-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy path8.1-namespace-selector.yaml
128 lines (127 loc) · 3.46 KB
/
8.1-namespace-selector.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
##################################################
# Test Name: Namespace Based Delegation
# Test Number: 8.1
# Test Description:
# - Delegate cluster1.solo.io to cluster1 RouteTable
# - Delegate cluster2.solo.io to cluster2 RouteTable
##################################################
apiVersion: v1
kind: Namespace
metadata:
name: virtual-hosts
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster1-routes
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster2-routes
---
apiVersion: networking.mesh.gloo.solo.io/v1
kind: VirtualMesh
metadata:
name: virtual-mesh
namespace: gloo-mesh
spec:
federation: # Enable automatic federation of all services to all clusters
selectors:
- {}
meshes:
- name: istiod-istio-system-cluster1
namespace: gloo-mesh
- name: istiod-istio-system-cluster2
namespace: gloo-mesh
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualGateway
metadata:
name: ingress
namespace: gloo-mesh
spec:
ingressGatewaySelectors:
- portName: http2 # match on port name http2
destinationSelectors:
- kubeServiceMatcher:
labels:
istio: ingressgateway # select all gateways with istio=ingressgateway label
namespaces:
- istio-system # only include istio-system namespace
connectionHandlers:
- http:
routeConfig:
- virtualHostSelector: # select VirtualHost based in the virtual-hosts namespace
namespaces:
- virtual-hosts
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualHost
metadata:
name: cluster1
namespace: virtual-hosts
labels:
gateway: ingress
spec:
domains:
- cluster1.solo.io
routes:
- delegateAction: # domain cluster1.solo.io applies to RouteTables in the cluster1-routes namespace
selector:
namespaces:
- cluster1-routes
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: VirtualHost
metadata:
name: cluster2
namespace: virtual-hosts
labels:
gateway: ingress
spec:
domains:
- cluster2.solo.io
routes:
- delegateAction: # domain cluster1.solo.io applies to RouteTables in the cluster2-routes namespace
selector:
namespaces:
- cluster2-routes
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: RouteTable
metadata:
name: frontend
namespace: cluster1-routes # matches the namespace selector in cluster1 VirtualHost
spec:
routes:
- matchers:
- uri:
prefix: /frontend # only match on cluster1.solo.io/frontend
name: frontend
routeAction:
destinations:
- kubeService: # route requests to cluster1 frontend application
clusterName: cluster1
name: frontend
namespace: app
port: 8080
---
apiVersion: networking.enterprise.mesh.gloo.solo.io/v1beta1
kind: RouteTable
metadata:
name: frontend
namespace: cluster2-routes # matches the namespace selector in cluster2 VirtualHost
spec:
routes:
- matchers:
- uri:
prefix: /frontend # only match on cluster2.solo.io/frontend
name: frontend
routeAction:
destinations:
- kubeService: # route requests to cluster2 frontend application
clusterName: cluster2
name: frontend
namespace: app
port: 8080