From c284a5a11b9f058a68cdd4c1f401fe40182b25ec Mon Sep 17 00:00:00 2001 From: Mihai Laurentiu Bocioroaga Date: Wed, 16 Jul 2025 16:33:20 +0100 Subject: [PATCH 1/4] Added Nginx configuration to separate HTTP and HTTPS traffic --- nginx/nginx.conf | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 nginx/nginx.conf diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..0197395 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,44 @@ +events {} + +http { + server { + listen 80; + server_name localhost; + + location / { + return 404; + } + + location /sample-app/python/health { + proxy_pass http://host.docker.internal:8050; + } + + location /sample-app/python/metrics { + proxy_pass http://host.docker.internal:8050; + } + + location /sample-app/python/hello { + return 301 https://$host$request_uri; + } + } + server { + listen 443 ssl; + server_name localhost; + + ssl_certificate /etc/nginx/certs/server.crt; + ssl_certificate_key /etc/nginx/certs/server.key; + ssl_client_certificate /etc/nginx/certs/ca.crt; + ssl_verify_client on; + ssl_verify_depth 1; + + location / { + return 404; + } + + location /sample-app/python/hello { + proxy_pass http://host.docker.internal:8050; + proxy_set_header X-SSL-Client-Verify $ssl_client_verify; + proxy_set_header X-SSL-Client-DN $ssl_client_s_dn; + } + } +} \ No newline at end of file From 70c190c7cb51b6e6f0a72a489eb3686e36f2bf50 Mon Sep 17 00:00:00 2001 From: Mihai Laurentiu Bocioroaga Date: Thu, 17 Jul 2025 09:41:34 +0100 Subject: [PATCH 2/4] Ignore any test certs which may be in /nginx dir --- .gitattributes | 0 .gitignore | 2 ++ 2 files changed, 2 insertions(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..e69de29 diff --git a/.gitignore b/.gitignore index 68bc17f..a458a08 100644 --- a/.gitignore +++ b/.gitignore @@ -158,3 +158,5 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +nginx/certs/ \ No newline at end of file From 3bfd57efed49dc10fa8dec2402e3b802f3230c75 Mon Sep 17 00:00:00 2001 From: Mihai Laurentiu Bocioroaga Date: Thu, 17 Jul 2025 16:33:06 +0100 Subject: [PATCH 3/4] Added first, incomplete base for adding a Gateway as a reverse proxy --- .../templates/gateway/gateway.yaml | 24 +++++++++++ .../templates/ingress/ingress.yaml | 43 ------------------- .../values.yaml | 12 ------ docker-compose.yaml | 17 ++++++++ nginx/nginx.conf | 6 +-- 5 files changed, 44 insertions(+), 58 deletions(-) create mode 100644 charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml delete mode 100644 charts/eric-oss-hello-world-python-app/templates/ingress/ingress.yaml create mode 100644 docker-compose.yaml diff --git a/charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml b/charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml new file mode 100644 index 0000000..b365143 --- /dev/null +++ b/charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1 +kind: Gateway +metadata: + name: {{ include "eric-oss-hello-world-python-app.name" . }}-gateway + labels: + {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }} + {{- if .Values.labels }} + {{ .Values.labels | toYaml | indent 4 }} + {{- end }} + annotations: + {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} +spec: + selector: + app: service-mesh-ingress-gateway + servers: + - hosts: + - ./eic.stsossflexeic1017-687.stsoss.sero.gic.ericsson.se + port: + name: https + number: 443 + protocol: HTTPS + tls: + mode: MUTUAL + httpsRedirect: true \ No newline at end of file diff --git a/charts/eric-oss-hello-world-python-app/templates/ingress/ingress.yaml b/charts/eric-oss-hello-world-python-app/templates/ingress/ingress.yaml deleted file mode 100644 index ca297c9..0000000 --- a/charts/eric-oss-hello-world-python-app/templates/ingress/ingress.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "eric-oss-hello-world-python-app.name" . -}} -{{- $servicePort := .Values.service.port -}} ---- -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }} - {{- if .Values.labels }} - {{ .Values.labels | toYaml | indent 4 }} - {{- end }} - {{- with .Values.ingress }} - annotations: - {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} - {{- if .annotations }} - {{ .annotations | toYaml | indent 4 }} - {{- end }} - {{- if .ingressClass }} - kubernetes.io/ingress.class: {{.ingressClass }} - {{- end -}} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - - host: {{ .Values.ingress.host }} - http: - paths: - - path: / - backend: - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} -{{- end }} diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 2c4b392..5bb7508 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -45,18 +45,6 @@ service: type: ClusterIP port: 8050 -ingress: - enabled: false - ingressClass: OAM-IngressClass - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - host: "" - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: helloWorld: limits: diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..0f5389b --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,17 @@ +services: + nginx: + image: nginx:stable + ports: + - "80:80" + - "443:443" + volumes: + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ./nginx/certs:/etc/nginx/certs:ro + depends_on: + - eric-oss-hello-world-python-app + + eric-oss-hello-world-python-app: + build: + context: . + ports: + - "8050:8050" diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0197395..391fc50 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -10,11 +10,11 @@ http { } location /sample-app/python/health { - proxy_pass http://host.docker.internal:8050; + proxy_pass http://eric-oss-hello-world-python-app:8050; } location /sample-app/python/metrics { - proxy_pass http://host.docker.internal:8050; + proxy_pass http://eric-oss-hello-world-python-app:8050; } location /sample-app/python/hello { @@ -36,7 +36,7 @@ http { } location /sample-app/python/hello { - proxy_pass http://host.docker.internal:8050; + proxy_pass http://eric-oss-hello-world-python-app:8050; proxy_set_header X-SSL-Client-Verify $ssl_client_verify; proxy_set_header X-SSL-Client-DN $ssl_client_s_dn; } From 52144def5caa1ff986accc6afab4f64dbe854684 Mon Sep 17 00:00:00 2001 From: Mihai Laurentiu Bocioroaga Date: Thu, 24 Jul 2025 11:11:08 +0100 Subject: [PATCH 4/4] Reduced project to minimally deployable state for minikube deployment with istio --- .../Chart.yaml | 2 +- .../authorization_policy.yaml | 24 ++++++++ .../templates/deployment/deployment.yaml | 55 ++++++++++--------- .../destination-rule/destination_rule.yaml | 23 ++++++++ .../templates/gateway/gateway.yaml | 24 -------- .../peer_authentication.yaml | 20 +++++++ .../service-account/service_account.yaml | 2 +- .../templates/service/service.yaml | 10 +++- .../templates/sidecar/sidecar.yaml | 24 ++++++++ .../virtual-service/virtual_service.yaml | 36 ++++++++++++ .../values.yaml | 4 +- nginx/nginx.conf | 44 --------------- 12 files changed, 166 insertions(+), 102 deletions(-) create mode 100644 charts/eric-oss-hello-world-python-app/templates/authorization-policy/authorization_policy.yaml create mode 100644 charts/eric-oss-hello-world-python-app/templates/destination-rule/destination_rule.yaml delete mode 100644 charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml create mode 100644 charts/eric-oss-hello-world-python-app/templates/peer-authentication/peer_authentication.yaml create mode 100644 charts/eric-oss-hello-world-python-app/templates/sidecar/sidecar.yaml create mode 100644 charts/eric-oss-hello-world-python-app/templates/virtual-service/virtual_service.yaml delete mode 100644 nginx/nginx.conf diff --git a/charts/eric-oss-hello-world-python-app/Chart.yaml b/charts/eric-oss-hello-world-python-app/Chart.yaml index 2f6aa4f..609660e 100644 --- a/charts/eric-oss-hello-world-python-app/Chart.yaml +++ b/charts/eric-oss-hello-world-python-app/Chart.yaml @@ -3,4 +3,4 @@ appVersion: "2.0.0" description: IDUN SDK Hello World App name: eric-oss-hello-world-python-app type: application -version: VERSION +version: "0.0.1-0" diff --git a/charts/eric-oss-hello-world-python-app/templates/authorization-policy/authorization_policy.yaml b/charts/eric-oss-hello-world-python-app/templates/authorization-policy/authorization_policy.yaml new file mode 100644 index 0000000..4b2013c --- /dev/null +++ b/charts/eric-oss-hello-world-python-app/templates/authorization-policy/authorization_policy.yaml @@ -0,0 +1,24 @@ +apiVersion: security.istio.io/v1 +kind: AuthorizationPolicy +metadata: + name: {{ include "eric-oss-hello-world-python-app.name" . }}-ap + labels: + {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }} + {{- if .Values.labels }} + {{ .Values.labels | toYaml | indent 4 }} + {{- end }} + annotations: + {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} +spec: + selector: + matchLabels: + app: eric-oss-hello-world-python-app + rules: + - to: + - operation: + ports: ["80"] + paths: ["/sample-app/python/metrics", "/sample-app/python/health"] + - to: + - operation: + ports: ["443"] + paths: ["/sample-app/python/hello"] diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index 4aaea3c..2da1e63 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -9,6 +9,7 @@ metadata: {{- end }} annotations: {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} + sidecar.istio.io/inject: "true" spec: replicas: {{ .Values.replicaCount }} selector: @@ -37,7 +38,7 @@ spec: service.cleartext/scraping: "true" annotations: {{- if not (semverCompare ">=1.30.0" .Capabilities.KubeVersion.GitVersion) }} - container.apparmor.security.beta.kubernetes.io/eric-oss-hello-world-python-app: {{ include "eric-oss-hello-world-python-app.appArmorProfileAnnotation" . | default "runtime/default" }} +{{/* container.apparmor.security.beta.kubernetes.io/eric-oss-hello-world-python-app: {{ include "eric-oss-hello-world-python-app.appArmorProfileAnnotation" . | default "runtime/default" }}*/}} {{- end }} prometheus.io/port: "{{ .Values.service.port }}" prometheus.io/scrape: "{{ .Values.prometheus.scrape }}" @@ -55,27 +56,27 @@ spec: items: - key: LOG_CTRL_FILE path: logcontrol.json - - name: platform-cacerts - secret: - secretName: {{ index .Values "platformCaCertSecretName" | quote }} - defaultMode: 420 - - name: app-certs - secret: - secretName: {{ index .Values "appSecretName" | quote }} - defaultMode: 420 - - name: client-creds - secret: - secretName: {{ include "eric-oss-hello-world-python-app.clientSecret" . | quote }} - defaultMode: 420 +{{/* - name: platform-cacerts*/}} +{{/* secret:*/}} +{{/* secretName: {{ index .Values "platformCaCertSecretName" | quote }}*/}} +{{/* defaultMode: 420*/}} +{{/* - name: app-certs*/}} +{{/* secret:*/}} +{{/* secretName: {{ index .Values "appSecretName" | quote }}*/}} +{{/* defaultMode: 420*/}} +{{/* - name: client-creds*/}} +{{/* secret:*/}} +{{/* secretName: {{ include "eric-oss-hello-world-python-app.clientSecret" . | quote }}*/}} +{{/* defaultMode: 420*/}} containers: - name: eric-oss-hello-world-python-app - image: {{ template "eric-oss-hello-world-python-app.imagePath" (dict "imageId" "eric-oss-hello-world-python-app" "values" .Values "files" .Files) }} + image: python-sample-app-eric-oss-hello-world-python-app imagePullPolicy: {{ include "eric-oss-hello-world-python-app.registryImagePullPolicy" . | quote }} securityContext: - {{- if semverCompare ">=1.30.0" .Capabilities.KubeVersion.GitVersion }} - appArmorProfile: - type: {{ include "eric-oss-hello-world-python-app.appArmorProfile.type" . | default "RuntimeDefault" }} - {{- end }} +{{/* {{- if semverCompare ">=1.30.0" .Capabilities.KubeVersion.GitVersion }} */}} +{{/* appArmorProfile:*/}} +{{/* type: {{ include "eric-oss-hello-world-python-app.appArmorProfile.type" . | default "RuntimeDefault" }}*/}} +{{/* {{- end }}*/}} allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true @@ -87,15 +88,15 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/adp - - name: platform-cacerts - mountPath: {{ index .Values "platformCaCertMountPath" | default .Values.instantiationDefaults.platformCaCertMountPath | quote }} - readOnly: true - - name: app-certs - mountPath: {{ index .Values "appCertMountPath" | default .Values.instantiationDefaults.appCertMountPath | quote }} - readOnly: true - - name: client-creds - mountPath: {{ index .Values "clientCredsMountPath" | default .Values.instantiationDefaults.clientCredsMountPath | quote }} - readOnly: true +{{/* - name: platform-cacerts*/}} +{{/* mountPath: {{ index .Values "platformCaCertMountPath" | default .Values.instantiationDefaults.platformCaCertMountPath | quote }}*/}} +{{/* readOnly: true*/}} +{{/* - name: app-certs*/}} +{{/* mountPath: {{ index .Values "appCertMountPath" | default .Values.instantiationDefaults.appCertMountPath | quote }}*/}} +{{/* readOnly: true*/}} +{{/* - name: client-creds*/}} +{{/* mountPath: {{ index .Values "clientCredsMountPath" | default .Values.instantiationDefaults.clientCredsMountPath | quote }}*/}} +{{/* readOnly: true*/}} env: - name: IAM_CLIENT_ID value: {{ index .Values "clientId" | quote }} diff --git a/charts/eric-oss-hello-world-python-app/templates/destination-rule/destination_rule.yaml b/charts/eric-oss-hello-world-python-app/templates/destination-rule/destination_rule.yaml new file mode 100644 index 0000000..dc72e1a --- /dev/null +++ b/charts/eric-oss-hello-world-python-app/templates/destination-rule/destination_rule.yaml @@ -0,0 +1,23 @@ +{{/*apiVersion: networking.istio.io/v1*/}} +{{/*kind: DestinationRule*/}} +{{/*metadata:*/}} +{{/* name: {{ include "eric-oss-hello-world-python-app.name" . }}-pa*/}} +{{/* labels:*/}} +{{/* {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }}*/}} +{{/* {{- if .Values.labels }}*/}} +{{/* {{ .Values.labels | toYaml | indent 4 }}*/}} +{{/* {{- end }}*/}} +{{/* annotations:*/}} +{{/* {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }}*/}} +{{/*spec:*/}} +{{/* host: eric-oss-hello-world-python-app*/}} +{{/* trafficPolicy:*/}} +{{/* portLevelSettings:*/}} +{{/* - port:*/}} +{{/* number: 80*/}} +{{/* tls:*/}} +{{/* mode: DISABLE*/}} +{{/* - port:*/}} +{{/* number: 443*/}} +{{/* tls:*/}} +{{/* mode: ISTIO_MUTUAL*/}} \ No newline at end of file diff --git a/charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml b/charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml deleted file mode 100644 index b365143..0000000 --- a/charts/eric-oss-hello-world-python-app/templates/gateway/gateway.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.istio.io/v1 -kind: Gateway -metadata: - name: {{ include "eric-oss-hello-world-python-app.name" . }}-gateway - labels: - {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }} - {{- if .Values.labels }} - {{ .Values.labels | toYaml | indent 4 }} - {{- end }} - annotations: - {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} -spec: - selector: - app: service-mesh-ingress-gateway - servers: - - hosts: - - ./eic.stsossflexeic1017-687.stsoss.sero.gic.ericsson.se - port: - name: https - number: 443 - protocol: HTTPS - tls: - mode: MUTUAL - httpsRedirect: true \ No newline at end of file diff --git a/charts/eric-oss-hello-world-python-app/templates/peer-authentication/peer_authentication.yaml b/charts/eric-oss-hello-world-python-app/templates/peer-authentication/peer_authentication.yaml new file mode 100644 index 0000000..e9d1e0f --- /dev/null +++ b/charts/eric-oss-hello-world-python-app/templates/peer-authentication/peer_authentication.yaml @@ -0,0 +1,20 @@ +{{/*apiVersion: security.istio.io/v1*/}} +{{/*kind: PeerAuthentication*/}} +{{/*metadata:*/}} +{{/* name: {{ include "eric-oss-hello-world-python-app.name" . }}-pa*/}} +{{/* labels:*/}} +{{/* {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }}*/}} +{{/* {{- if .Values.labels }}*/}} +{{/* {{ .Values.labels | toYaml | indent 4 }}*/}} +{{/* {{- end }}*/}} +{{/* annotations:*/}} +{{/* {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }}*/}} +{{/*spec:*/}} +{{/* selector:*/}} +{{/* matchLabels:*/}} +{{/* app: eric-oss-hello-world-python-app*/}} +{{/* mtls:*/}} +{{/* mode: STRICT*/}} +{{/* portLevelMtls:*/}} +{{/* 80:*/}} +{{/* mode: DISABLE*/}} diff --git a/charts/eric-oss-hello-world-python-app/templates/service-account/service_account.yaml b/charts/eric-oss-hello-world-python-app/templates/service-account/service_account.yaml index f8950c7..8d6ef8d 100644 --- a/charts/eric-oss-hello-world-python-app/templates/service-account/service_account.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/service-account/service_account.yaml @@ -8,5 +8,5 @@ metadata: {{ .Values.labels | toYaml | indent 4 }} {{- end }} annotations: - {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} + {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} automountServiceAccountToken: false diff --git a/charts/eric-oss-hello-world-python-app/templates/service/service.yaml b/charts/eric-oss-hello-world-python-app/templates/service/service.yaml index d90cef5..d4ffd97 100644 --- a/charts/eric-oss-hello-world-python-app/templates/service/service.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/service/service.yaml @@ -8,17 +8,21 @@ metadata: {{ .Values.labels | toYaml | indent 4 }} {{- end }} annotations: -{{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} + {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} spec: type: {{ .Values.service.type }} {{- if .Values.global.internalIPFamily }} ipFamilies: [{{ .Values.global.internalIPFamily }}] {{- end }} ports: - - port: {{ .Values.service.port }} - targetPort: 8050 + - port: 80 + targetPort: 80 protocol: TCP name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https selector: app.kubernetes.io/name: {{ include "eric-oss-hello-world-python-app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/eric-oss-hello-world-python-app/templates/sidecar/sidecar.yaml b/charts/eric-oss-hello-world-python-app/templates/sidecar/sidecar.yaml new file mode 100644 index 0000000..902e336 --- /dev/null +++ b/charts/eric-oss-hello-world-python-app/templates/sidecar/sidecar.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1 +kind: Sidecar +metadata: + name: {{ include "eric-oss-hello-world-python-app.name" . }}-sc + labels: + {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }} + {{- if .Values.labels }} + {{ .Values.labels | toYaml | indent 4 }} + {{- end }} + annotations: + {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} +spec: + workloadSelector: + labels: + app: eric-oss-hello-world-python-app + ingress: + - port: + number: 80 + protocol: HTTP + defaultEndpoint: 127.0.0.1:8050 + - port: + number: 443 + protocol: HTTP + defaultEndpoint: 127.0.0.1:8050 diff --git a/charts/eric-oss-hello-world-python-app/templates/virtual-service/virtual_service.yaml b/charts/eric-oss-hello-world-python-app/templates/virtual-service/virtual_service.yaml new file mode 100644 index 0000000..08f6b74 --- /dev/null +++ b/charts/eric-oss-hello-world-python-app/templates/virtual-service/virtual_service.yaml @@ -0,0 +1,36 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "eric-oss-hello-world-python-app.name" . }}-pa + labels: + {{- include "eric-oss-hello-world-python-app.labels" . | indent 4 }} + {{- if .Values.labels }} + {{ .Values.labels | toYaml | indent 4 }} + {{- end }} + annotations: + {{- include "eric-oss-hello-world-python-app.product-info" . | indent 4 }} +spec: + hosts: + - eric-oss-hello-world-python-app + http: + - match: + - port: 80 + uri: + prefix: /sample-app/python/metrics + - port: 80 + uri: + prefix: /sample-app/python/health + route: + - destination: + host: eric-oss-hello-world-python-app + port: + number: 80 + - match: + - port: 443 + uri: + prefix: /sample-app/python/hello + route: + - destination: + host: eric-oss-hello-world-python-app + port: + number: 443 diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 5bb7508..c921228 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -34,8 +34,8 @@ fullnameOverride: "" # unconfined - Indicates that there is no profile loaded. # runtime/default - Applies the default profile of the container engine. # localhost - Applies a specific profile loaded on the host -appArmorProfile: - type: "RuntimeDefault" +#appArmorProfile: +# type: "RuntimeDefault" seccompProfile: type: "RuntimeDefault" diff --git a/nginx/nginx.conf b/nginx/nginx.conf deleted file mode 100644 index 391fc50..0000000 --- a/nginx/nginx.conf +++ /dev/null @@ -1,44 +0,0 @@ -events {} - -http { - server { - listen 80; - server_name localhost; - - location / { - return 404; - } - - location /sample-app/python/health { - proxy_pass http://eric-oss-hello-world-python-app:8050; - } - - location /sample-app/python/metrics { - proxy_pass http://eric-oss-hello-world-python-app:8050; - } - - location /sample-app/python/hello { - return 301 https://$host$request_uri; - } - } - server { - listen 443 ssl; - server_name localhost; - - ssl_certificate /etc/nginx/certs/server.crt; - ssl_certificate_key /etc/nginx/certs/server.key; - ssl_client_certificate /etc/nginx/certs/ca.crt; - ssl_verify_client on; - ssl_verify_depth 1; - - location / { - return 404; - } - - location /sample-app/python/hello { - proxy_pass http://eric-oss-hello-world-python-app:8050; - proxy_set_header X-SSL-Client-Verify $ssl_client_verify; - proxy_set_header X-SSL-Client-DN $ssl_client_s_dn; - } - } -} \ No newline at end of file