diff --git a/deploy/k8s/helm/apigwws/envoy.yaml b/deploy/k8s/helm/apigwws/envoy.yaml index 688fb740c..939649e60 100644 --- a/deploy/k8s/helm/apigwws/envoy.yaml +++ b/deploy/k8s/helm/apigwws/envoy.yaml @@ -9,19 +9,20 @@ static_resources: - address: socket_address: address: 0.0.0.0 - port_value: 80 + port_value: 8080 filter_chains: - filters: - - name: envoy.http_connection_manager - config: - codec_type: auto + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http + codec_type: AUTO route_config: name: eshop_backend_route virtual_hosts: - name: eshop_backend domains: - - "*" + - ["*"] routes: - name: "c-short" match: @@ -80,63 +81,70 @@ static_resources: prefix_rewrite: "/" cluster: shoppingagg http_filters: - - name: envoy.router - access_log: - - name: envoy.file_access_log - filter: - not_health_check_filter: {} - config: - json_format: - time: "%START_TIME%" - protocol: "%PROTOCOL%" - duration: "%DURATION%" - request_method: "%REQ(:METHOD)%" - request_host: "%REQ(HOST)%" - path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" - response_flags: "%RESPONSE_FLAGS%" - route_name: "%ROUTE_NAME%" - upstream_host: "%UPSTREAM_HOST%" - upstream_cluster: "%UPSTREAM_CLUSTER%" - upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%" - path: "/tmp/access.log" + - name: envoy.filters.http.router clusters: - name: shoppingagg connect_timeout: 0.25s type: strict_dns lb_policy: round_robin - hosts: - - socket_address: - address: webshoppingagg - port_value: 80 + load_assignment: + cluster_name: shoppingagg + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: webshoppingagg + port_value: 80 - name: catalog connect_timeout: 0.25s type: strict_dns lb_policy: round_robin - hosts: - - socket_address: - address: catalog-api - port_value: 80 + load_assignment: + cluster_name: catalog + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: catalog-api + port_value: 80 - name: basket connect_timeout: 0.25s type: strict_dns lb_policy: round_robin - hosts: - - socket_address: - address: basket-api - port_value: 80 + load_assignment: + cluster_name: basket + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: basket-api + port_value: 80 - name: ordering connect_timeout: 0.25s type: strict_dns lb_policy: round_robin - hosts: - - socket_address: - address: ordering-api - port_value: 80 + load_assignment: + cluster_name: ordering + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ordering-api + port_value: 80 - name: signalr-hub connect_timeout: 0.25s type: strict_dns lb_policy: round_robin - hosts: - - socket_address: - address: ordering-signalrhub - port_value: 80 + load_assignment: + cluster_name: signalr-hub + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: ordering-signalrhub + port_value: 80 \ No newline at end of file diff --git a/deploy/k8s/helm/apigwws/templates/deployment.yaml b/deploy/k8s/helm/apigwws/templates/deployment.yaml index bbe7fedf8..3bbcec274 100644 --- a/deploy/k8s/helm/apigwws/templates/deployment.yaml +++ b/deploy/k8s/helm/apigwws/templates/deployment.yaml @@ -26,6 +26,10 @@ spec: linkerd.io/inject: enabled {{- end }} spec: + securityContext: + runAsUser: 2000 + runAsGroup: 3000 + fsGroup: 2000 {{ if .Values.inf.registry -}} imagePullSecrets: - name: {{ .Values.inf.registry.secretName }} @@ -87,7 +91,7 @@ spec: {{- end }} ports: - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP - name: admin containerPort: 8001 diff --git a/deploy/k8s/helm/apigwws/templates/ingress.yaml b/deploy/k8s/helm/apigwws/templates/ingress.yaml index d6bbb8d4c..0e937067d 100644 --- a/deploy/k8s/helm/apigwws/templates/ingress.yaml +++ b/deploy/k8s/helm/apigwws/templates/ingress.yaml @@ -38,7 +38,7 @@ spec: - host: {{ . }} http: paths: - - path: {{ $ingressPath }} + - path: {{ $ingressPath }}(/|$)(.*) pathType: Prefix backend: service: diff --git a/deploy/k8s/helm/apigwws/values.yaml b/deploy/k8s/helm/apigwws/values.yaml index fb1182dac..9ab7743d5 100644 --- a/deploy/k8s/helm/apigwws/values.yaml +++ b/deploy/k8s/helm/apigwws/values.yaml @@ -4,7 +4,7 @@ pathBase: /webshoppingapigw image: repository: envoyproxy/envoy - tag: v1.11.1 + tag: v1.21.0 service: type: ClusterIP @@ -14,8 +14,9 @@ service: ingress: enabled: true annotations: - nginx.ingress.kubernetes.io/rewrite-target: "/" - ingress.kubernetes.io/rewrite-target: "/" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" tls: [] resources: {} diff --git a/deploy/k8s/nginx-ingress/local-cm.yaml b/deploy/k8s/nginx-ingress/local-cm.yaml index 02906afc1..4f4e4c930 100644 --- a/deploy/k8s/nginx-ingress/local-cm.yaml +++ b/deploy/k8s/nginx-ingress/local-cm.yaml @@ -4,7 +4,7 @@ metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx - name: nginx-configuration + name: ingress-nginx-controller namespace: ingress-nginx data: proxy-buffer-size: "128k"