apiVersion: apps/v1 kind: Deployment metadata: name: rapp-opa-provider-deployment namespace: istio-nonrtric labels: app: rapp-opa-provider app.kubernetes.io/name: rapp-opa-provider spec: selector: matchLabels: app: rapp-opa-provider template: metadata: labels: app: rapp-opa-provider version: v1 spec: containers: - name: rapp-opa-provider image: ktimoney/rapps-rapp-opa-provider:latest imagePullPolicy: IfNotPresent ports: - name: http containerPort: 9000 resources: limits: memory: 256Mi cpu: "250m" requests: memory: 128Mi cpu: "80m" replicas: 1 --- apiVersion: v1 kind: Service metadata: name: rapp-opa-provider namespace: istio-nonrtric labels: app: rapp-opa-provider app.kubernetes.io/name: rapp-opa-provider spec: selector: app: rapp-opa-provider ports: - name: http port: 80 targetPort: 9000 nodePort: 31990 type: NodePort --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: opa-gateway spec: selector: istio: ingressgateway # use istio default controller servers: - port: number: 80 name: http protocol: HTTP hosts: - "*" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: rapp-opa spec: hosts: - "*" gateways: - opa-gateway http: - match: - uri: prefix: /rapp-opa-provider name: rapp-opa-provider-routes route: - destination: host: rapp-opa-provider.istio-nonrtric.svc.cluster.local port: number: 80 --- apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: rapp-opa-provider-opa namespace: istio-nonrtric spec: selector: matchLabels: app: rapp-opa-provider action: CUSTOM provider: name: "opa-default-grpc" rules: - to: - operation: paths: ["/rapp-opa-provider"]