apiVersion: v1 kind: Namespace metadata: name: juwan --- apiVersion: v1 kind: ConfigMap metadata: name: envoy-config namespace: juwan data: envoy.yaml: | static_resources: listeners: - name: listener_http address: socket_address: address: 0.0.0.0 port_value: 8080 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog http_filters: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: - name: backend domains: ["*"] routes: - match: prefix: /api/v1/users route: cluster: user_api_cluster timeout: 30s - match: prefix: /api/v1/orders route: cluster: order_api_cluster timeout: 30s - match: prefix: /health route: cluster: user_api_cluster timeout: 10s - match: prefix: / route: cluster: user_api_cluster timeout: 30s clusters: - name: user_api_cluster connect_timeout: 5s type: STRICT_DNS dns_lookup_family: V4_ONLY lb_policy: ROUND_ROBIN load_assignment: cluster_name: user_api_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: user-api-svc.juwan.svc.cluster.local port_value: 8888 health_checks: - timeout: 3s interval: 10s unhealthy_threshold: 2 healthy_threshold: 2 http_health_check: path: /health - name: order_api_cluster connect_timeout: 5s type: STRICT_DNS dns_lookup_family: V4_ONLY lb_policy: ROUND_ROBIN load_assignment: cluster_name: order_api_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: order-api-svc.juwan.svc.cluster.local port_value: 8889 health_checks: - timeout: 3s interval: 10s unhealthy_threshold: 2 healthy_threshold: 2 http_health_check: path: /health admin: access_log_path: /tmp/admin_access.log address: socket_address: address: 0.0.0.0 port_value: 9901 --- apiVersion: v1 kind: Service metadata: name: envoy-gateway namespace: juwan spec: type: LoadBalancer ports: - name: http port: 80 targetPort: 8080 protocol: TCP - name: admin port: 9901 targetPort: 9901 protocol: TCP selector: app: envoy-gateway --- apiVersion: apps/v1 kind: Deployment metadata: name: envoy-gateway namespace: juwan labels: app: envoy-gateway spec: replicas: 2 selector: matchLabels: app: envoy-gateway template: metadata: labels: app: envoy-gateway spec: serviceAccountName: envoy-gateway containers: - name: envoy image: envoyproxy/envoy:v1.27-latest ports: - name: http containerPort: 8080 - name: admin containerPort: 9901 volumeMounts: - name: envoy-config mountPath: /etc/envoy readinessProbe: httpGet: path: /stats port: 9901 initialDelaySeconds: 10 periodSeconds: 5 livenessProbe: httpGet: path: /stats port: 9901 initialDelaySeconds: 10 periodSeconds: 10 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 512Mi volumes: - name: envoy-config configMap: name: envoy-config --- apiVersion: v1 kind: ServiceAccount metadata: name: envoy-gateway namespace: juwan --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: envoy-gateway rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch"] - apiGroups: ["discovery.k8s.io"] resources: ["endpointslices"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: envoy-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: envoy-gateway subjects: - kind: ServiceAccount name: envoy-gateway namespace: juwan --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: envoy-gateway-network-policy namespace: juwan spec: podSelector: matchLabels: app: envoy-gateway policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: {} ports: - protocol: TCP port: 8080 egress: - to: - namespaceSelector: {} ports: - protocol: UDP port: 53 - to: - podSelector: matchLabels: app: user-api - podSelector: matchLabels: app: order-api ports: - protocol: TCP port: 8888 - protocol: TCP port: 8889