istio.io/istio@v0.0.0-20240520182934-d79c90f27776/samples/extauthz/local-ext-authz.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/samples/extauthz/local-ext-authz.yaml (about)

     1  # Copyright Istio Authors
     2  #
     3  #   Licensed under the Apache License, Version 2.0 (the "License");
     4  #   you may not use this file except in compliance with the License.
     5  #   You may obtain a copy of the License at
     6  #
     7  #       http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  #   Unless required by applicable law or agreed to in writing, software
    10  #   distributed under the License is distributed on an "AS IS" BASIS,
    11  #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  #   See the License for the specific language governing permissions and
    13  #   limitations under the License.
    14  
    15  # Example configurations for deploying ext-authz server locally with the application container in the same pod.
    16  
    17  # Define the service entry for the local ext-authz service on port 8000.
    18  apiVersion: networking.istio.io/v1alpha3
    19  kind: ServiceEntry
    20  metadata:
    21    name: httpbin-ext-authz-http
    22  spec:
    23    hosts:
    24    - "ext-authz-http.local"
    25    endpoints:
    26    - address: "127.0.0.1"
    27    ports:
    28    - name: http
    29      number: 8000
    30      protocol: HTTP
    31    resolution: STATIC
    32  ---
    33  # Define the service entry for the local ext-authz service on port 9000.
    34  apiVersion: networking.istio.io/v1alpha3
    35  kind: ServiceEntry
    36  metadata:
    37    name: httpbin-ext-authz-grpc
    38  spec:
    39    hosts:
    40    - "ext-authz-grpc.local"
    41    endpoints:
    42    - address: "127.0.0.1"
    43    ports:
    44    - name: grpc
    45      number: 9000
    46      protocol: GRPC
    47    resolution: STATIC
    48  ---
    49  # Deploy the ext-authz server locally with the application container in the same pod.
    50  apiVersion: apps/v1
    51  kind: Deployment
    52  metadata:
    53    name: httpbin
    54  spec:
    55    replicas: 1
    56    selector:
    57      matchLabels:
    58        app: httpbin
    59        version: v1
    60    template:
    61      metadata:
    62        labels:
    63          app: httpbin
    64          version: v1
    65      spec:
    66        serviceAccountName: httpbin
    67        containers:
    68        - image: docker.io/kong/httpbin
    69          imagePullPolicy: IfNotPresent
    70          name: httpbin
    71          # Same as found in Dockerfile's CMD but using an unprivileged port
    72          command:
    73          - gunicorn
    74          - -b
    75          - 0.0.0.0:8080
    76          - httpbin:app
    77          - -k
    78          - gevent
    79          env:
    80          # Tells pipenv to use a writable directory instead of $HOME
    81          - name: WORKON_HOME
    82            value: /tmp
    83          ports:
    84          - containerPort: 8080
    85        - image: gcr.io/istio-testing/ext-authz:latest
    86          imagePullPolicy: IfNotPresent
    87          name: ext-authz
    88          ports:
    89          - containerPort: 8000
    90          - containerPort: 9000
    91  ---
    92  apiVersion: v1
    93  kind: Service
    94  metadata:
    95    name: httpbin
    96    labels:
    97      app: httpbin
    98      service: httpbin
    99  spec:
   100    ports:
   101    - name: http
   102      port: 8000
   103      targetPort: 8080
   104    selector:
   105      app: httpbin
   106  ---
   107  apiVersion: v1
   108  kind: ServiceAccount
   109  metadata:
   110    name: httpbin
   111  ---