Test workload

To test the various features of PSS let's start by deploying a workload to our EKS cluster that we can use. We'll create a separate deployment of the catalog component to experiment with in its own namespace:

~/environment/eks-workshop/modules/security/pss-psa/workload/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pss
  labels:
    app.kubernetes.io/created-by: eks-workshop
spec:
  selector:
    matchLabels:
      app: pss
  replicas: 1
  template:
    metadata:
      labels:
        app: pss
        app.kubernetes.io/created-by: eks-workshop
    spec:
      containers:
        - name: pss
          image: public.ecr.aws/aws-containers/retail-store-sample-catalog:1.2.1
          ports:
            - containerPort: 80
          securityContext:
            readOnlyRootFilesystem: false
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
            initialDelaySeconds: 30
            periodSeconds: 3
          readinessProbe:
            httpGet:
              path: /health
              port: 8080
            successThreshold: 3
            periodSeconds: 5
          resources:
            limits:
              memory: 512Mi
            requests:
              cpu: 250m
              memory: 512Mi

Apply this to our cluster:

~$kubectl apply -k ~/environment/eks-workshop/modules/security/pss-psa/workload

namespace/pss created

deployment.apps/pss created

~$kubectl rollout status -n pss deployment/pss --timeout=60s