apiVersion: apps/v1
kind: Deployment
metadata:
  name: shadowsocks-deployment
  labels:
    app: shadowsocks
spec:
  replicas: 1
  selector:
    matchLabels:
      app: shadowsocks
  template:
    metadata:
      labels:
        app: shadowsocks
    spec:
      containers:
        - name: shadowsocks-libev
          image: shadowsocks/shadowsocks-libev
          env:
            - name: METHOD
              value: chacha20-ietf-poly1305
            - name: PASSWORD
              value: test12345
          ports:
            - containerPort: 8388
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
---
apiVersion: v1
kind: Service
metadata:
  name: shadowsocks
  labels:
    app: shadowsocks
spec:
  type: ClusterIP
  ports:
    - port: 8388
      protocol: TCP
  selector:
    app: shadowsocks
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: badhouseplants-shadowsocks
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - hosts:
        - '*'
      port:
        name: tcp
        number: 8388
        protocol: TCP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: shadowsocks
spec:
  gateways:
    - istio-system/badhouseplants-shadowsocks
  hosts:
    - '*'
  tcp:
    - match:
        - port: 8388
      route:
        - destination:
            host: shadowsocks
            port:
              number: 8388