Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

service mesh egress #160

Merged
merged 2 commits into from
Feb 26, 2024
Merged

service mesh egress #160

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9734e17
service-mesh: add egress implementation
3u13r Feb 13, 2024
461ab1a
service-mesh: add emojivoto example
3u13r Feb 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ justfile.env
workspace
workspace.cache
.direnv/
go.work.sum
48 changes: 48 additions & 0 deletions deployments/emojivoto-sm-egress/coordinator.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: coordinator
namespace: edg-default
spec:
selector:
matchLabels:
app.kubernetes.io/name: coordinator
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: coordinator
annotations:
nunki.edgeless.systems/pod-role: coordinator
spec:
runtimeClassName: kata-cc-isolation
containers:
- name: coordinator
image: "ghcr.io/edgelesssys/nunki/coordinator:latest"
ports:
- containerPort: 7777
- containerPort: 1313
env:
- name: NUNKI_LOG_LEVEL
value: "debug"
resources:
requests:
memory: 100Mi
limits:
memory: 100Mi
---
apiVersion: v1
kind: Service
metadata:
name: coordinator
namespace: edg-default
spec:
ports:
- name: intercom
port: 7777
protocol: TCP
- name: coordapi
port: 1313
protocol: TCP
selector:
app.kubernetes.io/name: coordinator
90 changes: 90 additions & 0 deletions deployments/emojivoto-sm-egress/emoji.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: emoji
namespace: edg-default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: emoji
namespace: edg-default
labels:
app.kubernetes.io/name: emoji
app.kubernetes.io/part-of: emojivoto
app.kubernetes.io/version: v11
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: emoji-svc
version: v11
template:
metadata:
labels:
app.kubernetes.io/name: emoji-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/nunki/initializer:latest"
env:
- name: COORDINATOR_HOST
value: coordinator
volumeMounts:
- name: tls-certs
mountPath: /tls-config
resources:
requests:
memory: 50Mi
limits:
memory: 50Mi
serviceAccountName: emoji
containers:
- env:
- name: GRPC_PORT
value: "8080"
- name: PROM_PORT
value: "8801"
- name: EDG_CERT_PATH
value: /tls-config/certChain.pem
- name: EDG_CA_PATH
value: /tls-config/MeshCACert.pem
- name: EDG_KEY_PATH
value: /tls-config/key.pem
image: ghcr.io/3u13r/emojivoto-emoji-svc:coco-1
name: emoji-svc
ports:
- containerPort: 8080
name: grpc
- containerPort: 8801
name: prom
resources:
requests:
cpu: 100m
memory: 50Mi
limits:
memory: 50Mi
volumeMounts:
- name: tls-certs
mountPath: /tls-config
volumes:
- name: tls-certs
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: emoji-svc
namespace: edg-default
spec:
selector:
app.kubernetes.io/name: emoji-svc
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: prom
port: 8801
targetPort: 8801
4 changes: 4 additions & 0 deletions deployments/emojivoto-sm-egress/ns.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: edg-default
59 changes: 59 additions & 0 deletions deployments/emojivoto-sm-egress/portforwarder.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
apiVersion: v1
kind: Pod
metadata:
name: port-forwarder-coordinator
namespace: edg-default
labels:
app.kubernetes.io/name: port-forwarder-coordinator
spec:
containers:
- name: port-forwarder
image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest"
env:
- name: LISTEN_PORT
value: "1313"
- name: FORWARD_HOST
value: coordinator
- name: FORWARD_PORT
value: "1313"
command:
- /bin/bash
- "-c"
- echo Starting port-forward with socat; exec socat -d -d TCP-LISTEN:${LISTEN_PORT},fork TCP:${FORWARD_HOST}:${FORWARD_PORT}
ports:
- containerPort: 1313
resources:
requests:
memory: 50Mi
limits:
memory: 50Mi
---
apiVersion: v1
kind: Pod
metadata:
name: port-forwarder-emojivoto-web
namespace: edg-default
labels:
app.kubernetes.io/name: port-forwarder-emojivoto-web
spec:
containers:
- name: port-forwarder
image: "ghcr.io/edgelesssys/nunki/port-forwarder:latest"
env:
- name: LISTEN_PORT
value: "8080"
- name: FORWARD_HOST
value: web-svc
- name: FORWARD_PORT
value: "443"
command:
- /bin/bash
- "-c"
- echo Starting port-forward with socat; exec socat -d -d TCP-LISTEN:${LISTEN_PORT},fork TCP:${FORWARD_HOST}:${FORWARD_PORT}
ports:
- containerPort: 8080
resources:
requests:
memory: 50Mi
limits:
memory: 50Mi
35 changes: 35 additions & 0 deletions deployments/emojivoto-sm-egress/vote-bot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vote-bot
namespace: edg-default
labels:
app.kubernetes.io/name: vote-bot
app.kubernetes.io/part-of: emojivoto
app.kubernetes.io/version: v11
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: vote-bot
version: v11
template:
metadata:
labels:
app.kubernetes.io/name: vote-bot
version: v11
spec:
containers:
- command:
- emojivoto-vote-bot
env:
- name: WEB_HOST
value: web-svc:443
image: docker.l5d.io/buoyantio/emojivoto-web:v11
name: vote-bot
resources:
requests:
cpu: 10m
memory: 25Mi
limits:
memory: 25Mi
90 changes: 90 additions & 0 deletions deployments/emojivoto-sm-egress/voting.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: voting
namespace: edg-default
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: voting
namespace: edg-default
labels:
app.kubernetes.io/name: voting
app.kubernetes.io/part-of: emojivoto
app.kubernetes.io/version: v11
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: voting-svc
version: v11
template:
metadata:
labels:
app.kubernetes.io/name: voting-svc
version: v11
spec:
runtimeClassName: kata-cc-isolation
initContainers:
- name: initializer
image: "ghcr.io/edgelesssys/nunki/initializer:latest"
env:
- name: COORDINATOR_HOST
value: coordinator
volumeMounts:
- name: tls-certs
mountPath: /tls-config
resources:
requests:
memory: 50Mi
limits:
memory: 50Mi
serviceAccountName: voting
containers:
- env:
- name: GRPC_PORT
value: "8080"
- name: PROM_PORT
value: "8801"
- name: EDG_CERT_PATH
value: /tls-config/certChain.pem
- name: EDG_CA_PATH
value: /tls-config/MeshCACert.pem
- name: EDG_KEY_PATH
value: /tls-config/key.pem
image: ghcr.io/3u13r/emojivoto-voting-svc:coco-1
name: voting-svc
ports:
- containerPort: 8080
name: grpc
- containerPort: 8801
name: prom
resources:
requests:
cpu: 100m
memory: 50Mi
limits:
memory: 50Mi
volumeMounts:
- name: tls-certs
mountPath: /tls-config
volumes:
- name: tls-certs
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: voting-svc
namespace: edg-default
spec:
selector:
app.kubernetes.io/name: voting-svc
ports:
- name: grpc
port: 8080
targetPort: 8080
- name: prom
port: 8801
targetPort: 8801
Loading
Loading