elias/booking-microservices
1
0
Fork 0
mirror of https://github.com/meysamhadeli/booking-microservices.git synced 2026-04-17 16:36:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #207 from meysamhadeli/develop

Browse Source 
chore: Update kubernetes configs
This commit is contained in:
Meysam Hadeli 2023-02-25 01:00:28 +03:30 committed by GitHub
commit 5cc97938e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 270 additions and 1007 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/docker-build-publish/action.yml vendored
View File

@ -43,11 +43,11 @@ runs:
if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash
run: |
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.7 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:${{ inputs.tag-name }} -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
- name: Publish Docker Image
if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash
run: |
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.7
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:${{ inputs.tag-name }}

256
booking.k8s.rest Normal file
View File

@ -0,0 +1,256 @@
# https://github.com/Huachao/vscode-restclient
@api-gateway=https://booking-microservices.com
@identity-api=https://booking-microservices.com/identity
@flight-api=https://booking-microservices.com/flight
@passenger-api=https://booking-microservices.com/passenger
@booking-api=https://booking-microservices.com/booking
@contentType = application/json
@flightid = 1
@passengerId = 1
################################# Identity API #################################
###
# @name ApiRoot_Identity
GET {{identity-api}}
###
###
# @name Authenticate
POST {{api-gateway}}/identity/connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password
&client_id=client
&client_secret=secret
&username=samh
&password=Admin@123456
&scope=flight-api
###
###
# @name Register_New_User
POST {{api-gateway}}/identity/api/v1/identity/register-user
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"firstName": "John",
"lastName": "Do",
"username": "admin",
"passportNumber": "412900000000",
"email": "admin@admin.com",
"password": "Admin@12345",
"confirmPassword": "Admin@12345"
}
###
################################# Flight API #################################
###
# @name ApiRoot_Flight
GET {{flight-api}}
###
###
# @name Create_Seat
Post {{api-gateway}}/flight/api/v1/flight/seat
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"seatNumber": "1255",
"type": 1,
"class": 1,
"flightId": 1
}
###
###
# @name Reserve_Seat
Post {{api-gateway}}/flight/api/v1/flight/reserve-seat
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"flightId": 1,
"seatNumber": "1255"
}
###
###
# @name Get_Available_Seats
GET {{api-gateway}}/flight/api/v1/flight/get-available-seats/{{flightid}}
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
###
###
# @name Get_Flight_By_Id
GET {{api-gateway}}/flight/api/v1/flight/{{flightid}}
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
###
###
# @name Get_Available_Flights
GET {{api-gateway}}/flight/api/v1/flight/get-available-flights
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
###
###
# @name Create_Flights
POST {{api-gateway}}/flight/api/v1/flight
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"flightNumber": "12BB",
"aircraftId": 1,
"departureAirportId": 1,
"departureDate": "2022-03-01T14:55:41.255Z",
"arriveDate": "2022-03-01T14:55:41.255Z",
"arriveAirportId": 2,
"durationMinutes": 120,
"flightDate": "2022-03-01T14:55:41.255Z",
"status": 1,
"price": 8000
}
###
###
# @name Update_Flights
PUT {{api-gateway}}/flight/api/v1/flight
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"id": 1,
"flightNumber": "BD467",
"aircraftId": 1,
"departureAirportId": 1,
"departureDate": "2022-04-23T12:17:45.140Z",
"arriveDate": "2022-04-23T12:17:45.140Z",
"arriveAirportId": 2,
"durationMinutes": 120,
"flightDate": "2022-04-23T12:17:45.140Z",
"status": 4,
"isDeleted": false,
"price": 99000
}
###
###
# @name Delete_Flights
DELETE {{api-gateway}}/flight/api/v1/flight/{{flightid}}
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
###
###
# @name Create_Airport
POST {{api-gateway}}/flight/api/v1/flight/airport
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"name": "mehrabad",
"address": "tehran",
"code": "12YD"
}
###
###
# @name Create_Aircraft
POST {{api-gateway}}/flight/api/v1/flight/aircraft
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"name": "airbus2",
"model": "322",
"manufacturingYear": 2012
}
###
################################# Passenger API #################################
###
# @name ApiRoot_Passenger
GET {{passenger-api}}
###
###
# @name Complete_Registration_Passenger
POST {{api-gateway}}/passenger/api/v1/passenger/complete-registration
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"passportNumber": "412900000000",
"passengerType": 1,
"age": 30
}
###
###
# @name Get_Passenger_By_Id
GET {{api-gateway}}/passenger/api/v1/passenger/{{passengerId}}
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
###
################################# Booking API #################################
###
# @name ApiRoot_Booking
GET {{booking-api}}
###
###
# @name Create_Booking
POST {{api-gateway}}/booking/api/v1/booking
accept: application/json
Content-Type: application/json
authorization: bearer {{Authenticate.response.body.access_token}}
{
"passengerId": 8765596234940416,
"flightId": 1,
"description": "I want to fly to iran"
}
###

3
booking.rest
View File

@ -1,8 +1,5 @@
# https://github.com/Huachao/vscode-restclient
// for using kubernetes revers proxy uncomment this gateway
# @api-gateway=https://booking-microservices.com
@api-gateway=https://localhost:5000
@identity-api=http://localhost:6005
@flight-api=https://localhost:5003

2
deployments/k8s/booking.yml
View File

@ -15,7 +15,7 @@ spec:
app: booking
spec:
containers:
- image: meysamh66/booking-microservices-booking:v1.6.6
- image: meysamh66/booking-microservices-booking:v1.6.7
name: booking
ports:
- containerPort: 80

0
deployments/k8s/certs/booking-cert/booking-secret.yml → deployments/k8s/certs/booking-secret.yml
View File

0
deployments/k8s/certificate.yml → deployments/k8s/certs/certificate.yml
View File

9
deployments/k8s/certs/identity-cert/identity-secret.yml
View File

@ -1,9 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: identity-tls
namespace: default
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGSHpDQ0F3ZWdBd0lCQWdJVWJ4K1lESEs0cFlrQkM5d2lsVEJBa05NMFNPVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3SHpFZE1Cc0dBMVVFQXd3VWJYbHBaR1Z1ZEdsMGVYTmxjblpsY2k1amIyMHdIaGNOTWpNd01qSXhNVEUxDQpPRFV3V2hjTk1qUXdNakl4TVRFMU9EVXdXakFmTVIwd0d3WURWUVFEREJSdGVXbGtaVzUwYVhSNWMyVnlkbVZ5DQpMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTHZDWGU2cy9waW50czc1DQpOcUJmeTFyUkZLREc4Ky9qSFZVaTh0VE1XNU1qbHh3SW9WQ004WXVVSk8vTFNjbVNueFZHdXNBTEk5TkJMeXFKDQo4U2dCY0VXQ1h4aDI0VmRpUmk2d05jSzF1TkNwY0t1VVA0bDZQYVhFaHZtU2YycnBScDgrWGxKeWZOTFBodXhUDQpOUy84MWl3UXRoelc0WGFPbEVGYzhxbFd2ODZjbjdoci9QbDhUNGZIVmp5UHNJdHVrOExTSTBPdmUrQUd5L3F3DQpkL1hQcE12dXVSbndRRFBuWHE1NE56djFHMTMyRDh4eitoWko4eTNlTEtUTXF0U2ZEQm9SdWpoQmVjNVp1ckxKDQplYVJEYmlWdU9LMy9oRm9TVGxkaFYxMTViVDFZcTU3QnNhQlNQeXdSUE1JbldOZ1p0QnhtRUgxVTR2aGJKZmtKDQo0TnAvMkFQYzY2WDFTelp1c0s3aEZ4WHBtVTRJYXZiNXAzcDhpVVZEekNPN0U1OURkT2Z6QzNCYXg1YzZPUXZSDQo5d0FkTXlVSmhCaFU0eW9KOXQ1WTljV1BRcU94U25WT3Z1NXFOVHI5UDBBVFdLcE9NVkZZWklib0VCQW9oWmlwDQpKT3FkYWxVSnFqcEp0TzRxeTVaL3orclZPMjRCdzUzMWJ4SkFoanBWYWQxU1NOZm5xdXI0TFZ4V0JyYXFqUU90DQpPT1VPaHEwd2Y0UUdEc3NIM2NOMkJaK2Z4OVJDY0dmOW1kTkdSTDFoK29IalVHYjVaS2dxcWlOZDNZVWlKWlpSDQpIN1VvQmV2eXlLcVFiYmE4NFVXSXRhVHJPT0kxN3JKSWJ3dlZsdjgrUENGWGZPNjdDMENYN243YWwxM040ZkNlDQoyaWYyT01uQ0pJOWI5VXJSZGZxTDkvbG9wZ0J4QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSRzRzTHh2QmxSDQprNmhveXVxdDg0MUE1TTlCVGpBZkJnTlZIU01FR0RBV2dCUkc0c0x4dkJsUms2aG95dXF0ODQxQTVNOUJUakFQDQpCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmVJb0xCaUMvNGxaNnhHYzJnDQpWNG5JM0lmQ2YyY3BWVFhaME5zTjFxL0o4TXZrRnBHNENkeUZlRStoZjdPbmpVVjlIQnlVR2JpRDFoZlJCSmJWDQpaNXAxS1BxQ0ltQXlZcm1KVnU4dllEVlJGcXY0bW5kSUN4ZzBRaGNEbWZTU3NCZXl6UXpDUExTd21HUzd2OVk5DQpTTjFTTUU0cE5jMWdBaU5OTWhKS1NBcnowWTV5TmRsWDNNcTRXTHZrd01iZXN0TjlDRFRaZ2VVTDVuRkxCdFFhDQpaZkY2Z0NBTVI1WktITmNaTEp3ejdZcU5ZT0tUN2s1OHRCSXJMV1FWNWFXWTlPSUVqQ1VNMEtneUVBbzE1dDA5DQpwQmorUWVrK25HOFdxNTRxbnNjSnVyeWxaaWVNdXBDOGdYdUhlL1BMb3ZSQksvUkp5VDF0YTZvb1VHWW00VWRzDQpnWWF4RUpWVVFqNUowZXF4U2JMVHg3UUxNR2xNNGc2V1dOUmVUWE9VOE41OG5SSzBtTVRISVBEQ0ZBeVRMNlpKDQo1ZG5aYjhZN3UySDJvNDRJQlRvdFBiQmYrT3h6dTV2dTl0TzluelN1ZWtWd0EvbDhWRkJibnY3SG9CU1oxMDFUDQpFU0ZUVDBmR0NvNGpkbnhhOC8wcElwelo1M0ZDSG5yZGdjUXd2amJrb2tybzV1L0o3dXdFRHNsaE9hM0FkdlIxDQpMTXhIVFRvR01QaDdCT0RTb2FybWRsR2hReVI3TU1lYWwxUzRHOWZHMmZUczZsYXBrcFJ2d3V0RzMxUWJiNXhrDQpKemNTSXIwTWlheGVGdTcyL2J5aWFDTFEwQ2c5SHQ4THlpZ2VMRFhQMFJjeXVRNXk1bUdVYXY1cnBWRTZiMkRGDQpoU1pUZmdOL3ZzUitJdExueU9EVkt0WWJ1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUXdJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTMHdnZ2twQWdFQUFvSUNBUUM3d2wzdXJQNllwN2JPDQorVGFnWDh0YTBSU2d4dlB2NHgxVkl2TFV6RnVUSTVjY0NLRlFqUEdMbENUdnkwbkprcDhWUnJyQUN5UFRRUzhxDQppZkVvQVhCRmdsOFlkdUZYWWtZdXNEWEN0YmpRcVhDcmxEK0plajJseEliNWtuOXE2VWFmUGw1U2NuelN6NGJzDQpVelV2L05Zc0VMWWMxdUYyanBSQlhQS3BWci9PbkorNGEvejVmRStIeDFZOGo3Q0xicFBDMGlORHIzdmdCc3Y2DQpzSGYxejZUTDdya1o4RUF6NTE2dWVEYzc5UnRkOWcvTWMvb1dTZk10M2l5a3pLclVud3dhRWJvNFFYbk9XYnF5DQp5WG1rUTI0bGJqaXQvNFJhRWs1WFlWZGRlVzA5V0t1ZXdiR2dVajhzRVR6Q0oxallHYlFjWmhCOVZPTDRXeVg1DQpDZURhZjlnRDNPdWw5VXMyYnJDdTRSY1Y2WmxPQ0dyMithZDZmSWxGUTh3anV4T2ZRM1RuOHd0d1dzZVhPamtMDQowZmNBSFRNbENZUVlWT01xQ2ZiZVdQWEZqMEtqc1VwMVRyN3VhalU2L1Q5QUUxaXFUakZSV0dTRzZCQVFLSVdZDQpxU1RxbldwVkNhbzZTYlR1S3N1V2Y4L3ExVHR1QWNPZDlXOFNRSVk2VlduZFVralg1NnJxK0MxY1ZnYTJxbzBEDQpyVGpsRG9hdE1IK0VCZzdMQjkzRGRnV2ZuOGZVUW5Cbi9ablRSa1M5WWZxQjQxQm0rV1NvS3FvalhkMkZJaVdXDQpVUisxS0FYcjhzaXFrRzIydk9GRmlMV2s2emppTmU2eVNHOEwxWmIvUGp3aFYzenV1d3RBbCs1KzJwZGR6ZUh3DQpudG9uOWpqSndpU1BXL1ZLMFhYNmkvZjVhS1lBY1FJREFRQUJBb0lDQUE1OE1FTDVsYXF4UmFreUVNVE9ueUdpDQpmN1RucEdvZFcyWDJERVhlZmpJYnpNeWMzZFVaQ29sNkpGOWJqNVc5ZWdocUxINGtYZDh1YURVZjd6cm00WUo3DQpURnJXMFF1c3lUMVEydFRxc0Jkbyt3aEJwNlV6aVE0QTIyamxwRzdiRUZlNHVBNGtSdno4aGF3MXZ5UzBuTkZKDQplTU5BMEtRVTI5c3ZFSWwvNTh4SXlRbXhTeEwwUkM1MWNuRzVwQ1Vkb3NpazdaT0xOa05TUXVwVU11MEQxL0xqDQp0K1FJWk91Y0xmSEgxSHNMcmREUjZ1WWJESEFyeEZjRmpPd3AzZ1FKUVNYQnVGd2VzUWI2WlN6bDNqeU45ekZzDQpEM05kQXhqdjBKdHRKeEJQRGQ1dHVNL0dvYTE4cXVMN2NYU0pGSkdYYWczRzBmN1pUYWxiWHRLWHNJRXEyNzlPDQpoWFNNVkcxODZVNU9GdThQQ1hITVRSSXp1ZGlnaHRvaExSTXE4ZDAvdTdHSWNzRVNiZGdCKzlhT0hBYU42SUtwDQo0REpYQWtzQ3E0NmVyaGlRWEdnaGpKZUd6YjlONzBJV1I0NVpGZGNpUlhlbnp0djRBOENXeUdyZk1lOWFBMjUyDQpWbmNHa1o2bDVrTFZ3aUVLZU1uK1RYV2ZPQUVnMVNZb3F6RTJYanVSOENvUmJ6aFBRQjVxRlVhZEZYMGwwWlpqDQo1YlcxOHNtcG5xM1h5WlpmSVNIOEFYeGZndzEraFEzVldodENlNU9qQkV0dlNoeDIrR1czTVNmRVQxNXVORTFXDQpQR3A1RFBGNjMzaXZXdDRBMUVUckpkbE5UcnVxbVh2b3hZWGlnUWNjdURRM2YvZnkvcmprRDY1eDRDaEpLc1F4DQpEcmZWMHF6MGV3TmxHbTc0U3dBQkFvSUJBUUQwTmFPdngvNFdNdXNLUFhNU1NycFRtVlMyd1ZROUpmbGw2Y0EwDQpKTG9HTk1hdVBIenJsVzIxamFCcXhXTGhlVkY5R1c3MU9lSmxtdjA2SWZwbUJlS0F4c3grR0lnWUZqRG50aVlFDQpUVjRQSkRFVFB2TDQxU3ZLT0NDUWx4eXVwY2tGbUoyLzJYd0Z2REVqdVBPeUJyZ0VrT3dlUXJxSEhnWXI3cWhzDQphM0U4bkliVWhPWVF1QnNpNHpXanFnTGI3eS9XeVhkbm9LbXNJRlp5bHc2OUxjQVAvaW9WQkIrS1h3aXZsTnpYDQpoaGZ0QkY2RXRsLzFkbFN3MmtmUTBIMmlYdkR5ZTEySEFJNlZYZXQ3dXJoSFRzeG5JaW5remx6d0lJcUJFOFduDQpnVXJJcXBhays1OVNGRkpvbjB0RkV5cmVhK2dMQmVpKzhGTitzZVFydytHNmYyVnhBb0lCQVFERTB3U2NqVUV3DQpjM20rUi9VcjhJOWRZZW1ER1Y4OXkwTmI1amd2TDBwc21GNmc4aDFNYWxlMFJiaXI3SVJ0TU9MUjhWV1EyQ281DQo1bGlBTlhPKzIrdHJhaFlDbkY1d0t6Q3dsM01qNVRYMlQ5MHE1Sk9XSVZldTIvZTE0Vkl3UDBITXV3KzZCdTIyDQpvbVdQcjd3cm5weUVISjlnTkcwbWRNL1JHK3ZvVXNWeHdOSThUVHdFNFZ2UzBYYzcrN3VNbEhEcnV6dlRkOThjDQpJTEdMOTVJUVppeWxUdnR0ZVgvT1pyTmNIeUg2Ym5SaXFIZWszSHdQMm1VZkg1ek9oOGwzdmVQSXVET2xaOE5ODQppbloyN1VrMmJxZW8vT3BCTWcwMVo0dE82RzBha2RaSjUraFlBS3hZWUdyWmZBbTZRTTJpTFd1bDliRzVwdG5MDQo0YW5RSEdTQkZzc0JBb0lCQVFESmhtSTNzdkJJM1dmOG9VME9jVUJsc0lpcDc4eFdVYm9Ia2VnY241b3JlTzNqDQo1dUtuZmo1MHJoVU5SeW9jS3dOR0d2RG55UWE5RmpPVi8yZ2xQUUgzaHhaRmtIVHVlNUdNQlZKR0JwcHlJRW1uDQpPakZEaXBhQ1grTHZydVBxYzhENXIwR3VpZ2pBcXRaYVJreEVReXNrQ1h2d1ZOeWNsL2c3MU15RCsvNE1LSmRUDQpWUUNPRjMrOVFJYUpNc2o5T2RyZWdvN1lvMHFoVW1aRVZjZkI4YmttK1hVOHRwUlltYWdQVE9jWnEveWVpUlorDQpxZ2x5QkY1TE96WThhWERqeHpsS3dPY2pleUF1dnJ5TzlEMFNDMEsrY1FEbFlpNXJzazdaeWJrNFM0ZXRKS2tBDQpLTzBHek9KY2wrZURieGZYU0hES2QrdmpkV3RSaC9kazdsYWVrbmJoQW9JQkFRQ2dMUEoxek9hZVhYdFlCUXRiDQpCTnhITEtWeVVUV1cvbElFK2VnRFRrTU0rVHNaVTYvUVBrSzlySGZMUWlITEVwdWtLdmh0ZGQxM1hTUHN3cE05DQpZWS9HeklDNUF6US9xSVpwVC9jZDRTejNGS3R5ZXE0NDRVMlFPZWJ2RnoxaGtqa2tPWjlrenJxcGhLT09PWCt6DQpKOU5NR0ZjRFhlYnVBdVlVME5vOUtROFJzYy9senh6bkE5ZE1TN2J6RTd2ZmZmWWZnVElBdUc3VFh5L2VMazJxDQpGdHlDY3pKZU55QnhnbGE0dzRWTlhwSk1yN2tlYTJoekpsSmc3OE1XdUo2V1dleURycFFwS2JaZzVpdmVRT0R4DQo4VDkwWU03cTI2YXdMV0hMaDQ4eXJqaHIwTlRldVQySWRuNitHeGwzZjhGWkdBbWc5Ny80eS9ZMjI2RHNnZzZ3DQpseklCQW9JQkFHNTdVSVpvL012VXRHelVQWnh0QTJmSmZ4RDhhOE92M25RVTN6akpMd0pYenIrOHp2eVpOUnhvDQp4eCs5ZGlMdWlYQ2hHT3VpU0NUOXVtci9KSWRzVmEwb200TCtQMHA3V01MK1QrYlBhVHFmWjJnY1Z1QitadFg3DQpKR1gzdForTHpkYWtRNkxTYTRaRlFlMmNTYzcxYWF2YnJZMTU0RGpYUmI4c25BQTlkczBENk10U0crTjlhQjZaDQpaRFZEc1MveUk1Z0VLV3FtN1B0RDR1VWhNazViUmFLbkdLS1ZVR0NOak9DN0NETEZVSU1OcDRRSDFhb1lMcTJuDQpCNy9GdHlQb09MNkxDTytCUk9FY2NSZXZYQWJyOTJ0dzhoQzNqaGJGS3dCTThJMUFWdWgxdS9qWFg1ZDgrRGVNDQpQQ0ZNNHlLZnNGb24zTW1sMDR4eXhKU3RqL2Zhc01jPQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K

30
deployments/k8s/certs/identity-cert/tls.crt
View File

@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFHzCCAwegAwIBAgIUbx+YDHK4pYkBC9wilTBAkNM0SOUwDQYJKoZIhvcNAQEL
BQAwHzEdMBsGA1UEAwwUbXlpZGVudGl0eXNlcnZlci5jb20wHhcNMjMwMjIxMTE1
ODUwWhcNMjQwMjIxMTE1ODUwWjAfMR0wGwYDVQQDDBRteWlkZW50aXR5c2VydmVy
LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALvCXe6s/pints75
NqBfy1rRFKDG8+/jHVUi8tTMW5MjlxwIoVCM8YuUJO/LScmSnxVGusALI9NBLyqJ
8SgBcEWCXxh24VdiRi6wNcK1uNCpcKuUP4l6PaXEhvmSf2rpRp8+XlJyfNLPhuxT
NS/81iwQthzW4XaOlEFc8qlWv86cn7hr/Pl8T4fHVjyPsItuk8LSI0Ove+AGy/qw
d/XPpMvuuRnwQDPnXq54Nzv1G132D8xz+hZJ8y3eLKTMqtSfDBoRujhBec5ZurLJ
eaRDbiVuOK3/hFoSTldhV115bT1Yq57BsaBSPywRPMInWNgZtBxmEH1U4vhbJfkJ
4Np/2APc66X1SzZusK7hFxXpmU4Iavb5p3p8iUVDzCO7E59DdOfzC3Bax5c6OQvR
9wAdMyUJhBhU4yoJ9t5Y9cWPQqOxSnVOvu5qNTr9P0ATWKpOMVFYZIboEBAohZip
JOqdalUJqjpJtO4qy5Z/z+rVO24Bw531bxJAhjpVad1SSNfnqur4LVxWBraqjQOt
OOUOhq0wf4QGDssH3cN2BZ+fx9RCcGf9mdNGRL1h+oHjUGb5ZKgqqiNd3YUiJZZR
H7UoBevyyKqQbba84UWItaTrOOI17rJIbwvVlv8+PCFXfO67C0CX7n7al13N4fCe
2if2OMnCJI9b9UrRdfqL9/lopgBxAgMBAAGjUzBRMB0GA1UdDgQWBBRG4sLxvBlR
k6hoyuqt841A5M9BTjAfBgNVHSMEGDAWgBRG4sLxvBlRk6hoyuqt841A5M9BTjAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBeIoLBiC/4lZ6xGc2g
V4nI3IfCf2cpVTXZ0NsN1q/J8MvkFpG4CdyFeE+hf7OnjUV9HByUGbiD1hfRBJbV
Z5p1KPqCImAyYrmJVu8vYDVRFqv4mndICxg0QhcDmfSSsBeyzQzCPLSwmGS7v9Y9
SN1SME4pNc1gAiNNMhJKSArz0Y5yNdlX3Mq4WLvkwMbestN9CDTZgeUL5nFLBtQa
ZfF6gCAMR5ZKHNcZLJwz7YqNYOKT7k58tBIrLWQV5aWY9OIEjCUM0KgyEAo15t09
pBj+Qek+nG8Wq54qnscJurylZieMupC8gXuHe/PLovRBK/RJyT1ta6ooUGYm4Uds
gYaxEJVUQj5J0eqxSbLTx7QLMGlM4g6WWNReTXOU8N58nRK0mMTHIPDCFAyTL6ZJ
5dnZb8Y7u2H2o44IBTotPbBf+Oxzu5vu9tO9nzSuekVwA/l8VFBbnv7HoBSZ101T
ESFTT0fGCo4jdnxa8/0pIpzZ53FCHnrdgcQwvjbkokro5u/J7uwEDslhOa3AdvR1
LMxHTToGMPh7BODSoarmdlGhQyR7MMeal1S4G9fG2fTs6lapkpRvwutG31Qbb5xk
JzcSIr0MiaxeFu72/byiaCLQ0Cg9Ht8LyigeLDXP0RcyuQ5y5mGUav5rpVE6b2DF
hSZTfgN/vsR+ItLnyODVKtYbuw==
-----END CERTIFICATE-----

52
deployments/k8s/certs/identity-cert/tls.key
View File

@ -1,52 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7wl3urP6Yp7bO
+TagX8ta0RSgxvPv4x1VIvLUzFuTI5ccCKFQjPGLlCTvy0nJkp8VRrrACyPTQS8q
ifEoAXBFgl8YduFXYkYusDXCtbjQqXCrlD+Jej2lxIb5kn9q6UafPl5ScnzSz4bs
UzUv/NYsELYc1uF2jpRBXPKpVr/OnJ+4a/z5fE+Hx1Y8j7CLbpPC0iNDr3vgBsv6
sHf1z6TL7rkZ8EAz516ueDc79Rtd9g/Mc/oWSfMt3iykzKrUnwwaEbo4QXnOWbqy
yXmkQ24lbjit/4RaEk5XYVddeW09WKuewbGgUj8sETzCJ1jYGbQcZhB9VOL4WyX5
CeDaf9gD3Oul9Us2brCu4RcV6ZlOCGr2+ad6fIlFQ8wjuxOfQ3Tn8wtwWseXOjkL
0fcAHTMlCYQYVOMqCfbeWPXFj0KjsUp1Tr7uajU6/T9AE1iqTjFRWGSG6BAQKIWY
qSTqnWpVCao6SbTuKsuWf8/q1TtuAcOd9W8SQIY6VWndUkjX56rq+C1cVga2qo0D
rTjlDoatMH+EBg7LB93DdgWfn8fUQnBn/ZnTRkS9YfqB41Bm+WSoKqojXd2FIiWW
UR+1KAXr8siqkG22vOFFiLWk6zjiNe6ySG8L1Zb/PjwhV3zuuwtAl+5+2pddzeHw
nton9jjJwiSPW/VK0XX6i/f5aKYAcQIDAQABAoICAA58MEL5laqxRakyEMTOnyGi
f7TnpGodW2X2DEXefjIbzMyc3dUZCol6JF9bj5W9eghqLH4kXd8uaDUf7zrm4YJ7
TFrW0QusyT1Q2tTqsBdo+whBp6UziQ4A22jlpG7bEFe4uA4kRvz8haw1vyS0nNFJ
eMNA0KQU29svEIl/58xIyQmxSxL0RC51cnG5pCUdosik7ZOLNkNSQupUMu0D1/Lj
t+QIZOucLfHH1HsLrdDR6uYbDHArxFcFjOwp3gQJQSXBuFwesQb6ZSzl3jyN9zFs
D3NdAxjv0JttJxBPDd5tuM/Goa18quL7cXSJFJGXag3G0f7ZTalbXtKXsIEq279O
hXSMVG186U5OFu8PCXHMTRIzudightohLRMq8d0/u7GIcsESbdgB+9aOHAaN6IKp
4DJXAksCq46erhiQXGghjJeGzb9N70IWR45ZFdciRXenztv4A8CWyGrfMe9aA252
VncGkZ6l5kLVwiEKeMn+TXWfOAEg1SYoqzE2XjuR8CoRbzhPQB5qFUadFX0l0ZZj
5bW18smpnq3XyZZfISH8AXxfgw1+hQ3VWhtCe5OjBEtvShx2+GW3MSfET15uNE1W
PGp5DPF633ivWt4A1ETrJdlNTruqmXvoxYXigQccuDQ3f/fy/rjkD65x4ChJKsQx
DrfV0qz0ewNlGm74SwABAoIBAQD0NaOvx/4WMusKPXMSSrpTmVS2wVQ9Jfll6cA0
JLoGNMauPHzrlW21jaBqxWLheVF9GW71OeJlmv06IfpmBeKAxsx+GIgYFjDntiYE
TV4PJDETPvL41SvKOCCQlxyupckFmJ2/2XwFvDEjuPOyBrgEkOweQrqHHgYr7qhs
a3E8nIbUhOYQuBsi4zWjqgLb7y/WyXdnoKmsIFZylw69LcAP/ioVBB+KXwivlNzX
hhftBF6Etl/1dlSw2kfQ0H2iXvDye12HAI6VXet7urhHTsxnIinkzlzwIIqBE8Wn
gUrIqpak+59SFFJon0tFEyrea+gLBei+8FN+seQrw+G6f2VxAoIBAQDE0wScjUEw
c3m+R/Ur8I9dYemDGV89y0Nb5jgvL0psmF6g8h1Male0Rbir7IRtMOLR8VWQ2Co5
5liANXO+2+trahYCnF5wKzCwl3Mj5TX2T90q5JOWIVeu2/e14VIwP0HMuw+6Bu22
omWPr7wrnpyEHJ9gNG0mdM/RG+voUsVxwNI8TTwE4VvS0Xc7+7uMlHDruzvTd98c
ILGL95IQZiylTvtteX/OZrNcHyH6bnRiqHek3HwP2mUfH5zOh8l3vePIuDOlZ8NN
inZ27Uk2bqeo/OpBMg01Z4tO6G0akdZJ5+hYAKxYYGrZfAm6QM2iLWul9bG5ptnL
4anQHGSBFssBAoIBAQDJhmI3svBI3Wf8oU0OcUBlsIip78xWUboHkegcn5oreO3j
5uKnfj50rhUNRyocKwNGGvDnyQa9FjOV/2glPQH3hxZFkHTue5GMBVJGBppyIEmn
OjFDipaCX+LvruPqc8D5r0GuigjAqtZaRkxEQyskCXvwVNycl/g71MyD+/4MKJdT
VQCOF3+9QIaJMsj9Odrego7Yo0qhUmZEVcfB8bkm+XU8tpRYmagPTOcZq/yeiRZ+
qglyBF5LOzY8aXDjxzlKwOcjeyAuvryO9D0SC0K+cQDlYi5rsk7Zybk4S4etJKkA
KO0GzOJcl+eDbxfXSHDKd+vjdWtRh/dk7laeknbhAoIBAQCgLPJ1zOaeXXtYBQtb
BNxHLKVyUTWW/lIE+egDTkMM+TsZU6/QPkK9rHfLQiHLEpukKvhtdd13XSPswpM9
YY/GzIC5AzQ/qIZpT/cd4Sz3FKtyeq444U2QOebvFz1hkjkkOZ9kzrqphKOOOX+z
J9NMGFcDXebuAuYU0No9KQ8Rsc/lzxznA9dMS7bzE7vfffYfgTIAuG7TXy/eLk2q
FtyCczJeNyBxgla4w4VNXpJMr7kea2hzJlJg78MWuJ6WWeyDrpQpKbZg5iveQODx
8T90YM7q26awLWHLh48yrjhr0NTeuT2Idn6+Gxl3f8FZGAmg97/4y/Y226Dsgg6w
lzIBAoIBAG57UIZo/MvUtGzUPZxtA2fJfxD8a8Ov3nQU3zjJLwJXzr+8zvyZNRxo
xx+9diLuiXChGOuiSCT9umr/JIdsVa0om4L+P0p7WML+T+bPaTqfZ2gcVuB+ZtX7
JGX3tZ+LzdakQ6LSa4ZFQe2cSc71aavbrY154DjXRb8snAA9ds0D6MtSG+N9aB6Z
ZDVDsS/yI5gEKWqm7PtD4uUhMk5bRaKnGKKVUGCNjOC7CDLFUIMNp4QH1aoYLq2n
B7/FtyPoOL6LCO+BROEccRevXAbr92tw8hC3jhbFKwBM8I1AVuh1u/jXX5d8+DeM
PCFM4yKfsFon3Mml04xyxJStj/fasMc=
-----END PRIVATE KEY-----

2
deployments/k8s/issuer.yml → deployments/k8s/certs/issuer.yml
View File

@ -5,4 +5,4 @@ metadata:
namespace: default
spec:
ca:
secretName: booking-microservices-secret
secretName: booking-tls

0
deployments/k8s/certs/booking-cert/tls.crt → deployments/k8s/certs/tls.crt
View File

0
deployments/k8s/certs/booking-cert/tls.key → deployments/k8s/certs/tls.key
View File

4
deployments/k8s/certs/tls.txt
View File

@ -1,6 +1,2 @@
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=booking-microservices.com" -days 365
kubectl create secret tls booking-tls --key tls.key --cert tls.crt
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=myidentityserver.com" -days 365
kubectl create secret tls identity-tls --key tls.key --cert tls.crt

2
deployments/k8s/flight.yml
View File

@ -15,7 +15,7 @@ spec:
app: flight
spec:
containers:
- image: meysamh66/booking-microservices-flight:v1.6.6
- image: meysamh66/booking-microservices-flight:v1.6.7
name: flight
ports:
- containerPort: 80

2
deployments/k8s/identity.yml
View File

@ -15,7 +15,7 @@ spec:
app: identity
spec:
containers:
- image: meysamh66/booking-microservices-identity:v1.6.6
- image: meysamh66/booking-microservices-identity:v1.6.7
name: identity
ports:
- containerPort: 80

20
deployments/k8s/ingress.yml
View File

@ -14,35 +14,29 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- myidentityserver.com
secretName: identity-tls
- hosts:
- booking-microservices.com
secretName: booking-tls
rules:
- host: myidentityserver.com
rules:
- host: booking-microservices.com
http:
paths:
- path: /
- path: /identity
pathType: Prefix
backend:
service:
name: identity
name: flight
port:
number: 80
- path: /(.+)
number: 80
- path: /identity/(.+)
pathType: Prefix
backend:
service:
name: identity
port:
number: 80
- host: booking-microservices.com
http:
paths:
- path: /flight
pathType: Prefix
backend:

9
deployments/k8s/ip-address-pool.yml
View File

@ -1,9 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 192.168.49.220-192.168.49.230
# renge ip address base on cluster ip

8
deployments/k8s/l2-advertisement.yml
View File

@ -1,8 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: example
namespace: metallb-system
spec:
ipAddressPools:
- first-pool

2
deployments/k8s/passenger.yml
View File

@ -15,7 +15,7 @@ spec:
app: passenger
spec:
containers:
- image: meysamh66/booking-microservices-passenger:v1.6.6
- image: meysamh66/booking-microservices-passenger:v1.6.7
name: passenger
ports:
- containerPort: 80

872
deployments/k8s/traefik-values.yml
View File

@ -1,872 +0,0 @@
# Default values for Traefik
image:
repository: traefik
# defaults to appVersion
tag: ""
pullPolicy: IfNotPresent
#
# Configure integration with Traefik Hub
#
hub:
## Enabling Hub will:
# * enable Traefik Hub integration on Traefik
# * add `traefikhub-tunl` endpoint
# * enable Prometheus metrics with addRoutersLabels
# * enable allowExternalNameServices on KubernetesIngress provider
# * enable allowCrossNamespace on KubernetesCRD provider
# * add an internal (ClusterIP) Service, dedicated for Traefik Hub
enabled: false
## Default port can be changed
# tunnelPort: 9901
## TLS is optional. Insecure is mutually exclusive with any other options
# tls:
# insecure: false
# ca: "/path/to/ca.pem"
# cert: "/path/to/cert.pem"
# key: "/path/to/key.pem"
#
# Configure the deployment
#
deployment:
enabled: true
# Can be either Deployment or DaemonSet
kind: Deployment
# Number of pods of the deployment (only applies when kind == Deployment)
replicas: 1
# Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
# revisionHistoryLimit: 1
# Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
terminationGracePeriodSeconds: 60
# The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
minReadySeconds: 0
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# Additional deployment labels (e.g. for filtering deployment by custom labels)
labels: {}
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
podAnnotations: {}
# Additional Pod labels (e.g. for filtering Pod by custom labels)
podLabels: {}
# Additional containers (e.g. for metric offloading sidecars)
additionalContainers: []
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
# - name: socat-proxy
# image: alpine/socat:1.0.5
# args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
# volumeMounts:
# - name: dsdsocket
# mountPath: /socket
# Additional volumes available for use with initContainers and additionalContainers
additionalVolumes: []
# - name: dsdsocket
# hostPath:
# path: /var/run/statsd-exporter
# Additional initContainers (e.g. for setting file permission as shown below)
initContainers: []
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/traefik/traefik/issues/6825
# - name: volume-permissions
# image: busybox:1.35
# command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
# volumeMounts:
# - name: data
# mountPath: /data
# Use process namespace sharing
shareProcessNamespace: false
# Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet
# Additional imagePullSecrets
imagePullSecrets: []
# - name: myRegistryKeySecretName
# Pod lifecycle actions
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "sleep 40"]
# postStart:
# httpGet:
# path: /ping
# port: 9000
# host: localhost
# scheme: HTTP
# Pod disruption budget
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# maxUnavailable: 33%
# minAvailable: 0
# minAvailable: 25%
# Create a default IngressClass for Traefik
ingressClass:
enabled: true
isDefaultClass: true
# Enable experimental features
experimental:
v3:
enabled: false
plugins:
enabled: false
kubernetesGateway:
enabled: false
gateway:
enabled: true
# certificate:
# group: "core"
# kind: "Secret"
# name: "mysecret"
# By default, Gateway would be created to the Namespace you are deploying Traefik to.
# You may create that Gateway in another namespace, setting its name below:
# namespace: default
# Additional gateway annotations (e.g. for cert-manager.io/issuer)
# annotations:
# cert-manager.io/issuer: letsencrypt
# Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
# The router match rule used for the dashboard ingressRoute
matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
# Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
# By default, it's using traefik entrypoint, which is not exposed.
# /!\ Do not expose your dashboard without any protection over the internet /!\
entryPoints: ["traefik"]
# Additional ingressRoute middlewares (e.g. for authentication)
middlewares: []
# TLS options (e.g. secret containing certificate)
tls: {}
# Customize updateStrategy of traefik pods
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
# Customize liveness and readiness probe values.
readinessProbe:
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
#
# Configure providers
#
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: false
allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
#
# Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
# - "--ping"
# - "--ping.entrypoint=web"
volumes: []
# - name: public-cert
# mountPath: "/certs"
# type: secret
# - name: '{{ printf "%s-configs" .Release.Name }}'
# mountPath: "/config"
# type: configMap
# Additional volumeMounts to add to the Traefik container
additionalVolumeMounts: []
# For instance when using a logshipper for access logs
# - name: traefik-logs
# mountPath: /var/log/traefik
## Logs
## https://docs.traefik.io/observability/logs/
logs:
## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR.
# Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
## By default, logs are written using the Common Log Format (CLF) on stdout.
## To write logs in JSON, use json in the format option.
## If the given format is unsupported, the default (CLF) is used instead.
# format: json
# filePath: "/var/log/traefik/access.log
## To write the logs in an asynchronous fashion, specify a bufferingSize option.
## This option represents the number of log lines Traefik will keep in memory before writing
## them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
## Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
## Fields
## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
## Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
## Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
metrics:
## Prometheus is enabled by default.
## It can be disabled by setting "prometheus: null"
prometheus:
## Entry point used to expose metrics.
entryPoint: metrics
## Enable metrics on entry points. Default=true
# addEntryPointsLabels: false
## Enable metrics on routers. Default=false
# addRoutersLabels: true
## Enable metrics on services. Default=true
# addServicesLabels: false
## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0"
# buckets: "0.5,1.0,2.5"
## When manualRouting is true, it disables the default internal router in
## order to allow creating a custom router for prometheus@internal service.
# manualRouting: true
# datadog:
# ## Address instructs exporter to send metrics to datadog-agent at this address.
# address: "127.0.0.1:8125"
# ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
# # pushInterval: 30s
# ## The prefix to use for metrics collection. Default="traefik"
# # prefix: traefik
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# influxdb:
# ## Address instructs exporter to send metrics to influxdb at this address.
# address: localhost:8089
# ## InfluxDB's address protocol (udp or http). Default="udp"
# protocol: udp
# ## InfluxDB database used when protocol is http. Default=""
# # database: ""
# ## InfluxDB retention policy used when protocol is http. Default=""
# # retentionPolicy: ""
# ## InfluxDB username (only with http). Default=""
# # username: ""
# ## InfluxDB password (only with http). Default=""
# # password: ""
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## Additional labels (influxdb tags) on all metrics.
# # additionalLabels:
# # env: production
# # foo: bar
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# influxdb2:
# ## Address instructs exporter to send metrics to influxdb v2 at this address.
# address: localhost:8086
# ## Token with which to connect to InfluxDB v2.
# token: xxx
# ## Organisation where metrics will be stored.
# org: ""
# ## Bucket where metrics will be stored.
# bucket: ""
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## Additional labels (influxdb tags) on all metrics.
# # additionalLabels:
# # env: production
# # foo: bar
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# statsd:
# ## Address instructs exporter to send metrics to statsd at this address.
# address: localhost:8125
# ## The interval used by the exporter to push metrics to influxdb. Default=10s
# # pushInterval: 30s
# ## The prefix to use for metrics collection. Default="traefik"
# # prefix: traefik
# ## Enable metrics on entry points. Default=true
# # addEntryPointsLabels: false
# ## Enable metrics on routers. Default=false
# # addRoutersLabels: true
# ## Enable metrics on services. Default=true
# # addServicesLabels: false
# openTelemetry:
# ## Address of the OpenTelemetry Collector to send metrics to.
# address: "localhost:4318"
# ## Enable metrics on entry points.
# addEntryPointsLabels: true
# ## Enable metrics on routers.
# addRoutersLabels: true
# ## Enable metrics on services.
# addServicesLabels: true
# ## Explicit boundaries for Histogram data points.
# explicitBoundaries:
# - "0.1"
# - "0.3"
# - "1.2"
# - "5.0"
# ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
# headers:
# foo: bar
# test: test
# ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
# insecure: true
# ## Interval at which metrics are sent to the OpenTelemetry Collector.
# pushInterval: 10s
# ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
# path: /foo/v1/traces
# ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
# tls:
# ## The path to the certificate authority, it defaults to the system bundle.
# ca: path/to/ca.crt
# ## The path to the public certificate. When using this option, setting the key option is required.
# cert: path/to/foo.cert
# ## The path to the private key. When using this option, setting the cert option is required.
# key: path/to/key.key
# ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
# insecureSkipVerify: true
# ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
# grpc: true
##
## enable optional CRDs for Prometheus Operator
##
## Create a dedicated metrics service for use with ServiceMonitor
## When hub.enabled is set to true, it's not needed: it will use hub service.
# service:
# enabled: false
# labels: {}
# annotations: {}
## When set to true, it won't check if Prometheus Operator CRDs are deployed
# disableAPICheck: false
# serviceMonitor:
# metricRelabelings: []
# - sourceLabels: [__name__]
# separator: ;
# regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
# replacement: $1
# action: drop
# relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
# jobLabel: traefik
# interval: 30s
# honorLabels: true
# # (Optional)
# # scrapeTimeout: 5s
# # honorTimestamps: true
# # enableHttp2: true
# # followRedirects: true
# # additionalLabels:
# # foo: bar
# # namespace: "another-namespace"
# # namespaceSelector: {}
# prometheusRule:
# additionalLabels: {}
# namespace: "another-namespace"
# rules:
# - alert: TraefikDown
# expr: up{job="traefik"} == 0
# for: 5m
# labels:
# context: traefik
# severity: warning
# annotations:
# summary: "Traefik Down"
# description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
tracing: {}
# instana:
# localAgentHost: 127.0.0.1
# localAgentPort: 42699
# logLevel: info
# enableAutoProfile: true
# datadog:
# localAgentHostPort: 127.0.0.1:8126
# debug: false
# globalTag: ""
# prioritySampling: false
# jaeger:
# samplingServerURL: http://localhost:5778/sampling
# samplingType: const
# samplingParam: 1.0
# localAgentHostPort: 127.0.0.1:6831
# gen128Bit: false
# propagation: jaeger
# traceContextHeaderName: uber-trace-id
# disableAttemptReconnecting: true
# collector:
# endpoint: ""
# user: ""
# password: ""
# zipkin:
# httpEndpoint: http://localhost:9411/api/v2/spans
# sameSpan: false
# id128Bit: true
# sampleRate: 1.0
# haystack:
# localAgentHost: 127.0.0.1
# localAgentPort: 35000
# globalTag: ""
# traceIDHeaderName: ""
# parentIDHeaderName: ""
# spanIDHeaderName: ""
# baggagePrefixHeaderName: ""
# elastic:
# serverURL: http://localhost:8200
# secretToken: ""
# serviceEnvironment: ""
globalArguments:
- "--global.checknewversion"
- "--global.sendanonymoususage"
#
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments: []
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# Environment variables to be passed to Traefik's binary
env: []
# - name: SOME_VAR
# value: some-var-value
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# Configure ports
ports:
# The name of this one can't be changed as it is used for the readiness and
# liveness probes, but you can adjust its config to your liking
traefik:
port: 9000
# Use hostPort if set.
# hostPort: 9000
#
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Override the liveness/readiness port. This is useful to integrate traefik
# with an external Load Balancer that performs healthchecks.
# Default: ports.traefik.port
# healthchecksPort: 9000
# Override the liveness/readiness scheme. Useful for getting ping to
# respond on websecure entryPoint.
# healthchecksScheme: HTTPS
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You SHOULD NOT expose the traefik port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl port-forward` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8000
# hostPort: 8000
expose: true
exposedPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
# Use nodeport if set. This is useful if you have configured Traefik in a
# LoadBalancer.
# nodePort: 32080
# Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection
# redirectTo: websecure
#
# Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
# Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
websecure:
## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8443
# hostPort: 8443
expose: true
exposedPort: 443
## The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
#
## Enable HTTP/3 on the entrypoint
## Enabling it will also enable http3 experimental feature
## https://doc.traefik.io/traefik/routing/entrypoints/#http3
## There are known limitations when trying to listen on same ports for
## TCP & UDP (Http3). There is a workaround in this chart using dual Service.
## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741
http3:
enabled: false
# advertisedPort: 4443
#
## Trust forwarded headers information (X-Forwarded-*).
#forwardedHeaders:
# trustedIPs: []
# insecure: false
#
## Enable the Proxy Protocol header parsing for the entry point
#proxyProtocol:
# trustedIPs: []
# insecure: false
#
## Set TLS at the entrypoint
## https://doc.traefik.io/traefik/routing/entrypoints/#tls
tls:
enabled: true
# this is the name of a TLSOption definition
options: ""
certResolver: ""
domains: []
# - main: example.com
# sans:
# - foo.example.com
# - bar.example.com
#
# One can apply Middlewares on an entrypoint
# https://doc.traefik.io/traefik/middlewares/overview/
# https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
# /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
# It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
# middlewares:
# - namespace-name1@kubernetescrd
# - namespace-name2@kubernetescrd
middlewares: []
metrics:
# When using hostNetwork, use another port to avoid conflict with node exporter:
# https://github.com/prometheus/prometheus/wiki/Default-port-allocations
port: 9100
# hostPort: 9100
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You may not want to expose the metrics port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl port-forward` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9100
# The port protocol (TCP/UDP)
protocol: TCP
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
# tlsOptions:
# default:
# sniStrict: true
# preferServerCipherSuites: true
# foobar:
# curvePreferences:
# - CurveP521
# - CurveP384
tlsOptions: {}
# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
# https://doc.traefik.io/traefik/https/tls/#default-certificate
# Example:
# tlsStore:
# default:
# defaultCertificate:
# secretName: tls-cert
tlsStore: {}
# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
enabled: true
## Single service is using `MixedProtocolLBService` feature gate.
## When set to false, it will create two Service, one for TCP and one for UDP.
single: true
type: LoadBalancer
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
annotations: {}
# Additional annotations for TCP service only
annotationsTCP: {}
# Additional annotations for UDP service only
annotationsUDP: {}
# Additional service labels (e.g. for filtering Service by custom labels)
labels: {}
# Additional entries here will be added to the service spec.
# Cannot contain type, selector or ports entries.
spec: {}
# externalTrafficPolicy: Cluster
# loadBalancerIP: "1.2.3.4"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges: []
# - 192.168.0.1/32
# - 172.16.0.0/16
externalIPs: []
# - 1.2.3.4
## One of SingleStack, PreferDualStack, or RequireDualStack.
# ipFamilyPolicy: SingleStack
## List of IP families (e.g. IPv4 and/or IPv6).
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
# ipFamilies:
# - IPv4
# - IPv6
##
## An additionnal and optional internal Service.
## Same parameters as external Service
# internal:
# type: ClusterIP
# # labels: {}
# # annotations: {}
# # spec: {}
# # loadBalancerSourceRanges: []
# # externalIPs: []
# # ipFamilies: [ "IPv4","IPv6" ]
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 60
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 60
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 60
# Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# It can be used to store TLS certificates, see `storage` in certResolvers
persistence:
enabled: true
name: data
# existingClaim: ""
accessMode: ReadWriteOnce
size: 128Mi
# storageClass: ""
# volumeName: ""
path: /data
annotations: {}
# subPath: "" # only mount a subpath of the Volume into the pod
certResolvers: {}
# letsencrypt:
# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
# email: email@example.com
# dnsChallenge:
# # also add the provider's required configuration under env
# # or expand then from secrets/configmaps with envfrom
# # cf. https://doc.traefik.io/traefik/https/acme/#providers
# provider: digitalocean
# # add futher options for the dns challenge as needed
# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
# delayBeforeCheck: 30
# resolvers:
# - 1.1.1.1
# - 8.8.8.8
# tlsChallenge: true
# httpChallenge:
# entryPoint: "web"
# # It has to match the path with a persistent volume
# storage: /data/acme.json
# If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default.
hostNetwork: false
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
# If set to true, installs Role and RoleBinding. Providers will only watch target namespace.
namespaced: false
# Enable user-facing roles
# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
# aggregateTo: [ "admin" ]
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
podSecurityPolicy:
enabled: false
# The service account the pods will use to interact with the Kubernetes API
serviceAccount:
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name: ""
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
# This example pod anti-affinity forces the scheduler to put traefik pods
# on nodes where no other traefik pods are scheduled.
# It should be used when hostNetwork: true to prevent port conflicts
affinity: {}
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchLabels:
# app.kubernetes.io/name: '{{ template "traefik.name" . }}'
# app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
# topologyKey: kubernetes.io/hostname
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
# # This example topologySpreadConstraints forces the scheduler to put traefik pods
# # on nodes where no other traefik pods are scheduled.
# - labelSelector:
# matchLabels:
# app: '{{ template "traefik.name" . }}'
# maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# Pods can have priority.
# Priority indicates the importance of a Pod relative to other Pods.
priorityClassName: ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
#
# Extra objects to deploy (value evaluated as a template)
#
# In some cases, it can avoid the need for additional, extended or adhoc deployments.
# See #595 for more details and traefik/tests/values/extra.yaml for example.
extraObjects: []
# This will override the default Release Namespace for Helm.
# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
# namespaceOverride: traefik
#
## This will override the default app.kubernetes.io/instance label for all Objects.
# instanceLabelOverride: traefik