http/h2demo: move to Workload Identity
Create a new service account, and move the deployment over to the prod
namespace.
Change-Id: If91ca021aeeeaaa7994670d103f0b30c232c0e85
Reviewed-on: https://go-review.googlesource.com/c/net/+/348169
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
diff --git a/http2/h2demo/deployment-prod.yaml b/http2/h2demo/deployment-prod.yaml
index a3a20a4..3d9f9c2 100644
--- a/http2/h2demo/deployment-prod.yaml
+++ b/http2/h2demo/deployment-prod.yaml
@@ -1,8 +1,12 @@
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
+ namespace: prod
name: h2demo-deployment
spec:
+ selector:
+ matchLabels:
+ app: h2demo
replicas: 1
template:
metadata:
@@ -12,6 +16,9 @@
container.seccomp.security.alpha.kubernetes.io/h2demo: docker/default
container.apparmor.security.beta.kubernetes.io/h2demo: runtime/default
spec:
+ serviceAccountName: h2demo
+ nodeSelector:
+ cloud.google.com/gke-nodepool: workload-identity-pool
containers:
- name: h2demo
image: gcr.io/symbolic-datum-552/h2demo:latest
diff --git a/http2/h2demo/service.yaml b/http2/h2demo/service.yaml
index 2b7d541..82c3254 100644
--- a/http2/h2demo/service.yaml
+++ b/http2/h2demo/service.yaml
@@ -1,6 +1,7 @@
apiVersion: v1
kind: Service
metadata:
+ namespace: prod
name: h2demo
spec:
externalTrafficPolicy: Local
