istio

multinetwork.yaml
256 строк · 7.0 Кб
Перенос по словам
1
apiVersion: gateway.networking.k8s.io/v1beta1
2
kind: Gateway
3
metadata:
4
  annotations:
5
    gateway.istio.io/controller-version: "5"
6
---
7
apiVersion: v1
8
kind: ServiceAccount
9
metadata:
10
  annotations:
11
    ambient.istio.io/redirection: disabled
12
  labels:
13
    gateway.istio.io/managed: istio.io-gateway-controller
14
    gateway.networking.k8s.io/gateway-name: default
15
    istio.io/gateway-name: default
16
    topology.istio.io/network: network-1
17
  name: default-istio
18
  namespace: default
19
  ownerReferences:
20
  - apiVersion: gateway.networking.k8s.io/v1beta1
21
    kind: Gateway
22
    name: default
23
    uid: ""
24
---
25
apiVersion: apps/v1
26
kind: Deployment
27
metadata:
28
  annotations:
29
    ambient.istio.io/redirection: disabled
30
  labels:
31
    gateway.istio.io/managed: istio.io-gateway-controller
32
    gateway.networking.k8s.io/gateway-name: default
33
    istio.io/gateway-name: default
34
    topology.istio.io/network: network-1
35
  name: default
36
  namespace: default
37
  ownerReferences:
38
  - apiVersion: gateway.networking.k8s.io/v1beta1
39
    kind: Gateway
40
    name: default
41
    uid: ""
42
spec:
43
  selector:
44
    matchLabels:
45
      gateway.networking.k8s.io/gateway-name: default
46
  template:
47
    metadata:
48
      annotations:
49
        ambient.istio.io/redirection: disabled
50
        istio.io/rev: default
51
        prometheus.io/path: /stats/prometheus
52
        prometheus.io/port: "15020"
53
        prometheus.io/scrape: "true"
54
      labels:
55
        gateway.networking.k8s.io/gateway-name: default
56
        istio.io/gateway-name: default
57
        service.istio.io/canonical-name: default
58
        service.istio.io/canonical-revision: latest
59
        sidecar.istio.io/inject: "false"
60
        topology.istio.io/network: network-1
61
    spec:
62
      containers:
63
      - args:
64
        - proxy
65
        - router
66
        - --domain
67
        - $(POD_NAMESPACE).svc.<no value>
68
        - --proxyLogLevel
69
        - <nil>
70
        - --proxyComponentLogLevel
71
        - <nil>
72
        - --log_output_level
73
        - <nil>
74
        env:
75
        - name: PILOT_CERT_PROVIDER
76
          value: <no value>
77
        - name: CA_ADDR
78
          value: istiod-<no value>.<no value>.svc:15012
79
        - name: POD_NAME
80
          valueFrom:
81
            fieldRef:
82
              fieldPath: metadata.name
83
        - name: POD_NAMESPACE
84
          valueFrom:
85
            fieldRef:
86
              fieldPath: metadata.namespace
87
        - name: INSTANCE_IP
88
          valueFrom:
89
            fieldRef:
90
              fieldPath: status.podIP
91
        - name: SERVICE_ACCOUNT
92
          valueFrom:
93
            fieldRef:
94
              fieldPath: spec.serviceAccountName
95
        - name: HOST_IP
96
          valueFrom:
97
            fieldRef:
98
              fieldPath: status.hostIP
99
        - name: ISTIO_CPU_LIMIT
100
          valueFrom:
101
            resourceFieldRef:
102
              resource: limits.cpu
103
        - name: PROXY_CONFIG
104
          value: |
105
            {}
106
        - name: ISTIO_META_POD_PORTS
107
          value: '[]'
108
        - name: ISTIO_META_APP_CONTAINERS
109
          value: ""
110
        - name: GOMEMLIMIT
111
          valueFrom:
112
            resourceFieldRef:
113
              resource: limits.memory
114
        - name: GOMAXPROCS
115
          valueFrom:
116
            resourceFieldRef:
117
              resource: limits.cpu
118
        - name: ISTIO_META_CLUSTER_ID
119
          value: Kubernetes
120
        - name: ISTIO_META_NODE_NAME
121
          valueFrom:
122
            fieldRef:
123
              fieldPath: spec.nodeName
124
        - name: ISTIO_META_INTERCEPTION_MODE
125
          value: REDIRECT
126
        - name: ISTIO_META_NETWORK
127
          value: network-1
128
        - name: ISTIO_META_WORKLOAD_NAME
129
          value: default
130
        - name: ISTIO_META_OWNER
131
          value: kubernetes://apis/apps/v1/namespaces/default/deployments/default
132
        - name: ISTIO_META_MESH_ID
133
          value: cluster.local
134
        - name: TRUST_DOMAIN
135
          value: cluster.local
136
        - name: ISTIO_META_REQUESTED_NETWORK_VIEW
137
          value: network-1
138
        image: test/proxyv2:test
139
        name: istio-proxy
140
        ports:
141
        - containerPort: 15021
142
          name: status-port
143
          protocol: TCP
144
        - containerPort: 15090
145
          name: http-envoy-prom
146
          protocol: TCP
147
        readinessProbe:
148
          failureThreshold: 4
149
          httpGet:
150
            path: /healthz/ready
151
            port: 15021
152
            scheme: HTTP
153
          initialDelaySeconds: 0
154
          periodSeconds: 15
155
          successThreshold: 1
156
          timeoutSeconds: 1
157
        securityContext:
158
          allowPrivilegeEscalation: false
159
          capabilities:
160
            drop:
161
            - ALL
162
          privileged: false
163
          readOnlyRootFilesystem: true
164
          runAsGroup: 1337
165
          runAsNonRoot: true
166
          runAsUser: 1337
167
        startupProbe:
168
          failureThreshold: 30
169
          httpGet:
170
            path: /healthz/ready
171
            port: 15021
172
            scheme: HTTP
173
          initialDelaySeconds: 1
174
          periodSeconds: 1
175
          successThreshold: 1
176
          timeoutSeconds: 1
177
        volumeMounts:
178
        - mountPath: /var/run/secrets/workload-spiffe-uds
179
          name: workload-socket
180
        - mountPath: /var/run/secrets/credential-uds
181
          name: credential-socket
182
        - mountPath: /var/run/secrets/workload-spiffe-credentials
183
          name: workload-certs
184
        - mountPath: /var/lib/istio/data
185
          name: istio-data
186
        - mountPath: /etc/istio/proxy
187
          name: istio-envoy
188
        - mountPath: /var/run/secrets/tokens
189
          name: istio-token
190
        - mountPath: /etc/istio/pod
191
          name: istio-podinfo
192
      securityContext:
193
        sysctls:
194
        - name: net.ipv4.ip_unprivileged_port_start
195
          value: "0"
196
      serviceAccountName: default-istio
197
      volumes:
198
      - emptyDir: {}
199
        name: workload-socket
200
      - emptyDir: {}
201
        name: credential-socket
202
      - emptyDir: {}
203
        name: workload-certs
204
      - emptyDir:
205
          medium: Memory
206
        name: istio-envoy
207
      - emptyDir: {}
208
        name: istio-data
209
      - downwardAPI:
210
          items:
211
          - fieldRef:
212
              fieldPath: metadata.labels
213
            path: labels
214
          - fieldRef:
215
              fieldPath: metadata.annotations
216
            path: annotations
217
        name: istio-podinfo
218
      - name: istio-token
219
        projected:
220
          sources:
221
          - serviceAccountToken:
222
              audience: <no value>
223
              expirationSeconds: 43200
224
              path: istio-token
225
---
226
apiVersion: v1
227
kind: Service
228
metadata:
229
  annotations:
230
    ambient.istio.io/redirection: disabled
231
  labels:
232
    gateway.istio.io/managed: istio.io-gateway-controller
233
    gateway.networking.k8s.io/gateway-name: default
234
    istio.io/gateway-name: default
235
    topology.istio.io/network: network-1
236
  name: default
237
  namespace: default
238
  ownerReferences:
239
  - apiVersion: gateway.networking.k8s.io/v1beta1
240
    kind: Gateway
241
    name: default
242
    uid: null
243
spec:
244
  ports:
245
  - appProtocol: tcp
246
    name: status-port
247
    port: 15021
248
    protocol: TCP
249
  - appProtocol: http
250
    name: http
251
    port: 80
252
    protocol: TCP
253
  selector:
254
    gateway.networking.k8s.io/gateway-name: default
255
  type: LoadBalancer
256
---
257
istio

Использование cookies
