Skip to content

Instantly share code, notes, and snippets.

@harsh4870

harsh4870/nginx-oci-mesh.yaml

Last active July 17, 2022 13:46
Show Gist options
  • Save harsh4870/cd6cc9fdd7f9e6775c9248e61ddd7d90 to your computer and use it in GitHub Desktop.
Save harsh4870/cd6cc9fdd7f9e6775c9248e61ddd7d90 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx with Oracle service mesh integration
Raw
nginx-oci-mesh.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 8080
targetPort: 80
selector:
app: nginx
tier: nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
tier: nginx
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: nginx
tier: nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 8080
name: http
- containerPort: 80
name: httpa
- containerPort: 443
name: https
---
kind: Mesh
apiVersion: servicemesh.oci.oracle.com/v1beta1
metadata:
name: nginx
namespace: default
spec:
compartmentId: <CompartmentID>
certificateAuthorities:
- id: <Cert auth ID>
mtls:
minimum: DISABLED
---
kind: VirtualService
apiVersion: servicemesh.oci.oracle.com/v1beta1
metadata:
name: nginx
namespace: default
spec:
mesh:
ref:
name: default
defaultRoutingPolicy:
type: UNIFORM
compartmentId: <CompartmentID>
hosts:
- nginx
- nginx:80
- nginx:8080
mtls:
mode: DISABLED
---
kind: VirtualDeployment
apiVersion: servicemesh.oci.oracle.com/v1beta1
metadata:
name: nginx
namespace: default
spec:
virtualService:
ref:
name: nginx
compartmentId: <CompartmentID>
listener:
- port: 80
protocol: TCP
- port: 8080
protocol: TCP
accessLogging:
isEnabled: true
serviceDiscovery:
type: DNS
hostname: nginx
---
apiVersion: servicemesh.oci.oracle.com/v1beta1
kind: VirtualServiceRouteTable
metadata:
name: nginx-route-table
namespace: default
spec:
compartmentId: <CompartmentID>
virtualService:
ref:
name: nginx
routeRules:
- httpRoute:
destinations:
- virtualDeployment:
ref:
name: nginx
weight: 100
---
kind: VirtualDeploymentBinding
apiVersion: servicemesh.oci.oracle.com/v1beta1
metadata:
name: nginx-binding
namespace: default
spec:
virtualDeployment:
ref:
name: nginx
namespace: default
target:
service:
ref:
name: nginx
namespace: default
---
kind: IngressGateway
apiVersion: servicemesh.oci.oracle.com/v1beta1
metadata:
name: nginx-ingress-gateway
namespace: nginx
spec:
compartmentId: <CompartmentID>
mesh:
ref:
name: nginx
hosts:
- name: exampleHost
hostnames:
- nginx.example.com
listeners:
- port: 80
protocol: HTTP
tls:
mode: DISABLED
accessLogging:
isEnabled: true
---
apiVersion: servicemesh.oci.oracle.com/v1beta1
kind: IngressGatewayRouteTable
metadata:
name: nginx-ingress-gateway-route-table
namespace: nginx
spec:
compartmentId: <CompartmentID>
ingressGateway:
ref:
name: nginx-ingress-gateway
routeRules:
- httpRoute:
ingressGatewayHost:
name: exampleHost
destinations:
- virtualService:
ref:
name: nginx
---
apiVersion: servicemesh.oci.oracle.com/v1beta1
kind: IngressGatewayDeployment
metadata:
name: nginx-ingress-gateway-deployment
namespace: nginx
spec:
ingressGateway:
ref:
name: nginx-ingress-gateway
deployment:
autoscaling:
minPods: 1
maxPods: 1
ports:
- protocol: TCP
port: 80
serviceport: 80
service:
type: LoadBalancer
---
kind: AccessPolicy
apiVersion: servicemesh.oci.oracle.com/v1beta1
metadata:
name: nginx-policy
namespace: nginx
spec:
mesh:
ref:
name: nginx
compartmentId: <CompartmentID>
rules:
- action: ALLOW
source:
virtualService:
ref:
name: nginx
destination:
allVirtualServices: {}
- action: ALLOW
source:
allVirtualServices: {}
destination:
allVirtualServices: {}
- action: ALLOW
source:
allVirtualServices: {}
destination:
externalService:
tcpExternalService:
ipAddresses: ["0.0.0.0/0"]
ports: []
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment