Template files

Author: Uritassa

.dockerignore

@@ -0,0 +1,8 @@
+iac
+kubernetes
+__init__.py
+__pycache__
+.dockerignore
+Dockerfile
+README.md
+.github

.github/workflows/cd.yaml

@@ -0,0 +1,84 @@
+name: CD Pipeline
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+      working_directory:
+        required: true
+        type: string
+      image:
+        required: true
+        type: string
+jobs:
+  cd:
+    environment: 
+      name: ${{ inputs.environment }}
+    name: Deploy to Kubernetes cluster
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ inputs.working_directory }}
+
+    steps:
+        
+      - name:  Checkout Repository 
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: "false"
+
+      - name: Configure AWS credentials from AWS account
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE }}
+          aws-region: ${{ vars.AWS_REGION }}
+          role-session-name: Github-OIDC
+
+      - name:  Configure kubectl for Amazon EKS 
+        run: aws eks --region ${{ vars.AWS_REGION }} update-kubeconfig --name ${{ vars.K8S_CLUSTER_NAME }}
+
+
+      - name: Update Kubernetes Manifests
+        working-directory: ${{ inputs.working_directory }}/${{ inputs.environment }}
+        env:
+          IMAGE: ${{ inputs.image }}
+        run: |
+          echo "Updating Kubernetes manifest with new image: $IMAGE"
+          sed -i '/image:/s|image:.*|image: '"${{ inputs.image }}"'|' deployment.yaml
+          echo "Updated deployment.yaml:"
+
+      - name: Commit and Push Changes to ${{ github.ref_name }} Branch
+        working-directory: ${{ inputs.working_directory }}/${{ inputs.environment }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          git config user.name "github-actions"
+          git config user.email "github-actions@users.noreply.github.com"
+          git remote set-url origin https://${GITHUB_TOKEN}@github.com/${{ github.repository }}
+
+          # echo "Checking out or creating the ${{ github.ref_name }} branch..."
+          # git checkout ${{ github.ref_name }} || git checkout -b ${{ github.ref_name }}
+
+          echo "Staging changes..."
+          git add deployment.yaml
+
+          echo "Checking for changes..."
+          if git diff --cached --quiet; then
+            echo "No changes to commit."
+          else
+            echo "Changes detected. Committing..."
+            git commit -m "Update image to ${{ inputs.image }}"
+
+            echo "Pushing changes to ${{ github.ref_name }} branch..."
+            git push origin ${{ github.ref_name }}
+          fi
+
+      - name: Deploy ArgoCD Application 
+        working-directory: ${{ inputs.working_directory }}/${{ inputs.environment }}/gitops
+        run: |
+          echo "Deploying ArgoCD application..."
+          kubectl apply -f application.yaml
+          echo "ArgoCD application deployed successfully."

.github/workflows/ci.yaml

@@ -0,0 +1,83 @@
+name: CI Pipeline
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+      ecr_repository: 
+        required: true
+        type: string
+      working_directory:
+        required: true
+        type: string
+      image_version:
+        required: true
+        type: string
+    outputs:
+      image_output:
+        value: ${{ jobs.ci.outputs.image_output }}
+
+
+jobs:
+  ci:
+    environment: 
+      name: ${{ inputs.environment }}
+    name: Build, Scan, and Push Docker Image   
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ inputs.working_directory }}
+    outputs:
+      image_output: ${{ steps.build.outputs.image }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.aws_role }}
+          aws-region: ${{ vars.aws_region }}
+          role-session-name: Github-OIDC
+
+      - name: Login to Amazon ECR Private
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Generate image tag 
+        id: generate-date
+        run: |
+          VERSION="${{ inputs.image_version }}"
+          TAG="$VERSION"
+          echo "TAG=$TAG" >> $GITHUB_ENV
+
+
+      - name: Build Docker Image 
+        id: build
+        env:
+          ECR: ${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr_repository }}
+          TAG: ${{ env.TAG }}
+        run: |
+          docker build -t $ECR:$TAG .
+          echo "image=$ECR:$TAG" >> $GITHUB_ENV
+          echo "image=$ECR:$TAG" >> $GITHUB_OUTPUT
+  
+      - name: Scan Image with Trivy 
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.build.outputs.image }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
+        env:
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2,public.ecr.aws/aquasecurity/trivy-db:2
+    
+      - name: Push Docker Image 
+        id: push
+        if: success()
+        run: docker push ${{ env.image }}

.github/workflows/iac.yaml

@@ -0,0 +1,104 @@
+name: IaC Pipeline
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Select environment target'
+        required: true
+        type: choice
+        options:
+          - dev
+      working_directory:
+        description: 'Select working directory target'
+        required: true
+        type: choice
+        options:
+          - './iac/dev/'
+      cloud_resource_name:
+        description: 'Choose a cloud resource name'
+        required: true
+        type: string
+      terraform_version:
+        description: 'Choose Terraform version'
+        required: true
+        type: choice
+        options:
+          - 1.9.8
+      terragrunt_version:
+        description: 'Choose Terragrunt version'
+        required: true
+        type: choice
+        options:
+          - 0.68.10
+
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+      working_directory:
+        required: true
+        type: string
+      cloud_resource_name:
+        required: true
+        type: string
+      terraform_version:
+        required: true
+        type: string
+      terragrunt_version:
+        required: true
+        type: string
+
+jobs:
+  iac:
+    name: Creating cloud resources
+    environment: 
+      name: ${{ inputs.environment }}
+    env:
+      AWS_REGION: ${{ vars.aws_region }}
+      DYNAMODB_TABLE: ${{ vars.dynamodb_table}}
+      BUCKET_REGION: ${{ vars.bucket_region }}
+      BUCKET_NAME: ${{ vars.bucket_name }}
+      ENV: ${{ inputs.environment }}
+      NAME: ${{ inputs.cloud_resource_name || github.event.repository.name }}
+      TEMPLATE_SECRET: ${{ secrets.TEMPLATE }}
+
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ inputs.working_directory }}
+    steps:
+    - name: ==== Git checkout ====
+      uses: actions/checkout@v4
+
+    - name: ==== Configure AWS ====
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.aws_role }}
+        aws-region: ${{ vars.aws_region }}
+        role-session-name: Github-OIDC
+
+    - name: Setup Terragrunt ${{ inputs.terragrunt_version }}
+      run: |
+          wget https://github.com/gruntwork-io/terragrunt/releases/download/v${{ inputs.terragrunt_version }}/terragrunt_linux_amd64
+          mv terragrunt_linux_amd64 terragrunt
+          chmod +x terragrunt
+          sudo mv terragrunt /usr/local/bin/
+          terragrunt -v
+ 
+    - name: Install Helm 
+      run: |
+        curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+        
+    - name: Terragrunt Init 
+      id: init    
+      run: terragrunt run-all init -terragrunt-non-interactive
+
+    - name: Terragrunt plan 
+      id: plan  
+      run: terragrunt run-all plan -terragrunt-non-interactive
+
+    - name: Terragrunt apply 
+      id: apply  
+      run: terragrunt run-all apply -terragrunt-non-interactive

.github/workflows/main.yaml

@@ -0,0 +1,58 @@
+name: CI/CD Main Pipeline
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Select environment target'
+        required: true
+        type: choice
+        options:
+          - dev
+
+  push:
+    branches: 
+      - main
+    paths-ignore:
+      - 'k8s/**'
+      - 'iac/**'
+      - '.github/**'
+  workflow_run:
+      workflows: [CI/CD Release Pipeline]
+      types: [completed]
+
+jobs:
+  iac:
+    uses: ./.github/workflows/iac.yaml
+    permissions:
+      id-token: write
+      contents: read
+    with:
+      environment: ${{ github.event.inputs.environment || 'dev' }}
+      working_directory: ./iac/dev/
+      cloud_resource_name: ${{ github.event.repository.name }}-${{ github.event.inputs.environment || 'dev' }}
+      terraform_version: 1.9.8
+      terragrunt_version: 0.68.10
+    secrets: inherit 
+  ci:
+    needs: iac
+    uses: ./.github/workflows/ci.yaml
+    permissions:
+      id-token: write
+      contents: read
+    with:
+        environment: ${{ github.event.inputs.environment || 'dev' }}
+        working_directory: ./ 
+        ecr_repository: "${{ github.event.repository.name }}-${{ github.event.inputs.environment || 'dev' }}"
+        image_version: ${{ github.run_id }}
+    secrets: inherit
+  cd:          
+    needs: ci
+    uses: ./.github/workflows/cd.yaml
+    permissions:
+      id-token: write
+      contents: write
+    with:
+        environment: ${{ github.event.inputs.environment || 'dev' }}
+        working_directory: ./k8s
+        image: ${{ needs.ci.outputs.image_output }}
+    secrets: inherit

.github/workflows/pr_validation.yaml

@@ -0,0 +1,62 @@
+name: Pull request validation
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - '.github/**'
+      - 'k8s/**'
+      - 'iac'
+
+jobs:
+  pr-validaton:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./app
+    strategy:
+      matrix:
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+ 
+      - name: Create virtual environment
+        run: |
+          python -m venv .venv
+  
+      - name: Activate virtual environment
+        run: |
+          source .venv/bin/activate
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Lint with flake8
+        run: |
+          pip install flake8
+
+      - name: Format with black
+        run: |
+          pip install black
+          black --check .
+
+      - name: Run tests with pytest
+        run: |
+          pip install pytest
+          pytest
+
+      - name: Type Check with mypy (Optional but highly recommended)
+        run: |
+          pip install mypy
+          mypy .

.github/workflows/release.yaml

@@ -0,0 +1,120 @@
+name: CI/CD Release Pipeline
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Select environment target'
+        required: true
+        type: choice
+        options:
+          - prod
+      release_version:
+        description: 'Specify the release version (e.g., 1.2.3) or leave blank for automatic increment'
+        required: false
+        type: string
+
+jobs:
+  pre-release:
+    environment: ${{ github.event.inputs.environment }}
+    runs-on: ubuntu-latest
+    outputs:
+      release_tag: ${{ steps.release_version.outputs.version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+
+      - name: Set up Git
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "actions@github.com"
+
+      - name: Determine Release Version
+        id: release_version
+        env:
+          RELEASE_VERSION: ${{ github.event.inputs.release_version }}
+        run: |
+          echo "version=$RELEASE_VERSION" >> $GITHUB_OUTPUT
+
+  iac:
+    needs: pre-release
+    uses: ./.github/workflows/iac.yaml
+    permissions:
+      id-token: write
+      contents: read
+    with:
+      environment: ${{ github.event.inputs.environment }}
+      working_directory: ./iac/${{ github.event.inputs.environment }}
+      cloud_resource_name: ${{ github.event.repository.name }}
+      terraform_version: 1.9.8
+      terragrunt_version: 0.68.10
+    secrets: inherit
+
+  ci:
+    needs: [iac, pre-release]
+    uses: ./.github/workflows/ci.yaml
+    permissions:
+      id-token: write
+      contents: read
+    with:
+        environment: ${{ github.event.inputs.environment }}
+        working_directory: ./
+        ecr_repository: ${{ github.event.repository.name }}
+        image_version: ${{ needs.pre-release.outputs.release_tag }}
+    secrets: inherit
+
+  cd:
+    needs: [ci]
+    uses: ./.github/workflows/cd.yaml
+    permissions:
+      id-token: write
+      contents: write
+    with:
+        environment: ${{ github.event.inputs.environment }}
+        working_directory: ./k8s
+        image: ${{ needs.ci.outputs.image_output }}
+    secrets: inherit
+
+  release:
+    needs: [ cd, pre-release]
+    environment: ${{ github.event.inputs.environment }}
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+    
+      - name: Set up Git
+        run: |
+          git config --global user.name "GitHub Actions"
+          git config --global user.email "actions@github.com"
+
+      - name: Create Tag and Push
+        env:
+          VERSION: ${{ needs.pre-release.outputs.release_tag }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+          echo "Current branch: $CURRENT_BRANCH"
+          # Create the tag
+          git tag -a "${{ env.VERSION }}" -m "Release ${{ env.VERSION }}"
+          # Push the tag only
+          git push origin "refs/tags/${{ env.VERSION }}"
+          #git push origin "refs/tags/${{ env.VERSION }}" $CURRENT_BRANCH # for updating main branch
+
+      - name: Install GitHub CLI
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gh
+
+      - name: Create GitHub Release
+        env:
+          VERSION: ${{ needs.pre-release.outputs.release_tag }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release create "${{ env.VERSION }}" --notes "Release ${{ env.VERSION }}"

Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.9-slim AS builder
+
+WORKDIR /usr/src/app
+
+COPY ./app .
+
+RUN pip3 install --no-cache-dir -r requirements.txt
+
+EXPOSE 8000
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

app/main.py

@@ -0,0 +1,20 @@
+import uvicorn
+from fastapi import FastAPI
+
+app = FastAPI()
+
+@app.get("/")
+def root():
+    return {"message": "This is a demo"}
+
+@app.get("/healthz")
+def healthz():
+    return {"status": "ok", "database": "connected"}
+
+@app.get("/ready")
+def healthz():
+    return {"status": "ok", "app": "ready"}
+
+if __name__ == "__main__":
+    uvicorn.run("main:app", port=8000, reload=True) 
+

app/requirements.txt

@@ -0,0 +1,13 @@
+fastapi==0.115.4
+pyasn1==0.6.1
+pycparser==2.22
+pydantic==2.9.2
+pydantic-settings==2.6.1
+pydantic_core==2.23.4
+python-dotenv==1.0.1
+python-jose==3.3.0
+python-multipart==0.0.17
+pytz==2024.2
+rsa==4.9
+setuptools==75.3.0
+uvicorn==0.32.0

iac/dev/env.hcl

@@ -0,0 +1,6 @@
+locals {
+    name = get_env("NAME")
+    environment = get_env("ENV")
+    template_secret = get_env("TEMPLATE_SECRET")
+    
+}

iac/dev/template/ecr/terragrunt.hcl

@@ -0,0 +1,23 @@
+terraform {
+  source = "tfr:///terraform-aws-modules/ecr/aws?version=2.3.0"
+}
+include "root" {
+  path = find_in_parent_folders()
+}
+
+include "env" {
+  path = find_in_parent_folders("env.hcl")
+  expose = true
+}
+
+inputs = {
+  repository_name  = include.env.locals.name
+  repository_type = "private"
+  repository_image_tag_mutability = "MUTABLE"
+  repository_image_scan_on_push = true
+  create_lifecycle_policy = false
+  tags = {
+    Name = include.env.locals.name
+    Environment = include.env.locals.environment
+  }
+}

iac/dev/template/secretsmanager/terragrunt.hcl

@@ -0,0 +1,23 @@
+terraform {
+  source = "tfr:///terraform-aws-modules/secrets-manager/aws?version=1.3.1"
+}
+include "root" {
+  path = find_in_parent_folders()
+}
+
+include "env" {
+  path = find_in_parent_folders("env.hcl")
+  expose = true
+}
+
+inputs = {
+  name  = include.env.locals.name
+  secret_string = jsonencode({
+    "template_secret" = include.env.locals.template_secret
+  })
+  create_lifecycle_policy = false
+  tags = {
+    Name = include.env.locals.name
+    Environment = include.env.locals.environment
+  }
+}

iac/prod/env.hcl

@@ -0,0 +1,6 @@
+locals {
+    name = get_env("NAME")
+    environment = get_env("ENV")
+    template_secret = get_env("TEMPLATE_SECRET")
+    
+}

iac/prod/template/ecr/terragrunt.hcl

@@ -0,0 +1,23 @@
+terraform {
+  source = "tfr:///terraform-aws-modules/ecr/aws?version=2.3.0"
+}
+include "root" {
+  path = find_in_parent_folders()
+}
+
+include "env" {
+  path = find_in_parent_folders("env.hcl")
+  expose = true
+}
+
+inputs = {
+  repository_name  = include.env.locals.name
+  repository_type = "private"
+  repository_image_tag_mutability = "MUTABLE"
+  repository_image_scan_on_push = true
+  create_lifecycle_policy = false
+  tags = {
+    Name = include.env.locals.name
+    Environment = include.env.locals.environment
+  }
+}

iac/prod/template/secretsmanager/terragrunt.hcl

@@ -0,0 +1,23 @@
+terraform {
+  source = "tfr:///terraform-aws-modules/secrets-manager/aws?version=1.3.1"
+}
+include "root" {
+  path = find_in_parent_folders()
+}
+
+include "env" {
+  path = find_in_parent_folders("env.hcl")
+  expose = true
+}
+
+inputs = {
+  name  = include.env.locals.name
+  secret_string = jsonencode({
+    "template_secret" = include.env.locals.template_secret
+  })
+  create_lifecycle_policy = false
+  tags = {
+    Name = include.env.locals.name
+    Environment = include.env.locals.environment
+  }
+}

iac/terragrunt.hcl

@@ -0,0 +1,31 @@
+locals {
+    region = get_env("AWS_REGION")
+    db_table = get_env("DYNAMODB_TABLE")
+    bucket_region = get_env("BUCKET_REGION")
+    bucket_name = get_env("BUCKET_NAME")
+}
+
+remote_state {
+  backend = "s3"
+  generate = {
+    path      = "backend.tf"
+    if_exists = "overwrite_terragrunt"
+  }
+  config = {
+    bucket         = "${local.bucket_name}"
+    key            = "${path_relative_to_include()}/terraform.tfstate"
+    region         = "${local.bucket_region}"
+    encrypt        = true
+    dynamodb_table = "${local.db_table}"
+  }
+}
+
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  region = "${local.region}"  
+}
+EOF
+}

k8s/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gh-flow-demo-cm
+data:
+  NAME: "gh-flow-demo-configMap"
+  

k8s/deployment.yaml

@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gh-flow-demo
+  labels:
+    app: gh-flow-demo
+    app.kubernetes.io/name: gh-flow-demo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gh-flow-demo
+  template:
+    metadata:
+      labels:
+        app: gh-flow-demo
+    spec:
+      nodeSelector:
+        nodegroup: tools
+      containers:
+        - name: gh-flow-demo
+          image: 750512685552.dkr.ecr.us-west-1.amazonaws.com/gh-flow
+          imagePullPolicy: Always
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          resources:
+            requests:
+              cpu: 64m
+              memory: 64Mi
+            limits:
+              cpu: 128m
+              memory: 128Mi
+          startupProbe:
+            httpGet:
+              path: /healthz
+              port: 8000
+            failureThreshold: 30
+            periodSeconds: 1
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8000
+            initialDelaySeconds: 3
+            periodSeconds: 3
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 8000
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          envFrom:
+            - secretRef:
+                name: gh-flow-demo-secrets
+            - configMapRef:
+                name: gh-flow-demo-cm

k8s/dev/app.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gh-flow-demo
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: gh-flow
+    server: https://kubernetes.default.svc
+  source:
+    path: kubernetes
+    repoURL: https://github.com/e-commander/gh-flow
+    targetRevision: dev
+  sources: []
+  project: default
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true

k8s/externalsecret.yaml

@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: gh-flow-demo
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: cluster-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: gh-flow-demo-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: gh-flow-demo
+      remoteRef:
+        key: gh-flow-dev # aws secret manager name
+        property: gh-flow-demo # aws secret_key

k8s/prod/app.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gh-flow-demo
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: gh-flow
+    server: https://kubernetes.default.svc
+  source:
+    path: kubernetes
+    repoURL: https://github.com/e-commander/gh-flow
+    targetRevision: main
+  sources: []
+  project: default
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true

k8s/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gh-flow-demo-service
+spec:
+  selector:
+    app: gh-flow-demo
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: http
+  type: ClusterIP