-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathapprouter.yaml
142 lines (142 loc) · 4.16 KB
/
approuter.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
apiVersion: apps/v1
kind: Deployment
metadata:
name: day2-approuter
namespace: day2-operations
spec:
selector:
matchLabels:
app: day2-approuter
template:
metadata:
labels:
app: day2-approuter
spec:
imagePullSecrets:
- name: registry-secret # replace with your own registry secret
containers:
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
name: day2-approuter
env:
- name: destinations
valueFrom:
configMapKeyRef:
name: destinations-config
key: destinations
- name: CLUSTER_DOMAIN
valueFrom:
configMapKeyRef:
key: cluster-domain
name: cluster-domain
volumeMounts:
- name: xsuaa-volume
mountPath: "/etc/secrets/sapcp/xsuaa/xsuaaserviceinstance"
readOnly: true
volumes:
- name: xsuaa-volume
secret:
secretName: xsuaa-service-binding
---
apiVersion: v1
kind: Service
metadata:
name: day2-approuter
namespace: day2-operations
labels:
app: day2-approuter
spec:
type: NodePort
ports:
- port: 5000
selector:
app: day2-approuter
---
apiVersion: gateway.kyma-project.io/v1beta1
kind: APIRule
metadata:
name: day2-approuter-apirule
namespace: day2-operations
spec:
gateway: kyma-gateway.kyma-system.svc.cluster.local
host: day2-ui # url for provider subaccount, adapt to your own subdomain
service:
name: day2-approuter
port: 5000
rules:
- path: /.*
methods: ["GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"]
mutators:
- handler: header
config:
headers:
x-forwarded-host: day2-ui.{{ .Values.clusterdomain }} # adapt to your Kyma cluster
accessStrategies:
- handler: noop
---
apiVersion: v1
kind: ConfigMap
metadata:
name: destinations-config
namespace: day2-operations
data:
# two alternatives: # adapt to your Kyma cluster
# 1. use (external) service url provided by Kyma APIRule (JWT enabled) (see application "deployment.yaml" APIRule)
# destinations: |
# [
# {"name":"broker","url":"https://broker.<cluster-domain>","forwardAuthToken" : true}
# ]
# 2. use cluster internal service url: note that internal service naming follows http://<service-name>.<namespace>.svc.cluster.local:<service-port>
# make sure "namespace" of the broker is adapted when deploying to different namespace
destinations: |
[
{"name":"ui","url":"http://day2-ui.day2-operations.svc.cluster.local:80","forwardAuthToken" : true},
{"name":"day2-service","url":"http://day2-service.day2-operations.svc.cluster.local:8091","forwardAuthToken" : true}
]
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-domain
namespace: day2-operations
data:
cluster-domain: {{ .Values.clusterdomain }} ## adapt to your Kyma cluster
---
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
name: xsuaa-service
namespace: day2-operations
spec:
serviceOfferingName: xsuaa
servicePlanName: broker # https://jam4.sapjam.com/blogs/show/2dxT4cVGxTXZRJT0D1DQQM
externalName: xsuaa-service-external
parameters:
xsappname: day2-operations
tenant-mode: dedicated # use "shared" for multi-tenant application
scopes:
- name: $XSAPPNAME.operator
description: Easy Franchise Day 2 Operator
role-templates:
- name: operator
description: Easy Franchise Day 2 Operator Role-Template
scope-references: [$XSAPPNAME.operator]
role-collections:
- name: Easy Franchise Day 2 Operator
description: Easy Franchise day 2 Operator Role-Collection
role-template-references: [$XSAPPNAME.operator]
oauth2-configuration:
redirect-uris:
- https://*.{{ .Values.clusterdomain }}/**
- http://localhost:5000/login/callback
token-validity: 900
---
apiVersion: services.cloud.sap.com/v1
kind: ServiceBinding
metadata:
name: xsuaa-service-binding
namespace: day2-operations
spec:
serviceInstanceName: xsuaa-service
externalName: xsuaa-service-external
secretName: xsuaa-service-binding
---