├── .gitmodules ├── README.md ├── auth ├── README.md └── helm │ ├── bookinfo-istio │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── ingress │ │ │ ├── bookinfo-destinationrules.yml │ │ │ ├── gateway-default.yaml │ │ │ ├── policy-mtls-jwt-example.yaml │ │ │ ├── rule-auth-headers.yaml │ │ │ └── virtualservice-bookinfo.yaml │ │ └── servicemeshmember-default.yaml │ └── values.yaml │ ├── bookinfo │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── app │ │ │ ├── app-bookinfo.yaml │ │ │ └── app-nginx-echo-headers.yaml │ └── values.yaml │ └── control-plane-oauth2 │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── route-api.yml │ └── servicemeshcontrolplane-basic-install.yaml │ └── values.yaml ├── basic-gateway-configuration ├── .helmignore ├── Chart.yaml ├── templates │ ├── gateway-default.yaml │ ├── servicemeshmember-default.yaml │ └── virtualservice-bookinfo.yaml └── values.yaml ├── bookinfo ├── .helmignore ├── Chart.yaml ├── templates │ └── app-bookinfo.yaml └── values.yaml ├── cleanup-basic-gateway-configuration.sh ├── cleanup-mongo-egressgateway-configuration.sh ├── cleanup-mongo-gateway-configuration.sh ├── cleanup-service-mesh-control-plane-mongodb-egressgateway.sh ├── cleanup-service-mesh-control-plane-mongodb.sh ├── cleanup-service-mesh-control-plane.sh ├── default-vars.txt ├── documentation └── pictures │ ├── bookinfo-mongo-egressgateway.png │ └── bookinfo-mongo.png ├── egressgateway ├── http-trusted-ca │ ├── README.md │ └── egressgateway-tls-origination-trusted-ca │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── _helpers.tpl │ │ ├── control-plane │ │ │ ├── route-api.yaml │ │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── egressgateway │ │ │ ├── destinationrule-for-nginx-mesh-external.yaml │ │ │ ├── destinationrule-google.yaml │ │ │ ├── destinationrule-originate-tls-for-nginx-mesh-external.yaml │ │ │ ├── gateway-istio-egressgateway.yaml │ │ │ ├── serviceentry-google.yaml │ │ │ ├── serviceentry-nginx.yaml │ │ │ ├── virtualservice-direct-nginx-mesh-external-through-egressgateway.yaml │ │ │ └── virtualservice-google.yaml │ │ └── values.yaml └── mongodb-trusted-ca │ ├── README.md │ ├── helm │ ├── bookinfo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── app │ │ │ │ ├── app-bookinfo-ratings-v2.yaml │ │ │ │ └── app-bookinfo.yaml │ │ │ └── istio-configs │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ ├── gateway-default.yaml │ │ │ │ ├── virtualservice-bookinfo.yaml │ │ │ │ ├── virtualservice-ratings.yml │ │ │ │ └── virtualservice-reviews.yml │ │ └── values.yaml │ ├── control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── route-api.yaml │ │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ │ ├── servicemeshmember-default-bookinfo.yaml │ │ │ ├── servicemeshmember-default-istio-system-egress.yaml │ │ │ └── servicemeshmember-default-mongodb.yaml │ │ └── values.yaml │ └── mongodb │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── _helpers.tpl │ │ ├── app │ │ │ └── app-mongob.yaml │ │ └── istio │ │ │ ├── egress │ │ │ ├── destinationrule-for-mongodb-mesh-external.yaml │ │ │ ├── destinationrule-originate-tls-for-mongodb-mesh-external.yaml │ │ │ ├── gateway-istio-egressgateway.yaml │ │ │ ├── policy-istio-egressgateway.yaml │ │ │ ├── serviceentry-mongodb.yaml │ │ │ └── virtualservice-direct-mongodb-mesh-external-through-egressgateway.yaml │ │ │ └── ingress │ │ │ ├── gateway-mongodb.yaml │ │ │ └── virtualservice-mongodb.yaml │ │ └── values.yaml │ └── ingress-mongodb-setup-tls.sh ├── ingress-mongodb-setup-tls.sh ├── ingress-mongodb-setup.sh ├── install-basic-gateway-configuration.sh ├── install-mongo-egressgateway-configuration.sh ├── install-mongo-gateway-configuration.sh ├── install-service-mesh-control-plane-mongodb-egressgateway.sh ├── install-service-mesh-control-plane-mongodb.sh ├── install-service-mesh-control-plane.sh ├── install-service-mesh-operators.sh ├── mongo-egressgateway-configuration ├── .helmignore ├── Chart.yaml ├── templates │ ├── bookinfo-destinationrules.yml │ ├── destinationrule-egressgateway-for-mongo.yaml │ ├── destinationrule-mongo.yaml │ ├── gateway-default.yaml │ ├── gateway-istio-egressgateway.yaml │ ├── gateway-mongodb.yml │ ├── policy-istio-egressgateway.yaml │ ├── serviceentry-mongodb.yaml │ ├── servicemeshmember-default-bookinfo.yaml │ ├── servicemeshmember-default-mongodb.yaml │ ├── virtualservice-bookinfo.yaml │ ├── virtualservice-direct-mongo-through-egress-gateway.yaml │ ├── virtualservice-mongodb.yaml │ ├── virtualservice-ratings.yml │ └── virtualservice-reviews.yml └── values.yaml ├── mongo-gateway-configuration ├── .helmignore ├── Chart.yaml ├── templates │ ├── bookinfo-destinationrules.yml │ ├── gateway-default.yaml │ ├── gateway-mongodb.yml │ ├── serviceentry-mongodb.yaml │ ├── servicemeshmember-default-bookinfo.yaml │ ├── servicemeshmember-default-mongodb.yaml │ ├── virtualservice-bookinfo.yaml │ ├── virtualservice-mongodb.yaml │ ├── virtualservice-ratings.yml │ └── virtualservice-reviews.yml └── values.yaml ├── mongodb ├── .helmignore ├── Chart.yaml ├── templates │ ├── app-bookinfo-ratings-v2.yaml │ ├── app-bookinfo.yaml │ └── app-mongob.yaml └── values.yaml ├── multi-cluster-trust ├── README.md ├── documentation │ └── pictures │ │ ├── bookinfo-result.png │ │ └── federated-trust.png └── helm │ ├── bookinfo │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── app │ │ │ ├── app-bookinfo-ratings-v2.yaml │ │ │ └── app-bookinfo.yaml │ │ └── istio-configs │ │ │ ├── egress │ │ │ ├── destinationrule-originate-tls-for-mongodb-mesh-external.yaml │ │ │ └── serviceentry-mongodb.yaml │ │ │ └── ingress │ │ │ ├── bookinfo-destinationrules.yml │ │ │ ├── gateway-default.yaml │ │ │ ├── virtualservice-bookinfo.yaml │ │ │ ├── virtualservice-ratings.yml │ │ │ └── virtualservice-reviews.yml │ └── values.yaml │ ├── cert-manager │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── rootca.yaml │ └── values.yaml │ ├── install-cacerts │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── secret-cacerts.yaml │ └── values.yaml │ ├── istio-system-control-plane │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── route-api.yaml │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ └── servicemeshmember-default-bookinfo.yaml │ └── values.yaml │ ├── istio-system2-control-plane │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── route-mongo.yaml │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ └── servicemeshmember-default-mongodb.yaml │ └── values.yaml │ ├── mongodb │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── app │ │ │ └── app-mongodb.yaml │ │ └── istio │ │ │ └── ingress │ │ │ ├── destinationrule-mongodb.yaml │ │ │ ├── gateway-mongodb.yaml │ │ │ └── virtualservice-mongodb.yaml │ └── values.yaml │ └── operators │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── _helpers.tpl │ └── subscriptions.yaml │ └── values.yaml ├── ossm-2.0 ├── README.md ├── auth │ ├── README.md │ ├── helm │ │ ├── apps-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ │ ├── authorizationpolicy-productpage.yaml │ │ │ │ │ ├── envoyfilter-jwt-to-header-filter.yaml │ │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ │ ├── peerauthentication-productpage.yaml │ │ │ │ │ ├── requestauthentication-nginx-echo-headers.yaml │ │ │ │ │ └── requestauthentication-productpage.yaml │ │ │ │ ├── ingress │ │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ │ │ └── virtualservice-oauth2-proxy-upstream.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── apps │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── app │ │ │ │ │ ├── app-bookinfo.yaml │ │ │ │ │ └── app-nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── gateway-default.yaml │ │ │ │ ├── route-api.yml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── serviceentry-okta.yaml │ │ │ │ ├── servicemeshmember-default.yaml │ │ │ │ └── virtualservice-api.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── deployment.yaml │ │ │ │ ├── hpa.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── secret-oauth2-proxy.yaml │ │ │ │ ├── service-oauth2-proxy-upstream.yaml │ │ │ │ ├── service.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── tests │ │ │ │ │ └── test-connection.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── oauth2-auth.png ├── basic │ ├── README.md │ └── helm │ │ ├── bookinfo-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── ingress │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ ├── gateway-default.yaml │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ │ ├── bookinfo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── app │ │ │ │ └── app-bookinfo.yaml │ │ └── values.yaml │ │ ├── control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── limitrange-service-mesh.yaml │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ ├── route-api.yaml │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ └── values.yaml │ │ └── service-mesh-operators │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ ├── subscription-elasticsearch-operator.yaml │ │ ├── subscription-jaeger-product.yaml │ │ ├── subscription-kiali-ossm.yaml │ │ └── subscription-servicemeshoperator.yaml │ │ └── values.yaml ├── mongodb-trusted-ca │ ├── README.md │ ├── helm │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── app │ │ │ │ │ ├── app-bookinfo-ratings-v2.yaml │ │ │ │ │ └── app-bookinfo.yaml │ │ │ │ └── istio-configs │ │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ │ ├── gateway-default.yaml │ │ │ │ │ ├── virtualservice-bookinfo.yaml │ │ │ │ │ ├── virtualservice-ratings.yml │ │ │ │ │ └── virtualservice-reviews.yml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── route-api.yaml │ │ │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ │ │ ├── servicemeshmember-default-bookinfo.yaml │ │ │ │ ├── servicemeshmember-default-istio-system-egress.yaml │ │ │ │ └── servicemeshmember-default-mongodb.yaml │ │ │ └── values.yaml │ │ └── mongodb │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── app │ │ │ │ └── app-mongodb.yaml │ │ │ └── istio │ │ │ │ ├── egress │ │ │ │ ├── destinationrule-for-mongodb-mesh-external.yaml │ │ │ │ ├── destinationrule-originate-tls-for-mongodb-mesh-external.yaml │ │ │ │ ├── gateway-istio-egressgateway.yaml │ │ │ │ ├── serviceentry-mongodb.yaml │ │ │ │ └── virtualservice-direct-mongodb-mesh-external-through-egressgateway.yaml │ │ │ │ └── ingress │ │ │ │ ├── gateway-mongodb.yaml │ │ │ │ └── virtualservice-mongodb.yaml │ │ │ └── values.yaml │ └── ingress-mongodb-setup-tls.sh ├── multi-cluster-trust │ ├── README.md │ ├── documentation │ │ └── pictures │ │ │ ├── bookinfo-result.png │ │ │ └── federated-trust.png │ └── helm │ │ ├── bookinfo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── app │ │ │ │ ├── app-bookinfo-ratings-v2.yaml │ │ │ │ └── app-bookinfo.yaml │ │ │ └── istio-configs │ │ │ │ ├── egress │ │ │ │ ├── destinationrule-originate-tls-for-mongodb-mesh-external.yaml │ │ │ │ └── serviceentry-mongodb.yaml │ │ │ │ └── ingress │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ ├── gateway-default.yaml │ │ │ │ ├── virtualservice-bookinfo.yaml │ │ │ │ ├── virtualservice-ratings.yml │ │ │ │ └── virtualservice-reviews.yml │ │ └── values.yaml │ │ ├── cert-manager │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── clusterissuer-self-signer.yaml │ │ └── values.yaml │ │ ├── install-cacerts │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── secret-cacerts.yaml │ │ └── values.yaml │ │ ├── istio-system-control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── route-api.yaml │ │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ │ └── servicemeshmember-default-bookinfo.yaml │ │ └── values.yaml │ │ ├── istio-system2-control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── route-mongo.yaml │ │ │ ├── servicemeshcontrolplane-basic-install.yaml │ │ │ └── servicemeshmember-default-mongodb.yaml │ │ └── values.yaml │ │ └── mongodb │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── _helpers.tpl │ │ ├── app │ │ │ └── app-mongodb.yaml │ │ └── istio │ │ │ └── ingress │ │ │ ├── destinationrule-mongodb.yaml │ │ │ ├── gateway-mongodb.yaml │ │ │ └── virtualservice-mongodb.yaml │ │ └── values.yaml └── secure-ingressgateway │ ├── README.md │ └── helm │ ├── bookinfo-istio │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── ingress │ │ │ ├── bookinfo-destinationrules.yml │ │ │ ├── gateway-default.yaml │ │ │ └── virtualservice-bookinfo.yaml │ │ └── servicemeshmember-default.yaml │ └── values.yaml │ ├── bookinfo │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── app │ │ │ └── app-bookinfo.yaml │ └── values.yaml │ ├── cert-manager │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── clusterissuer-self-signer.yaml │ └── values.yaml │ ├── control-plane │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── limitrange-service-mesh.yaml │ │ ├── resourcequota-service-mesh.yaml │ │ ├── route-api.yaml │ │ └── servicemeshcontrolplane-basic-install.yaml │ └── values.yaml │ └── service-mesh-operators │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── operatorgroup-openshift-operators-redhat.yaml │ ├── subscription-elasticsearch-operator.yaml │ ├── subscription-jaeger-product.yaml │ ├── subscription-kiali-ossm.yaml │ └── subscription-servicemeshoperator.yaml │ └── values.yaml ├── ossm-2.1 ├── README.md ├── auth │ ├── README.md │ ├── helm │ │ ├── bookinfo-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-productpage.yaml │ │ │ │ │ ├── peerauthentication-productpage.yaml │ │ │ │ │ └── requestauthentication-productpage.yaml │ │ │ │ ├── ingress │ │ │ │ │ └── bookinfo-destinationrules.yml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── bookinfo.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── route-api.yml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ │ ├── envoyfilter-jwt-to-header-filter.yaml │ │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ │ └── requestauthentication-nginx-echo-headers.yaml │ │ │ │ ├── ingress │ │ │ │ │ └── destinationrule-nginx-echo-headers.yml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── gateway-default.yaml │ │ │ │ ├── serviceentry-okta.yaml │ │ │ │ ├── servicemeshmember-default.yaml │ │ │ │ ├── virtualservice-api.yaml │ │ │ │ └── virtualservice-oauth2-proxy-upstream.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── deployment.yaml │ │ │ │ ├── hpa.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── secret-oauth2-proxy.yaml │ │ │ │ ├── service-oauth2-proxy-upstream.yaml │ │ │ │ ├── service.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── tests │ │ │ │ │ └── test-connection.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── oauth2-auth.png ├── secure-ingressgateway-mtls │ ├── README.md │ ├── helm │ │ ├── bookinfo-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── ingress │ │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ │ ├── gateway-default.yaml │ │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── app │ │ │ │ │ └── app-bookinfo.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── clusterissuer-self-signer-bad.yaml │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── limitrange-service-mesh.yaml │ │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ │ ├── route-api.yaml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ │ ├── envoyfilter-subject-peer-certificate-header.yaml │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── raf15.webp └── secure-ingressgateway │ ├── README.md │ └── helm │ ├── bookinfo-istio │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── ingress │ │ │ ├── bookinfo-destinationrules.yml │ │ │ ├── gateway-default.yaml │ │ │ └── virtualservice-bookinfo.yaml │ │ └── servicemeshmember-default.yaml │ └── values.yaml │ ├── bookinfo │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── app │ │ │ └── app-bookinfo.yaml │ └── values.yaml │ ├── cert-manager │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── clusterissuer-self-signer.yaml │ └── values.yaml │ ├── control-plane │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── limitrange-service-mesh.yaml │ │ ├── resourcequota-service-mesh.yaml │ │ ├── route-api.yaml │ │ └── servicemeshcontrolplane-basic-install.yaml │ └── values.yaml │ └── service-mesh-operators │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── operatorgroup-openshift-operators-redhat.yaml │ ├── subscription-elasticsearch-operator.yaml │ ├── subscription-jaeger-product.yaml │ ├── subscription-kiali-ossm.yaml │ └── subscription-servicemeshoperator.yaml │ └── values.yaml ├── ossm-2.2 ├── README.md ├── auth │ ├── README.md │ ├── helm │ │ ├── bookinfo-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-productpage.yaml │ │ │ │ │ ├── peerauthentication-productpage.yaml │ │ │ │ │ └── requestauthentication-productpage.yaml │ │ │ │ ├── ingress │ │ │ │ │ └── bookinfo-destinationrules.yml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── bookinfo.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── route-api.yml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ │ ├── envoyfilter-jwt-to-header-filter.yaml │ │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ │ └── requestauthentication-nginx-echo-headers.yaml │ │ │ │ ├── ingress │ │ │ │ │ └── destinationrule-nginx-echo-headers.yml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── gateway-default.yaml │ │ │ │ ├── serviceentry-okta.yaml │ │ │ │ ├── servicemeshmember-default.yaml │ │ │ │ ├── virtualservice-api.yaml │ │ │ │ └── virtualservice-oauth2-proxy-upstream.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── deployment.yaml │ │ │ │ ├── hpa.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── secret-oauth2-proxy.yaml │ │ │ │ ├── service-oauth2-proxy-upstream.yaml │ │ │ │ ├── service.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── tests │ │ │ │ │ └── test-connection.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── oauth2-auth.png ├── secure-ingressgateway-mtls │ ├── README.md │ ├── helm │ │ ├── bookinfo-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── ingress │ │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ │ ├── gateway-default.yaml │ │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── app │ │ │ │ │ └── app-bookinfo.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── clusterissuer-self-signer-bad.yaml │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── limitrange-service-mesh.yaml │ │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ │ ├── route-api.yaml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ │ ├── envoyfilter-subject-peer-certificate-header.yaml │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── raf15.webp └── secure-ingressgateway │ ├── README.md │ ├── helm │ ├── bookinfo-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── ingress │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ ├── gateway-default.yaml │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── bookinfo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── app │ │ │ │ └── app-bookinfo.yaml │ │ └── values.yaml │ ├── busybox │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── tests │ │ │ │ └── test-connection.yaml │ │ └── values.yaml │ ├── cert-manager │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── clusterissuer-self-signer.yaml │ │ └── values.yaml │ ├── control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── limitrange-service-mesh.yaml │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ ├── route-api.yaml │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ └── values.yaml │ ├── nginx-echo-headers-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── nginx-echo-headers │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── nginx-echo-headers.yaml │ │ └── values.yaml │ ├── service-mesh-operators │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ └── values.yaml │ └── ubi8-util │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ │ └── values.yaml │ └── util │ └── Dockerfile ├── ossm-2.3 ├── README.md ├── auth │ ├── README.md │ ├── helm │ │ ├── bookinfo-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-productpage.yaml │ │ │ │ │ ├── peerauthentication-productpage.yaml │ │ │ │ │ └── requestauthentication-productpage.yaml │ │ │ │ ├── ingress │ │ │ │ │ └── bookinfo-destinationrules.yml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── bookinfo.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── route-api.yml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── auth │ │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ │ ├── envoyfilter-jwt-to-header-filter.yaml │ │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ │ └── requestauthentication-nginx-echo-headers.yaml │ │ │ │ ├── ingress │ │ │ │ │ └── destinationrule-nginx-echo-headers.yml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── gateway-default.yaml │ │ │ │ ├── serviceentry-okta.yaml │ │ │ │ ├── servicemeshmember-default.yaml │ │ │ │ ├── virtualservice-api.yaml │ │ │ │ └── virtualservice-oauth2-proxy-upstream.yaml │ │ │ └── values.yaml │ │ ├── oauth2-proxy │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── NOTES.txt │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── deployment.yaml │ │ │ │ ├── hpa.yaml │ │ │ │ ├── ingress.yaml │ │ │ │ ├── secret-oauth2-proxy.yaml │ │ │ │ ├── service-oauth2-proxy-upstream.yaml │ │ │ │ ├── service.yaml │ │ │ │ ├── serviceaccount.yaml │ │ │ │ └── tests │ │ │ │ │ └── test-connection.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── oauth2-auth.png ├── secure-ingressgateway-mtls │ ├── README.md │ ├── helm │ │ ├── bookinfo-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── ingress │ │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ │ ├── gateway-default.yaml │ │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── bookinfo │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── app │ │ │ │ │ └── app-bookinfo.yaml │ │ │ └── values.yaml │ │ ├── cert-manager │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── clusterissuer-self-signer-bad.yaml │ │ │ │ └── clusterissuer-self-signer.yaml │ │ │ └── values.yaml │ │ ├── control-plane │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── limitrange-service-mesh.yaml │ │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ │ ├── route-api.yaml │ │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers-istio │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── authorizationpolicy-nginx-echo-headers.yaml │ │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ │ ├── envoyfilter-subject-peer-certificate-header.yaml │ │ │ │ ├── peerauthentication-nginx-echo-headers.yaml │ │ │ │ └── servicemeshmember-default.yaml │ │ │ └── values.yaml │ │ ├── nginx-echo-headers │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── _helpers.tpl │ │ │ │ └── nginx-echo-headers.yaml │ │ │ └── values.yaml │ │ └── service-mesh-operators │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ │ └── values.yaml │ └── raf15.webp └── secure-ingressgateway │ ├── README.md │ ├── helm │ ├── bookinfo-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── ingress │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ ├── gateway-default.yaml │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── bookinfo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── app │ │ │ │ └── app-bookinfo.yaml │ │ └── values.yaml │ ├── busybox │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── tests │ │ │ │ └── test-connection.yaml │ │ └── values.yaml │ ├── cert-manager │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── clusterissuer-self-signer.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── limitrange-service-mesh.yaml │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ └── servicemeshcontrolplane-basic-install.yaml │ │ └── values.yaml │ ├── injected-gateway │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── role.yaml │ │ │ ├── route-api.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ └── values.yaml │ ├── nginx-echo-headers-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── nginx-echo-headers │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── nginx-echo-headers.yaml │ │ └── values.yaml │ ├── service-mesh-operators │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── operatorgroup-openshift-cert-manager-operator.yaml │ │ │ ├── operatorgroup-openshift-distributed-tracing.yaml │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ ├── subscription-openshift-cert-manager-operator.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ └── values.yaml │ └── ubi8-util │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ │ └── values.yaml │ └── util │ └── Dockerfile ├── ossm-2.4 └── secure-ingressgateway │ ├── README.md │ ├── configmap-cluster-monitoring-config.yaml │ ├── export-dashboards.sh │ ├── helm │ ├── bookinfo-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── ingress │ │ │ │ ├── bookinfo-destinationrules.yml │ │ │ │ ├── gateway-default.yaml │ │ │ │ └── virtualservice-bookinfo.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── bookinfo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── app │ │ │ │ └── app-bookinfo.yaml │ │ └── values.yaml │ ├── busybox │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── tests │ │ │ │ └── test-connection.yaml │ │ └── values.yaml │ ├── cert-manager │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── clusterissuer-self-signer.yaml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── control-plane │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── limitrange-service-mesh.yaml │ │ │ ├── resourcequota-service-mesh.yaml │ │ │ └── servicemeshcontrolplane-full-install.yaml │ │ ├── values-user-monitoring.yaml │ │ └── values.yaml │ ├── gatekeeper-constraints │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── k8srequiredannotations-require-sidecar-annotation.yaml │ │ └── values.yaml │ ├── gatekeeper-constrainttemplates │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── config-config.yaml │ │ │ └── constrainttemplate-k8srequiredannotations.yaml │ │ └── values.yaml │ ├── gatekeeper-operator │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── subscription-gatekeeper-operator-product.yaml │ │ └── values.yaml │ ├── gatekeeper │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── gatekeeper-gatekeeper.yaml │ │ └── values.yaml │ ├── golang-ex-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── destinationrule-golang-ex.yml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── golang-ex │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── configmap-response-headers.yaml │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── tests │ │ │ │ └── test-connection.yaml │ │ └── values.yaml │ ├── grafana-operator │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── subscription-grafana-operator.yaml │ │ └── values.yaml │ ├── grafana │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── dashboards │ │ │ └── istio-system │ │ │ │ ├── istio-extension-dashboard.json │ │ │ │ ├── istio-mesh-dashboard.json │ │ │ │ ├── istio-performance-dashboard.json │ │ │ │ ├── istio-service-dashboard.json │ │ │ │ ├── istio-workload-dashboard.json │ │ │ │ └── pilot-dashboard.json │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── clusterrole-grafana-proxy.yaml │ │ │ ├── clusterrolebinding-grafana-cluster-monitoring-view.yaml │ │ │ ├── clusterrolebinding-grafana-proxy.yaml │ │ │ ├── configmap-istio-workload-dashboard.yaml │ │ │ ├── configmap-ocp-injected-certs.yaml │ │ │ ├── datasource-prometheus.yaml │ │ │ ├── grafana-sre-grafana.yaml │ │ │ ├── grafanadashboard-istio-workload-dashboard.yaml │ │ │ ├── networkpolicy-.yaml │ │ │ ├── secret-grafana-proxy.yaml │ │ │ └── secret-grafana-token.yaml │ │ └── values.yaml │ ├── injected-gateway │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── envoyfilter-owasp-gateway-filter.yaml │ │ │ ├── envoyfilter-redact-server-response-headers.yaml │ │ │ ├── hpa.yaml │ │ │ ├── role.yaml │ │ │ ├── route-api.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── wasmplugin-coraza-ingressgateway.yaml │ │ └── values.yaml │ ├── nginx-echo-headers-istio │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── destinationrule-nginx-echo-headers.yml │ │ │ └── servicemeshmember-default.yaml │ │ └── values.yaml │ ├── nginx-echo-headers │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ └── nginx-echo-headers.yaml │ │ └── values.yaml │ ├── service-mesh-operators │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── operatorgroup-cert-manager-operator.yaml │ │ │ ├── operatorgroup-openshift-distributed-tracing.yaml │ │ │ ├── operatorgroup-openshift-operators-redhat.yaml │ │ │ ├── subscription-elasticsearch-operator.yaml │ │ │ ├── subscription-jaeger-product.yaml │ │ │ ├── subscription-kiali-ossm.yaml │ │ │ ├── subscription-openshift-cert-manager-operator.yaml │ │ │ └── subscription-servicemeshoperator.yaml │ │ └── values.yaml │ ├── ubi8-util │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── tests │ │ │ │ └── test-connection.yaml │ │ └── values.yaml │ └── user-workload-monitoring │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── _helpers.tpl │ │ ├── clusterrole-prometheus-monitoring-exporter-istio-system.yaml │ │ ├── clusterrolebinding-kiali-prometheus-monitoring-exporter-istio-system.yaml │ │ ├── kiali-kiali.yaml │ │ ├── networkpolicies.yaml │ │ ├── networkpolicy-allow-from-openshift-ingress.yaml │ │ ├── networkpolicy-istio-kiali-ingress.yaml │ │ ├── podmonitors-istio-proxies-monitor.yaml │ │ ├── service-jaeger-query-internal.yaml │ │ ├── servicemonitor-istiod-monitor.yaml │ │ └── telemetry.yaml │ │ └── values.yaml │ └── util │ └── Dockerfile └── ossm-2.5 └── secure-ingressgateway ├── .gitignore ├── .images └── golang-ex-feature-test-kiali.png ├── README.md ├── configmap-cluster-monitoring-config.yaml ├── export-dashboards.sh ├── helm ├── bookinfo-istio │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── bookinfo-destinationrules.yml │ │ ├── certificate-bookinfo-cert.yaml │ │ ├── gateway-bookinfo.yaml │ │ ├── route-bookinfo.yaml │ │ └── virtualservice-bookinfo.yaml │ └── values.yaml ├── bookinfo │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── bookinfo.yaml │ └── values.yaml ├── busybox │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── cert-manager │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── clusterissuer-self-signer.yaml │ └── values.yaml ├── control-plane │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── destinationrule-disable-mtls-for-tempo.yaml │ │ ├── limitrange-service-mesh.yaml │ │ ├── resourcequota-service-mesh.yaml │ │ ├── serviceentry-tempo-otlp-http.yaml │ │ ├── servicemeshcontrolplane-full-install.yaml │ │ └── servicemeshmemberroll.yaml │ ├── values-crc.yaml │ └── values.yaml ├── gatekeeper-constraints │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── k8srequiredannotations-require-sidecar-annotation.yaml │ │ └── k8srequiredcontainernames-require-istio-proxy.yaml │ └── values.yaml ├── gatekeeper-constrainttemplates │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── config-config.yaml │ │ ├── constrainttemplate-k8srequiredannotations.yaml │ │ └── constrainttemplate-k8srequireistioproxysidecar.yaml │ └── values.yaml ├── gatekeeper-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── subscription-gatekeeper-operator-product.yaml │ └── values.yaml ├── gatekeeper │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── gatekeeper-gatekeeper.yaml │ └── values.yaml ├── gateway │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── role.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ ├── values.schema.json │ └── values.yaml ├── golang-ex-istio │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── certificates.yaml │ │ ├── gateways.yaml │ │ ├── routes.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── virtualservice-header-matcher.yaml │ │ └── virtualservices-gateway.yaml │ └── values.yaml ├── golang-ex │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap-response-headers.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── grafana-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── subscription-grafana-operator.yaml │ └── values.yaml ├── grafana │ ├── .helmignore │ ├── Chart.yaml │ ├── dashboards │ │ └── import │ │ │ ├── istio-control-plane-dashboard.json │ │ │ ├── istio-mesh-dashboard.json │ │ │ ├── istio-performance-dashboard.json │ │ │ ├── istio-service-dashboard.json │ │ │ ├── istio-wasm-extension-dashboard.json │ │ │ └── istio-workload-dashboard.json │ ├── templates │ │ ├── _helpers.tpl │ │ ├── clusterrole-grafana-proxy.yaml │ │ ├── clusterrolebinding-grafana-cluster-monitoring-view.yaml │ │ ├── clusterrolebinding-grafana-proxy.yaml │ │ ├── configmap-dashboards.yaml │ │ ├── configmap-ocp-injected-certs.yaml │ │ ├── datasource-prometheus.yaml │ │ ├── grafana-grafana-instance.yaml │ │ ├── networkpolicy-grafana-ingress.yaml │ │ ├── secret-grafana-proxy.yaml │ │ └── secret-grafana-token.yaml │ └── values.yaml ├── minio-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── operatorgroup-minio-operator.yaml │ │ ├── route.yaml │ │ └── subscription-minio-operator.yaml │ └── values.yaml ├── minio-tenant │ ├── .gitignore │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── templates │ │ └── _helpers.tpl │ └── values.yaml ├── namespaces │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── namespaces.yaml │ └── values.yaml ├── nginx-echo-headers-istio │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── certificate-nginx-echo-headers-cert.yaml │ │ ├── destinationrule-nginx-echo-headers.yml │ │ ├── gateway-nginx-echo-headers.yaml │ │ ├── route-nginx-echo-headers.yaml │ │ └── virtualservice-nginx-echo-headers.yaml │ └── values.yaml ├── nginx-echo-headers │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ └── nginx-echo-headers.yaml │ └── values.yaml ├── oauth-proxy │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole-oauth-proxy.yaml │ │ ├── clusterrolebinding-oauth-proxy.yaml │ │ ├── configmap-ocp-injected-certs.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── route.yaml │ │ ├── secret-session-secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── openshift-oauth-proxy │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole-oauth-proxy.yaml │ │ ├── clusterrolebinding-oauth-proxy.yaml │ │ ├── configmap-ocp-injected-certs.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── route.yaml │ │ ├── secret-cookie-secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── security │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── envoyfilter-owasp-gateway-filter.yaml │ │ ├── envoyfilter-redact-server-response-headers.yaml │ │ └── wasmplugin-coraza-ingressgateway.yaml │ └── values.yaml ├── service-mesh-operators │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── operatorgroup-cert-manager-operator.yaml │ │ ├── operatorgroup-openshift-tempo-operator.yaml │ │ ├── subscription-kiali-ossm.yaml │ │ ├── subscription-openshift-cert-manager-operator.yaml │ │ ├── subscription-servicemeshoperator.yaml │ │ └── subscription-tempo-product.yaml │ └── values.yaml ├── tempo │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── secret-minio-dev.yaml │ │ └── temopstack-minio-dev.yaml │ └── values.yaml ├── ubi8-util │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml └── user-workload-monitoring │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── _helpers.tpl │ ├── clusterrolebinding-kiali-monitoring-rbac.yaml │ ├── kiali-kiali.yaml │ ├── networkpolicies-allow-ossmconsole-components-to-kiali.yaml │ ├── networkpolicies-user-workload-access.yaml │ ├── ossmconsole-ossmconsole.yaml │ ├── podmonitors-istio-proxies-monitor.yaml │ ├── prometheusrule-istio-sre-red-rules.yaml │ ├── prometheusrule-sre-use-rules.yaml │ ├── servicemonitor-istiod-monitor.yaml │ └── telemetry.yaml │ └── values.yaml ├── import-dashboards.sh └── util └── Dockerfile /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "service-mesh"] 2 | path = service-mesh 3 | url = https://github.com/trevorbox/service-mesh 4 | [submodule "egress-traffic-control"] 5 | path = egress-traffic-control 6 | url = https://github.com/cloudfirst-dev/istio-egress-traffic-control 7 | -------------------------------------------------------------------------------- /auth/helm/bookinfo-istio/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /auth/helm/bookinfo-istio/templates/ingress/gateway-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | selector: 9 | istio: {{ .Values.control_plane.ingressgateway.name }} 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - {{ .Values.control_plane.ingressgateway.host }} 17 | ... -------------------------------------------------------------------------------- /auth/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /auth/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /auth/helm/bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /auth/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/auth/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /auth/helm/control-plane-oauth2/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /auth/helm/control-plane-oauth2/templates/route-api.yml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: api 5 | spec: 6 | port: 7 | targetPort: oauth-http 8 | tls: 9 | termination: edge 10 | to: 11 | kind: Service 12 | name: {{ .Values.ingressgateway_name }} 13 | weight: 100 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /auth/helm/control-plane-oauth2/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane_name: basic-install 2 | is_production_deployment: false 3 | ingressgateway_name: oauth2-ingressgateway 4 | redirect_url: https://api-istio-system.apps./oauth2/callback 5 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 6 | cookie_secret: GRerqX0kInomjzMYFr50wA== 7 | client_id: 8 | client_secret: 9 | -------------------------------------------------------------------------------- /basic-gateway-configuration/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /basic-gateway-configuration/templates/gateway-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | selector: 9 | istio: ingressgateway # use istio default controller 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - "{{ .Values.route_hostname }}" 17 | ... -------------------------------------------------------------------------------- /basic-gateway-configuration/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane_name }} 10 | namespace: {{ .Values.control_plane_namespace }} 11 | ... -------------------------------------------------------------------------------- /basic-gateway-configuration/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane_namespace: istio-system 2 | control_plane_name: basic-install 3 | route_hostname: example.com -------------------------------------------------------------------------------- /bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/bookinfo/values.yaml -------------------------------------------------------------------------------- /cleanup-basic-gateway-configuration.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Define these variables in the same shell 4 | DEPLOY_NAMESPACE=${bookinfo_namespace} 5 | 6 | echo "Delete basic-gateway-configuration..." 7 | 8 | helm delete basic-gateway-configuration -n ${DEPLOY_NAMESPACE} 9 | 10 | echo "Delete bookinfo App..." 11 | 12 | helm delete bookinfo -n ${DEPLOY_NAMESPACE} 13 | 14 | echo "Done." 15 | 16 | exit 0 -------------------------------------------------------------------------------- /cleanup-mongo-egressgateway-configuration.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Define these variables in the same shell 4 | DEPLOY_NAMESPACE=${mongodb_namespace} 5 | 6 | echo "Delete gateway configuration..." 7 | 8 | helm delete mongo-egressgateway-configuration -n ${DEPLOY_NAMESPACE} 9 | 10 | echo "Delete apps..." 11 | 12 | helm delete mongodb -n ${DEPLOY_NAMESPACE} 13 | 14 | echo "Done." 15 | 16 | exit 0 -------------------------------------------------------------------------------- /cleanup-mongo-gateway-configuration.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Define these variables in the same shell 4 | DEPLOY_NAMESPACE=${mongodb_namespace} 5 | 6 | echo "Delete gateway configuration..." 7 | 8 | helm delete mongo-gateway-configuration -n ${DEPLOY_NAMESPACE} 9 | 10 | echo "Delete apps..." 11 | 12 | helm delete mongodb -n ${DEPLOY_NAMESPACE} 13 | 14 | echo "Done." 15 | 16 | exit 0 -------------------------------------------------------------------------------- /cleanup-service-mesh-control-plane-mongodb-egressgateway.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DEPLOY_NAMESPACE=${control_plane_namespace} 4 | 5 | echo "Delete control plane..." 6 | 7 | helm delete control-plane-mongodb-egressgateway -n ${DEPLOY_NAMESPACE} 8 | 9 | echo "Done." 10 | 11 | exit 0 -------------------------------------------------------------------------------- /cleanup-service-mesh-control-plane-mongodb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DEPLOY_NAMESPACE=${control_plane_namespace} 4 | 5 | echo "Delete control plane..." 6 | 7 | helm delete control-plane-mongodb -n ${DEPLOY_NAMESPACE} 8 | 9 | echo "Done." 10 | 11 | exit 0 -------------------------------------------------------------------------------- /cleanup-service-mesh-control-plane.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DEPLOY_NAMESPACE=${control_plane_namespace} 4 | 5 | echo "Delete control plane..." 6 | 7 | helm delete control-plane -n ${DEPLOY_NAMESPACE} 8 | 9 | echo "Done." 10 | 11 | exit 0 -------------------------------------------------------------------------------- /default-vars.txt: -------------------------------------------------------------------------------- 1 | bookinfo_namespace=bookinfo 2 | mongodb_namespace=mongodb 3 | control_plane_namespace=istio-system 4 | control_plane_name=basic-install 5 | control_plane_route_name=api 6 | -------------------------------------------------------------------------------- /documentation/pictures/bookinfo-mongo-egressgateway.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/documentation/pictures/bookinfo-mongo-egressgateway.png -------------------------------------------------------------------------------- /documentation/pictures/bookinfo-mongo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/documentation/pictures/bookinfo-mongo.png -------------------------------------------------------------------------------- /egressgateway/http-trusted-ca/egressgateway-tls-origination-trusted-ca/templates/control-plane/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | port: 9 | targetPort: http2 10 | tls: 11 | termination: edge 12 | to: 13 | kind: Service 14 | name: custom-ingressgateway 15 | weight: 100 16 | wildcardPolicy: None 17 | ... -------------------------------------------------------------------------------- /egressgateway/http-trusted-ca/egressgateway-tls-origination-trusted-ca/templates/control-plane/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.egress.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /egressgateway/http-trusted-ca/egressgateway-tls-origination-trusted-ca/values.yaml: -------------------------------------------------------------------------------- 1 | nginx: 2 | host: 3 | egress: 4 | namespace: istio-system-egress 5 | control_plane: 6 | namespace: istio-system 7 | name: basic-install 8 | google: 9 | host: www.google.com -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/bookinfo/templates/istio-configs/virtualservice-ratings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: ratings 6 | spec: 7 | hosts: 8 | - ratings 9 | http: 10 | - route: 11 | - destination: 12 | host: ratings 13 | subset: v2 14 | ... 15 | -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/bookinfo/templates/istio-configs/virtualservice-reviews.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: reviews 6 | spec: 7 | hosts: 8 | - reviews 9 | http: 10 | - route: 11 | - destination: 12 | host: reviews 13 | subset: v3 14 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | port: 27017 4 | user: bookinfo 5 | password: redhat 6 | ssl: 7 | is_enabled: false 8 | control_plane: 9 | namespace: istio-system 10 | ingressgateway: 11 | name: ingressgateway 12 | host: 13 | -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | port: 9 | targetPort: http2 10 | tls: 11 | termination: edge 12 | to: 13 | kind: Service 14 | name: custom-ingressgateway 15 | weight: 100 16 | wildcardPolicy: None 17 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/control-plane/templates/servicemeshmember-default-bookinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.bookinfo.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/control-plane/templates/servicemeshmember-default-istio-system-egress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane.egressgateway.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/control-plane/templates/servicemeshmember-default-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.mongodb.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | namespace: istio-system 3 | name: basic-install 4 | egressgateway: 5 | namespace: istio-system-egress 6 | mongodb: 7 | namespace: mongodb 8 | bookinfo: 9 | namespace: bookinfo 10 | -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/mongodb/templates/istio/egress/destinationrule-for-mongodb-mesh-external.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: egressgateway-for-mongodb-mesh-external 6 | namespace: {{ .Values.control_plane.egressgateway.namespace }} 7 | spec: 8 | host: istio-egressgateway.{{ .Values.control_plane.egressgateway.namespace }}.svc.cluster.local 9 | subsets: 10 | - name: mongodb 11 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/mongodb/templates/istio/egress/policy-istio-egressgateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: authentication.istio.io/v1alpha1 3 | kind: Policy 4 | metadata: 5 | name: istio-egressgateway 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | targets: 9 | - name: istio-egressgateway 10 | ... -------------------------------------------------------------------------------- /egressgateway/mongodb-trusted-ca/helm/mongodb/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | user: bookinfo 4 | password: redhat 5 | control_plane: 6 | namespace: istio-system 7 | name: basic-install 8 | egressgateway: 9 | namespace: istio-system-egress 10 | port: 15666 -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/destinationrule-egressgateway-for-mongo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: egressgateway-for-mongo 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | host: istio-egressgateway.{{ .Values.control_plane_namespace }}.svc.cluster.local 9 | subsets: 10 | - name: mongo 11 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/destinationrule-mongo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: mongo 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | host: {{ .Values.mongodb.host }} 9 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/gateway-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | selector: 9 | istio: {{ .Values.ingressgateway_name }} 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - "{{ .Values.route_hostname }}" 17 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/gateway-istio-egressgateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: istio-egressgateway 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | selector: 9 | istio: egressgateway 10 | servers: 11 | - port: 12 | number: {{ .Values.egressgateway_port }} 13 | name: tcp 14 | protocol: TCP 15 | hosts: 16 | - {{ .Values.mongodb.host }} 17 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/policy-istio-egressgateway.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: authentication.istio.io/v1alpha1 3 | kind: Policy 4 | metadata: 5 | name: istio-egressgateway 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | targets: 9 | - name: istio-egressgateway 10 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/servicemeshmember-default-bookinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane_name }} 10 | namespace: {{ .Values.control_plane_namespace }} 11 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/servicemeshmember-default-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | spec: 7 | controlPlaneRef: 8 | name: {{ .Values.control_plane_name }} 9 | namespace: {{ .Values.control_plane_namespace }} 10 | ... -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/virtualservice-ratings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: ratings 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | hosts: 9 | - ratings 10 | http: 11 | - route: 12 | - destination: 13 | host: ratings 14 | subset: v2 15 | ... 16 | -------------------------------------------------------------------------------- /mongo-egressgateway-configuration/templates/virtualservice-reviews.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: reviews 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | hosts: 9 | - reviews 10 | http: 11 | - route: 12 | - destination: 13 | host: reviews 14 | subset: v3 15 | ... -------------------------------------------------------------------------------- /mongo-gateway-configuration/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /mongo-gateway-configuration/templates/gateway-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane_namespace }} 7 | spec: 8 | selector: 9 | istio: {{ .Values.ingressgateway_name }} 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - "{{ .Values.route_hostname }}" 17 | ... -------------------------------------------------------------------------------- /mongo-gateway-configuration/templates/serviceentry-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: ServiceEntry 4 | metadata: 5 | name: mongodb 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | hosts: 9 | - {{ .Values.mongodb.host }} 10 | ports: 11 | - number: {{ .Values.mongodb.port }} 12 | name: tcp 13 | protocol: TCP 14 | location: MESH_EXTERNAL 15 | resolution: DNS 16 | endpoints: 17 | - address: {{ .Values.mongodb.host }} 18 | ... -------------------------------------------------------------------------------- /mongo-gateway-configuration/templates/servicemeshmember-default-bookinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane_name }} 10 | namespace: {{ .Values.control_plane_namespace }} 11 | ... -------------------------------------------------------------------------------- /mongo-gateway-configuration/templates/servicemeshmember-default-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | spec: 7 | controlPlaneRef: 8 | name: {{ .Values.control_plane_name }} 9 | namespace: {{ .Values.control_plane_namespace }} 10 | ... -------------------------------------------------------------------------------- /mongo-gateway-configuration/templates/virtualservice-ratings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: ratings 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | hosts: 9 | - ratings 10 | http: 11 | - route: 12 | - destination: 13 | host: ratings 14 | subset: v2 15 | ... 16 | -------------------------------------------------------------------------------- /mongo-gateway-configuration/templates/virtualservice-reviews.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: reviews 6 | namespace: {{ .Values.bookinfo_namespace }} 7 | spec: 8 | hosts: 9 | - reviews 10 | http: 11 | - route: 12 | - destination: 13 | host: reviews 14 | subset: v3 15 | ... -------------------------------------------------------------------------------- /mongo-gateway-configuration/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane_namespace: istio-system 2 | control_plane_name: basic-install 3 | mongo_ingressgateway_name: mongo-ingressgateway 4 | ingressgateway_name: ingressgateway 5 | bookinfo_namespace: bookinfo 6 | mongodb: 7 | host: 8 | port: 27018 9 | user: bookinfo 10 | password: redhat 11 | route_hostname: -------------------------------------------------------------------------------- /mongodb/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /mongodb/values.yaml: -------------------------------------------------------------------------------- 1 | bookinfo_namespace: bookinfo 2 | mongodb: 3 | host: 4 | port: 27018 5 | user: bookinfo 6 | password: redhat -------------------------------------------------------------------------------- /multi-cluster-trust/documentation/pictures/bookinfo-result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/multi-cluster-trust/documentation/pictures/bookinfo-result.png -------------------------------------------------------------------------------- /multi-cluster-trust/documentation/pictures/federated-trust.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/multi-cluster-trust/documentation/pictures/federated-trust.png -------------------------------------------------------------------------------- /multi-cluster-trust/helm/bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/bookinfo/templates/istio-configs/ingress/virtualservice-ratings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: ratings 6 | spec: 7 | hosts: 8 | - ratings 9 | http: 10 | - route: 11 | - destination: 12 | host: ratings 13 | subset: v2 14 | ... 15 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/bookinfo/templates/istio-configs/ingress/virtualservice-reviews.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: reviews 6 | spec: 7 | hosts: 8 | - reviews 9 | http: 10 | - route: 11 | - destination: 12 | host: reviews 13 | subset: v3 14 | ... -------------------------------------------------------------------------------- /multi-cluster-trust/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | port: 443 4 | user: bookinfo 5 | password: redhat 6 | ssl: 7 | is_enabled: false 8 | addresses: 9 | control_plane: 10 | namespace: istio-system 11 | ingressgateway: 12 | name: ingressgateway 13 | host: 14 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/multi-cluster-trust/helm/cert-manager/values.yaml -------------------------------------------------------------------------------- /multi-cluster-trust/helm/install-cacerts/templates/secret-cacerts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: cacerts 6 | data: 7 | ca-cert.pem: {{ .Values.rootca.tls_crt }} 8 | ca-key.pem: {{ .Values.rootca.tls_key }} 9 | cert-chain.pem: '' 10 | key.pem: '' 11 | root-cert.pem: {{ .Values.rootca.tls_crt }} 12 | type: istio.io/ca-root 13 | ... 14 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/install-cacerts/values.yaml: -------------------------------------------------------------------------------- 1 | rootca: 2 | tls_crt: 3 | tls_key: -------------------------------------------------------------------------------- /multi-cluster-trust/helm/istio-system-control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | port: 9 | targetPort: http2 10 | tls: 11 | termination: edge 12 | to: 13 | kind: Service 14 | name: custom-ingressgateway 15 | weight: 100 16 | wildcardPolicy: None 17 | ... -------------------------------------------------------------------------------- /multi-cluster-trust/helm/istio-system-control-plane/templates/servicemeshmember-default-bookinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.bookinfo.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /multi-cluster-trust/helm/istio-system-control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | namespace: istio-system 3 | name: basic-install 4 | bookinfo: 5 | namespace: bookinfo 6 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/istio-system2-control-plane/templates/route-mongo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: mongo 6 | spec: 7 | to: 8 | kind: Service 9 | name: mongo-ingressgateway 10 | weight: 100 11 | port: 12 | targetPort: tls 13 | tls: 14 | termination: passthrough 15 | insecureEdgeTerminationPolicy: Redirect 16 | wildcardPolicy: None 17 | ... 18 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/istio-system2-control-plane/templates/servicemeshmember-default-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.mongodb.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /multi-cluster-trust/helm/istio-system2-control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | namespace: istio-system2 3 | name: basic-install 4 | mongodb: 5 | namespace: mongodb 6 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/mongodb/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/mongodb/templates/istio/ingress/destinationrule-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: mongodb 6 | spec: 7 | host: mongodb 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | ... 16 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/mongodb/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | user: bookinfo 4 | password: redhat 5 | control_plane: 6 | namespace: istio-system2 7 | name: basic-install 8 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/operators/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /multi-cluster-trust/helm/operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: "Automatic" 2 | elasticseach_operator: 3 | channel: "4.6" -------------------------------------------------------------------------------- /ossm-2.0/README.md: -------------------------------------------------------------------------------- 1 | # OSSM 2.0 Examples 2 | 3 | Navigate into each folder for additional READMEs. 4 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/templates/auth/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: nginx-echo-headers 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/templates/auth/peerauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/templates/auth/requestauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: RequestAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | jwtRules: 11 | - issuer: {{ printf .Values.oidc_issuer_url | quote }} 12 | jwksUri: {{ printf "%v/v1/keys" .Values.oidc_issuer_url | quote }} 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/templates/ingress/destinationrule-nginx-echo-headers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | host: nginx-echo-headers 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | ... 16 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 7 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/apps/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/auth/helm/apps/values.yaml -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/cert-manager/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/control-plane/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/control-plane/templates/gateway-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: default 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 443 12 | name: https 13 | protocol: HTTPS 14 | hosts: 15 | - {{ .Values.control_plane.ingressgateway.host }} 16 | tls: 17 | mode: SIMPLE 18 | credentialName: ingressgateway-cert 19 | ... -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/control-plane/templates/route-api.yml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: api 5 | spec: 6 | port: 7 | targetPort: https 8 | tls: 9 | termination: passthrough 10 | to: 11 | kind: Service 12 | name: istio-ingressgateway 13 | weight: 100 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | ingressgateway: 3 | host: 4 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/oauth2-proxy-istio/templates/serviceentry-okta.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: ServiceEntry 3 | metadata: 4 | name: okta 5 | spec: 6 | hosts: 7 | - {{ .Values.serviceentry.okta.host }} 8 | location: MESH_EXTERNAL 9 | ports: 10 | - number: 443 11 | name: https 12 | protocol: TLS 13 | resolution: DNS 14 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/oauth2-proxy-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | spec: 7 | controlPlaneRef: 8 | name: {{ .Values.control_plane.name }} 9 | namespace: {{ .Values.control_plane.namespace }} 10 | ... -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/oauth2-proxy-istio/templates/virtualservice-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: api 6 | spec: 7 | gateways: 8 | - {{ .Values.control_plane.namespace }}/default 9 | hosts: 10 | - {{ .Values.control_plane.ingressgateway.host }} 11 | http: 12 | - route: 13 | - destination: 14 | host: oauth2-proxy.oauth2-proxy.svc.cluster.local 15 | port: 16 | number: 80 17 | ... -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/oauth2-proxy-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | serviceentry: 8 | okta: 9 | host: dev-338970.okta.com 10 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/oauth2-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/oauth2-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "oauth2-proxy.serviceAccountName" . }} 6 | labels: 7 | {{- include "oauth2-proxy.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/auth/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.0/auth/oauth2-auth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/auth/oauth2-auth.png -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/bookinfo-istio/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/bookinfo-istio/templates/ingress/gateway-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | selector: 9 | app: {{ .Values.control_plane.ingressgateway.app }} 10 | servers: 11 | - port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | hosts: 16 | - {{ .Values.control_plane.ingressgateway.host }} 17 | ... -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | app: istio-ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/basic/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/control-plane/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: http2 9 | tls: 10 | termination: edge 11 | insecureEdgeTerminationPolicy: None 12 | to: 13 | kind: Service 14 | name: istio-ingressgateway 15 | weight: 100 16 | wildcardPolicy: None 17 | ... 18 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | is_production_deployment: false 2 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: '5.0' 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/basic/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/bookinfo/templates/istio-configs/virtualservice-ratings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: ratings 6 | spec: 7 | hosts: 8 | - ratings 9 | http: 10 | - route: 11 | - destination: 12 | host: ratings 13 | subset: v2 14 | ... 15 | -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/bookinfo/templates/istio-configs/virtualservice-reviews.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: reviews 6 | spec: 7 | hosts: 8 | - reviews 9 | http: 10 | - route: 11 | - destination: 12 | host: reviews 13 | subset: v3 14 | ... -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | port: 27017 4 | user: bookinfo 5 | password: redhat 6 | ssl: 7 | is_enabled: false 8 | control_plane: 9 | namespace: istio-system 10 | ingressgateway: 11 | name: ingressgateway 12 | host: 13 | -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | namespace: {{ .Values.control_plane.namespace }} 7 | spec: 8 | port: 9 | targetPort: http2 10 | tls: 11 | termination: edge 12 | to: 13 | kind: Service 14 | name: custom-ingressgateway 15 | weight: 100 16 | wildcardPolicy: None 17 | ... -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/control-plane/templates/servicemeshmember-default-bookinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.bookinfo.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/control-plane/templates/servicemeshmember-default-istio-system-egress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.control_plane.egressgateway.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/control-plane/templates/servicemeshmember-default-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.mongodb.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | namespace: istio-system 3 | name: basic-install 4 | egressgateway: 5 | namespace: istio-system-egress 6 | mongodb: 7 | namespace: mongodb 8 | bookinfo: 9 | namespace: bookinfo 10 | gateways: 11 | egress: 12 | enabled: true 13 | -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/mongodb/templates/istio/egress/destinationrule-for-mongodb-mesh-external.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: egressgateway-for-mongodb-mesh-external 6 | namespace: {{ .Values.control_plane.egressgateway.namespace }} 7 | spec: 8 | host: istio-egressgateway.{{ .Values.control_plane.egressgateway.namespace }}.svc.cluster.local 9 | subsets: 10 | - name: mongodb 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/mongodb-trusted-ca/helm/mongodb/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | user: bookinfo 4 | password: redhat 5 | control_plane: 6 | namespace: istio-system 7 | name: basic-install 8 | egressgateway: 9 | namespace: istio-system-egress 10 | port: 15666 -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/documentation/pictures/bookinfo-result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/multi-cluster-trust/documentation/pictures/bookinfo-result.png -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/documentation/pictures/federated-trust.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/multi-cluster-trust/documentation/pictures/federated-trust.png -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/bookinfo/templates/istio-configs/ingress/virtualservice-ratings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: ratings 6 | spec: 7 | hosts: 8 | - ratings 9 | http: 10 | - route: 11 | - destination: 12 | host: ratings 13 | subset: v2 14 | ... 15 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/bookinfo/templates/istio-configs/ingress/virtualservice-reviews.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: reviews 6 | spec: 7 | hosts: 8 | - reviews 9 | http: 10 | - route: 11 | - destination: 12 | host: reviews 13 | subset: v3 14 | ... -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | port: 443 4 | user: bookinfo 5 | password: redhat 6 | ssl: 7 | is_enabled: false 8 | addresses: 9 | control_plane: 10 | namespace: istio-system 11 | ingressgateway: 12 | name: ingressgateway 13 | host: 14 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/multi-cluster-trust/helm/cert-manager/values.yaml -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/install-cacerts/templates/secret-cacerts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Secret 3 | apiVersion: v1 4 | metadata: 5 | name: cacerts 6 | data: 7 | ca-cert.pem: {{ .Values.rootca.tls_crt }} 8 | ca-key.pem: {{ .Values.rootca.tls_key }} 9 | cert-chain.pem: {{ .Values.rootca.tls_crt }} 10 | root-cert.pem: {{ .Values.rootca.ca_crt }} 11 | type: istio.io/ca-root 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/install-cacerts/values.yaml: -------------------------------------------------------------------------------- 1 | rootca: 2 | tls_crt: 3 | tls_key: -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/istio-system-control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: http2 9 | tls: 10 | termination: edge 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/istio-system-control-plane/templates/servicemeshmember-default-bookinfo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.bookinfo.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/istio-system-control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | namespace: istio-system 3 | name: basic-install 4 | bookinfo: 5 | namespace: bookinfo 6 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/istio-system2-control-plane/templates/route-mongo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Route 3 | apiVersion: route.openshift.io/v1 4 | metadata: 5 | name: mongo 6 | spec: 7 | to: 8 | kind: Service 9 | name: mongo-ingressgateway 10 | weight: 100 11 | port: 12 | targetPort: tls 13 | tls: 14 | termination: passthrough 15 | insecureEdgeTerminationPolicy: Redirect 16 | wildcardPolicy: None 17 | ... 18 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/istio-system2-control-plane/templates/servicemeshmember-default-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Values.mongodb.namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/istio-system2-control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | namespace: istio-system2 3 | name: basic-install 4 | mongodb: 5 | namespace: mongodb 6 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/mongodb/templates/istio/ingress/destinationrule-mongodb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: mongodb 6 | spec: 7 | host: mongodb 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | ... 16 | -------------------------------------------------------------------------------- /ossm-2.0/multi-cluster-trust/helm/mongodb/values.yaml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | host: 3 | user: bookinfo 4 | password: redhat 5 | control_plane: 6 | namespace: istio-system2 7 | name: basic-install 8 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/secure-ingressgateway/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.0/secure-ingressgateway/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: '5.0' 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.0/secure-ingressgateway/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.1/README.md: -------------------------------------------------------------------------------- 1 | # OSSM 2.1 Examples 2 | 3 | Navigate into each folder for additional READMEs. 4 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo-istio/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo-istio/templates/auth/peerauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo-istio/templates/auth/requestauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: RequestAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | jwtRules: 11 | - issuer: {{ printf .Values.oidc_issuer_url | quote }} 12 | jwksUri: {{ printf "%v/v1/keys" .Values.oidc_issuer_url | quote }} 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/auth/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/cert-manager/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/control-plane/templates/route-api.yml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: api 5 | spec: 6 | port: 7 | targetPort: https 8 | tls: 9 | termination: passthrough 10 | to: 11 | kind: Service 12 | name: istio-ingressgateway 13 | weight: 100 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/auth/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/nginx-echo-headers-istio/templates/auth/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: nginx-echo-headers 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/nginx-echo-headers-istio/templates/ingress/destinationrule-nginx-echo-headers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | host: nginx-echo-headers 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | ... 16 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/auth/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/oauth2-proxy-istio/templates/serviceentry-okta.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: ServiceEntry 3 | metadata: 4 | name: okta 5 | spec: 6 | hosts: 7 | - {{ .Values.serviceentry.okta.host }} 8 | location: MESH_EXTERNAL 9 | ports: 10 | - number: 443 11 | name: https 12 | protocol: TLS 13 | resolution: DNS 14 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/oauth2-proxy-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | spec: 7 | controlPlaneRef: 8 | name: {{ .Values.control_plane.name }} 9 | namespace: {{ .Values.control_plane.namespace }} 10 | ... -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/oauth2-proxy-istio/templates/virtualservice-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: api 6 | spec: 7 | gateways: 8 | - {{ .Values.control_plane.namespace }}/default 9 | hosts: 10 | - {{ .Values.control_plane.ingressgateway.host }} 11 | http: 12 | - route: 13 | - destination: 14 | host: oauth2-proxy.oauth2-proxy.svc.cluster.local 15 | port: 16 | number: 80 17 | ... -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/oauth2-proxy-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | serviceentry: 8 | okta: 9 | host: dev-338970.okta.com 10 | nginx_echo_headers: 11 | namespace: nginx-echo-headers 12 | bookinfo: 13 | namespace: bookinfo -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/oauth2-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/oauth2-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "oauth2-proxy.serviceAccountName" . }} 6 | labels: 7 | {{- include "oauth2-proxy.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/auth/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.1/auth/oauth2-auth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/auth/oauth2-auth.png -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/secure-ingressgateway-mtls/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/secure-ingressgateway-mtls/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/templates/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | # kind: PeerAuthentication 2 | # apiVersion: security.istio.io/v1beta1 3 | # metadata: 4 | # name: nginx-echo-headers 5 | # spec: 6 | # selector: 7 | # matchLabels: 8 | # app: nginx-echo-headers 9 | # mtls: 10 | # mode: DISABLE 11 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/secure-ingressgateway-mtls/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway-mtls/raf15.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/secure-ingressgateway-mtls/raf15.webp -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/secure-ingressgateway/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.1/secure-ingressgateway/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.1/secure-ingressgateway/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.2/README.md: -------------------------------------------------------------------------------- 1 | # OSSM 2.2 Examples 2 | 3 | Navigate into each folder for additional READMEs. 4 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/bookinfo-istio/templates/auth/peerauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/bookinfo-istio/templates/auth/requestauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: RequestAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | jwtRules: 11 | - issuer: {{ printf .Values.oidc_issuer_url | quote }} 12 | jwksUri: {{ printf "%v/v1/keys" .Values.oidc_issuer_url | quote }} 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/auth/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/cert-manager/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/control-plane/templates/route-api.yml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: api 5 | spec: 6 | port: 7 | targetPort: https 8 | tls: 9 | termination: passthrough 10 | to: 11 | kind: Service 12 | name: istio-ingressgateway 13 | weight: 100 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/auth/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/nginx-echo-headers-istio/templates/auth/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: nginx-echo-headers 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/nginx-echo-headers-istio/templates/ingress/destinationrule-nginx-echo-headers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | host: nginx-echo-headers 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | ... 16 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/auth/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/oauth2-proxy-istio/templates/serviceentry-okta.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: ServiceEntry 3 | metadata: 4 | name: okta 5 | spec: 6 | hosts: 7 | - {{ .Values.serviceentry.okta.host }} 8 | location: MESH_EXTERNAL 9 | ports: 10 | - number: 443 11 | name: https 12 | protocol: TLS 13 | resolution: DNS 14 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/oauth2-proxy-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | spec: 7 | controlPlaneRef: 8 | name: {{ .Values.control_plane.name }} 9 | namespace: {{ .Values.control_plane.namespace }} 10 | ... -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/oauth2-proxy-istio/templates/virtualservice-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: api 6 | spec: 7 | gateways: 8 | - {{ .Values.control_plane.namespace }}/default 9 | hosts: 10 | - {{ .Values.control_plane.ingressgateway.host }} 11 | http: 12 | - route: 13 | - destination: 14 | host: oauth2-proxy.oauth2-proxy.svc.cluster.local 15 | port: 16 | number: 80 17 | ... -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/oauth2-proxy-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | serviceentry: 8 | okta: 9 | host: dev-338970.okta.com 10 | nginx_echo_headers: 11 | namespace: nginx-echo-headers 12 | bookinfo: 13 | namespace: bookinfo -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/oauth2-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/oauth2-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "oauth2-proxy.serviceAccountName" . }} 6 | labels: 7 | {{- include "oauth2-proxy.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/auth/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.2/auth/oauth2-auth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/auth/oauth2-auth.png -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway-mtls/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway-mtls/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/templates/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | # kind: PeerAuthentication 2 | # apiVersion: security.istio.io/v1beta1 3 | # metadata: 4 | # name: nginx-echo-headers 5 | # spec: 6 | # selector: 7 | # matchLabels: 8 | # app: nginx-echo-headers 9 | # mtls: 10 | # mode: DISABLE 11 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway-mtls/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway-mtls/raf15.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway-mtls/raf15.webp -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/busybox/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "busybox.fullname" . }} 5 | labels: 6 | {{- include "busybox.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "busybox.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/busybox/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "busybox.serviceAccountName" . }} 6 | labels: 7 | {{- include "busybox.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.2/secure-ingressgateway/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/helm/ubi8-util/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ubi8-util.serviceAccountName" . }} 6 | labels: 7 | {{- include "ubi8-util.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.2/secure-ingressgateway/util/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi-minimal 2 | 3 | RUN \ 4 | microdnf install \ 5 | net-tools bind-utils iputils curl git unzip vim wget \ 6 | && microdnf clean all 7 | 8 | ENV HOME /root 9 | 10 | WORKDIR /root 11 | 12 | CMD tail -f /dev/null -------------------------------------------------------------------------------- /ossm-2.3/README.md: -------------------------------------------------------------------------------- 1 | # OSSM 2.3 Examples 2 | 3 | Navigate into each folder for additional READMEs. 4 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/bookinfo-istio/templates/auth/peerauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/bookinfo-istio/templates/auth/requestauthentication-productpage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: RequestAuthentication 4 | metadata: 5 | name: productpage 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: productpage 10 | jwtRules: 11 | - issuer: {{ printf .Values.oidc_issuer_url | quote }} 12 | jwksUri: {{ printf "%v/v1/keys" .Values.oidc_issuer_url | quote }} 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/bookinfo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/auth/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/cert-manager/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/control-plane/templates/route-api.yml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | name: api 5 | spec: 6 | port: 7 | targetPort: https 8 | tls: 9 | termination: passthrough 10 | to: 11 | kind: Service 12 | name: istio-ingressgateway 13 | weight: 100 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/auth/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/nginx-echo-headers-istio/templates/auth/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: nginx-echo-headers 10 | mtls: 11 | mode: STRICT 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/nginx-echo-headers-istio/templates/ingress/destinationrule-nginx-echo-headers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: nginx-echo-headers 6 | spec: 7 | host: nginx-echo-headers 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | ... 16 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | oidc_issuer_url: https://dev-338970.okta.com/oauth2/default 8 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/auth/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/oauth2-proxy-istio/templates/serviceentry-okta.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: ServiceEntry 3 | metadata: 4 | name: okta 5 | spec: 6 | hosts: 7 | - {{ .Values.serviceentry.okta.host }} 8 | location: MESH_EXTERNAL 9 | ports: 10 | - number: 443 11 | name: https 12 | protocol: TLS 13 | resolution: DNS 14 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/oauth2-proxy-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | spec: 7 | controlPlaneRef: 8 | name: {{ .Values.control_plane.name }} 9 | namespace: {{ .Values.control_plane.namespace }} 10 | ... -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/oauth2-proxy-istio/templates/virtualservice-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: api 6 | spec: 7 | gateways: 8 | - {{ .Values.control_plane.namespace }}/default 9 | hosts: 10 | - {{ .Values.control_plane.ingressgateway.host }} 11 | http: 12 | - route: 13 | - destination: 14 | host: oauth2-proxy.oauth2-proxy.svc.cluster.local 15 | port: 16 | number: 80 17 | ... -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/oauth2-proxy-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: basic-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | serviceentry: 8 | okta: 9 | host: dev-338970.okta.com 10 | nginx_echo_headers: 11 | namespace: nginx-echo-headers 12 | bookinfo: 13 | namespace: bookinfo -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/oauth2-proxy/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/oauth2-proxy/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "oauth2-proxy.serviceAccountName" . }} 6 | labels: 7 | {{- include "oauth2-proxy.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/auth/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.3/auth/oauth2-auth.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/auth/oauth2-auth.png -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | host: 7 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway-mtls/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/control-plane/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: custom-ingressgateway 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway-mtls/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/templates/peerauthentication-nginx-echo-headers.yaml: -------------------------------------------------------------------------------- 1 | # kind: PeerAuthentication 2 | # apiVersion: security.istio.io/v1beta1 3 | # metadata: 4 | # name: nginx-echo-headers 5 | # spec: 6 | # selector: 7 | # matchLabels: 8 | # app: nginx-echo-headers 9 | # mtls: 10 | # mode: DISABLE 11 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway-mtls/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway-mtls/raf15.webp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway-mtls/raf15.webp -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | namespace: istio-ingress 7 | host: 8 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/busybox/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "busybox.fullname" . }} 5 | labels: 6 | {{- include "busybox.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "busybox.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/busybox/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "busybox.serviceAccountName" . }} 6 | labels: 7 | {{- include "busybox.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/cert-manager/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... 12 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: 4 | control_plane: 5 | name: full-install 6 | namespace: istio-system 7 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway/helm/control-plane/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/injected-gateway/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: {{ include "gateway.name" . }} 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/injected-gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.3/secure-ingressgateway/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-cert-manager-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-cert-manager-operator 5 | namespace: openshift-cert-manager-operator 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-distributed-tracing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-distributed-tracing 5 | namespace: openshift-distributed-tracing 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-distributed-tracing 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/helm/ubi8-util/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ubi8-util.serviceAccountName" . }} 6 | labels: 7 | {{- include "ubi8-util.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.3/secure-ingressgateway/util/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi-minimal 2 | 3 | RUN \ 4 | microdnf install \ 5 | net-tools bind-utils iputils curl git unzip vim wget \ 6 | && microdnf clean all 7 | 8 | ENV HOME /root 9 | 10 | WORKDIR /root 11 | 12 | CMD tail -f /dev/null -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/configmap-cluster-monitoring-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cluster-monitoring-config 5 | namespace: openshift-monitoring 6 | data: 7 | config.yaml: | 8 | enableUserWorkload: true 9 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/bookinfo-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | namespace: istio-ingress 7 | host: 8 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.4/secure-ingressgateway/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/busybox/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "busybox.fullname" . }} 5 | labels: 6 | {{- include "busybox.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "busybox.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/busybox/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "busybox.serviceAccountName" . }} 6 | labels: 7 | {{- include "busybox.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/cert-manager/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... 12 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: 4 | control_plane: 5 | name: full-install 6 | namespace: istio-system 7 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/control-plane/values-user-monitoring.yaml: -------------------------------------------------------------------------------- 1 | grafana: 2 | enabled: false 3 | prometheus: 4 | enabled: false 5 | kiali: 6 | enabled: false 7 | isRosa: false 8 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | grafana: 2 | enabled: true 3 | prometheus: 4 | enabled: true 5 | kiali: 6 | enabled: true 7 | isRosa: false 8 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/gatekeeper-constraints/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.4/secure-ingressgateway/helm/gatekeeper-constraints/values.yaml -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/gatekeeper-constrainttemplates/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.4/secure-ingressgateway/helm/gatekeeper-constrainttemplates/values.yaml -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/gatekeeper-operator/templates/subscription-gatekeeper-operator-product.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: gatekeeper-operator-product 5 | namespace: openshift-operators 6 | spec: 7 | channel: stable 8 | installPlanApproval: Automatic 9 | name: gatekeeper-operator-product 10 | source: redhat-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/gatekeeper-operator/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.4/secure-ingressgateway/helm/gatekeeper-operator/values.yaml -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/gatekeeper/templates/gatekeeper-gatekeeper.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.gatekeeper.sh/v1alpha1 2 | kind: Gatekeeper 3 | metadata: 4 | name: gatekeeper 5 | spec: 6 | validatingWebhook: Enabled 7 | audit: 8 | logLevel: INFO 9 | replicas: 1 10 | resources: 11 | limits: 12 | cpu: 1 13 | memory: 1Gi 14 | requests: 15 | cpu: 100m 16 | memory: 256Mi 17 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/gatekeeper/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.4/secure-ingressgateway/helm/gatekeeper/values.yaml -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/golang-ex-istio/templates/destinationrule-golang-ex.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: golang-ex 6 | spec: 7 | host: golang-ex.golang-ex.svc.cluster.local 8 | subsets: 9 | - labels: 10 | version: v1 11 | name: v1 12 | trafficPolicy: 13 | tls: 14 | mode: ISTIO_MUTUAL 15 | sni: golang-ex.golang-ex.svc.cluster.local 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/golang-ex-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/golang-ex-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/golang-ex/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "golang-ex.serviceAccountName" . }} 6 | labels: 7 | {{- include "golang-ex.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/clusterrole-grafana-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: grafana-proxy 5 | rules: 6 | - verbs: 7 | - create 8 | apiGroups: 9 | - authentication.k8s.io 10 | resources: 11 | - tokenreviews 12 | - verbs: 13 | - create 14 | apiGroups: 15 | - authorization.k8s.io 16 | resources: 17 | - subjectaccessreviews 18 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/clusterrolebinding-grafana-cluster-monitoring-view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: authorization.openshift.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: grafana-cluster-monitoring-view 5 | roleRef: 6 | kind: ClusterRole 7 | name: cluster-monitoring-view 8 | subjects: 9 | - kind: ServiceAccount 10 | name: grafana-instance-sa 11 | namespace: {{ .Release.Namespace }} 12 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/clusterrolebinding-grafana-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: authorization.openshift.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: grafana-proxy 5 | roleRef: 6 | kind: ClusterRole 7 | name: grafana-proxy 8 | subjects: 9 | - kind: ServiceAccount 10 | name: grafana-instance-sa 11 | namespace: {{ .Release.Namespace }} 12 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/configmap-istio-workload-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: istio-workload-dashboard 5 | data: 6 | json: {{ .Files.Get "dashboards/istio-system/istio-workload-dashboard.json" | toPrettyJson }} 7 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/configmap-ocp-injected-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | config.openshift.io/inject-trusted-cabundle: "true" 6 | name: ocp-injected-certs 7 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/grafanadashboard-istio-workload-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: grafana.integreatly.org/v1beta1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: istio-workload-dashboard 5 | spec: 6 | folder: istio-system 7 | instanceSelector: 8 | matchLabels: 9 | dashboards: "grafana" 10 | configMapRef: 11 | name: istio-workload-dashboard 12 | key: json 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/networkpolicy-.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: grafana-ingress 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: grafana-instance 9 | ingress: 10 | - {} 11 | policyTypes: 12 | - Ingress 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/secret-grafana-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: grafana-proxy 5 | type: Opaque 6 | stringData: 7 | session_secret: {{ randAlphaNum 24 }} 8 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/templates/secret-grafana-token.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: grafana-token 5 | annotations: 6 | kubernetes.io/service-account.name: "grafana-instance-sa" 7 | type: kubernetes.io/service-account-token 8 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/grafana/values.yaml: -------------------------------------------------------------------------------- 1 | grafana: 2 | token: 3 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/injected-gateway/templates/route-api.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: api 6 | spec: 7 | port: 8 | targetPort: https 9 | tls: 10 | termination: passthrough 11 | to: 12 | kind: Service 13 | name: {{ include "gateway.name" . }} 14 | weight: 100 15 | wildcardPolicy: None 16 | ... 17 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/injected-gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/nginx-echo-headers-istio/templates/servicemeshmember-default.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: maistra.io/v1 3 | kind: ServiceMeshMember 4 | metadata: 5 | name: default 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | controlPlaneRef: 9 | name: {{ .Values.control_plane.name }} 10 | namespace: {{ .Values.control_plane.namespace }} 11 | ... -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.4/secure-ingressgateway/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-cert-manager-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: cert-manager-operator 5 | namespace: cert-manager-operator 6 | spec: 7 | targetNamespaces: 8 | - cert-manager-operator 9 | upgradeStrategy: Default 10 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-distributed-tracing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-distributed-tracing 5 | namespace: openshift-distributed-tracing 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-operators-redhat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-operators-redhat 5 | namespace: openshift-operators-redhat 6 | spec: {} 7 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-elasticsearch-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: elasticsearch-operator 6 | namespace: openshift-operators-redhat 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: elasticsearch-operator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-jaeger-product.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: jaeger-product 6 | namespace: openshift-distributed-tracing 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: jaeger-product 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/ubi8-util/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ubi8-util.serviceAccountName" . }} 6 | labels: 7 | {{- include "ubi8-util.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/user-workload-monitoring/templates/clusterrole-prometheus-monitoring-exporter-istio-system.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: prometheus-monitoring-exporter-istio-system 5 | rules: 6 | - verbs: 7 | - get 8 | - list 9 | - watch 10 | apiGroups: 11 | - '' 12 | resources: 13 | - namespaces 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/user-workload-monitoring/templates/networkpolicy-allow-from-openshift-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-from-openshift-ingress 5 | namespace: istio-ingress 6 | spec: 7 | ingress: 8 | - from: 9 | - namespaceSelector: 10 | matchLabels: 11 | network.openshift.io/policy-group: ingress 12 | podSelector: {} 13 | policyTypes: 14 | - Ingress 15 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/user-workload-monitoring/templates/networkpolicy-istio-kiali-ingress.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: istio-kiali-ingress 5 | namespace: istio-system 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | app: kiali 10 | ingress: 11 | - {} 12 | policyTypes: 13 | - Ingress 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/user-workload-monitoring/templates/telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: enable-prometheus-metrics 5 | namespace: istio-system 6 | spec: 7 | metrics: 8 | - providers: 9 | - name: prometheus 10 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/helm/user-workload-monitoring/values.yaml: -------------------------------------------------------------------------------- 1 | members: 2 | - bookinfo 3 | - nginx-echo-headers 4 | - istio-ingress 5 | - golang-ex 6 | smcp: 7 | name: full-install 8 | namespace: istio-system 9 | kiali: 10 | grafana: 11 | url: 12 | jaeger: 13 | url: 14 | -------------------------------------------------------------------------------- /ossm-2.4/secure-ingressgateway/util/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi-minimal 2 | 3 | RUN \ 4 | microdnf install \ 5 | net-tools bind-utils iputils curl git unzip vim wget \ 6 | && microdnf clean all 7 | 8 | ENV HOME /root 9 | 10 | WORKDIR /root 11 | 12 | CMD tail -f /dev/null -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/.gitignore: -------------------------------------------------------------------------------- 1 | openshift-install/ 2 | *.tgz 3 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/.images/golang-ex-feature-test-kiali.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/.images/golang-ex-feature-test-kiali.png -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/configmap-cluster-monitoring-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cluster-monitoring-config 5 | namespace: openshift-monitoring 6 | data: 7 | config.yaml: | 8 | enableUserWorkload: true 9 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/bookinfo-istio/values.yaml: -------------------------------------------------------------------------------- 1 | control_plane: 2 | name: full-install 3 | namespace: istio-system 4 | ingressgateway: 5 | name: ingressgateway 6 | namespace: istio-ingress 7 | host: 8 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/bookinfo/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/bookinfo/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/busybox/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "busybox.fullname" . }} 5 | labels: 6 | {{- include "busybox.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "busybox.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/busybox/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "busybox.serviceAccountName" . }} 6 | labels: 7 | {{- include "busybox.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/cert-manager/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | cert: 3 | commonName: 4 | control_plane: 5 | name: full-install 6 | namespace: istio-system 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/control-plane/templates/destinationrule-disable-mtls-for-tempo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: disable-mtls-for-tempo 5 | annotations: 6 | helm.sh/hook: post-install,post-upgrade 7 | helm.sh/hook-weight: "-2" 8 | spec: 9 | host: tempo-minio-dev-distributor.tempo-system.svc.cluster.local 10 | trafficPolicy: 11 | tls: 12 | mode: DISABLE 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/control-plane/templates/limitrange-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | limits: 8 | - type: Container 9 | defaultRequest: 10 | cpu: 100m 11 | memory: 128Mi 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/control-plane/templates/resourcequota-service-mesh.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: service-mesh 6 | spec: 7 | hard: 8 | requests.cpu: '7' 9 | requests.memory: 25Gi 10 | requests.storage: 200Gi 11 | services.loadbalancers: '2' 12 | ... 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/control-plane/templates/servicemeshmemberroll.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: maistra.io/v1 2 | kind: ServiceMeshMemberRoll 3 | metadata: 4 | name: default 5 | spec: 6 | memberSelectors: 7 | - matchLabels: 8 | istio.io/rev: ossm-2.5 9 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/control-plane/values-crc.yaml: -------------------------------------------------------------------------------- 1 | grafana: 2 | enabled: true 3 | prometheus: 4 | enabled: true 5 | kiali: 6 | name: kiali-user-workload-monitoring 7 | enabled: true 8 | jaeger: 9 | enabled: false 10 | isRosa: false 11 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | grafana: 2 | enabled: false 3 | prometheus: 4 | enabled: false 5 | kiali: 6 | name: kiali-user-workload-monitoring 7 | enabled: false 8 | jaeger: 9 | enabled: false 10 | isRosa: false 11 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gatekeeper-constraints/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/gatekeeper-constraints/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gatekeeper-constrainttemplates/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/gatekeeper-constrainttemplates/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gatekeeper-operator/templates/subscription-gatekeeper-operator-product.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: gatekeeper-operator-product 5 | namespace: openshift-operators 6 | spec: 7 | channel: stable 8 | installPlanApproval: Automatic 9 | name: gatekeeper-operator-product 10 | source: redhat-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gatekeeper-operator/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/gatekeeper-operator/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gatekeeper/templates/gatekeeper-gatekeeper.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.gatekeeper.sh/v1alpha1 2 | kind: Gatekeeper 3 | metadata: 4 | name: gatekeeper 5 | spec: 6 | validatingWebhook: Enabled 7 | audit: 8 | logLevel: INFO 9 | replicas: 1 10 | resources: 11 | limits: 12 | cpu: 1 13 | memory: 1Gi 14 | requests: 15 | cpu: 100m 16 | memory: 256Mi 17 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gatekeeper/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/gatekeeper/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gateway/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 1.18.5 3 | description: Helm chart for deploying Istio gateways 4 | icon: https://istio.io/latest/favicons/android-192x192.png 5 | keywords: 6 | - istio 7 | - gateways 8 | name: gateway 9 | sources: 10 | - https://github.com/istio/istio 11 | type: application 12 | version: 1.18.5 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gateway/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | "{{ include "gateway.name" . }}" successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} 5 | $ helm get all {{ .Release.Name }} 6 | 7 | Next steps: 8 | * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ 9 | * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ 10 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/gateway/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gateway.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "gateway.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/golang-ex-istio/templates/service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: {{ .Values.context.name }} 5 | labels: 6 | app: {{ .Values.context.name }} 7 | service: {{ .Values.context.name }} 8 | spec: 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 8080 13 | targetPort: http 14 | type: ClusterIP 15 | # selector: 16 | # app: {{ .Values.context.name }} 17 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/golang-ex-istio/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ .Values.context.name }} 5 | labels: 6 | account: {{ .Values.context.name }} 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/golang-ex-istio/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | name: ingressgateway 3 | namespace: istio-ingress 4 | context: 5 | name: golang-ex 6 | namespace: golang-ex 7 | features: 8 | stable: 9 | svc: golang-ex-stable 10 | host: 11 | high: 12 | svc: golang-ex-high 13 | host: 14 | featurea: 15 | svc: golang-ex-featurea 16 | host: 17 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/clusterrole-grafana-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: grafana-proxy 5 | rules: 6 | - verbs: 7 | - create 8 | apiGroups: 9 | - authentication.k8s.io 10 | resources: 11 | - tokenreviews 12 | - verbs: 13 | - create 14 | apiGroups: 15 | - authorization.k8s.io 16 | resources: 17 | - subjectaccessreviews 18 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/clusterrolebinding-grafana-cluster-monitoring-view.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: grafana-cluster-monitoring-view 5 | roleRef: 6 | kind: ClusterRole 7 | name: cluster-monitoring-view 8 | subjects: 9 | - kind: ServiceAccount 10 | name: grafana-instance-sa 11 | namespace: {{ .Release.Namespace }} 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/clusterrolebinding-grafana-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: grafana-proxy 5 | roleRef: 6 | kind: ClusterRole 7 | name: grafana-proxy 8 | subjects: 9 | - kind: ServiceAccount 10 | name: grafana-instance-sa 11 | namespace: {{ .Release.Namespace }} 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/configmap-ocp-injected-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | config.openshift.io/inject-trusted-cabundle: "true" 6 | name: ocp-injected-certs 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/networkpolicy-grafana-ingress.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: grafana-ingress 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: grafana-instance 9 | ingress: 10 | - {} 11 | policyTypes: 12 | - Ingress 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/secret-grafana-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: grafana-proxy 5 | type: Opaque 6 | stringData: 7 | session_secret: {{ .Values.cookieSecret }} 8 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/templates/secret-grafana-token.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: grafana-token 5 | annotations: 6 | kubernetes.io/service-account.name: "grafana-instance-sa" 7 | helm.sh/hook: post-install 8 | helm.sh/hook-weight: "-5" 9 | type: kubernetes.io/service-account-token 10 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/grafana/values.yaml: -------------------------------------------------------------------------------- 1 | cookieSecret: 2 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/minio-operator/templates/operatorgroup-minio-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: minio-operator 5 | namespace: minio-operator 6 | spec: 7 | upgradeStrategy: Default 8 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/minio-operator/templates/route.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: console 5 | namespace: minio-operator 6 | spec: 7 | to: 8 | kind: Service 9 | name: console 10 | weight: 100 11 | port: 12 | targetPort: https 13 | tls: 14 | termination: passthrough 15 | wildcardPolicy: None 16 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/minio-operator/templates/subscription-minio-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: minio-operator 5 | namespace: minio-operator 6 | spec: 7 | channel: stable 8 | installPlanApproval: Automatic 9 | name: minio-operator 10 | source: certified-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/minio-operator/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/minio-operator/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/minio-tenant/.gitignore: -------------------------------------------------------------------------------- 1 | *.tgz 2 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/minio-tenant/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: tenant 3 | repository: https://operator.min.io 4 | version: 5.0.14 5 | digest: sha256:c305010c53d176bc21cb4c1f788ab1bf197601a66b02c2cd49f6fae5b11db083 6 | generated: "2024-04-30T11:49:46.480057774-07:00" 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/namespaces/templates/namespaces.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.namespaces }} 2 | --- 3 | kind: Namespace 4 | apiVersion: v1 5 | metadata: 6 | name: {{ . }} 7 | labels: 8 | {{- $.Values.labels | toYaml | nindent 4 }} 9 | ... 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/namespaces/values.yaml: -------------------------------------------------------------------------------- 1 | namespaces: 2 | - golang-ex 3 | - bookinfo 4 | - istio-system 5 | - istio-ingress 6 | # - tempo-system #do not add tempo to the mesh 7 | - nginx-echo-headers 8 | labels: 9 | istio.io/rev: ossm-2.5 -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/nginx-echo-headers-istio/values.yaml: -------------------------------------------------------------------------------- 1 | ingressgateway: 2 | name: ingressgateway 3 | namespace: istio-ingress 4 | host: -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/nginx-echo-headers/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trevorbox/service-mesh-patterns/8087ad542b9071a72156113832527113f63cf822/ossm-2.5/secure-ingressgateway/helm/nginx-echo-headers/values.yaml -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/oauth-proxy/templates/clusterrolebinding-oauth-proxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: authorization.openshift.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: {{ include "oauth-proxy.fullname" . }} 5 | roleRef: 6 | kind: ClusterRole 7 | name: {{ include "oauth-proxy.fullname" . }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ include "oauth-proxy.serviceAccountName" . }} 11 | namespace: {{ .Release.Namespace }} 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/oauth-proxy/templates/configmap-ocp-injected-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | config.openshift.io/inject-trusted-cabundle: "true" 6 | name: {{ include "oauth-proxy.fullname" . }}-ocp-injected-certs 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/oauth-proxy/templates/route.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: {{ include "oauth-proxy.fullname" . }} 5 | spec: 6 | to: 7 | kind: Service 8 | name: {{ include "oauth-proxy.fullname" . }} 9 | weight: 100 10 | port: 11 | targetPort: https 12 | tls: 13 | termination: reencrypt 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/oauth-proxy/templates/secret-session-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "oauth-proxy.fullname" . }}-session-secret 5 | type: Opaque 6 | stringData: 7 | session_secret: {{ randAlphaNum 24 }} 8 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/openshift-oauth-proxy/templates/configmap-ocp-injected-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | config.openshift.io/inject-trusted-cabundle: "true" 6 | name: {{ include "openshift-oauth-proxy.fullname" . }}-ocp-injected-certs 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/openshift-oauth-proxy/templates/route.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: {{ include "openshift-oauth-proxy.fullname" . }} 5 | spec: 6 | to: 7 | kind: Service 8 | name: {{ include "openshift-oauth-proxy.fullname" . }} 9 | weight: 100 10 | port: 11 | targetPort: https 12 | tls: 13 | termination: reencrypt 14 | wildcardPolicy: None 15 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/openshift-oauth-proxy/templates/secret-cookie-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "openshift-oauth-proxy.fullname" . }}-cookie-secret 5 | type: Opaque 6 | stringData: 7 | session_secret: {{ .Values.cookieSecret }} 8 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/security/values.yaml: -------------------------------------------------------------------------------- 1 | includeEnvoyFilters: 2 | redactServerResponseHeaders: true 3 | owaspGatewayFilter: false 4 | 5 | coraza: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-cert-manager-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: cert-manager-operator 5 | namespace: cert-manager-operator 6 | spec: 7 | targetNamespaces: 8 | - cert-manager-operator 9 | upgradeStrategy: Default 10 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/service-mesh-operators/templates/operatorgroup-openshift-tempo-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: openshift-tempo-operator 5 | namespace: openshift-tempo-operator 6 | spec: 7 | upgradeStrategy: Default 8 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-kiali-ossm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: kiali-ossm 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: kiali-ossm 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-servicemeshoperator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: operators.coreos.com/v1alpha1 3 | kind: Subscription 4 | metadata: 5 | name: servicemeshoperator 6 | namespace: openshift-operators 7 | spec: 8 | channel: stable 9 | installPlanApproval: {{ .Values.approval_strategy }} 10 | name: servicemeshoperator 11 | source: redhat-operators 12 | sourceNamespace: openshift-marketplace 13 | ... 14 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/service-mesh-operators/templates/subscription-tempo-product.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: tempo-product 5 | namespace: openshift-tempo-operator 6 | spec: 7 | channel: stable 8 | installPlanApproval: {{ .Values.approval_strategy }} 9 | name: tempo-product 10 | source: redhat-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/service-mesh-operators/values.yaml: -------------------------------------------------------------------------------- 1 | approval_strategy: Automatic -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/tempo/templates/secret-minio-dev.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: minio-dev 5 | stringData: 6 | endpoint: http://minio.minio-tenant.svc.cluster.local:80 7 | bucket: tempo 8 | access_key_id: tempo 9 | access_key_secret: tempotempo 10 | type: Opaque 11 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/ubi8-util/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ubi8-util.serviceAccountName" . }} 6 | labels: 7 | {{- include "ubi8-util.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/user-workload-monitoring/templates/clusterrolebinding-kiali-monitoring-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kiali-monitoring-rbac 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-monitoring-view 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kiali-service-account 12 | namespace: istio-system 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/user-workload-monitoring/templates/ossmconsole-ossmconsole.yaml: -------------------------------------------------------------------------------- 1 | kind: OSSMConsole 2 | apiVersion: kiali.io/v1alpha1 3 | metadata: 4 | name: ossmconsole 5 | namespace: openshift-operators 6 | spec: 7 | version: default 8 | kiali: 9 | serviceName: 'kiali' 10 | serviceNamespace: 'istio-system' 11 | servicePort: '20001' 12 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/user-workload-monitoring/templates/telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: mesh-default 5 | spec: 6 | tracing: 7 | - providers: 8 | - name: tempo 9 | randomSamplingPercentage: 100 10 | metrics: 11 | - providers: 12 | - name: prometheus 13 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/helm/user-workload-monitoring/values.yaml: -------------------------------------------------------------------------------- 1 | members: 2 | - istio-system 3 | - istio-ingress 4 | - golang-ex 5 | - bookinfo 6 | - nginx-echo-headers 7 | smcp: 8 | name: full-install 9 | namespace: istio-system 10 | kiali: 11 | grafana: 12 | url: 13 | jaeger: 14 | url: 15 | tempo: 16 | url: 17 | -------------------------------------------------------------------------------- /ossm-2.5/secure-ingressgateway/util/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi-minimal 2 | 3 | RUN \ 4 | microdnf install \ 5 | net-tools bind-utils iputils curl git unzip vim wget \ 6 | && microdnf clean all 7 | 8 | ENV HOME /root 9 | 10 | WORKDIR /root 11 | 12 | CMD tail -f /dev/null --------------------------------------------------------------------------------