@rugal/pulumi-stratus v1.0.7

stratus component resource

Usage

1. install dependency

   yarn add @dep/gke @rugal/pulumi-istio

2. create k8s namespace along with Istio gateway

   import * as stratus from "@rugal/pulumi-stratus";
   
   import {
     clusterProvider,
     gcpServiceAccount,
     hosts,
     namespace,
   } from "./config";
   
   export const ns = new stratus.kubernetes.Namespace(namespace, {
     hosts,
   }, { provider: clusterProvider });
   
   export const k8sServiceAccount = new stratus.kubernetes.ServiceAccount("service-account-name", {
     email: gcpServiceAccount,
     namespace: ns.namespace.metadata.name,
   }, { provider: clusterProvider });

3. use Service ComponentResource Create a minimum service that the container is using port 80. Remember the Kubernetes service created internally will always listen on 80, irregardless of the container port.

   new stratus.kubernetes.Service("minimum", {
     containerPort: 8000,
     hosts: ["example.com"],
     image: "gcr.io/istio-testing/ext-authz:0.7",
     namespace,
   }, { provider: clusterProvider });

   Create a service that use ConfigMap as environment variable source.

   const configMapName = "springprofile";
   export const configMap = new k8s.core.v1.ConfigMap(configMapName, {
     data: {
       "SPRING_PROFILES_ACTIVE": "development",
     },
     metadata: {
       name: configMapName,
       namespace,
     },
   }, { provider: clusterProvider });
   
   new stratus.kubernetes.Service("", {
     configMap: configMap.metadata.name,
     containerPort: 8000,
     hosts: ["example.com"],
     image: "gcr.io/istio-testing/ext-authz:0.7",
     namespace,
   }, { provider: clusterProvider });

   Create a service that configured with AuthorizationPolicy

   new stratus.kubernetes.Service("helloserver", {
     authorizationPolicy: {
       action: "CUSTOM",
       provider: {
         name: "validation-proxy",
       },
       rules: [
         {
           to: [
             {
               operation: {
                 paths: ["/test"],
               },
             },
           ],
         },
       ],
       selector: {
         matchLabels: { "mealary/require-jws": "true" },
       },
     },
     configMap: configMapName,
     hosts: ["test.com"],
     image: "gcr.io/google-samples/istio/helloserver:v0.0.1",
     namespace,
   }, { provider: clusterProvider });

4. use ServiceAccount ComponentResource

   import Account from "@dep/gke";
   
   const serviceAccount = new ServiceAccount("stratus", { });

Release new version

yarn build && yarn publish bin --access public