add redlib

Author: soerenschneider

apps/redlib/components/ha/kustomization.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: "kustomize.config.k8s.io/v1alpha1"
+kind: "Component"
+patches:
+  - target:
+      kind: "Deployment"
+      name: "redlib"
+    patch: |-
+      - op: "replace"
+        path: "/spec/replicas"
+        value: 3
+      - op: "/spec/topologySpreadConstraints"
+        value:
+          - maxSkew: 1
+            topologyKey: "region"
+            whenUnsatisfiable: "DoNotSchedule"
+            labelSelector:
+              matchLabels:
+                app.kubernetes.io/name: "redlib"
+          - maxSkew: 1
+            topologyKey: "node"
+            whenUnsatisfiable: "DoNotSchedule"
+            labelSelector:
+              matchLabels:
+                app.kubernetes.io/name: "redlib"

apps/redlib/components/istio-proxy/kustomization.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - target:
+      kind: "Namespace"
+    patch: |-
+      - op: "add"
+        path: "/metadata/labels/istio-injection"
+        value: "enabled"
+  - target:
+      kind: "NetworkPolicy"
+    patch: |-
+      - op: add
+        path: "/spec/egress/-"
+        value:
+          to:
+            - namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: "kube-system"
+              podSelector:
+                matchLabels:
+                  k8s-app: "kube-dns"
+          ports:
+            - port: 53
+              protocol: "UDP"
+            - port: 53
+              protocol: "TCP"
+      - op: add
+        path: "/spec/egress/-"
+        value:
+          to:
+            - namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: "istio-system"
+              podSelector: {}
+          ports:
+            - port: 15012
+              protocol: "TCP"
+            - port: 15014
+              protocol: "TCP"

apps/redlib/components/istio/istio-virtualservice.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: "VirtualService"
+metadata:
+  name: "redlib"
+spec:
+  hosts:
+    - "redlib"
+  gateways:
+    - "istio-system/gateway"
+  http:
+    - match:
+        - uri:
+            prefix: "/"
+      route:
+        - destination:
+            host: "redlib"
+            port:
+              number: 80

apps/redlib/components/istio/kustomization.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: "kustomize.config.k8s.io/v1alpha1"
+kind: "Component"
+resources:
+  - "istio-virtualservice.yaml"
+patches:
+  - target:
+      kind: "NetworkPolicy"
+      name: "whoogle"
+    patch: |-
+      - op: "add"
+        path: "/spec/ingress/0/from/-"
+        value:
+          namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: "istio-system"
+          podSelector:
+            matchLabels:
+              istio: "ingressgateway"

apps/redlib/deployment.yaml

@@ -0,0 +1,64 @@
+---
+apiVersion: "apps/v1"
+kind: "Deployment"
+metadata:
+  name: "redlib"
+  labels:
+    app.kubernetes.io/name: "redlib"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "redlib"
+  strategy:
+    type: "RollingUpdate"
+  template:
+    metadata:
+      labels:
+        app: "redlib"
+        app.kubernetes.io/name: "redlib"
+        app.kubernetes.io/component: "redlib"
+        app.kubernetes.io/part-of: "redlib"
+    spec:
+      securityContext:
+        runAsUser: 61234
+        runAsGroup: 61234
+        runAsNonRoot: true
+        seccompProfile:
+          type: "RuntimeDefault"
+      containers:
+        - name: "redlib"
+          image: "quay.io/redlib/redlib:latest@sha256:c1fcda90dca9447d4aa7e18fd3ef85cc2044c29263490159e1ae4b472d0f285c"
+          imagePullPolicy: "IfNotPresent"
+          securityContext:
+            runAsUser: 61234
+            runAsGroup: 61234
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            privileged: false
+            seccompProfile:
+              type: "RuntimeDefault"
+            capabilities:
+              drop:
+                - "ALL"
+          resources:
+            requests:
+              memory: "32Mi"
+              cpu: "10m"
+            limits:
+              memory: "128Mi"
+          readinessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 1
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 3
+          ports:
+            - containerPort: 8080
+              name: "redlib"
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: "location"
+          whenUnsatisfiable: "ScheduleAnyway"

apps/redlib/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: "kustomize.config.k8s.io/v1beta1"
+kind: "Kustomization"
+resources:
+  - "deployment.yaml"
+  - "service.yaml"
+  - "networkpolicy.yaml"

apps/redlib/networkpolicy.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: "networking.k8s.io/v1"
+kind: "NetworkPolicy"
+metadata:
+  name: "redlib"
+spec:
+  podSelector: {}
+  policyTypes:
+    - "Ingress"
+  ingress:
+    - ports:
+        - protocol: "TCP"
+          port: "redlib"
+      from: []
+  egress: []

apps/redlib/service.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: "v1"
+kind: "Service"
+metadata:
+  name: "redlib"
+spec:
+  ports:
+    - port: 80
+      targetPort: "redlib"
+  selector:
+    app.kubernetes.io/name: "redlib"