Simplified RBAC, changed from Load Balancer to Ingress + IP

k8s/create-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: testing

k8s/create-prod-namespace-and-role.yaml → k8s/create-service-account-and-token.yaml

@@ -1,19 +1,23 @@
 apiVersion: v1
-kind: Namespace
+kind: ServiceAccount
 metadata:
-  name: prod  
+  name: octopus-svc-account
+  namespace: default
 ---
 apiVersion: v1
-kind: ServiceAccount
+kind: Secret
 metadata:
-  name: octopus-prod
-  namespace: prod
+  name: octopus-svc-account-token
+  namespace: default
+  annotations:
+    kubernetes.io/service-account.name: octopus-svc-account
+type: kubernetes.io/service-account-token
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: octopus-prod-role
-  namespace: prod
+  name: octopus-svc-account-role
+  namespace: default
 rules:
   - apiGroups:
         - ""
@@ -23,7 +27,7 @@ rules:
         - extensions
         - policy
         - rbac.authorization.k8s.io
-        - secret
+        - secrets        
     resources:
       - pods
       - componentstatuses
@@ -52,12 +56,12 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: octopus-prod-role-binding
+  name: octopus-namespace-role-binding
 subjects:
-- namespace: prod
+- namespace: default
   kind: ServiceAccount
-  name: octopus-prod
+  name: octopus-svc-account
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: octopus-prod-role
+  name: octopus-svc-account-role

k8s/trident-app.yaml

@@ -37,13 +37,32 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: trident-loadbalancer-service
+  name: trident-app-cluster-ip-service
 spec:
+  type: ClusterIP
   selector:
     component: trident-web
   ports:
-    - port: 5000
-      targetPort: 5000
-      name: http-port
-  type: LoadBalancer
+    - port: 6800
+      targetPort: 5000  
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: trident-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+spec:
+  rules:
+    - host: trident.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: trident-app-cluster-ip-service
+                port:
+                  number: 6800
+
 

src/Trident.sln

@@ -8,13 +8,8 @@ EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "K8s", "K8s", "{742F9EEC-0930-416A-9EC0-AEB915E0B2F0}"
 	ProjectSection(SolutionItems) = preProject
 		..\k8s\create-dev-namespace-and-role.yaml = ..\k8s\create-dev-namespace-and-role.yaml
-		..\k8s\create-dev-service-account-token.yaml = ..\k8s\create-dev-service-account-token.yaml
-		..\k8s\create-prod-namespace-and-role.yaml = ..\k8s\create-prod-namespace-and-role.yaml
-		..\k8s\create-prod-service-account-token.yaml = ..\k8s\create-prod-service-account-token.yaml
-		..\k8s\create-staging-namespace-and-role.yaml = ..\k8s\create-staging-namespace-and-role.yaml
-		..\k8s\create-staging-service-account-token.yaml = ..\k8s\create-staging-service-account-token.yaml
-		..\k8s\create-test-namespace-and-role.yaml = ..\k8s\create-test-namespace-and-role.yaml
-		..\k8s\create-test-service-account-token.yaml = ..\k8s\create-test-service-account-token.yaml
+		..\k8s\create-namespace.yaml = ..\k8s\create-namespace.yaml
+		..\k8s\create-service-account-and-token.yaml = ..\k8s\create-service-account-and-token.yaml
 		..\k8s\trident-app.yaml = ..\k8s\trident-app.yaml
 	EndProjectSection
 EndProject