istio
248 строк · 6.6 Кб
1apiVersion: gateway.networking.k8s.io/v1beta1
2kind: Gateway
3metadata:
4annotations:
5gateway.istio.io/controller-version: "5"
6---
7apiVersion: v1
8kind: ServiceAccount
9metadata:
10annotations:
11fizz: buzz
12labels:
13foo: bar
14gateway.istio.io/managed: istio.io-gateway-controller
15gateway.networking.k8s.io/gateway-name: default
16istio.io/gateway-name: default
17name: default-istio
18namespace: default
19ownerReferences:
20- apiVersion: gateway.networking.k8s.io/v1beta1
21kind: Gateway
22name: default
23uid: ""
24---
25apiVersion: apps/v1
26kind: Deployment
27metadata:
28annotations:
29fizz: buzz
30labels:
31foo: bar
32gateway.istio.io/managed: istio.io-gateway-controller
33gateway.networking.k8s.io/gateway-name: default
34istio.io/gateway-name: default
35name: default-istio
36namespace: default
37ownerReferences:
38- apiVersion: gateway.networking.k8s.io/v1beta1
39kind: Gateway
40name: default
41uid: ""
42spec:
43selector:
44matchLabels:
45gateway.networking.k8s.io/gateway-name: default
46template:
47metadata:
48annotations:
49fizz: buzz
50istio.io/rev: default
51prometheus.io/path: /stats/prometheus
52prometheus.io/port: "15020"
53prometheus.io/scrape: "true"
54labels:
55foo: bar
56gateway.networking.k8s.io/gateway-name: default
57istio.io/gateway-name: default
58service.istio.io/canonical-name: default-istio
59service.istio.io/canonical-revision: latest
60sidecar.istio.io/inject: "false"
61spec:
62containers:
63- args:
64- proxy
65- router
66- --domain
67- $(POD_NAMESPACE).svc.<no value>
68- --proxyLogLevel
69- <nil>
70- --proxyComponentLogLevel
71- <nil>
72- --log_output_level
73- <nil>
74env:
75- name: PILOT_CERT_PROVIDER
76value: <no value>
77- name: CA_ADDR
78value: istiod-<no value>.<no value>.svc:15012
79- name: POD_NAME
80valueFrom:
81fieldRef:
82fieldPath: metadata.name
83- name: POD_NAMESPACE
84valueFrom:
85fieldRef:
86fieldPath: metadata.namespace
87- name: INSTANCE_IP
88valueFrom:
89fieldRef:
90fieldPath: status.podIP
91- name: SERVICE_ACCOUNT
92valueFrom:
93fieldRef:
94fieldPath: spec.serviceAccountName
95- name: HOST_IP
96valueFrom:
97fieldRef:
98fieldPath: status.hostIP
99- name: ISTIO_CPU_LIMIT
100valueFrom:
101resourceFieldRef:
102resource: limits.cpu
103- name: PROXY_CONFIG
104value: |
105{}
106- name: ISTIO_META_POD_PORTS
107value: '[]'
108- name: ISTIO_META_APP_CONTAINERS
109value: ""
110- name: GOMEMLIMIT
111valueFrom:
112resourceFieldRef:
113resource: limits.memory
114- name: GOMAXPROCS
115valueFrom:
116resourceFieldRef:
117resource: limits.cpu
118- name: ISTIO_META_CLUSTER_ID
119value: Kubernetes
120- name: ISTIO_META_NODE_NAME
121valueFrom:
122fieldRef:
123fieldPath: spec.nodeName
124- name: ISTIO_META_INTERCEPTION_MODE
125value: REDIRECT
126- name: ISTIO_META_WORKLOAD_NAME
127value: default-istio
128- name: ISTIO_META_OWNER
129value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
130- name: ISTIO_META_MESH_ID
131value: cluster.local
132- name: TRUST_DOMAIN
133value: cluster.local
134image: test/proxyv2:test
135name: istio-proxy
136ports:
137- containerPort: 15021
138name: status-port
139protocol: TCP
140- containerPort: 15090
141name: http-envoy-prom
142protocol: TCP
143readinessProbe:
144failureThreshold: 4
145httpGet:
146path: /healthz/ready
147port: 15021
148scheme: HTTP
149initialDelaySeconds: 0
150periodSeconds: 15
151successThreshold: 1
152timeoutSeconds: 1
153securityContext:
154allowPrivilegeEscalation: false
155capabilities:
156drop:
157- ALL
158privileged: false
159readOnlyRootFilesystem: true
160runAsGroup: 1337
161runAsNonRoot: true
162runAsUser: 1337
163startupProbe:
164failureThreshold: 30
165httpGet:
166path: /healthz/ready
167port: 15021
168scheme: HTTP
169initialDelaySeconds: 1
170periodSeconds: 1
171successThreshold: 1
172timeoutSeconds: 1
173volumeMounts:
174- mountPath: /var/run/secrets/workload-spiffe-uds
175name: workload-socket
176- mountPath: /var/run/secrets/credential-uds
177name: credential-socket
178- mountPath: /var/run/secrets/workload-spiffe-credentials
179name: workload-certs
180- mountPath: /var/lib/istio/data
181name: istio-data
182- mountPath: /etc/istio/proxy
183name: istio-envoy
184- mountPath: /var/run/secrets/tokens
185name: istio-token
186- mountPath: /etc/istio/pod
187name: istio-podinfo
188securityContext:
189sysctls:
190- name: net.ipv4.ip_unprivileged_port_start
191value: "0"
192serviceAccountName: default-istio
193volumes:
194- emptyDir: {}
195name: workload-socket
196- emptyDir: {}
197name: credential-socket
198- emptyDir: {}
199name: workload-certs
200- emptyDir:
201medium: Memory
202name: istio-envoy
203- emptyDir: {}
204name: istio-data
205- downwardAPI:
206items:
207- fieldRef:
208fieldPath: metadata.labels
209path: labels
210- fieldRef:
211fieldPath: metadata.annotations
212path: annotations
213name: istio-podinfo
214- name: istio-token
215projected:
216sources:
217- serviceAccountToken:
218audience: <no value>
219expirationSeconds: 43200
220path: istio-token
221---
222apiVersion: v1
223kind: Service
224metadata:
225annotations:
226fizz: buzz
227labels:
228foo: bar
229gateway.istio.io/managed: istio.io-gateway-controller
230gateway.networking.k8s.io/gateway-name: default
231istio.io/gateway-name: default
232name: default-istio
233namespace: default
234ownerReferences:
235- apiVersion: gateway.networking.k8s.io/v1beta1
236kind: Gateway
237name: default
238uid: null
239spec:
240ports:
241- appProtocol: tcp
242name: status-port
243port: 15021
244protocol: TCP
245selector:
246gateway.networking.k8s.io/gateway-name: default
247type: LoadBalancer
248---
249