istio.io/istio@v0.0.0-20240520182934-d79c90f27776/samples/bookinfo/platform/kube/bookinfo-psa.yaml (about) 1 # Copyright Istio Authors 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 ################################################################################################## 16 # This file defines the same services, service accounts, and deployments as bookinfo.yaml with 17 # added securityContext fields to allow the bookinfo demo to run on a PodSecurityAdmission 18 # enabled cluster that enforces the baseline policy. 19 ################################################################################################## 20 21 ################################################################################################## 22 # Details service 23 ################################################################################################## 24 apiVersion: v1 25 kind: Service 26 metadata: 27 name: details 28 labels: 29 app: details 30 service: details 31 spec: 32 ports: 33 - port: 9080 34 name: http 35 selector: 36 app: details 37 --- 38 apiVersion: v1 39 kind: ServiceAccount 40 metadata: 41 name: bookinfo-details 42 labels: 43 account: details 44 --- 45 apiVersion: apps/v1 46 kind: Deployment 47 metadata: 48 name: details-v1 49 labels: 50 app: details 51 version: v1 52 spec: 53 replicas: 1 54 selector: 55 matchLabels: 56 app: details 57 version: v1 58 template: 59 metadata: 60 labels: 61 app: details 62 version: v1 63 spec: 64 serviceAccountName: bookinfo-details 65 containers: 66 - name: details 67 image: docker.io/istio/examples-bookinfo-details-v1:1.19.1 68 imagePullPolicy: IfNotPresent 69 ports: 70 - containerPort: 9080 71 securityContext: 72 allowPrivilegeEscalation: false 73 capabilities: 74 drop: 75 - all 76 runAsNonRoot: true 77 --- 78 ################################################################################################## 79 # Ratings service 80 ################################################################################################## 81 apiVersion: v1 82 kind: Service 83 metadata: 84 name: ratings 85 labels: 86 app: ratings 87 service: ratings 88 spec: 89 ports: 90 - port: 9080 91 name: http 92 selector: 93 app: ratings 94 --- 95 apiVersion: v1 96 kind: ServiceAccount 97 metadata: 98 name: bookinfo-ratings 99 labels: 100 account: ratings 101 --- 102 apiVersion: apps/v1 103 kind: Deployment 104 metadata: 105 name: ratings-v1 106 labels: 107 app: ratings 108 version: v1 109 spec: 110 replicas: 1 111 selector: 112 matchLabels: 113 app: ratings 114 version: v1 115 template: 116 metadata: 117 labels: 118 app: ratings 119 version: v1 120 spec: 121 serviceAccountName: bookinfo-ratings 122 containers: 123 - name: ratings 124 image: docker.io/istio/examples-bookinfo-ratings-v1:1.19.1 125 imagePullPolicy: IfNotPresent 126 ports: 127 - containerPort: 9080 128 securityContext: 129 allowPrivilegeEscalation: false 130 capabilities: 131 drop: 132 - all 133 runAsNonRoot: true 134 --- 135 ################################################################################################## 136 # Reviews service 137 ################################################################################################## 138 apiVersion: v1 139 kind: Service 140 metadata: 141 name: reviews 142 labels: 143 app: reviews 144 service: reviews 145 spec: 146 ports: 147 - port: 9080 148 name: http 149 selector: 150 app: reviews 151 --- 152 apiVersion: v1 153 kind: ServiceAccount 154 metadata: 155 name: bookinfo-reviews 156 labels: 157 account: reviews 158 --- 159 apiVersion: apps/v1 160 kind: Deployment 161 metadata: 162 name: reviews-v1 163 labels: 164 app: reviews 165 version: v1 166 spec: 167 replicas: 1 168 selector: 169 matchLabels: 170 app: reviews 171 version: v1 172 template: 173 metadata: 174 labels: 175 app: reviews 176 version: v1 177 spec: 178 serviceAccountName: bookinfo-reviews 179 containers: 180 - name: reviews 181 image: docker.io/istio/examples-bookinfo-reviews-v1:1.19.1 182 imagePullPolicy: IfNotPresent 183 env: 184 - name: LOG_DIR 185 value: "/tmp/logs" 186 ports: 187 - containerPort: 9080 188 volumeMounts: 189 - name: tmp 190 mountPath: /tmp 191 - name: wlp-output 192 mountPath: /opt/ibm/wlp/output 193 securityContext: 194 allowPrivilegeEscalation: false 195 capabilities: 196 drop: 197 - all 198 runAsNonRoot: true 199 volumes: 200 - name: wlp-output 201 emptyDir: {} 202 - name: tmp 203 emptyDir: {} 204 --- 205 apiVersion: apps/v1 206 kind: Deployment 207 metadata: 208 name: reviews-v2 209 labels: 210 app: reviews 211 version: v2 212 spec: 213 replicas: 1 214 selector: 215 matchLabels: 216 app: reviews 217 version: v2 218 template: 219 metadata: 220 labels: 221 app: reviews 222 version: v2 223 spec: 224 serviceAccountName: bookinfo-reviews 225 containers: 226 - name: reviews 227 image: docker.io/istio/examples-bookinfo-reviews-v2:1.19.1 228 imagePullPolicy: IfNotPresent 229 env: 230 - name: LOG_DIR 231 value: "/tmp/logs" 232 ports: 233 - containerPort: 9080 234 volumeMounts: 235 - name: tmp 236 mountPath: /tmp 237 - name: wlp-output 238 mountPath: /opt/ibm/wlp/output 239 securityContext: 240 allowPrivilegeEscalation: false 241 capabilities: 242 drop: 243 - all 244 runAsNonRoot: true 245 volumes: 246 - name: wlp-output 247 emptyDir: {} 248 - name: tmp 249 emptyDir: {} 250 --- 251 apiVersion: apps/v1 252 kind: Deployment 253 metadata: 254 name: reviews-v3 255 labels: 256 app: reviews 257 version: v3 258 spec: 259 replicas: 1 260 selector: 261 matchLabels: 262 app: reviews 263 version: v3 264 template: 265 metadata: 266 labels: 267 app: reviews 268 version: v3 269 spec: 270 serviceAccountName: bookinfo-reviews 271 containers: 272 - name: reviews 273 image: docker.io/istio/examples-bookinfo-reviews-v3:1.19.1 274 imagePullPolicy: IfNotPresent 275 env: 276 - name: LOG_DIR 277 value: "/tmp/logs" 278 ports: 279 - containerPort: 9080 280 volumeMounts: 281 - name: tmp 282 mountPath: /tmp 283 - name: wlp-output 284 mountPath: /opt/ibm/wlp/output 285 securityContext: 286 allowPrivilegeEscalation: false 287 capabilities: 288 drop: 289 - all 290 runAsNonRoot: true 291 volumes: 292 - name: wlp-output 293 emptyDir: {} 294 - name: tmp 295 emptyDir: {} 296 --- 297 ################################################################################################## 298 # Productpage services 299 ################################################################################################## 300 apiVersion: v1 301 kind: Service 302 metadata: 303 name: productpage 304 labels: 305 app: productpage 306 service: productpage 307 spec: 308 ports: 309 - port: 9080 310 name: http 311 selector: 312 app: productpage 313 --- 314 apiVersion: v1 315 kind: ServiceAccount 316 metadata: 317 name: bookinfo-productpage 318 labels: 319 account: productpage 320 --- 321 apiVersion: apps/v1 322 kind: Deployment 323 metadata: 324 name: productpage-v1 325 labels: 326 app: productpage 327 version: v1 328 spec: 329 replicas: 1 330 selector: 331 matchLabels: 332 app: productpage 333 version: v1 334 template: 335 metadata: 336 annotations: 337 prometheus.io/scrape: "true" 338 prometheus.io/port: "9080" 339 prometheus.io/path: "/metrics" 340 labels: 341 app: productpage 342 version: v1 343 spec: 344 serviceAccountName: bookinfo-productpage 345 containers: 346 - name: productpage 347 image: docker.io/istio/examples-bookinfo-productpage-v1:1.19.1 348 imagePullPolicy: IfNotPresent 349 ports: 350 - containerPort: 9080 351 volumeMounts: 352 - name: tmp 353 mountPath: /tmp 354 securityContext: 355 allowPrivilegeEscalation: false 356 capabilities: 357 drop: 358 - all 359 runAsNonRoot: true 360 volumes: 361 - name: tmp 362 emptyDir: {} 363 ---