 20
50 |       - pause: {duration: 30s}
51 |       - setWeight: 40
52 |       - pause: {duration: 30s}
53 |       - setWeight: 60
54 |       - pause: {duration: 30s}
55 |       - setWeight: 80
56 |       - pause: {duration: 30s}


--------------------------------------------------------------------------------
/helloworld/base/argo-rollout/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: helloworld
 5 |   labels:
 6 |     app: helloworld
 7 |     service: helloworld
 8 | spec:
 9 |   ports:
10 |   - port: 5000
11 |     name: http
12 |   selector:
13 |     app: helloworld


--------------------------------------------------------------------------------
/helloworld/deploy/yaml/analysis.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: AnalysisTemplate
 3 | metadata:
 4 |   name: istio-success-rate
 5 | spec:
 6 |   # this analysis template requires a service name and namespace to be supplied to the query
 7 |   args:
 8 |   - name: service
 9 |   - name: namespace
10 |   metrics:
11 |   - name: success-rate
12 |     initialDelay: 30s
13 |     interval: 20s
14 |     successCondition: result[0] > 0.95
15 |     provider:
16 |       prometheus:
17 |         address: http://prometheus.istio-system:9090
18 |         query: >+
19 |           sum(irate(istio_requests_total{
20 |             reporter="source",
21 |             destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local",
22 |             response_code!~"5.*"}[40s])
23 |           )
24 |           /
25 |           sum(irate(istio_requests_total{
26 |             reporter="source",
27 |             destination_service=~"{{args.service}}.{{args.namespace}}.svc.cluster.local"}[40s])
28 |           )


--------------------------------------------------------------------------------
/helloworld/deploy/yaml/gateway.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.istio.io/v1alpha3
 2 | kind: Gateway
 3 | metadata:
 4 |   name: helloworld-gateway
 5 | spec:
 6 |   selector:
 7 |     istio: ingressgateway # use istio default controller
 8 |   servers:
 9 |   - port:
10 |       number: 80
11 |       name: http
12 |       protocol: HTTP
13 |     hosts:
14 |     - "*"
15 | ---
16 | apiVersion: networking.istio.io/v1alpha3
17 | kind: VirtualService
18 | metadata:
19 |   name: helloworld-vsvc
20 | spec:
21 |   gateways:
22 |   - helloworld-gateway
23 |   hosts:
24 |   - '*'
25 |   http:
26 |   - name: primary
27 |     match:
28 |     - uri:
29 |         exact: /hello
30 |     route:
31 |     - destination:
32 |         host: helloworld
33 |         port:
34 |           number: 5000
35 |         subset: stable  # referenced in canary.trafficRouting.istio.destinationRule.stableSubsetName
36 |       weight: 100
37 |     - destination:
38 |         host: helloworld
39 |         port:
40 |           number: 5000
41 |         subset: canary  # referenced in canary.trafficRouting.istio.destinationRule.canarySubsetName
42 |       weight: 0
43 | ---
44 | apiVersion: networking.istio.io/v1alpha3
45 | kind: DestinationRule
46 | metadata:
47 |   name: rollout-destrule
48 | spec:
49 |   host: helloworld
50 |   subsets:
51 |   - name: canary
52 |   - name: stable


--------------------------------------------------------------------------------
/helloworld/deploy/yaml/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | # list of Resource Config to be Applied
 6 | resources:
 7 | - rollout.yaml
 8 | - service.yaml
 9 | - analysis.yaml
10 | - gateway.yaml


--------------------------------------------------------------------------------
/helloworld/deploy/yaml/rollout.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Rollout
 3 | metadata:
 4 |   name: helloworld
 5 | spec:
 6 |   revisionHistoryLimit: 2
 7 |   selector:
 8 |     matchLabels:
 9 |       app: helloworld
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: helloworld
14 |     spec:
15 |       containers:
16 |       - name: helloworld
17 |         image: docker.io/istio/examples-helloworld-v1
18 |         imagePullPolicy: IfNotPresent #Always
19 |         ports:
20 |         - containerPort: 5000
21 |         resources:
22 |           requests:
23 |             cpu: "100m"
24 |   strategy:
25 |     canary:
26 |       # analysis will be performed in background, while rollout is progressing through its steps
27 |       analysis:
28 |         startingStep: 1   # index of step list, of when to start this analysis
29 |         templates:
30 |         - templateName: istio-success-rate
31 |         args:             # arguments allow AnalysisTemplates to be re-used
32 |         - name: service
33 |           value: helloworld
34 |         - name: namespace
35 |           valueFrom:
36 |             fieldRef:
37 |               fieldPath: metadata.namespace
38 |       trafficRouting:
39 |         istio:
40 |           virtualService:
41 |             name: helloworld-vsvc
42 |             routes:
43 |             - primary
44 |           destinationRule:
45 |             name: rollout-destrule    # required
46 |             canarySubsetName: canary  # required
47 |             stableSubsetName: stable  # required
48 |       steps:
49 |       - setWeight: 20
50 |       - pause: {duration: 30s}
51 |       - setWeight: 40
52 |       - pause: {duration: 30s}
53 |       - setWeight: 60
54 |       - pause: {duration: 30s}
55 |       - setWeight: 80
56 |       - pause: {duration: 30s}


--------------------------------------------------------------------------------
/helloworld/deploy/yaml/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: helloworld
 5 |   labels:
 6 |     app: helloworld
 7 |     service: helloworld
 8 | spec:
 9 |   ports:
10 |   - port: 5000
11 |     name: http
12 |   selector:
13 |     app: helloworld


--------------------------------------------------------------------------------
/helloworld/overlay/app/argo-rollout/namespace/default/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | # list of Resource Config to be Applied
 6 | resources:
 7 | - ../../../../../base/argo-rollout/
 8 | 
 9 | namespace: default
10 | 
11 | 
12 | 
13 | 


--------------------------------------------------------------------------------
/homer-portal/config-examples/gloo-mesh/2.0.x/homer-rt-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   labels:
 5 |     expose: "true"
 6 |   name: homer-web-portal-rt-443
 7 |   namespace: web-portal
 8 | spec:
 9 |   hosts:
10 |   - 'homer.glootest.com'
11 |   - 'homer-local.glootest.com'
12 |   http:
13 |   - forwardTo:
14 |       destinations:
15 |       - port:
16 |           number: 8080
17 |         ref:
18 |           cluster: mgmt
19 |           name: homer-portal
20 |           namespace: web-portal
21 |     name: homer
22 |   virtualGateways:
23 |   - cluster: mgmt
24 |     name: mgmt-north-south-gw-443
25 |     namespace: istio-gateways
26 |   workloadSelectors: []


--------------------------------------------------------------------------------
/homer-portal/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Homer Link Portal
 4 | ```
 5 | helm repo add homer-portal https://k8s-at-home.com/charts/
 6 | helm repo update
 7 | helm upgrade --install homer k8s-at-home/homer --namespace web-portal --create-namespace --version 7.3.0 --values values.yaml
 8 | ```
 9 | 
10 | ### Uninstall
11 | ```
12 | helm uninstall homer -n web-portal
13 | ```


--------------------------------------------------------------------------------
/httpbin/config-examples/edge/httpbin-vs-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: httpbin-vs
 5 |   namespace: gloo-system
 6 | spec:
 7 |   virtualHost:
 8 |     domains:
 9 |     - '*'
10 |     routes:
11 |     - matchers:
12 |       - prefix: /
13 |       routeAction:
14 |         single:
15 |           upstream:
16 |             name: httpbin-httpbin-8000
17 |             namespace: gloo-system


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-extauth-policy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: security.policy.gloo.solo.io/v2
 2 | kind: ExtAuthPolicy
 3 | metadata:
 4 |   name: httpbin
 5 |   namespace: httpbin
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         oauth: "true"
11 |   config:
12 |     server:
13 |       name: mgmt-ext-auth-server
14 |       namespace: gloo-mesh
15 |       cluster: mgmt
16 |     glooAuth:
17 |       configs:
18 |       - oauth2:
19 |           oidcAuthorizationCode:
20 |             appUrl: https://httpbin-local.glootest.com
21 |             callbackPath: /callback
22 |             clientId: 0oa5zoq0xoGKtOSpg5d7
23 |             clientSecretRef:
24 |               name: httpbin-oidc-client-secret
25 |               namespace: httpbin
26 |             issuerUrl: https://dev-22653158.okta.com/oauth2/default
27 |             session:
28 |               failOnFetchFailure: true
29 |               redis:
30 |                 cookieName: okta-session
31 |                 options:
32 |                   host: redis.gloo-mesh-addons:6379
33 |                 allowRefreshing: false
34 |               cookieOptions:
35 |                 maxAge: "1800"
36 |             scopes:
37 |             - email
38 |             logoutPath: /logout
39 |             afterLogoutUrl: /get
40 |             headers:
41 |               idTokenHeader: Jwt
42 |               #idTokenHeader: x-id-token
43 |               #accessTokenHeader: x-access-token
44 |       - opaAuth:
45 |           modules:
46 |           - name: httpbin-opa
47 |             namespace: httpbin
48 |           query: "data.ehs.allow == true"


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-in-mesh.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: in-mesh
 5 |   namespace: httpbin
 6 | ---
 7 | apiVersion: v1
 8 | kind: Service
 9 | metadata:
10 |   name: in-mesh
11 |   namespace: httpbin
12 |   labels:
13 |     app: in-mesh
14 |     service: in-mesh
15 | spec:
16 |   ports:
17 |   - name: http
18 |     port: 8000
19 |     targetPort: 80
20 |   selector:
21 |     app: in-mesh
22 | ---
23 | apiVersion: apps/v1
24 | kind: Deployment
25 | metadata:
26 |   name: in-mesh
27 |   namespace: httpbin
28 | spec:
29 |   replicas: 1
30 |   selector:
31 |     matchLabels:
32 |       app: in-mesh
33 |       version: v1
34 |   template:
35 |     metadata:
36 |       labels:
37 |         app: in-mesh
38 |         version: v1
39 |         istio.io/rev: 1-13
40 |     spec:
41 |       serviceAccountName: in-mesh
42 |       containers:
43 |       - image: docker.io/kennethreitz/httpbin
44 |         imagePullPolicy: IfNotPresent
45 |         name: in-mesh
46 |         ports:
47 |         - containerPort: 80


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-jwt-transformationpolicy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: TransformationPolicy
 3 | metadata:
 4 |   name: modify-x-email-header
 5 |   namespace: httpbin
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         oauth: "true"
11 |   config:
12 |     phase:
13 |       postAuthz:
14 |         priority: 2
15 |     request:
16 |       injaTemplate:
17 |         extractors:
18 |           organization:
19 |             header: 'X-Email'
20 |             regex: '.*@(.*)$'
21 |             subgroup: 1
22 |         headers:
23 |           x-organization:
24 |             text: "{{ organization }}"


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-jwtpolicy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: security.policy.gloo.solo.io/v2
 2 | kind: JWTPolicy
 3 | metadata:
 4 |   name: httpbin
 5 |   namespace: httpbin
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         oauth: "true"
11 |   config:
12 |     phase:
13 |       postAuthz:
14 |         priority: 1
15 |     providers:
16 |       okta:
17 |         issuer: https://dev-22653158.okta.com/oauth2/default
18 |         tokenSource:
19 |           headers:
20 |           - name: jwt
21 |         remote:
22 |           # url grabbed from https://dev-22653158.okta.com/oauth2/default/.well-known/oauth-authorization-server
23 |           url: "https://dev-22653158.okta.com/oauth2/default/v1/keys/"
24 |           destinationRef:
25 |             ref:
26 |               name: okta-jwks
27 |               namespace: httpbin
28 |               cluster: mgmt
29 |             kind: EXTERNAL_SERVICE
30 |             port: 
31 |               number: 443
32 |           enableAsyncFetch: true
33 |         claimsToHeaders:
34 |         - claim: email
35 |           header: X-Email
36 |         - claim: groups
37 |           header: X-Groups


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-not-in-mesh.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: not-in-mesh
 5 |   namespace: httpbin
 6 | ---
 7 | apiVersion: v1
 8 | kind: Service
 9 | metadata:
10 |   name: not-in-mesh
11 |   namespace: httpbin
12 |   labels:
13 |     app: not-in-mesh
14 |     service: not-in-mesh
15 | spec:
16 |   ports:
17 |   - name: http
18 |     port: 8000
19 |     targetPort: 80
20 |   selector:
21 |     app: not-in-mesh
22 | ---
23 | apiVersion: apps/v1
24 | kind: Deployment
25 | metadata:
26 |   name: not-in-mesh
27 |   namespace: httpbin
28 | spec:
29 |   replicas: 1
30 |   selector:
31 |     matchLabels:
32 |       app: not-in-mesh
33 |       version: v1
34 |   template:
35 |     metadata:
36 |       labels:
37 |         app: not-in-mesh
38 |         version: v1
39 |     spec:
40 |       serviceAccountName: not-in-mesh
41 |       containers:
42 |       - image: docker.io/kennethreitz/httpbin
43 |         imagePullPolicy: IfNotPresent
44 |         name: not-in-mesh
45 |         ports:
46 |         - containerPort: 80


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: httpbin


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-oauth-rt-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   name: httpbin-rt-443
 5 |   namespace: httpbin
 6 |   labels:
 7 |     expose: "true"
 8 | spec:
 9 |   hosts:
10 |     - 'httpbin.glootest.com'
11 |     - 'httpbin-local.glootest.com'
12 |   virtualGateways:
13 |     - name: mgmt-north-south-gw-443
14 |       namespace: istio-gateways
15 |       cluster: mgmt
16 |   workloadSelectors: []
17 |   http:
18 |     - name: httpbin
19 |       labels:
20 |         oauth: "true"
21 |         waf: "true"
22 |       matchers:
23 |       - uri:
24 |           exact: /get
25 |       - uri:
26 |           prefix: /callback
27 |       - uri:
28 |           prefix: /logout
29 |       - uri:
30 |           prefix: /anything
31 |       forwardTo:
32 |         destinations:
33 |         - ref:
34 |             name: in-mesh
35 |             namespace: httpbin
36 |           port:
37 |             number: 8000


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-oidc-client-secret.yaml:
--------------------------------------------------------------------------------
1 | # secrets must be in each namespace
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 |   name: httpbin-oidc-client-secret
6 |   namespace: httpbin
7 | type: extauth.solo.io/oauth
8 | data:
9 |   client-secret: X01TOVBKNTJOcFVKzzhIajJuRTR6ajkwaFg2QkZrVzYxU2RhWEpmRQ==


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-okta-jwks-externalendpoint.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: ExternalEndpoint
 3 | metadata:
 4 |   name: okta-jwks
 5 |   namespace: httpbin
 6 |   labels:
 7 |     host: okta-jwks
 8 | spec:
 9 |   # This external endpoint identifies the host where Okta publishes the jwks_uri endpoint for my dev account
10 |   # See https://dev-22653158-admin.okta.com/oauth2/default/.well-known/oauth-authorization-server
11 |   address: dev-22653158.okta.com
12 |   ports:
13 |   - name: https
14 |     number: 443


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-okta-jwks-externalservice.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: ExternalService
 3 | metadata:
 4 |   name: okta-jwks
 5 |   namespace: httpbin
 6 |   labels:
 7 |     expose: "true"
 8 | spec:
 9 |   hosts:
10 |   - okta-jwks.external
11 |   ports:
12 |   - name: https
13 |     number: 443
14 |     protocol: HTTPS
15 |     clientsideTls: {}
16 |   selector:
17 |     host: okta-jwks


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-opa-policy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: httpbin-opa
 5 |   namespace: httpbin
 6 | data:
 7 |   policy.rego: |-
 8 |     package ehs
 9 | 
10 |     default allow = false
11 | 
12 |     allow {
13 |         [header, payload, signature] = io.jwt.decode(input.state.jwt)
14 |         endswith(payload["email"], "@solo.io")
15 |         any({input.http_request.path == "/get",
16 |         startswith(input.http_request.path, "/anything")
17 |     })
18 |         any({input.http_request.method == "GET",
19 |              input.http_request.method == "POST",
20 |              input.http_request.method == "PUT",
21 |              input.http_request.method == "DELETE",
22 |     })
23 |     }
24 |     allow {
25 |         [header, payload, signature] = io.jwt.decode(input.state.jwt)
26 |         endswith(payload["email"], "@gmail.com")
27 |         input.http_request.path == "/anything/protected"
28 |         any({input.http_request.method == "GET",
29 |              input.http_request.method == "POST",
30 |              input.http_request.method == "PUT",
31 |              input.http_request.method == "DELETE",
32 |     })
33 |     }


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimit-transformationpolicy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: TransformationPolicy
 3 | metadata:
 4 |   name: ratelimit-transformation
 5 |   namespace: httpbin
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         ratelimited: "true"
11 |   config:
12 |     phase:
13 |       preAuthz:
14 |         priority: 0
15 |     response:
16 |       injaTemplate:
17 |         #headers:
18 |         #  ":status":
19 |         #    text: '{% if header(":status") == "405" %}201{% else if header(":status") == "429" %}529{% else %}{{ header(":status") }}{% endif %}'  
20 |         #body:
21 |         #  text: '{% if header(":status") == "429" %}{ "response_code": "529" }{% else if header(":status") == "405" %}{ "response_code": "201" }{% else %}{ "response_code": "201" }{% endif %}'
22 |         body:
23 |           text: '{% if header(":status") == "429" %}<html><body style="background-color:powderblue;"><h1>Too
24 |             many Requests!</h1><p>Try again after a minute</p></body></html>{%
25 |             else %}{{ body() }}{% endif %}'
26 |         parseBodyBehavior: DontParse


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitclientconfig.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: RateLimitClientConfig
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: httpbin
 7 |   namespace: httpbin
 8 | spec:
 9 |   raw:
10 |     rateLimits:
11 |     - actions:
12 |       - genericKey:
13 |           descriptorValue: "per-minute"
14 |       - remoteAddress: {}


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitpolicy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: trafficcontrol.policy.gloo.solo.io/v2
 2 | kind: RateLimitPolicy
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: httpbin
 7 |   namespace: httpbin
 8 | spec:
 9 |   applyToRoutes:
10 |   - route:
11 |       labels:
12 |         ratelimited: "true"
13 |   config:
14 |     ratelimitClientConfig:
15 |       cluster: mgmt
16 |       name: httpbin
17 |       namespace: httpbin
18 |     ratelimitServerConfig:
19 |       cluster: mgmt
20 |       name: httpbin
21 |       namespace: gloo-mesh-addons
22 |     serverSettings:
23 |       cluster: mgmt
24 |       name: rate-limit-server
25 |       namespace: httpbin
26 | 


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitserverconfig.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: RateLimitServerConfig
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: httpbin
 7 |   namespace: gloo-mesh-addons
 8 | spec:
 9 |   destinationServers:
10 |   - port:
11 |       name: grpc
12 |     ref:
13 |       cluster: mgmt
14 |       name: rate-limiter
15 |       namespace: gloo-mesh-addons
16 |   raw:
17 |     descriptors:
18 |       - key: generic_key
19 |         value: "per-minute"
20 |         descriptors:
21 |           - key: remote_address
22 |             rateLimit:
23 |               requestsPerUnit: 20
24 |               unit: MINUTE


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-ratelimitserversettings.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: RateLimitServerSettings
 3 | metadata:
 4 |   labels:
 5 |     workspace.solo.io/exported: "true"
 6 |   name: rate-limit-server
 7 |   namespace: httpbin
 8 | spec:
 9 |   destinationServer:
10 |     port:
11 |       name: grpc
12 |     ref:
13 |       cluster: mgmt
14 |       name: rate-limiter
15 |       namespace: gloo-mesh-addons


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-rt-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   name: httpbin-rt-80
 5 |   namespace: httpbin
 6 |   labels:
 7 |     expose: "true"
 8 | spec:
 9 |   hosts:
10 |     - 'httpbin.glootest.com'
11 |     - 'httpbin-local.glootest.com'
12 |   virtualGateways:
13 |     - name: mgmt-north-south-gw-80
14 |       namespace: istio-gateways
15 |       cluster: mgmt
16 |   workloadSelectors: []
17 |   http:
18 |     - name: httpbin
19 |       matchers:
20 |       - uri:
21 |           exact: /get
22 |       - uri:
23 |           prefix: /anything
24 |       forwardTo:
25 |         destinations:
26 |         - ref:
27 |             name: in-mesh
28 |             namespace: httpbin
29 |           port:
30 |             number: 8000
31 |       labels:
32 |         ratelimited: "true"
33 |         waf: "true"


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-wafpolicy-log4shell.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: security.policy.gloo.solo.io/v2
 2 | kind: WAFPolicy
 3 | metadata:
 4 |   name: httpbin-log4shell
 5 |   namespace: httpbin
 6 | spec:
 7 |   applyToRoutes:
 8 |   - route:
 9 |       labels:
10 |         waf: "true"
11 |   config:
12 |     customInterventionMessage: Log4Shell malicious payload
13 |     customRuleSets:
14 |     - ruleStr: "SecRuleEngine On\nSecRequestBodyAccess On\nSecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@*
15 |         \ \n  \"@rx \\${jndi:(?:ldaps?|iiop|dns|rmi)://\" \n  \"id:1000,phase:2,deny,status:403,log,msg:'Potential
16 |         Remote Command Execution: Log4j CVE-2021-44228'\""
17 |     disableCoreRuleSet: true


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-workspace.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: Workspace
 3 | metadata:
 4 |   name: httpbin
 5 |   namespace: gloo-mesh
 6 |   labels:
 7 |     allow_ingress: "true"
 8 | spec:
 9 |   workloadClusters:
10 |   - name: mgmt
11 |     namespaces:
12 |     - name: httpbin


--------------------------------------------------------------------------------
/httpbin/config-examples/gloo-mesh/2.0.x/httpbin-workspacesettings.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: WorkspaceSettings
 3 | metadata:
 4 |   name: httpbin
 5 |   namespace: httpbin
 6 | spec:
 7 |   importFrom:
 8 |   - workspaces:
 9 |     - name: gateways
10 |     resources:
11 |     - kind: SERVICE
12 |   exportTo:
13 |   - workspaces:
14 |     - name: gateways
15 |     resources:
16 |     - kind: SERVICE
17 |       labels:
18 |         app: in-mesh
19 |     - kind: ALL
20 |       labels:
21 |         expose: "true"


--------------------------------------------------------------------------------
/httpbin/deploy/yaml/httpbin.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Namespace
 3 | metadata:
 4 |   name: httpbin
 5 | ---
 6 | apiVersion: v1
 7 | kind: ServiceAccount
 8 | metadata:
 9 |   name: httpbin
10 |   namespace: httpbin
11 | ---
12 | apiVersion: v1
13 | kind: Service
14 | metadata:
15 |   labels:
16 |     app: httpbin
17 |   name: httpbin
18 |   namespace: httpbin
19 | spec:
20 |   ports:
21 |   - name: http
22 |     port: 8000
23 |     targetPort: 80
24 |   selector:
25 |     app: httpbin
26 | ---
27 | apiVersion: apps/v1
28 | kind: Deployment
29 | metadata:
30 |   name: httpbin
31 |   namespace: httpbin
32 | spec:
33 |   replicas: 1
34 |   selector:
35 |     matchLabels:
36 |       app: httpbin
37 |       version: v1
38 |   template:
39 |     metadata:
40 |       labels:
41 |         app: httpbin
42 |         version: v1
43 |     spec:
44 |       containers:
45 |       - image: docker.io/kennethreitz/httpbin
46 |         imagePullPolicy: IfNotPresent
47 |         name: httpbin
48 |         ports:
49 |         - containerPort: 80
50 |       serviceAccountName: httpbin


--------------------------------------------------------------------------------
/istio/dashboards/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | configMapGenerator:
 6 | - name: istio-dashboards
 7 |   files:
 8 |   - istio-extension-dashboard.json
 9 |   - istio-mesh-dashboard.json
10 |   - istio-performance-dashboard.json
11 |   - istio-service-dashboard.json
12 |   - istio-workload-dashboard.json
13 |   - pilot-dashboard.json
14 | generatorOptions:
15 |   disableNameSuffixHash: true
16 |   labels:
17 |     grafana_dashboard: "1"
18 |     


--------------------------------------------------------------------------------
/istio/deploy/addons/jaeger.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: apps/v1
  2 | kind: Deployment
  3 | metadata:
  4 |   name: jaeger
  5 |   namespace: istio-system
  6 |   labels:
  7 |     app: jaeger
  8 | spec:
  9 |   selector:
 10 |     matchLabels:
 11 |       app: jaeger
 12 |   template:
 13 |     metadata:
 14 |       labels:
 15 |         app: jaeger
 16 |       annotations:
 17 |         sidecar.istio.io/inject: "false"
 18 |         prometheus.io/scrape: "true"
 19 |         prometheus.io/port: "14269"
 20 |     spec:
 21 |       containers:
 22 |         - name: jaeger
 23 |           image: "docker.io/jaegertracing/all-in-one:1.23"
 24 |           env:
 25 |             - name: BADGER_EPHEMERAL
 26 |               value: "false"
 27 |             - name: SPAN_STORAGE_TYPE
 28 |               value: "badger"
 29 |             - name: BADGER_DIRECTORY_VALUE
 30 |               value: "/badger/data"
 31 |             - name: BADGER_DIRECTORY_KEY
 32 |               value: "/badger/key"
 33 |             - name: COLLECTOR_ZIPKIN_HOST_PORT
 34 |               value: ":9411"
 35 |             - name: MEMORY_MAX_TRACES
 36 |               value: "50000"
 37 |             - name: QUERY_BASE_PATH
 38 |               value: /jaeger
 39 |           livenessProbe:
 40 |             httpGet:
 41 |               path: /
 42 |               port: 14269
 43 |           readinessProbe:
 44 |             httpGet:
 45 |               path: /
 46 |               port: 14269
 47 |           volumeMounts:
 48 |             - name: data
 49 |               mountPath: /badger
 50 |           resources:
 51 |             requests:
 52 |               cpu: 10m
 53 |       volumes:
 54 |         - name: data
 55 |           emptyDir: {}
 56 | ---
 57 | apiVersion: v1
 58 | kind: Service
 59 | metadata:
 60 |   name: tracing
 61 |   namespace: istio-system
 62 |   labels:
 63 |     app: jaeger
 64 | spec:
 65 |   type: ClusterIP
 66 |   ports:
 67 |     - name: http-query
 68 |       port: 80
 69 |       protocol: TCP
 70 |       targetPort: 16686
 71 |     # Note: Change port name if you add '--query.grpc.tls.enabled=true'
 72 |     - name: grpc-query
 73 |       port: 16685
 74 |       protocol: TCP
 75 |       targetPort: 16685
 76 |   selector:
 77 |     app: jaeger
 78 | ---
 79 | # Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
 80 | apiVersion: v1
 81 | kind: Service
 82 | metadata:
 83 |   labels:
 84 |     name: zipkin
 85 |   name: zipkin
 86 |   namespace: istio-system
 87 | spec:
 88 |   ports:
 89 |     - port: 9411
 90 |       targetPort: 9411
 91 |       name: http-query
 92 |   selector:
 93 |     app: jaeger
 94 | ---
 95 | apiVersion: v1
 96 | kind: Service
 97 | metadata:
 98 |   name: jaeger-collector
 99 |   namespace: istio-system
100 |   labels:
101 |     app: jaeger
102 | spec:
103 |   type: ClusterIP
104 |   ports:
105 |   - name: jaeger-collector-http
106 |     port: 14268
107 |     targetPort: 14268
108 |     protocol: TCP
109 |   - name: jaeger-collector-grpc
110 |     port: 14250
111 |     targetPort: 14250
112 |     protocol: TCP
113 |   - port: 9411
114 |     targetPort: 9411
115 |     name: http-zipkin
116 |   selector:
117 |     app: jaeger
118 | 


--------------------------------------------------------------------------------
/istio/deploy/addons/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | # list of Resource Config to be Applied
 6 | resources:
 7 | - grafana.yaml
 8 | - jaeger.yaml
 9 | - kiali.yaml
10 | - prometheus.yaml


--------------------------------------------------------------------------------
/istio/deploy/argo/istio-base.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: istio-base
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 |   annotations:
 9 |     argocd.argoproj.io/sync-wave: "-3"
10 | spec:
11 |   destination:
12 |     server: https://kubernetes.default.svc
13 |     namespace: istio-system
14 |   project: default
15 |   source:
16 |     chart: base
17 |     repoURL: https://istio-release.storage.googleapis.com/charts
18 |     targetRevision: 1.13.4
19 |   syncPolicy:
20 |     automated:
21 |       prune: true
22 |       selfHeal: true


--------------------------------------------------------------------------------
/istio/deploy/argo/istio-eastwestgateway.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: istio-eastwestgateway
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 |   annotations:
 9 |     argocd.argoproj.io/sync-wave: "0"
10 | spec:
11 |   destination:
12 |     server: https://kubernetes.default.svc
13 |     namespace: istio-gateways
14 |   project: default
15 |   source:
16 |     chart: gateway
17 |     repoURL: https://istio-release.storage.googleapis.com/charts
18 |     targetRevision: 1.13.4
19 |     helm:
20 |       values: |
21 |         # Name allows overriding the release name. Generally this should not be set
22 |         name: "istio-eastwestgateway"
23 |         # revision declares which revision this gateway is a part of
24 |         revision: "1-13"
25 |         
26 |         replicaCount: 1
27 |         
28 |         service:
29 |           # Type of service. Set to "None" to disable the service entirely
30 |           type: LoadBalancer
31 |           ports:
32 |           - name: tcp-status-port
33 |             port: 15021
34 |             targetPort: 15021
35 |           - name: tls
36 |             port: 15443
37 |             targetPort: 15443
38 |           - name: tcp-istiod
39 |             port: 15012
40 |             targetPort: 15012
41 |           - name: tcp-webhook
42 |             port: 15017
43 |             targetPort: 15017
44 |           annotations: {}
45 |           loadBalancerIP: ""
46 |           loadBalancerSourceRanges: []
47 |           externalTrafficPolicy: ""
48 |         
49 |         # Pod environment variables
50 |         env:
51 |           ISTIO_META_ROUTER_MODE: "sni-dnat"
52 |           ISTIO_META_REQUESTED_NETWORK_VIEW: "network1"
53 |           
54 |         annotations:
55 |           proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
56 |         
57 |         # Labels to apply to all resources
58 |         labels:
59 |           istio.io/rev: 1-13
60 |           istio: eastwestgateway
61 |           topology.istio.io/network: network1
62 |   syncPolicy:
63 |     automated: {}


--------------------------------------------------------------------------------
/istio/deploy/argo/istio-ingressgateway.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: istio-ingressgateway
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 |   annotations:
 9 |     argocd.argoproj.io/sync-wave: "-1"
10 | spec:
11 |   destination:
12 |     server: https://kubernetes.default.svc
13 |     namespace: istio-gateways
14 |   project: default
15 |   source:
16 |     chart: gateway
17 |     repoURL: https://istio-release.storage.googleapis.com/charts
18 |     targetRevision: 1.13.4
19 |     helm:
20 |       values: |
21 |         # Name allows overriding the release name. Generally this should not be set
22 |         name: ""
23 |         # revision declares which revision this gateway is a part of
24 |         revision: "1-13"
25 |         
26 |         replicaCount: 1
27 |         
28 |         service:
29 |           # Type of service. Set to "None" to disable the service entirely
30 |           type: LoadBalancer
31 |           ports:
32 |           - name: http2
33 |             port: 80
34 |             protocol: TCP
35 |             targetPort: 80
36 |           - name: https
37 |             port: 443
38 |             protocol: TCP
39 |             targetPort: 443
40 |           annotations: {}
41 |           loadBalancerIP: ""
42 |           loadBalancerSourceRanges: []
43 |           externalTrafficPolicy: ""
44 |         
45 |         # Pod environment variables
46 |         env: {}
47 | 
48 |         annotations:
49 |           proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
50 |         
51 |         # Labels to apply to all resources
52 |         labels:
53 |           istio.io/rev: 1-13
54 |           istio: ingressgateway
55 |   syncPolicy:
56 |     automated: {}


--------------------------------------------------------------------------------
/istio/deploy/argo/istiod.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: istiod
 5 |   namespace: argocd
 6 |   finalizers:
 7 |   - resources-finalizer.argocd.argoproj.io
 8 |   annotations:
 9 |     argocd.argoproj.io/sync-wave: "-2"
10 | spec:
11 |   destination:
12 |     server: https://kubernetes.default.svc
13 |     namespace: istio-system
14 |   project: default
15 |   source:
16 |     chart: istiod
17 |     repoURL: https://istio-release.storage.googleapis.com/charts
18 |     targetRevision: 1.13.4
19 |     helm:
20 |       values: |
21 |         revision: 1-13
22 |         global:
23 |           meshID: mesh1
24 |           multiCluster:
25 |             clusterName: cluster1
26 |           network: network1
27 |           hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
28 |           tag: 1.13.4-solo
29 |         meshConfig:
30 |           trustDomain: cluster1
31 |           accessLogFile: /dev/stdout
32 |           enableAutoMtls: true
33 |           defaultConfig:
34 |             envoyMetricsService:
35 |               address: gloo-mesh-agent.gloo-mesh:9977
36 |             envoyAccessLogService:
37 |               address: gloo-mesh-agent.gloo-mesh:9977
38 |             proxyMetadata:
39 |               ISTIO_META_DNS_CAPTURE: "true"
40 |               ISTIO_META_DNS_AUTO_ALLOCATE: "true"
41 |               GLOO_MESH_CLUSTER_NAME: cluster1
42 |         pilot:
43 |           env:
44 |             PILOT_ENABLE_K8S_SELECT_WORKLOAD_ENTRIES: "false"
45 |             PILOT_SKIP_VALIDATE_TRUST_DOMAIN: "true"
46 |   syncPolicy:
47 |     #automated:
48 |     #  prune: false
49 |     #  selfHeal: false
50 |     automated: {}
51 |   ignoreDifferences:
52 |   - group: '*'
53 |     kind: '*'
54 |     managedFieldsManagers:
55 |     - argocd-application-controller


--------------------------------------------------------------------------------
/istio/deploy/helm-values/README.md:
--------------------------------------------------------------------------------
 1 | # Installing with Helm
 2 | 
 3 | ## Istio and Istio Ingress Gateways
 4 | 
 5 | First of all, let's Download the Istio release 1.13.4:
 6 | ```bash
 7 | export ISTIO_VERSION=1.13.4
 8 | curl -L https://istio.io/downloadIstio | sh -
 9 | ```
10 | 
11 | Then, you need to create the `istio-system` and the `istio-gateways` namespaces on the first cluster.
12 | ```bash
13 | kubectl create ns istio-system
14 | kubectl create ns istio-gateways
15 | ```
16 | 
17 | Now, let's deploy the Istio control plane on the first cluster:
18 | ```bash
19 | helm upgrade --install istio-base ./istio-1.13.4/manifests/charts/base -n istio-system --set defaultRevision=1-13
20 | 
21 | helm upgrade --install istio-1.13.4 ./istio-1.13.4/manifests/charts/istio-control/istio-discovery -n istio-system --values istiod-values.yaml
22 | ```
23 | 
24 | After that, you can deploy the gateway(s):
25 | ```bash
26 | kubectl label namespace istio-gateways istio.io/rev=1-13
27 | 
28 | helm upgrade --install istio-ingressgateway ./istio-1.13.4/manifests/charts/gateways/istio-ingress -n istio-gateways --values istio-ingressgateway-values.yaml
29 | 
30 | helm upgrade --install istio-eastwestgateway ./istio-1.13.4/manifests/charts/gateways/istio-ingress -n istio-gateways --values istio-eastwestgateway-values.yaml
31 | ```
32 | 
33 | As you can see, we deploy the control plane (istiod) in the `istio-system` and gateway(s) in the `istio-gateways` namespace.
34 | 
35 | One gateway will be used for ingress traffic while the other one will be used for cross cluster communications. It's not mandatory to use separate gateways, but it's a best practice.
36 | 
37 | Run the following command until all the Istio Pods are ready:
38 | ```bash
39 | kubectl get pods -n istio-system && kubectl get pods -n istio-gateways
40 | ```
41 | 
42 | When they are ready, you should get this output:
43 | ```
44 | NAME                      READY   STATUS    RESTARTS   AGE
45 | istiod-5c669bcf6f-2hn6c   1/1     Running   0          3m7s
46 | NAME                                     READY   STATUS    RESTARTS   AGE
47 | istio-eastwestgateway-77f79cdb47-f4r7k   1/1     Running   0          2m53s
48 | istio-ingressgateway-744fcf4fb-5dc7q     1/1     Running   0          2m44s
49 | ```
50 | 


--------------------------------------------------------------------------------
/istio/deploy/helm-values/istio-eastwestgateway-values.yaml:
--------------------------------------------------------------------------------
 1 | global:
 2 |   hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
 3 |   tag: 1.13.4-solo
 4 | gateways:
 5 |   istio-ingressgateway:
 6 |     name: istio-eastwestgateway
 7 |     namespace: istio-gateways
 8 |     labels:
 9 |       istio: eastwestgateway
10 |       topology.istio.io/network: network1
11 |     injectionTemplate: gateway
12 |     ports:
13 |     - name: tcp-status-port
14 |       port: 15021
15 |       targetPort: 15021
16 |     - name: tls
17 |       port: 15443
18 |       targetPort: 15443
19 |     - name: tcp-istiod
20 |       port: 15012
21 |       targetPort: 15012
22 |     - name: tcp-webhook
23 |       port: 15017
24 |       targetPort: 15017
25 |     env:
26 |       ISTIO_META_ROUTER_MODE: "sni-dnat"
27 |       ISTIO_META_REQUESTED_NETWORK_VIEW: "network1"


--------------------------------------------------------------------------------
/istio/deploy/helm-values/istio-ingressgateway-values.yaml:
--------------------------------------------------------------------------------
 1 | # Name allows overriding the release name. Generally this should not be set
 2 | name: ""
 3 | # revision declares which revision this gateway is a part of
 4 | revision: "1-13"
 5 | 
 6 | replicaCount: 1
 7 | 
 8 | service:
 9 |   # Type of service. Set to "None" to disable the service entirely
10 |   type: LoadBalancer
11 |   ports:
12 |   - name: http2
13 |     port: 80
14 |     protocol: TCP
15 |     targetPort: 80
16 |   - name: https
17 |     port: 443
18 |     protocol: TCP
19 |     targetPort: 443
20 |   annotations: {}
21 |   loadBalancerIP: ""
22 |   loadBalancerSourceRanges: []
23 |   externalTrafficPolicy: ""
24 | 
25 | # Pod environment variables
26 | env:
27 | annotations:
28 |   proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
29 | 
30 | # Labels to apply to all resources
31 | labels:
32 |   istio.io/rev: 1-13
33 |   istio: ingressgateway


--------------------------------------------------------------------------------
/istio/deploy/helm-values/istiod-values.yaml:
--------------------------------------------------------------------------------
 1 | revision: 1-13
 2 | global:
 3 |   meshID: mesh1
 4 |   multiCluster:
 5 |     clusterName: cluster1
 6 |   network: network1
 7 |   hub: us-docker.pkg.dev/gloo-mesh/istio-workshops
 8 |   tag: 1.13.4-solo
 9 | meshConfig:
10 |   trustDomain: cluster1
11 |   accessLogFile: /dev/stdout
12 |   enableAutoMtls: true
13 |   defaultConfig:
14 |     envoyMetricsService:
15 |       address: gloo-mesh-agent.gloo-mesh:9977
16 |     envoyAccessLogService:
17 |       address: gloo-mesh-agent.gloo-mesh:9977
18 |     proxyMetadata:
19 |       ISTIO_META_DNS_CAPTURE: "true"
20 |       ISTIO_META_DNS_AUTO_ALLOCATE: "true"
21 |       GLOO_MESH_CLUSTER_NAME: cluster1
22 | pilot:
23 |   env:
24 |     PILOT_ENABLE_K8S_SELECT_WORKLOAD_ENTRIES: "false"
25 |     PILOT_SKIP_VALIDATE_TRUST_DOMAIN: "true"


--------------------------------------------------------------------------------
/keycloak/config-examples/edge/keycloak-vs-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: keycloak-http-vs
 5 |   namespace: gloo-system
 6 | spec:
 7 |   sslConfig:
 8 |     secretRef:
 9 |       name: upstream-tls
10 |       namespace: gloo-system
11 |   virtualHost:
12 |     domains:
13 |     - '*'
14 |     routes:
15 |     - matchers:
16 |       - prefix: /
17 |       routeAction:
18 |         single:
19 |           upstream:
20 |             name: default-keycloak-8080
21 |             namespace: gloo-system


--------------------------------------------------------------------------------
/keycloak/config-examples/edge/keycloak-vs-80.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: gateway.solo.io/v1
 2 | kind: VirtualService
 3 | metadata:
 4 |   name: keycloak-http-vs
 5 |   namespace: gloo-system
 6 | spec:
 7 |   virtualHost:
 8 |     domains:
 9 |     - '*'
10 |     routes:
11 |     - matchers:
12 |       - prefix: /
13 |       routeAction:
14 |         single:
15 |           upstream:
16 |             name: default-keycloak-8080
17 |             namespace: gloo-system


--------------------------------------------------------------------------------
/keycloak/deploy/yaml/keycloak-12.0.4.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: keycloak
 6 |   name: keycloak
 7 | spec:
 8 |   ports:
 9 |   - name: http
10 |     port: 8080
11 |     targetPort: 8080
12 |   selector:
13 |     app: keycloak
14 |   type: ClusterIP
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 |   labels:
20 |     app: keycloak
21 |   name: keycloak
22 | spec:
23 |   replicas: 1
24 |   selector:
25 |     matchLabels:
26 |       app: keycloak
27 |   template:
28 |     metadata:
29 |       labels:
30 |         app: keycloak
31 |     spec:
32 |       containers:
33 |       - env:
34 |         - name: KEYCLOAK_USER
35 |           value: admin
36 |         - name: KEYCLOAK_PASSWORD
37 |           value: admin
38 |         - name: PROXY_ADDRESS_FORWARDING
39 |           value: "true"
40 |         image: quay.io/keycloak/keycloak:12.0.4
41 |         name: keycloak
42 |         ports:
43 |         - containerPort: 8080
44 |           name: http
45 |         - containerPort: 8443
46 |           name: https
47 |         readinessProbe:
48 |           httpGet:
49 |             path: /auth/realms/master
50 |             port: 8080
51 |           initialDelaySeconds: 10
52 |           timeoutSeconds: 10


--------------------------------------------------------------------------------
/keycloak/deploy/yaml/keycloak-15.0.2.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: keycloak
 6 |   name: keycloak
 7 | spec:
 8 |   ports:
 9 |   - name: http
10 |     port: 8080
11 |     targetPort: 8080
12 |   selector:
13 |     app: keycloak
14 |   type: ClusterIP
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 |   labels:
20 |     app: keycloak
21 |   name: keycloak
22 | spec:
23 |   replicas: 1
24 |   selector:
25 |     matchLabels:
26 |       app: keycloak
27 |   template:
28 |     metadata:
29 |       labels:
30 |         app: keycloak
31 |     spec:
32 |       containers:
33 |       - env:
34 |         - name: KEYCLOAK_USER
35 |           value: admin
36 |         - name: KEYCLOAK_PASSWORD
37 |           value: admin
38 |         - name: PROXY_ADDRESS_FORWARDING
39 |           value: "true"
40 |         image: quay.io/keycloak/keycloak:15.0.2
41 |         name: keycloak
42 |         ports:
43 |         - containerPort: 8080
44 |           name: http
45 |         - containerPort: 8443
46 |           name: https
47 |         readinessProbe:
48 |           httpGet:
49 |             path: /auth/realms/master
50 |             port: 8080
51 |           initialDelaySeconds: 10
52 |           timeoutSeconds: 10


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/developer1-password.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 |   password: JDJhJDEwJFYySllBdm9jd1EvOUhHZk44eTlQdU9uWVEvRDIvb1VDbkw1TUtLNkNFTzBEUWJ1WXZNRUhP
4 | kind: Secret
5 | metadata:
6 |   name: developer1-password
7 |   namespace: gloo-portal
8 | type: Opaque


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/developer1-user.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: User
 3 | metadata:
 4 |   labels:
 5 |     app.kubernetes.io/instance: petstore-swagger-apiproduct-1-0-2
 6 |     groups.portal.gloo.solo.io/gloo-portal.developers: "true"
 7 |   name: developer1
 8 |   namespace: gloo-portal
 9 | spec:
10 |   accessLevel:
11 |     portals:
12 |     - name: ecommerce-portal
13 |       namespace: default
14 |   basicAuth:
15 |     passwordSecretKey: password
16 |     passwordSecretName: developer1-password
17 |     passwordSecretNamespace: gloo-portal
18 |   username: developer1


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/developers-group.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: Group
 3 | metadata:
 4 |   name: developers
 5 |   namespace: gloo-portal
 6 | spec:
 7 |   accessLevel:
 8 |     apis:
 9 |     - environments:
10 |         namespaces:
11 |         - '*'
12 |       products:
13 |         labels:
14 |         - key: app
15 |           operator: Equals
16 |           values:
17 |           - petstore
18 |         namespaces:
19 |         - '*'
20 |       usagePlans:
21 |       - basic
22 |     portals:
23 |     - name: ecommerce-portal
24 |       namespace: default
25 |   displayName: ecommerce developers
26 |   userSelector:
27 |     matchLabels:
28 |       groups.portal.gloo.solo.io/gloo-portal.developers: "true"
29 |     namespaces:
30 |     - '*'


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/ecommerce-portal.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: Portal
 3 | metadata:
 4 |   name: ecommerce-portal
 5 |   namespace: default
 6 | spec:
 7 |   allApisPublicViewable: false
 8 |   banner:
 9 |     fetchUrl: https://raw.githubusercontent.com/solo-io/gloo/main/docs/content/img/portal/banner.png
10 |   customStyling: {}
11 |   description: The Gloo Portal for the Petstore API and much more!
12 |   displayName: E-commerce Portal
13 |   domains:
14 |   - portal-local.glootest.com
15 |   favicon:
16 |     fetchUrl: https://raw.githubusercontent.com/solo-io/gloo/main/docs/content/img/portal/favicon.png
17 |   primaryLogo:
18 |     fetchUrl: https://raw.githubusercontent.com/solo-io/gloo/main/docs/content/img/portal/primaryLogo.png
19 |   publishedEnvironments:
20 |   - name: dev
21 |     namespace: default
22 |   staticPages:
23 |   - content:
24 |       configMap:
25 |         key: faq
26 |         name: default-petstore-portal-faq
27 |         namespace: default
28 |     description: Frequently Asked Questions
29 |     displayOnHomepage: true
30 |     name: faq
31 |     navigationLinkName: FAQ
32 |     path: /faq
33 |   tls:
34 |     secretRef:
35 |       name: upstream-tls
36 |       namespace: gloo-system
37 | 


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | # list of resources to be Applied
 6 | resources:
 7 | - developer1-password.yaml
 8 | - developer1-user.yaml
 9 | - developers-group.yaml
10 | - ecommerce-portal.yaml
11 | - petstore-apidoc-v1-pets.yaml
12 | - petstore-apidoc-v1-users.yaml
13 | - petstore-apidoc-v2-full.yaml
14 | - petstore-apiproduct.yaml
15 | - petstore-dev-environment.yaml
16 | - petstore-v1.yaml
17 | - petstore-v2.yaml
18 | - staticpage-faq.yaml
19 | 


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apidoc-v1-pets.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: APIDoc
 3 | metadata:
 4 |   name: petstore-openapi-v1-pets
 5 |   namespace: default
 6 | spec:
 7 |   openApi:
 8 |     content:
 9 |       fetchUrl: https://raw.githubusercontent.com/solo-io/gitops-library/main/petstore/base/openapi-specs/petstore-openapi-v1-pets.json
10 | 


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apidoc-v1-users.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: APIDoc
 3 | metadata:
 4 |   name: petstore-openapi-v1-users
 5 |   namespace: default
 6 | spec:
 7 |   openApi:
 8 |     content:
 9 |       fetchUrl: https://raw.githubusercontent.com/solo-io/gitops-library/main/petstore/base/openapi-specs/petstore-openapi-v1-users.json
10 | 


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apidoc-v2-full.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: APIDoc
 3 | metadata:
 4 |   name: petstore-openapi-v2-full
 5 |   namespace: default
 6 | spec:
 7 |   openApi:
 8 |     content:
 9 |       fetchUrl: https://raw.githubusercontent.com/solo-io/gitops-library/main/petstore/base/openapi-specs/petstore-openapi-v2-full.json
10 | 


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-apiproduct.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: APIProduct
 3 | metadata:
 4 |   labels:
 5 |     app: petstore
 6 |   name: petstore-product
 7 |   namespace: default
 8 | spec:
 9 |   displayInfo:
10 |     description: Fabulous API product for the Petstore
11 |     title: Petstore Product
12 |   versions:
13 |   - apis:
14 |     - apiDoc:
15 |         name: petstore-openapi-v1-pets
16 |         namespace: default
17 |     - apiDoc:
18 |         name: petstore-openapi-v1-users
19 |         namespace: default
20 |     gatewayConfig:
21 |       route:
22 |         inlineRoute:
23 |           backends:
24 |           - upstream:
25 |               name: default-petstore-v1-8080
26 |               namespace: gloo-system
27 |     name: v1
28 |   - apis:
29 |     - apiDoc:
30 |         name: petstore-openapi-v2-full
31 |         namespace: default
32 |     gatewayConfig:
33 |       route:
34 |         inlineRoute:
35 |           backends:
36 |           - upstream:
37 |               name: default-petstore-v2-8080
38 |               namespace: gloo-system
39 |     name: v2


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-dev-environment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: portal.gloo.solo.io/v1beta1
 2 | kind: Environment
 3 | metadata:
 4 |   name: dev
 5 |   namespace: default
 6 | spec:
 7 |   apiProducts:
 8 |   - basePath: '{%version%}'
 9 |     labels:
10 |     - key: app
11 |       operator: In
12 |       values:
13 |       - petstore
14 |     namespaces:
15 |     - '*'
16 |     usagePlans:
17 |     - basic
18 |     versions:
19 |       names:
20 |       - v1
21 |       - v2
22 |   basePath: /ecommerce
23 |   displayInfo:
24 |     description: This environment is meant for developers to deploy and test their
25 |       APIs.
26 |     displayName: Development
27 |   domains:
28 |   - api-local.glootest.com
29 |   gatewayConfig:
30 |     disableRoutes: false
31 |     tls:
32 |       config:
33 |         secretRef:
34 |           name: upstream-tls
35 |           namespace: gloo-system
36 |         sniDomains:
37 |         - '*'
38 |       enabled: true
39 |   parameters:
40 |     usagePlans:
41 |       basic:
42 |         authPolicy:
43 |           apiKey: {}
44 |         displayName: Basic plan with API key auth
45 |         rateLimit:
46 |           requestsPerUnit: 3
47 |           unit: MINUTE
48 | 


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-v1.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: petstore-v1
 5 |   namespace: default
 6 | spec:
 7 |   ports:
 8 |   - name: http
 9 |     port: 8080
10 |     protocol: TCP
11 |     targetPort: http
12 |   selector:
13 |     app: petstore
14 |     version: v1
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 |   name: petstore-v1
20 |   namespace: default
21 | spec:
22 |   replicas: 1
23 |   selector:
24 |     matchLabels:
25 |       app: petstore
26 |       version: v1
27 |   template:
28 |     metadata:
29 |       labels:
30 |         app: petstore
31 |         version: v1
32 |     spec:
33 |       containers:
34 |       - image: swaggerapi/petstore
35 |         imagePullPolicy: Always
36 |         name: petstore
37 |         ports:
38 |         - containerPort: 8080
39 |           name: http


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/petstore-v2.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: petstore-v2
 5 |   namespace: default
 6 | spec:
 7 |   ports:
 8 |   - name: http
 9 |     port: 8080
10 |     protocol: TCP
11 |     targetPort: http
12 |   selector:
13 |     app: petstore
14 |     version: v2
15 | ---
16 | apiVersion: apps/v1
17 | kind: Deployment
18 | metadata:
19 |   name: petstore-v2
20 |   namespace: default
21 | spec:
22 |   replicas: 1
23 |   selector:
24 |     matchLabels:
25 |       app: petstore
26 |       version: v2
27 |   template:
28 |     metadata:
29 |       labels:
30 |         app: petstore
31 |         version: v2
32 |     spec:
33 |       containers:
34 |       - image: swaggerapi/petstore
35 |         imagePullPolicy: Always
36 |         name: petstore
37 |         ports:
38 |         - containerPort: 8080
39 |           name: http


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-portal/staticpage-faq.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | binaryData:
3 |   faq: UTogSXMgdGhpcyBhIHN0YXRpYyBwYWdlIGZlYXR1cmUgZGVsaXZlcmVkIGJ5IGdsb28tcG9ydGFsPwpBOiBZZXMgaXQgaXMhIFNlZSB0aGlzICoqW3R1dG9yaWFsXShodHRwczovL2RvY3Muc29sby5pby9nbG9vLXBvcnRhbC9sYXRlc3QvZ3VpZGVzL2dldHRpbmdfc3RhcnRlZC9wYXJ0XzMvKSoqIGZvciBtb3JlIGluZm9ybWF0aW9uIA==
4 | kind: ConfigMap
5 | metadata:
6 |   name: default-petstore-portal-faq
7 |   namespace: default


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore-swaggerapi.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: petstore-v1
 5 | spec:
 6 |   ports:
 7 |   - name: http
 8 |     port: 8080
 9 |     protocol: TCP
10 |     targetPort: http
11 |   selector:
12 |     app: petstore
13 |     version: v1
14 | ---
15 | apiVersion: v1
16 | kind: Service
17 | metadata:
18 |   name: petstore-v2
19 | spec:
20 |   ports:
21 |   - name: http
22 |     port: 8080
23 |     protocol: TCP
24 |     targetPort: http
25 |   selector:
26 |     app: petstore
27 |     version: v2
28 | ---
29 | apiVersion: apps/v1
30 | kind: Deployment
31 | metadata:
32 |   name: petstore-v1
33 | spec:
34 |   replicas: 1
35 |   selector:
36 |     matchLabels:
37 |       app: petstore
38 |       version: v1
39 |   template:
40 |     metadata:
41 |       labels:
42 |         app: petstore
43 |         version: v1
44 |     spec:
45 |       containers:
46 |       - image: swaggerapi/petstore
47 |         imagePullPolicy: Always
48 |         name: petstore
49 |         ports:
50 |         - containerPort: 8080
51 |           name: http
52 | ---
53 | apiVersion: apps/v1
54 | kind: Deployment
55 | metadata:
56 |   name: petstore-v2
57 | spec:
58 |   replicas: 1
59 |   selector:
60 |     matchLabels:
61 |       app: petstore
62 |       version: v2
63 |   template:
64 |     metadata:
65 |       labels:
66 |         app: petstore
67 |         version: v2
68 |     spec:
69 |       containers:
70 |       - image: swaggerapi/petstore
71 |         imagePullPolicy: Always
72 |         name: petstore
73 |         ports:
74 |         - containerPort: 8080
75 |           name: http


--------------------------------------------------------------------------------
/petstore/deploy/yaml/petstore.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     service: petstore
 6 |   name: petstore
 7 |   namespace: default
 8 | spec:
 9 |   ports:
10 |   - port: 8080
11 |     protocol: TCP
12 |   selector:
13 |     app: petstore
14 | ---
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 |   labels:
19 |     app: petstore
20 |   name: petstore
21 |   namespace: default
22 | spec:
23 |   replicas: 1
24 |   selector:
25 |     matchLabels:
26 |       app: petstore
27 |   template:
28 |     metadata:
29 |       labels:
30 |         app: petstore
31 |     spec:
32 |       containers:
33 |       - image: soloio/petstore-example:latest
34 |         name: petstore
35 |         ports:
36 |         - containerPort: 8080
37 |           name: http


--------------------------------------------------------------------------------
/plow-loadgen/README.md:
--------------------------------------------------------------------------------
1 | # Load Gen tool based on Plow
2 | https://github.com/six-ddc/plow


--------------------------------------------------------------------------------
/plow-loadgen/deploy/argo/plow-loadgen-argo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: plow-httpbin
 5 |   namespace: argocd
 6 | spec:
 7 |   destination:
 8 |     namespace: httpbin
 9 |     server: 'https://kubernetes.default.svc'
10 |   source:
11 |     repoURL: 'https://github.com/solo-io/gitops-library'
12 |     path: plow-loadgen/helm
13 |     targetRevision: HEAD
14 |     helm:
15 |       parameters:
16 |       - name: plow.url
17 |         value: 'https://httpbin.kapoozi.com/anything/unprotected'
18 |       - name: plow.host
19 |         value: 'httpbin.kapoozi.com'
20 |       #- name: plow.additionalHeader
21 |       #  value: 'user: solo'
22 |       - name: plow.concurrency
23 |         value: '1'
24 |       - name: plow.rate
25 |         value: '50'
26 |       - name: plow.requests
27 |         value: '-1'
28 |       - name: plow.duration
29 |         value: '0'
30 |       - name: plow.interval
31 |         value: '60'
32 |       - name: plow.method
33 |         value: 'GET'
34 |       - name: plow.insecure
35 |         value: 'true'
36 |       - name: deployment.nameSuffix
37 |         value: 'httpbin'
38 |       - name: deployment.namespace
39 |         value: 'plow'
40 |       - name: deployment.containerPort
41 |         value: '18888'
42 |       - name: deployment.replicas
43 |         value: '1'
44 |       - name: istio.inject
45 |         values: 'true'
46 |       - name: istio.revisionLabel
47 |         values: '1-13'
48 |       - name: istio.holdProxy
49 |         values: 'true'
50 |       - name: istio.exportService
51 |         values: 'true'
52 |       - name: resources.requests.cpu
53 |         value: '20m'
54 |       - name: resources.requests.mem
55 |         value: '10Mi'
56 |   project: default
57 |   syncPolicy:
58 |     automated:
59 |       prune: true
60 |       selfHeal: true


--------------------------------------------------------------------------------
/plow-loadgen/deploy/yaml/plow-loadgen.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Namespace
 3 | metadata:
 4 |   name: plow
 5 | ---
 6 | apiVersion: v1
 7 | kind: ServiceAccount
 8 | metadata:
 9 |   name: plow
10 |   namespace: plow
11 | ---
12 | apiVersion: v1
13 | kind: Service
14 | metadata:
15 |   name: plow
16 |   namespace: plow
17 |   labels:
18 |     app: plow
19 |     service: plow
20 | spec:
21 |   ports:
22 |   - port: 18888
23 |     name: http
24 |   selector:
25 |     app: plow
26 | ---
27 | apiVersion: apps/v1
28 | kind: Deployment
29 | metadata:
30 |   labels:
31 |     app: plow
32 |   name: plow
33 |   namespace: plow
34 | spec:
35 |   replicas: 1
36 |   selector:
37 |     matchLabels:
38 |       app: plow
39 |   template:
40 |     metadata:
41 |       labels:
42 |         app: plow
43 |         istio.io/rev: 1-13
44 |         sidecar.istio.io/inject: "true"
45 |       annotations:
46 |         proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
47 |     spec:
48 |       containers:
49 |       - name: plow
50 |         image: ghcr.io/six-ddc/plow
51 |         imagePullPolicy: IfNotPresent
52 |         resources:
53 |           requests:
54 |             memory: "10Mi"
55 |             cpu: "20m"
56 |         ports:
57 |         - containerPort: 18888
58 |           name: http-plow
59 |         args:
60 |         - https://httpbin.kapoozi.com/anything/unprotected
61 |         env:
62 |         - name: PLOW_CONCURRENCY
63 |           value: "1"
64 |         - name: PLOW_RATE
65 |           value: "50"
66 |         - name: PLOW_REQUESTS
67 |           value: "-1"
68 |         - name: PLOW_DURATION
69 |           value: "0"
70 |         - name: PLOW_INTERVAL
71 |           value: "60s"
72 |         - name: PLOW_METHOD
73 |           value: "GET"
74 |         - name: PLOW_INSECURE
75 |           value: "TRUE"
76 |         #- name: PLOW_HEADER
77 |         #  value: "user: solo"
78 |         #- name: PLOW_HOST
79 |         #  value: "httpbin.kapoozi.com"
80 | 


--------------------------------------------------------------------------------
/plow-loadgen/helm/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: plow-loadgen
3 | description: a plow-loadgen tool
4 | type: application
5 | version: 0.1.0
6 | appVersion: "v1.3.1"


--------------------------------------------------------------------------------
/plow-loadgen/helm/index.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | entries: {}
3 | generated: "2022-09-28T14:33:44.633012-07:00"
4 | 


--------------------------------------------------------------------------------
/plow-loadgen/helm/templates/plow.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: plow-{{ .Values.deployment.nameSuffix }}
 5 |   namespace: {{ .Release.Namespace }}
 6 | ---
 7 | apiVersion: v1
 8 | kind: Service
 9 | metadata:
10 |   name: plow-{{ .Values.deployment.nameSuffix }}
11 |   namespace: {{ .Release.Namespace }}
12 |   labels:
13 |     app: plow-{{ .Values.deployment.nameSuffix }}
14 |     service: plow-{{ .Values.deployment.nameSuffix }}
15 |     expose: "{{ .Values.istio.exportService }}"
16 | spec:
17 |   ports:
18 |   - port: {{ .Values.deployment.containerPort }}
19 |     name: plow-http
20 |   selector:
21 |     app: plow-{{ .Values.deployment.nameSuffix }}
22 | ---
23 | apiVersion: apps/v1
24 | kind: Deployment
25 | metadata:
26 |   labels:
27 |     app: plow-{{ .Values.deployment.nameSuffix }}
28 |   name: plow-{{ .Values.deployment.nameSuffix }}
29 |   namespace: {{ .Release.Namespace }}
30 | spec:
31 |   replicas: {{ .Values.deployment.replicas }}
32 |   selector:
33 |     matchLabels:
34 |       app: plow-{{ .Values.deployment.nameSuffix }}
35 |   template:
36 |     metadata:
37 |       labels:
38 |         app: plow-{{ .Values.deployment.nameSuffix }}
39 |         istio.io/rev: {{ .Values.istio.revisionLabel }}
40 |         sidecar.istio.io/inject: "{{ .Values.istio.inject }}"
41 |       annotations:
42 |         proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": {{ .Values.istio.holdProxy }} }'
43 |     spec:
44 |       serviceAccountName: plow-{{ .Values.deployment.nameSuffix }}
45 |       containers:
46 |       - name: plow-{{ .Values.deployment.nameSuffix }}
47 |         image: ghcr.io/six-ddc/plow
48 |         imagePullPolicy: IfNotPresent
49 |         resources:
50 |           requests:
51 |             memory: "{{ .Values.resources.requests.memory }}"
52 |             cpu: "{{ .Values.resources.requests.cpu }}"
53 |         ports:
54 |         - containerPort: {{ .Values.deployment.containerPort }}
55 |           name: http-plow
56 |         args:
57 |         - {{ .Values.plow.url }}
58 |         env:
59 |         - name: PLOW_CONCURRENCY
60 |           value: "{{ .Values.plow.concurrency }}"
61 |         - name: PLOW_RATE
62 |           value: "{{ .Values.plow.rate }}"
63 |         - name: PLOW_REQUESTS
64 |           value: "{{ .Values.plow.requests }}"
65 |         - name: PLOW_DURATION
66 |           value: "{{ .Values.plow.duration }}"
67 |         - name: PLOW_INTERVAL
68 |           value: "{{ .Values.plow.interval }}"
69 |         - name: PLOW_METHOD
70 |           value: "{{ .Values.plow.method }}"
71 |         - name: PLOW_INSECURE
72 |           value: "{{ .Values.plow.insecure }}"
73 |         - name: PLOW_HEADER
74 |           value: "{{ .Values.plow.additionalHeader }}"
75 |         - name: PLOW_HOST
76 |           value: "{{ .Values.plow.host }}"
77 | 


--------------------------------------------------------------------------------
/plow-loadgen/helm/values.yaml:
--------------------------------------------------------------------------------
 1 | plow:
 2 |   url: https://www.google.com
 3 |   concurrency: 1
 4 |   rate: 50 
 5 |   requests: -1
 6 |   duration: 0
 7 |   interval: 60
 8 |   method: GET
 9 |   insecure: true
10 |   host: "google.com"
11 |   additionalHeader: "user: solo"
12 | 
13 | deployment:
14 |   nameSuffix: loadgenerator
15 |   namespace: plow
16 |   containerPort: 18888
17 |   replicas: 1
18 | 
19 | istio:
20 |   inject: true
21 |   revisionLabel: 1-13
22 |   holdProxy: true
23 |   exportService: true
24 | 
25 | resources:
26 |   requests: 
27 |     cpu: 20m
28 |     memory: 10Mi


--------------------------------------------------------------------------------
/solowallet/config-examples/gloo-mesh/2.0.x/bank-demo-rt-443.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.gloo.solo.io/v2
 2 | kind: RouteTable
 3 | metadata:
 4 |   name: bank-demo-rt-443
 5 |   namespace: bank-demo
 6 |   labels:
 7 |     expose: "true"
 8 | spec:
 9 |   hosts:
10 |     - 'bank.glootest.com'
11 |     - 'bank-local.glootest.com'
12 |   virtualGateways:
13 |     - name: mgmt-north-south-gw-443
14 |       namespace: istio-gateways
15 |       cluster: mgmt
16 |   workloadSelectors: []
17 |   http:
18 |     - name: bank-demo
19 |       # set matchers to closely match https://github.com/GoogleCloudPlatform/bank-of-anthos/tree/main/src/frontend
20 |       matchers:
21 |       - uri:
22 |           exact: /
23 |         method: GET 
24 |       - uri:
25 |           prefix: /static
26 |       - uri:
27 |           exact: /deposit
28 |         method: POST
29 |       - uri:
30 |           exact: /home
31 |         method: GET
32 |       - uri:
33 |           exact: /login
34 |       - uri:
35 |           prefix: /logout
36 |         #method: POST
37 |       - uri:
38 |           exact: /payment
39 |         method: POST
40 |       - uri:
41 |           exact: /ready
42 |         method: GET
43 |       - uri:
44 |           exact: /signup
45 |         #method: GET, POST
46 |       - uri:
47 |           exact: /version
48 |         method: GET
49 |       forwardTo:
50 |         destinations:
51 |         - ref:
52 |             name: frontend
53 |             namespace: bank-demo
54 |           port:
55 |             number: 443
56 |       labels:
57 |         waf: "true"


--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-config.yaml:
--------------------------------------------------------------------------------
 1 | # Copyright 2020 Google LLC
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | # [START gke_boa_kubernetes_manifests_config_configmap_environment_config]
16 | apiVersion: v1
17 | kind: ConfigMap
18 | metadata:
19 |   name: environment-config
20 |   namespace: bank-demo
21 | data:
22 |   LOCAL_ROUTING_NUM: "883745000"
23 |   PUB_KEY_PATH: "/root/.ssh/publickey"
24 | # [END gke_boa_kubernetes_manifests_config_configmap_environment_config]
25 | ---
26 | # [START gke_boa_kubernetes_manifests_config_configmap_service_api_config]
27 | apiVersion: v1
28 | kind: ConfigMap
29 | metadata:
30 |   name: service-api-config
31 |   namespace: bank-demo
32 | data:
33 |   TRANSACTIONS_API_ADDR: "ledgerwriter.bank-demo:8080"
34 |   BALANCES_API_ADDR: "balancereader.bank-demo:8080"
35 |   HISTORY_API_ADDR: "transactionhistory.bank-demo:8080"
36 |   CONTACTS_API_ADDR: "contacts.bank-demo:8080"
37 |   USERSERVICE_API_ADDR: "userservice.bank-demo:8080"
38 | # [END gke_boa_kubernetes_manifests_config_configmap_service_api_config]
39 | ---
40 | # [START gke_boa_kubernetes_manifests_config_configmap_demo_data_config]
41 | apiVersion: v1
42 | kind: ConfigMap
43 | metadata:
44 |   name: demo-data-config
45 |   namespace: bank-demo
46 | data:
47 |   USE_DEMO_DATA: "True"
48 |   DEMO_LOGIN_USERNAME: "testuser"
49 |   # All demo user accounts are hardcoded to use the login password 'bankofanthos'
50 |   DEMO_LOGIN_PASSWORD: "bankofanthos"
51 | # [END gke_boa_kubernetes_manifests_config_configmap_demo_data_config]


--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-contacts.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2019 Google LLC
  2 | #
  3 | # Licensed under the Apache License, Version 2.0 (the "License");
  4 | # you may not use this file except in compliance with the License.
  5 | # You may obtain a copy of the License at
  6 | #
  7 | #      http://www.apache.org/licenses/LICENSE-2.0
  8 | #
  9 | # Unless required by applicable law or agreed to in writing, software
 10 | # distributed under the License is distributed on an "AS IS" BASIS,
 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12 | # See the License for the specific language governing permissions and
 13 | # limitations under the License.
 14 | 
 15 | # [START gke_boa_kubernetes_manifests_contacts_deployment_contacts]
 16 | apiVersion: v1
 17 | kind: ServiceAccount
 18 | metadata:
 19 |   labels:
 20 |     account: contacts
 21 |   name: contacts
 22 |   namespace: bank-demo
 23 | ---
 24 | apiVersion: apps/v1
 25 | kind: Deployment
 26 | metadata:
 27 |   name: contacts
 28 |   namespace: bank-demo
 29 | spec:
 30 |   selector:
 31 |     matchLabels:
 32 |       app: contacts
 33 |   template:
 34 |     metadata:
 35 |       labels:
 36 |         app: contacts
 37 |       annotations:
 38 |         proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
 39 |     spec:
 40 |       serviceAccountName: contacts
 41 |       terminationGracePeriodSeconds: 5
 42 |       containers:
 43 |       - name: contacts
 44 |         image: gcr.io/bank-of-anthos-ci/contacts:v0.5.5
 45 |         volumeMounts:
 46 |         - name: publickey
 47 |           mountPath: "/root/.ssh"
 48 |           readOnly: true
 49 |         env:
 50 |         - name: VERSION
 51 |           value: "v0.5.5"
 52 |         - name: PORT
 53 |           value: "8080"
 54 |         - name: ENABLE_TRACING
 55 |           value: "false"
 56 |         # Valid levels are debug, info, warning, error, critical.
 57 |         # If no valid level is set, will default to info.
 58 |         - name: LOG_LEVEL
 59 |           value: "info"
 60 |         envFrom:
 61 |         - configMapRef:
 62 |             name: environment-config
 63 |         - configMapRef:
 64 |             name: accounts-db-config
 65 |         resources:
 66 |           requests:
 67 |             cpu: 100m
 68 |             memory: 64Mi
 69 |           limits:
 70 |             cpu: 250m
 71 |             memory: 128Mi
 72 |         #readinessProbe:
 73 |         #  httpGet:
 74 |         #    path: /ready
 75 |         #    port: 8080
 76 |         #  initialDelaySeconds: 10
 77 |         #  periodSeconds: 5
 78 |         #  timeoutSeconds: 10
 79 |       volumes:
 80 |       - name: publickey
 81 |         secret:
 82 |           secretName: jwt-key
 83 |           items:
 84 |           - key: jwtRS256.key.pub
 85 |             path: publickey
 86 | # [END gke_boa_kubernetes_manifests_contacts_deployment_contacts]
 87 | ---
 88 | # [START gke_boa_kubernetes_manifests_contacts_service_contacts]
 89 | apiVersion: v1
 90 | kind: Service
 91 | metadata:
 92 |   name: contacts
 93 |   namespace: bank-demo
 94 | spec:
 95 |   type: ClusterIP
 96 |   selector:
 97 |     app: contacts
 98 |   ports:
 99 |   - name: http
100 |     port: 8080
101 |     targetPort: 8080
102 | # [END gke_boa_kubernetes_manifests_contacts_service_contacts]


--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-demo-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   labels:
5 |     istio.io/rev: 1-13
6 |   name: bank-demo


--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-demo-workspace.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: Workspace
 3 | metadata:
 4 |   name: bank-lob
 5 |   namespace: gloo-mesh
 6 |   labels:
 7 |     allow_ingress: "true"
 8 | spec:
 9 |   workloadClusters:
10 |   - name: mgmt
11 |     namespaces:
12 |     - name: bank-demo


--------------------------------------------------------------------------------
/solowallet/deploy/yaml/bank-demo-workspacesettings.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: admin.gloo.solo.io/v2
 2 | kind: WorkspaceSettings
 3 | metadata:
 4 |   name: bank-lob-workspace-settings
 5 |   namespace: bank-demo
 6 | spec:
 7 |   exportTo:
 8 |   - resources:
 9 |     - kind: ALL
10 |       labels:
11 |         expose: "true"
12 |     workspaces:
13 |     - name: gateways
14 |   importFrom:
15 |   - resources:
16 |     - kind: SERVICE
17 |     workspaces:
18 |     - name: gateways
19 |   options:
20 |     federation:
21 |       enabled: true
22 |       hostSuffix: global


--------------------------------------------------------------------------------
/solowallet/deploy/yaml/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | # kustomization.yaml
 2 | apiVersion: kustomize.config.k8s.io/v1beta1
 3 | kind: Kustomization
 4 | 
 5 | # list of resources to be Applied
 6 | resources:
 7 | - bank-accounts-db.yaml
 8 | - bank-balance-reader.yaml
 9 | - bank-config.yaml
10 | - bank-contacts.yaml
11 | - bank-demo-ns.yaml
12 | - bank-demo-workspace.yaml
13 | - bank-demo-workspacesettings.yaml
14 | - bank-frontend.yaml
15 | - bank-ledger-db.yaml
16 | - bank-ledger-writer.yaml
17 | - bank-transaction-history.yaml
18 | - bank-userservice.yaml
19 | 
20 | 


--------------------------------------------------------------------------------