From cf26f4da3a5cd031929082b22d513983aece962c Mon Sep 17 00:00:00 2001 From: Bogdan Alov Date: Wed, 17 Jul 2019 17:33:48 +0300 Subject: [PATCH 1/3] changed kubernetes resources limits and requests to be equal --- releases/dev/account-service.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases/dev/account-service.yaml b/releases/dev/account-service.yaml index 4d8e23d..1be6198 100644 --- a/releases/dev/account-service.yaml +++ b/releases/dev/account-service.yaml @@ -24,11 +24,11 @@ spec: resources: limits: - cpu: 1 - memory: 1500Mi + cpu: 750m + memory: 1250Mi requests: - cpu: 500m - memory: 1000Mi + cpu: 750m + memory: 1250Mi ports: containerPort: -- GitLab From 3d5a9a0876069a2884882a3015997312e16be0b0 Mon Sep 17 00:00:00 2001 From: Dimitar Ivanov Date: Mon, 22 Jul 2019 11:32:21 +0300 Subject: [PATCH 2/3] Add authentication policy. --- charts/account-service/Chart.yaml | 2 +- .../templates/authentication-policy.yaml | 41 ++++++++++--------- releases/dev/account-service.yaml | 2 +- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/charts/account-service/Chart.yaml b/charts/account-service/Chart.yaml index 79760b3..e5ff513 100644 --- a/charts/account-service/Chart.yaml +++ b/charts/account-service/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Deployment of the nynja account service. name: account-service -version: 0.1.3 +version: 0.1.4 diff --git a/charts/account-service/templates/authentication-policy.yaml b/charts/account-service/templates/authentication-policy.yaml index 63aab21..768fe93 100644 --- a/charts/account-service/templates/authentication-policy.yaml +++ b/charts/account-service/templates/authentication-policy.yaml @@ -1,19 +1,22 @@ -#apiVersion: "authentication.istio.io/v1alpha1" -#kind: "Policy" -#metadata: -# name: {{ template "account-service.fullname" . }} -# labels: -# app: {{ template "account-service.name" . }} -# chart: {{ template "account-service.chart" . }} -# release: {{ .Release.Name }} -# heritage: {{ .Release.Service }} -#spec: -# targets: -# - name: {{ template "account-service.name" . }} -# origins: -# - jwt: -# issuer: https://auth.nynja.biz/ -# jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public -# audiences: -# - dGVzdEluc3RhbmNl:NynjaApp:NynjaOrg -# principalBinding: USE_ORIGIN +apiVersion: "authentication.istio.io/v1alpha1" +kind: "Policy" +metadata: + name: {{ template "account-service.fullname" . }} + labels: + app: {{ template "account-service.name" . }} + chart: {{ template "account-service.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + targets: + - name: {{ template "account-service.name" . }} + origins: + - jwt: + issuer: https://auth.nynja.biz/ + jwksUri: http://auth-service.auth.svc.cluster.local:8008/keys/public + trigger_rules: + - excluded_paths: + - exact: /actuator/health + - exact: /actuator/info + - exact: /actuator/status + principalBinding: USE_ORIGIN diff --git a/releases/dev/account-service.yaml b/releases/dev/account-service.yaml index 1be6198..18dc489 100644 --- a/releases/dev/account-service.yaml +++ b/releases/dev/account-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service - version: 0.1.3 + version: 0.1.4 values: replicaCount: 1 -- GitLab From edb4d5a9f6f75a4432cd161800635d7022273492 Mon Sep 17 00:00:00 2001 From: Dimitar Ivanov Date: Mon, 22 Jul 2019 16:33:11 +0300 Subject: [PATCH 3/3] Update chart version and pod limits of staging. --- releases/staging/account-service.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/releases/staging/account-service.yaml b/releases/staging/account-service.yaml index a99430b..56579b3 100644 --- a/releases/staging/account-service.yaml +++ b/releases/staging/account-service.yaml @@ -8,7 +8,7 @@ spec: chart: repository: https://nynjagroup.jfrog.io/nynjagroup/helm/ name: account-service - version: 0.1.3 + version: 0.1.4 values: replicaCount: 2 @@ -24,11 +24,11 @@ spec: resources: limits: - cpu: 1 - memory: 1500Mi + cpu: 750m + memory: 1250Mi requests: - cpu: 500m - memory: 1000Mi + cpu: 750m + memory: 1250Mi ports: containerPort: @@ -65,4 +65,3 @@ spec: - x-grpc-web - authorization maxAge: "600s" - -- GitLab