linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linkerd2/proxy-init/integration_test/iptables/iptablestest-lab.yaml

176 lines
4.3 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Pod
metadata:
name: pod-with-no-rules
labels:
app: pod-with-no-rules
spec:
containers:
- name: webserver
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "8080"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 8080
- name: other-container
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "9090"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 9090
---
apiVersion: v1
kind: Service
metadata:
name: svc-pod-with-no-rules
spec:
selector:
app: pod-with-no-rules
ports:
- name: http
port: 8080
---
apiVersion: v1
kind: Pod
metadata:
name: pod-redirects-all-ports
labels:
app: pod-redirects-all-ports
spec:
containers:
- name: other-container
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "9090"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 9090
- name: proxy-stub
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "8080"
- name: AM_I_THE_PROXY
value: "yes"
command: ["go", "run", "/go/test_service/test_service.go"]
securityContext:
privileged: false
runAsUser: 2102
ports:
- name: http
containerPort: 8080
initContainers:
- name: conduit-init
image: gcr.io/runconduit/proxy-init:latest
imagePullPolicy: Never
args: ["-p", "8080", "-o", "8080", "-u", "2102"]
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
---
apiVersion: v1
kind: Service
metadata:
name: svc-pod-redirects-all-ports
spec:
selector:
app: pod-redirects-all-ports
ports:
- name: http
port: 8080
---
apiVersion: v1
kind: Pod
metadata:
name: pod-redirects-whitelisted
labels:
app: pod-redirects-whitelisted
spec:
containers:
- name: proxy-stub
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "8080"
- name: AM_I_THE_PROXY
value: "yes"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 8080
securityContext:
privileged: false
runAsUser: 2102
initContainers:
- name: conduit-init
image: gcr.io/runconduit/proxy-init:latest
imagePullPolicy: Never
args: ["-p", "8080", "-o", "8080", "-u", "2102", "-r", "9090", "-r", "9099"]
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
---
apiVersion: v1
kind: Pod
metadata:
name: pod-doesnt-redirect-blacklisted
labels:
app: pod-doesnt-redirect-blacklisted
spec:
containers:
- name: proxy-stub
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "8080"
- name: AM_I_THE_PROXY
value: "yes"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 8080
securityContext:
privileged: false
runAsUser: 2102
- name: other-container
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "9090"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 9090
- name: blacklisted-container
image: buoyantio/iptables-tester:v1
env:
- name: PORT
value: "7070"
command: ["go", "run", "/go/test_service/test_service.go"]
ports:
- name: http
containerPort: 7070
initContainers:
- name: conduit-init
image: gcr.io/runconduit/proxy-init:latest
imagePullPolicy: Never
args: ["-p", "8080", "-o", "8080", "-u", "2102", "--inbound-ports-to-ignore", "7070"]
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
Reference in New Issue View Git Blame Copy Permalink