Azure-Samples · russd2357 · Nov 8, 2024 · Oct 22, 2024 · Oct 23, 2024 · Oct 25, 2024
@@ -25,7 +25,7 @@ const pageTitle = 'MOAW - All Workshops';
   imports: [CommonModule, HeaderComponent, FooterComponent, LoaderComponent, ChipComponent, CardComponent],
   template: `
     <div class="full-viewport">
-      <app-header logo="images/aks-logo-full.png" logoUrl="" [links]="links"></app-header>
+      <app-header logo="images/aks-logo.png" logoUrl="" [links]="links"></app-header>
       <div class="content bg-light">
         <main id="${mainScrollableId}" class="scrollable">
           <section class="hero">

@@ -239,19 +239,10 @@ export class HomeComponent {
 
   // TODO: Extract from tags
   keywords = [
-    'JavaScript',
-    'C#',
     'cloud computing',
-    '.NET',
-    'machine learning',
-    'Python',
-    'serverless',
-    'HTML',
-    'CSS',
-    'APIs',
-    'IoT',
-    'databases',
+    'cloud native',
     'containers',
-    'quantum computing'
+    'Kubernetes',
+    'Azure Kubernetes Service',
   ];
 }
@@ -0,0 +1,234 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: hubble-ui
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hubble-ui
+  labels:
+    app.kubernetes.io/part-of: retina
+rules:
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - componentstatuses
+      - endpoints
+      - namespaces
+      - nodes
+      - pods
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cilium.io
+    resources:
+      - "*"
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: hubble-ui
+  labels:
+    app.kubernetes.io/part-of: retina
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: hubble-ui
+subjects:
+  - kind: ServiceAccount
+    name: hubble-ui
+    namespace: kube-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-ui-nginx
+  namespace: kube-system
+data:
+  nginx.conf: |
+    server {
+        listen       8081;
+        server_name  localhost;
+        root /app;
+        index index.html;
+        client_max_body_size 1G;
+        location / {
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            # CORS
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, HEAD, DELETE, OPTIONS";
+            add_header Access-Control-Allow-Origin *;
+            add_header Access-Control-Max-Age 1728000;
+            add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;
+            add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;
+            if ($request_method = OPTIONS) {
+                return 204;
+            }
+            # /CORS
+            location /api {
+                proxy_http_version 1.1;
+                proxy_pass_request_headers on;
+                proxy_hide_header Access-Control-Allow-Origin;
+                proxy_pass http://127.0.0.1:8090;
+            }
+            location / {
+                try_files $uri $uri/ /index.html /index.html;
+            }
+            # Liveness probe
+            location /healthz {
+                access_log off;
+                add_header Content-Type text/plain;
+                return 200 'ok';
+            }
+        }
+    }
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: hubble-ui
+  namespace: kube-system
+  labels:
+    k8s-app: hubble-ui
+    app.kubernetes.io/name: hubble-ui
+    app.kubernetes.io/part-of: retina
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: hubble-ui
+  template:
+    metadata:
+      labels:
+        k8s-app: hubble-ui
+        app.kubernetes.io/name: hubble-ui
+        app.kubernetes.io/part-of: retina
+    spec:
+      serviceAccount: hibble-ui
+      serviceAccountName: hubble-ui
+      automountServiceAccountToken: true
+      containers:
+      - name: frontend
+        image: mcr.microsoft.com/oss/cilium/hubble-ui:v0.12.2   
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 8081
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8081
+        resources: {}
+        volumeMounts:
+        - name: hubble-ui-nginx-conf
+          mountPath: /etc/nginx/conf.d/default.conf
+          subPath: nginx.conf
+        - name: tmp-dir
+          mountPath: /tmp
+        terminationMessagePolicy: FallbackToLogsOnError
+        securityContext: {}
+      - name: backend
+        image: mcr.microsoft.com/oss/cilium/hubble-ui-backend:v0.12.2
+        imagePullPolicy: Always
+        env:
+        - name: EVENTS_SERVER_PORT
+          value: "8090"
+        - name: FLOWS_API_ADDR
+          value: "hubble-relay:443"
+        - name: TLS_TO_RELAY_ENABLED
+          value: "true"
+        - name: TLS_RELAY_SERVER_NAME
+          value: ui.hubble-relay.cilium.io
+        - name: TLS_RELAY_CA_CERT_FILES
+          value: /var/lib/hubble-ui/certs/hubble-relay-ca.crt
+        - name: TLS_RELAY_CLIENT_CERT_FILE
+          value: /var/lib/hubble-ui/certs/client.crt
+        - name: TLS_RELAY_CLIENT_KEY_FILE
+          value: /var/lib/hubble-ui/certs/client.key
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8090
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8090
+        ports:
+        - name: grpc
+          containerPort: 8090
+        resources: {}
+        volumeMounts:
+        - name: hubble-ui-client-certs
+          mountPath: /var/lib/hubble-ui/certs
+          readOnly: true
+        terminationMessagePolicy: FallbackToLogsOnError
+        securityContext: {}
+      nodeSelector:
+        kubernetes.io/os: linux 
+      volumes:
+      - configMap:
+          defaultMode: 420
+          name: hubble-ui-nginx
+        name: hubble-ui-nginx-conf
+      - emptyDir: {}
+        name: tmp-dir
+      - name: hubble-ui-client-certs
+        projected:
+          defaultMode: 0400
+          sources:
+          - secret:
+              name: hubble-relay-client-certs
+              items:
+                - key: tls.crt
+                  path: client.crt
+                - key: tls.key
+                  path: client.key
+                - key: ca.crt
+                  path: hubble-relay-ca.crt
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: hubble-ui
+  namespace: kube-system
+  labels:
+    k8s-app: hubble-ui
+    app.kubernetes.io/name: hubble-ui
+    app.kubernetes.io/part-of: retina
+spec:
+  type: ClusterIP
+  selector:
+    k8s-app: hubble-ui
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8081
@@ -0,0 +1,30 @@
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-store-front-traffic
+spec:
+  endpointSelector:
+    matchLabels:
+      app: store-front
+  ingress:
+    - fromEntities:
+        - world # Allow external traffic to store-front via LoadBalancer.
+      toPorts:
+        - ports:
+            - port: "8080"
+              protocol: TCP
+  egress:
+    - toEndpoints:
+        - matchLabels:
+            app: order-service
+      toPorts:
+        - ports:
+            - port: "3000"
+              protocol: TCP
+    - toEndpoints:
+        - matchLabels:
+            app: product-service
+      toPorts:
+        - ports:
+            - port: "3002"
+              protocol: TCP
@@ -0,0 +1,25 @@
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-store-front-traffic
+spec:
+  endpointSelector:
+    matchLabels:
+      app: store-front
+  ingress:
+    - fromEndpoints: []
+  egress:
+    - toEndpoints:
+        - matchLabels:
+            app: order-service
+      toPorts:
+        - ports:
+            - port: "3000"
+              protocol: TCP
+    - toEndpoints:
+        - matchLabels:
+            app: product-service
+      toPorts:
+        - ports:
+            - port: "3002"
+              protocol: TCP
@@ -0,0 +1,34 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-order-service-traffic
+spec:
+  endpointSelector:
+    matchLabels:
+      app: order-service
+  egress:
+    - toEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: kube-system
+            k8s-app: kube-dns
+        - matchLabels:
+            io.kubernetes.pod.namespace: pets
+            app: rabbitmq
+      toPorts:
+        - ports:
+            - port: "53"
+              protocol: UDP
+          rules:
+            dns:
+              - matchPattern: "rabbitmq.pets.svc.cluster.local"
+              - matchPattern: "*.microsoft.com"
+              - matchPattern: "*.microsoft.com.cluster.local"
+              - matchPattern: "*.microsoft.com.pets.svc.cluster.local"
+              - matchPattern: "*.microsoft.com.*.*.internal.cloudapp.net"
+              - matchPattern: "*.microsoft.com.svc.cluster.local"
+    - toFQDNs:
+        - matchPattern: "*.microsoft.com"
+      toPorts:
+        - ports:
+            - port: "443"
+              protocol: TCP