From 39a7c1245038aac0fc09186cd557ada6f9fe0b32 Mon Sep 17 00:00:00 2001
From: savagebidoof <filter.oriol@gmail.com>
Date: Wed, 26 Apr 2023 02:36:23 +0200
Subject: [PATCH] Directory renaming
---
.../09-HTTPS-backend/README.md | 2 +-
.../01-target-namespaces/01-namespace.yaml | 0
.../01-target-namespaces/README.md | 0
.../01-target-namespaces/authentication.yaml | 0
.../01-target-namespaces/deployment.yaml | 0
.../01-target-namespaces/deployment_2.yaml | 0
.../01-target-namespaces/gateway.yaml | 0
.../01-namespace.yaml | 0
.../01-service-accounts.yaml | 0
.../02-target-service-accounts/README.md | 0
.../authentication.yaml | 0
.../deployment.yaml | 0
.../deployment_2.yaml | 0
.../02-target-service-accounts/gateway.yaml | 0
.../06-AuthorizationPolicy/04-audit/README.md | 17 +
.../04-audit/authentication.yaml | 45 +++
.../04-audit/deployment.yaml | 48 +++
.../04-audit/gateway.yaml} | 29 +-
.../05-disable-mTLS}/authentication.yaml | 0
.../05-disable-mTLS}/deployment.yaml | 0
.../05-disable-mTLS}/gateway.yaml | 0
.../README.md | 12 +-
Istio/__bookshelf/README.md | 1 -
Istio/__bookshelf/bookinfo.yaml | 343 ------------------
24 files changed, 128 insertions(+), 369 deletions(-)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/01-target-namespaces/01-namespace.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/01-target-namespaces/README.md (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/01-target-namespaces/authentication.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/01-target-namespaces/deployment.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/01-target-namespaces/deployment_2.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/01-target-namespaces/gateway.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/01-namespace.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/01-service-accounts.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/README.md (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/authentication.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/deployment.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/deployment_2.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/02-target-service-accounts/gateway.yaml (100%)
create mode 100755 Istio/06-AuthorizationPolicy/04-audit/README.md
create mode 100644 Istio/06-AuthorizationPolicy/04-audit/authentication.yaml
create mode 100755 Istio/06-AuthorizationPolicy/04-audit/deployment.yaml
rename Istio/{__bookshelf/bookinfo-gateway.yaml => 06-AuthorizationPolicy/04-audit/gateway.yaml} (50%)
rename Istio/{06-Internal-Authentication/03-disable-mTLS => 06-AuthorizationPolicy/05-disable-mTLS}/authentication.yaml (100%)
rename Istio/{06-Internal-Authentication/03-disable-mTLS => 06-AuthorizationPolicy/05-disable-mTLS}/deployment.yaml (100%)
rename Istio/{06-Internal-Authentication/03-disable-mTLS => 06-AuthorizationPolicy/05-disable-mTLS}/gateway.yaml (100%)
rename Istio/{06-Internal-Authentication => 06-AuthorizationPolicy}/README.md (67%)
delete mode 100755 Istio/__bookshelf/README.md
delete mode 100755 Istio/__bookshelf/bookinfo.yaml
diff --git a/Istio/02-Traffic_management/09-HTTPS-backend/README.md b/Istio/02-Traffic_management/09-HTTPS-backend/README.md
index 76d945b..c236283 100644
--- a/Istio/02-Traffic_management/09-HTTPS-backend/README.md
+++ b/Istio/02-Traffic_management/09-HTTPS-backend/README.md
@@ -197,7 +197,7 @@ spec:
```
> **Note**:\
-> As this configuration is very board, and targets the whole namespace, I would strongly recommend referring to the following example [06-Internal-Authentication/02-target-service-accounts](../../06-Internal-Authentication/02-target-service-accounts), which shows how to target service accounts set to resources, limiting the scope of this rule set.
+> As this configuration is very board, and targets the whole namespace, I would strongly recommend referring to the following example [06-Internal-Authentication/02-target-service-accounts](../../06-AuthorizationPolicy/02-target-service-accounts), which shows how to target service accounts set to resources, limiting the scope of this rule set.
# Walkthrough
diff --git a/Istio/06-Internal-Authentication/01-target-namespaces/01-namespace.yaml b/Istio/06-AuthorizationPolicy/01-target-namespaces/01-namespace.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/01-target-namespaces/01-namespace.yaml
rename to Istio/06-AuthorizationPolicy/01-target-namespaces/01-namespace.yaml
diff --git a/Istio/06-Internal-Authentication/01-target-namespaces/README.md b/Istio/06-AuthorizationPolicy/01-target-namespaces/README.md
similarity index 100%
rename from Istio/06-Internal-Authentication/01-target-namespaces/README.md
rename to Istio/06-AuthorizationPolicy/01-target-namespaces/README.md
diff --git a/Istio/06-Internal-Authentication/01-target-namespaces/authentication.yaml b/Istio/06-AuthorizationPolicy/01-target-namespaces/authentication.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/01-target-namespaces/authentication.yaml
rename to Istio/06-AuthorizationPolicy/01-target-namespaces/authentication.yaml
diff --git a/Istio/06-Internal-Authentication/01-target-namespaces/deployment.yaml b/Istio/06-AuthorizationPolicy/01-target-namespaces/deployment.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/01-target-namespaces/deployment.yaml
rename to Istio/06-AuthorizationPolicy/01-target-namespaces/deployment.yaml
diff --git a/Istio/06-Internal-Authentication/01-target-namespaces/deployment_2.yaml b/Istio/06-AuthorizationPolicy/01-target-namespaces/deployment_2.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/01-target-namespaces/deployment_2.yaml
rename to Istio/06-AuthorizationPolicy/01-target-namespaces/deployment_2.yaml
diff --git a/Istio/06-Internal-Authentication/01-target-namespaces/gateway.yaml b/Istio/06-AuthorizationPolicy/01-target-namespaces/gateway.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/01-target-namespaces/gateway.yaml
rename to Istio/06-AuthorizationPolicy/01-target-namespaces/gateway.yaml
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/01-namespace.yaml b/Istio/06-AuthorizationPolicy/02-target-service-accounts/01-namespace.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/01-namespace.yaml
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/01-namespace.yaml
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/01-service-accounts.yaml b/Istio/06-AuthorizationPolicy/02-target-service-accounts/01-service-accounts.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/01-service-accounts.yaml
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/01-service-accounts.yaml
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/README.md b/Istio/06-AuthorizationPolicy/02-target-service-accounts/README.md
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/README.md
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/README.md
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/authentication.yaml b/Istio/06-AuthorizationPolicy/02-target-service-accounts/authentication.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/authentication.yaml
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/authentication.yaml
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/deployment.yaml b/Istio/06-AuthorizationPolicy/02-target-service-accounts/deployment.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/deployment.yaml
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/deployment.yaml
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/deployment_2.yaml b/Istio/06-AuthorizationPolicy/02-target-service-accounts/deployment_2.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/deployment_2.yaml
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/deployment_2.yaml
diff --git a/Istio/06-Internal-Authentication/02-target-service-accounts/gateway.yaml b/Istio/06-AuthorizationPolicy/02-target-service-accounts/gateway.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/02-target-service-accounts/gateway.yaml
rename to Istio/06-AuthorizationPolicy/02-target-service-accounts/gateway.yaml
diff --git a/Istio/06-AuthorizationPolicy/04-audit/README.md b/Istio/06-AuthorizationPolicy/04-audit/README.md
new file mode 100755
index 0000000..a0296bc
--- /dev/null
+++ b/Istio/06-AuthorizationPolicy/04-audit/README.md
@@ -0,0 +1,17 @@
+
+# Based on
+
+Resources:
+
+- [01-Simple/01-hello_world_1_service_1_deployment](../../01-Simple/01-hello_world_1_service_1_deployment)
+
+AuthorizationPolicies:
+
+- [01-target-namespaces](../01-target-namespaces)
+
+# Description
+
+This example aims to trigger Audit rules, and where to see these events.
+
+
+https://istio.io/latest/docs/reference/config/security/authorization-policy/
\ No newline at end of file
diff --git a/Istio/06-AuthorizationPolicy/04-audit/authentication.yaml b/Istio/06-AuthorizationPolicy/04-audit/authentication.yaml
new file mode 100644
index 0000000..4f5c20a
--- /dev/null
+++ b/Istio/06-AuthorizationPolicy/04-audit/authentication.yaml
@@ -0,0 +1,45 @@
+# Deny all requests to namespace foo
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: allow-nothing
+ namespace: foo
+spec:
+ {}
+---
+# Deny all requests to namespace default
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: allow-nothing
+ namespace: default
+spec:
+ {}
+---
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: allow-from-istio-system
+ namespace: foo
+spec:
+ action: ALLOW
+ rules:
+ - from:
+ - source:
+ namespaces: ["istio-system"]
+---
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: allow-head-from-default
+ namespace: foo
+spec:
+ action: ALLOW
+ rules:
+ - from:
+ - source:
+ namespaces: ["default"]
+ to:
+ - operation:
+ methods: ["HEAD"]
+ notPaths: ["/secret*"]
\ No newline at end of file
diff --git a/Istio/06-AuthorizationPolicy/04-audit/deployment.yaml b/Istio/06-AuthorizationPolicy/04-audit/deployment.yaml
new file mode 100755
index 0000000..36e6b76
--- /dev/null
+++ b/Istio/06-AuthorizationPolicy/04-audit/deployment.yaml
@@ -0,0 +1,48 @@
+# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: helloworld
+ labels:
+ app: helloworld
+ service: helloworld
+spec:
+ ports:
+ - port: 80
+ name: http
+ selector:
+ app: helloworld
+---
+#apiVersion: v1
+#kind: ServiceAccount
+#metadata:
+# name: istio-helloworld
+# labels:
+# account:
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: helloworld-nginx
+ labels:
+ app: helloworld
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: helloworld
+ template:
+ metadata:
+ labels:
+ app: helloworld
+ spec:
+# serviceAccountName: istio-helloworld
+ containers:
+ - name: helloworld
+ image: nginx
+ resources:
+ requests:
+ cpu: "100m"
+ imagePullPolicy: IfNotPresent #Always
+ ports:
+ - containerPort: 80
diff --git a/Istio/__bookshelf/bookinfo-gateway.yaml b/Istio/06-AuthorizationPolicy/04-audit/gateway.yaml
similarity index 50%
rename from Istio/__bookshelf/bookinfo-gateway.yaml
rename to Istio/06-AuthorizationPolicy/04-audit/gateway.yaml
index 57fb37b..252a01e 100755
--- a/Istio/__bookshelf/bookinfo-gateway.yaml
+++ b/Istio/06-AuthorizationPolicy/04-audit/gateway.yaml
@@ -1,8 +1,7 @@
-
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
- name: bookinfo-gateway
+ name: helloworld-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
@@ -17,36 +16,20 @@ spec:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
- name: bookinfo
+ name: helloworld-vs
spec:
hosts:
- "*"
gateways:
- - bookinfo-gateway
+ - helloworld-gateway
http:
- - match:
- - uri:
- exact: /productpage
- - uri:
- prefix: /static
- - uri:
- exact: /login
- - uri:
- exact: /logout
- - uri:
- prefix: /api/v1/products
- route:
- - destination:
- host: productpage
- port:
- number: 9080
- match:
- uri:
exact: /helloworld
route:
- destination:
- host: productpage
+ host: helloworld
port:
- number: 9080
+ number: 80
rewrite:
- uri: "/productpage"
+ uri: "/"
\ No newline at end of file
diff --git a/Istio/06-Internal-Authentication/03-disable-mTLS/authentication.yaml b/Istio/06-AuthorizationPolicy/05-disable-mTLS/authentication.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/03-disable-mTLS/authentication.yaml
rename to Istio/06-AuthorizationPolicy/05-disable-mTLS/authentication.yaml
diff --git a/Istio/06-Internal-Authentication/03-disable-mTLS/deployment.yaml b/Istio/06-AuthorizationPolicy/05-disable-mTLS/deployment.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/03-disable-mTLS/deployment.yaml
rename to Istio/06-AuthorizationPolicy/05-disable-mTLS/deployment.yaml
diff --git a/Istio/06-Internal-Authentication/03-disable-mTLS/gateway.yaml b/Istio/06-AuthorizationPolicy/05-disable-mTLS/gateway.yaml
similarity index 100%
rename from Istio/06-Internal-Authentication/03-disable-mTLS/gateway.yaml
rename to Istio/06-AuthorizationPolicy/05-disable-mTLS/gateway.yaml
diff --git a/Istio/06-Internal-Authentication/README.md b/Istio/06-AuthorizationPolicy/README.md
similarity index 67%
rename from Istio/06-Internal-Authentication/README.md
rename to Istio/06-AuthorizationPolicy/README.md
index dc7c773..b8fa14d 100644
--- a/Istio/06-Internal-Authentication/README.md
+++ b/Istio/06-AuthorizationPolicy/README.md
@@ -10,7 +10,17 @@
- Audit / logs (should be the 3th)
+- disable mTLS (4th)
JWT seems important, refer to source.requestPrincipals
-https://istio.io/latest/docs/tasks/security/authentication/
\ No newline at end of file
+https://istio.io/latest/docs/tasks/security/authentication/
+
+
+
+Per deployment:
+```yaml
+ selector:
+ matchLabels:
+ app: myapi
+```
\ No newline at end of file
diff --git a/Istio/__bookshelf/README.md b/Istio/__bookshelf/README.md
deleted file mode 100755
index 4ce3894..0000000
--- a/Istio/__bookshelf/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# Example from istio, storing it for testing purposes
\ No newline at end of file
diff --git a/Istio/__bookshelf/bookinfo.yaml b/Istio/__bookshelf/bookinfo.yaml
deleted file mode 100755
index 4de3a21..0000000
--- a/Istio/__bookshelf/bookinfo.yaml
+++ /dev/null
@@ -1,343 +0,0 @@
-# Copyright Istio Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-##################################################################################################
-# This file defines the services, service accounts, and deployments for the Bookinfo sample.
-#
-# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments:
-#
-# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
-#
-# Alternatively, you can deploy any resource separately:
-#
-# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service
-# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount
-# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment
-##################################################################################################
-
-##################################################################################################
-# Details service
-##################################################################################################
-apiVersion: v1
-kind: Service
-metadata:
- name: details
- labels:
- app: details
- service: details
-spec:
- ports:
- - port: 9080
- name: http
- selector:
- app: details
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: bookinfo-details
- labels:
- account: details
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: details-v1
- labels:
- app: details
- version: v1
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: details
- version: v1
- template:
- metadata:
- labels:
- app: details
- version: v1
- spec:
- serviceAccountName: bookinfo-details
- containers:
- - name: details
- image: docker.io/istio/examples-bookinfo-details-v1:1.17.0
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 9080
- securityContext:
- runAsUser: 1000
----
-##################################################################################################
-# Ratings service
-##################################################################################################
-apiVersion: v1
-kind: Service
-metadata:
- name: ratings
- labels:
- app: ratings
- service: ratings
-spec:
- ports:
- - port: 9080
- name: http
- selector:
- app: ratings
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: bookinfo-ratings
- labels:
- account: ratings
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: ratings-v1
- labels:
- app: ratings
- version: v1
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: ratings
- version: v1
- template:
- metadata:
- labels:
- app: ratings
- version: v1
- spec:
- serviceAccountName: bookinfo-ratings
- containers:
- - name: ratings
- image: docker.io/istio/examples-bookinfo-ratings-v1:1.17.0
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 9080
- securityContext:
- runAsUser: 1000
----
-##################################################################################################
-# Reviews service
-##################################################################################################
-apiVersion: v1
-kind: Service
-metadata:
- name: reviews
- labels:
- app: reviews
- service: reviews
-spec:
- ports:
- - port: 9080
- name: http
- selector:
- app: reviews
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: bookinfo-reviews
- labels:
- account: reviews
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: reviews-v1
- labels:
- app: reviews
- version: v1
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: reviews
- version: v1
- template:
- metadata:
- labels:
- app: reviews
- version: v1
- spec:
- serviceAccountName: bookinfo-reviews
- containers:
- - name: reviews
- image: docker.io/istio/examples-bookinfo-reviews-v1:1.17.0
- imagePullPolicy: IfNotPresent
- env:
- - name: LOG_DIR
- value: "/tmp/logs"
- ports:
- - containerPort: 9080
- volumeMounts:
- - name: tmp
- mountPath: /tmp
- - name: wlp-output
- mountPath: /opt/ibm/wlp/output
- securityContext:
- runAsUser: 1000
- volumes:
- - name: wlp-output
- emptyDir: {}
- - name: tmp
- emptyDir: {}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: reviews-v2
- labels:
- app: reviews
- version: v2
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: reviews
- version: v2
- template:
- metadata:
- labels:
- app: reviews
- version: v2
- spec:
- serviceAccountName: bookinfo-reviews
- containers:
- - name: reviews
- image: docker.io/istio/examples-bookinfo-reviews-v2:1.17.0
- imagePullPolicy: IfNotPresent
- env:
- - name: LOG_DIR
- value: "/tmp/logs"
- ports:
- - containerPort: 9080
- volumeMounts:
- - name: tmp
- mountPath: /tmp
- - name: wlp-output
- mountPath: /opt/ibm/wlp/output
- securityContext:
- runAsUser: 1000
- volumes:
- - name: wlp-output
- emptyDir: {}
- - name: tmp
- emptyDir: {}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: reviews-v3
- labels:
- app: reviews
- version: v3
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: reviews
- version: v3
- template:
- metadata:
- labels:
- app: reviews
- version: v3
- spec:
- serviceAccountName: bookinfo-reviews
- containers:
- - name: reviews
- image: docker.io/istio/examples-bookinfo-reviews-v3:1.17.0
- imagePullPolicy: IfNotPresent
- env:
- - name: LOG_DIR
- value: "/tmp/logs"
- ports:
- - containerPort: 9080
- volumeMounts:
- - name: tmp
- mountPath: /tmp
- - name: wlp-output
- mountPath: /opt/ibm/wlp/output
- securityContext:
- runAsUser: 1000
- volumes:
- - name: wlp-output
- emptyDir: {}
- - name: tmp
- emptyDir: {}
----
-##################################################################################################
-# Productpage services
-##################################################################################################
-apiVersion: v1
-kind: Service
-metadata:
- name: productpage
- labels:
- app: productpage
- service: productpage
-spec:
- ports:
- - port: 9080
- name: http
- selector:
- app: productpage
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: bookinfo-productpage
- labels:
- account: productpage
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: productpage-v1
- labels:
- app: productpage
- version: v1
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: productpage
- version: v1
- template:
- metadata:
- labels:
- app: productpage
- version: v1
- spec:
- serviceAccountName: bookinfo-productpage
- containers:
- - name: productpage
- image: docker.io/istio/examples-bookinfo-productpage-v1:1.17.0
- imagePullPolicy: IfNotPresent
- ports:
- - containerPort: 9080
- volumeMounts:
- - name: tmp
- mountPath: /tmp
- securityContext:
- runAsUser: 1000
- volumes:
- - name: tmp
- emptyDir: {}
----