Patch 5

openshift/Ingress-deployment/manifest/blacklist-client-IP.yaml

@@ -0,0 +1,22 @@
+apiVersion: citrix.com/v1
+kind: rewritepolicy
+metadata:
+  name: blacklistclientip
+  namespace: demonamespace
+spec:
+  responder-policies:
+    - servicenames:
+        - nscpx-cpx-service
+      responder-policy:
+        respondwith:
+          http-payload-string: '"HTTP/1.1 403 Forbidden\r\n Server: nginx/1.8.1\r\nContent-Type: text/html\r\nConnection: close\r\n\r\n\r\n\r\n<h1>403 Forbidden. Access Denied by NetScaler BLX Ingress.\r\n\r\n\r\n</h1>"'
+        respond-criteria: 'client.ip.src.TYPECAST_text_t.equals_any("blacklistips")'
+        comment: 'Blacklist certain IP'
+
+
+  patset:
+    - name: blacklistips
+      values:
+        - '106.216.228.224'
+        - '106.216.230.220'
+        - '115.99.99.78'

openshift/Ingress-deployment/manifest/cloudnative-demoapp.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ns-cn-demo-app
+  labels:
+      name: ns-cn-demo-app
+      app: ns-cn-demo-app
+spec:
+  selector:
+    matchLabels:
+       app: ns-cn-demo-app
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        name: ns-cn-demo-app
+        app: ns-cn-demo-app
+    spec:
+      containers:
+      - name: ns-cn-demo-app
+        image: quay.io/sample-apps/cnn-website:v1.0.0
+        ports:
+        - name: http-80
+          containerPort: 80
+        - name: https-443
+          containerPort: 443
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ns-cn-demo-app
+  labels:
+    app: ns-cn-demo-app
+spec:
+  ports:
+  - name: http-80
+    port: 80
+    targetPort: 80
+  - name: https-443
+    port: 443
+    targetPort: 443
+  selector:
+    name: ns-cn-demo-app
+---

openshift/Ingress-deployment/manifest/cpx-ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ns-cpx-demo-app-ingress
+  annotations:
+   ingress.citrix.com/secure-backend: "true"
+spec:
+  ingressClassName: cpx
+  tls:
+  - secretName: cpx-cert
+  rules:
+  - host:  netscaler-cloudnative.cloudpst.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: ns-cn-demo-app
+            port:
+              number: 443

openshift/Ingress-deployment/manifest/lifted-shifted-app-basic-auth.yaml

@@ -0,0 +1,17 @@
+apiVersion: citrix.com/v1beta1
+kind: authpolicy
+metadata:
+  name: liftshiftappauthpolicy
+spec:
+    servicenames:
+    - lift-and-shift-app
+    authentication_providers:
+    - name: "local-auth-provider"
+      basic_local_db:
+        use_local_auth: 'YES'
+    authentication_policies:
+    - resource:
+        path:
+        - '/'
+        method: [GET, POST]
+      provider: ["local-auth-provider"]

openshift/Ingress-deployment/manifest/lifted-shifted-app-ingress.yaml

@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: vpx
+spec:
+  controller: citrix.com/ingress-controller
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: lift-and-shift-ingress
+  annotations:
+   ingress.citrix.com/insecure-termination: "redirect"
+   ingress.citrix.com/frontend-ip: "10.0.19.57"
+spec:
+  ingressClassName: vpx
+  tls:
+  - secretName: wildcard-vpx-cert
+  rules:
+  - host:  lift-and-shift-httpapp.cloudpst.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: lift-and-shift-app
+            port:
+              number: 80

openshift/Ingress-deployment/manifest/lifted-shifted-app.yaml

@@ -0,0 +1,149 @@
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis-leader
+  labels:
+    app: redis
+    role: leader
+    tier: backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: leader
+        tier: backend
+    spec:
+      containers:
+      - name: leader
+        image: "docker.io/redis:6.0.5"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 6379
+---
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-leader
+  labels:
+    app: redis
+    role: leader
+    tier: backend
+spec:
+  ports:
+  - port: 6379
+    targetPort: 6379
+  selector:
+    app: redis
+    role: leader
+    tier: backend
+---
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis-follower
+  labels:
+    app: redis
+    role: follower
+    tier: backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: follower
+        tier: backend
+    spec:
+      containers:
+      - name: follower
+        image: us-docker.pkg.dev/google-samples/containers/gke/gb-redis-follower:v2
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 6379
+---
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-follower
+  labels:
+    app: redis
+    role: follower
+    tier: backend
+spec:
+  ports:
+    # the port that this service should serve on
+  - port: 6379
+  selector:
+    app: redis
+    role: follower
+    tier: backend
+---
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lift-and-shift-app
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+        app: guestbook
+        tier: frontend
+  template:
+    metadata:
+      labels:
+        app: guestbook
+        tier: frontend
+    spec:
+      containers:
+      - name: php-redis
+        image: us-docker.pkg.dev/google-samples/containers/gke/gb-frontend:v5
+        env:
+        - name: GET_HOSTS_FROM
+          value: "dns"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 80
+---
+# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
+apiVersion: v1
+kind: Service
+metadata:
+  name: lift-and-shift-app
+  labels:
+    app: guestbook
+    tier: frontend
+spec:
+  # if your cluster supports it, uncomment the following to automatically create
+  # an external load-balanced IP for the frontend service.
+  # type: LoadBalancer
+  #type: LoadBalancer
+  ports:
+    # the port that this service should serve on
+  - port: 80
+    targetPort: 80
+  selector:
+    app: guestbook
+    tier: frontend
+---

openshift/Ingress-deployment/manifest/vpx-ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ns-vpx-ingress
+  annotations:
+   ingress.citrix.com/frontend-ip: "10.0.19.57"
+   ingress.citrix.com/secure-backend: "true"
+spec:
+  ingressClassName: vpx
+  tls:
+  - secretName: wildcard-vpx-cert
+  rules:
+  - host:  '*.cloudpst.net'
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nscpx-cpx-service
+            port:
+              number: 443