# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: v1 kind: ServiceAccount metadata: name: ui-ingressgateway --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ui-ingressgateway rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ui-ingressgateway roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ui-ingressgateway subjects: - kind: ServiceAccount name: ui-ingressgateway --- apiVersion: apps/v1 kind: Deployment metadata: name: ui-ingressgateway spec: replicas: 3 selector: matchLabels: app: ui-ingressgateway istio: ui-ingressgateway template: metadata: annotations: inject.istio.io/templates: gateway labels: app: ui-ingressgateway istio: ui-ingressgateway spec: containers: - name: istio-proxy image: auto resources: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi serviceAccountName: ui-ingressgateway --- apiVersion: v1 kind: Service metadata: name: ui-ingressgateway annotations: cloud.google.com/app-protocols: '{"http2":"HTTP"}' spec: type: NodePort selector: app: ui-ingressgateway ports: - name: http2 port: 80 --- apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: name: ui-ingressgateway spec: domains: - "{ui-ingressgateway-ip}.nip.io" --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ui-ingressgateway annotations: kubernetes.io/ingress.allow-http: "false" kubernetes.io/ingress.global-static-ip-name: ui-ingressgateway-ip networking.gke.io/managed-certificates: ui-ingressgateway spec: defaultBackend: service: name: ui-ingressgateway port: number: 80 --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: ui-gateway spec: selector: istio: ui-ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ui-ingressgateway spec: hosts: - "*" gateways: - ui-gateway http: - name: frontend match: - uri: prefix: / route: - destination: host: frontend.onlineboutique.svc.cluster.local port: number: 80