istio

cluster-ip.yaml
252 строки · 6.9 Кб
Перенос по словам
1
apiVersion: gateway.networking.k8s.io/v1beta1
2
kind: Gateway
3
metadata:
4
  annotations:
5
    gateway.istio.io/controller-version: "5"
6
---
7
apiVersion: v1
8
kind: ServiceAccount
9
metadata:
10
  annotations:
11
    ambient.istio.io/redirection: disabled
12
    networking.istio.io/service-type: ClusterIP
13
  labels:
14
    gateway.istio.io/managed: istio.io-gateway-controller
15
    gateway.networking.k8s.io/gateway-name: default
16
    istio.io/gateway-name: default
17
  name: default-istio
18
  namespace: default
19
  ownerReferences:
20
  - apiVersion: gateway.networking.k8s.io/v1beta1
21
    kind: Gateway
22
    name: default
23
    uid: ""
24
---
25
apiVersion: apps/v1
26
kind: Deployment
27
metadata:
28
  annotations:
29
    ambient.istio.io/redirection: disabled
30
    networking.istio.io/service-type: ClusterIP
31
  labels:
32
    gateway.istio.io/managed: istio.io-gateway-controller
33
    gateway.networking.k8s.io/gateway-name: default
34
    istio.io/gateway-name: default
35
  name: default
36
  namespace: default
37
  ownerReferences:
38
  - apiVersion: gateway.networking.k8s.io/v1beta1
39
    kind: Gateway
40
    name: default
41
    uid: ""
42
spec:
43
  selector:
44
    matchLabels:
45
      gateway.networking.k8s.io/gateway-name: default
46
  template:
47
    metadata:
48
      annotations:
49
        ambient.istio.io/redirection: disabled
50
        istio.io/rev: default
51
        networking.istio.io/service-type: ClusterIP
52
        prometheus.io/path: /stats/prometheus
53
        prometheus.io/port: "15020"
54
        prometheus.io/scrape: "true"
55
      labels:
56
        gateway.networking.k8s.io/gateway-name: default
57
        istio.io/gateway-name: default
58
        service.istio.io/canonical-name: default
59
        service.istio.io/canonical-revision: latest
60
        sidecar.istio.io/inject: "false"
61
    spec:
62
      containers:
63
      - args:
64
        - proxy
65
        - router
66
        - --domain
67
        - $(POD_NAMESPACE).svc.<no value>
68
        - --proxyLogLevel
69
        - <nil>
70
        - --proxyComponentLogLevel
71
        - <nil>
72
        - --log_output_level
73
        - <nil>
74
        env:
75
        - name: PILOT_CERT_PROVIDER
76
          value: <no value>
77
        - name: CA_ADDR
78
          value: istiod-<no value>.<no value>.svc:15012
79
        - name: POD_NAME
80
          valueFrom:
81
            fieldRef:
82
              fieldPath: metadata.name
83
        - name: POD_NAMESPACE
84
          valueFrom:
85
            fieldRef:
86
              fieldPath: metadata.namespace
87
        - name: INSTANCE_IP
88
          valueFrom:
89
            fieldRef:
90
              fieldPath: status.podIP
91
        - name: SERVICE_ACCOUNT
92
          valueFrom:
93
            fieldRef:
94
              fieldPath: spec.serviceAccountName
95
        - name: HOST_IP
96
          valueFrom:
97
            fieldRef:
98
              fieldPath: status.hostIP
99
        - name: ISTIO_CPU_LIMIT
100
          valueFrom:
101
            resourceFieldRef:
102
              resource: limits.cpu
103
        - name: PROXY_CONFIG
104
          value: |
105
            {}
106
        - name: ISTIO_META_POD_PORTS
107
          value: '[]'
108
        - name: ISTIO_META_APP_CONTAINERS
109
          value: ""
110
        - name: GOMEMLIMIT
111
          valueFrom:
112
            resourceFieldRef:
113
              resource: limits.memory
114
        - name: GOMAXPROCS
115
          valueFrom:
116
            resourceFieldRef:
117
              resource: limits.cpu
118
        - name: ISTIO_META_CLUSTER_ID
119
          value: Kubernetes
120
        - name: ISTIO_META_NODE_NAME
121
          valueFrom:
122
            fieldRef:
123
              fieldPath: spec.nodeName
124
        - name: ISTIO_META_INTERCEPTION_MODE
125
          value: REDIRECT
126
        - name: ISTIO_META_WORKLOAD_NAME
127
          value: default
128
        - name: ISTIO_META_OWNER
129
          value: kubernetes://apis/apps/v1/namespaces/default/deployments/default
130
        - name: ISTIO_META_MESH_ID
131
          value: cluster.local
132
        - name: TRUST_DOMAIN
133
          value: cluster.local
134
        image: test/proxyv2:test
135
        name: istio-proxy
136
        ports:
137
        - containerPort: 15021
138
          name: status-port
139
          protocol: TCP
140
        - containerPort: 15090
141
          name: http-envoy-prom
142
          protocol: TCP
143
        readinessProbe:
144
          failureThreshold: 4
145
          httpGet:
146
            path: /healthz/ready
147
            port: 15021
148
            scheme: HTTP
149
          initialDelaySeconds: 0
150
          periodSeconds: 15
151
          successThreshold: 1
152
          timeoutSeconds: 1
153
        securityContext:
154
          allowPrivilegeEscalation: false
155
          capabilities:
156
            drop:
157
            - ALL
158
          privileged: false
159
          readOnlyRootFilesystem: true
160
          runAsGroup: 1337
161
          runAsNonRoot: true
162
          runAsUser: 1337
163
        startupProbe:
164
          failureThreshold: 30
165
          httpGet:
166
            path: /healthz/ready
167
            port: 15021
168
            scheme: HTTP
169
          initialDelaySeconds: 1
170
          periodSeconds: 1
171
          successThreshold: 1
172
          timeoutSeconds: 1
173
        volumeMounts:
174
        - mountPath: /var/run/secrets/workload-spiffe-uds
175
          name: workload-socket
176
        - mountPath: /var/run/secrets/credential-uds
177
          name: credential-socket
178
        - mountPath: /var/run/secrets/workload-spiffe-credentials
179
          name: workload-certs
180
        - mountPath: /var/lib/istio/data
181
          name: istio-data
182
        - mountPath: /etc/istio/proxy
183
          name: istio-envoy
184
        - mountPath: /var/run/secrets/tokens
185
          name: istio-token
186
        - mountPath: /etc/istio/pod
187
          name: istio-podinfo
188
      securityContext:
189
        sysctls:
190
        - name: net.ipv4.ip_unprivileged_port_start
191
          value: "0"
192
      serviceAccountName: default-istio
193
      volumes:
194
      - emptyDir: {}
195
        name: workload-socket
196
      - emptyDir: {}
197
        name: credential-socket
198
      - emptyDir: {}
199
        name: workload-certs
200
      - emptyDir:
201
          medium: Memory
202
        name: istio-envoy
203
      - emptyDir: {}
204
        name: istio-data
205
      - downwardAPI:
206
          items:
207
          - fieldRef:
208
              fieldPath: metadata.labels
209
            path: labels
210
          - fieldRef:
211
              fieldPath: metadata.annotations
212
            path: annotations
213
        name: istio-podinfo
214
      - name: istio-token
215
        projected:
216
          sources:
217
          - serviceAccountToken:
218
              audience: <no value>
219
              expirationSeconds: 43200
220
              path: istio-token
221
---
222
apiVersion: v1
223
kind: Service
224
metadata:
225
  annotations:
226
    ambient.istio.io/redirection: disabled
227
    networking.istio.io/service-type: ClusterIP
228
  labels:
229
    gateway.istio.io/managed: istio.io-gateway-controller
230
    gateway.networking.k8s.io/gateway-name: default
231
    istio.io/gateway-name: default
232
  name: default
233
  namespace: default
234
  ownerReferences:
235
  - apiVersion: gateway.networking.k8s.io/v1beta1
236
    kind: Gateway
237
    name: default
238
    uid: null
239
spec:
240
  ports:
241
  - appProtocol: tcp
242
    name: status-port
243
    port: 15021
244
    protocol: TCP
245
  - appProtocol: http
246
    name: http
247
    port: 80
248
    protocol: TCP
249
  selector:
250
    gateway.networking.k8s.io/gateway-name: default
251
  type: ClusterIP
252
---
253
istio

Использование cookies
