istio

1
apiVersion: gateway.networking.k8s.io/v1beta1
2
kind: Gateway
3
metadata:
4
  annotations:
5
    gateway.istio.io/controller-version: "5"
6
---
7
apiVersion: v1
8
kind: ServiceAccount
9
metadata:
10
  annotations:
11
    ambient.istio.io/redirection: disabled
12
    should: see
13
  labels:
14
    gateway.istio.io/managed: istio.io-gateway-controller
15
    gateway.networking.k8s.io/gateway-name: default
16
    istio.io/gateway-name: default
17
    should: see
18
  name: default-istio
19
  namespace: default
20
  ownerReferences:
21
  - apiVersion: gateway.networking.k8s.io/v1beta1
22
    kind: Gateway
23
    name: default
24
    uid: ""
25
---
26
apiVersion: apps/v1
27
kind: Deployment
28
metadata:
29
  annotations:
30
    ambient.istio.io/redirection: disabled
31
    should: see
32
  labels:
33
    gateway.istio.io/managed: istio.io-gateway-controller
34
    gateway.networking.k8s.io/gateway-name: default
35
    istio.io/gateway-name: default
36
    should: see
37
  name: default-istio
38
  namespace: default
39
  ownerReferences:
40
  - apiVersion: gateway.networking.k8s.io/v1beta1
41
    kind: Gateway
42
    name: default
43
    uid: ""
44
spec:
45
  selector:
46
    matchLabels:
47
      gateway.networking.k8s.io/gateway-name: default
48
  template:
49
    metadata:
50
      annotations:
51
        ambient.istio.io/redirection: disabled
52
        istio.io/rev: default
53
        prometheus.io/path: /stats/prometheus
54
        prometheus.io/port: "15020"
55
        prometheus.io/scrape: "true"
56
        should: see
57
      labels:
58
        gateway.networking.k8s.io/gateway-name: default
59
        istio.io/gateway-name: default
60
        service.istio.io/canonical-name: default-istio
61
        service.istio.io/canonical-revision: latest
62
        should: see
63
        sidecar.istio.io/inject: "false"
64
    spec:
65
      containers:
66
      - args:
67
        - proxy
68
        - router
69
        - --domain
70
        - $(POD_NAMESPACE).svc.<no value>
71
        - --proxyLogLevel
72
        - <nil>
73
        - --proxyComponentLogLevel
74
        - <nil>
75
        - --log_output_level
76
        - <nil>
77
        env:
78
        - name: PILOT_CERT_PROVIDER
79
          value: <no value>
80
        - name: CA_ADDR
81
          value: istiod-<no value>.<no value>.svc:15012
82
        - name: POD_NAME
83
          valueFrom:
84
            fieldRef:
85
              fieldPath: metadata.name
86
        - name: POD_NAMESPACE
87
          valueFrom:
88
            fieldRef:
89
              fieldPath: metadata.namespace
90
        - name: INSTANCE_IP
91
          valueFrom:
92
            fieldRef:
93
              fieldPath: status.podIP
94
        - name: SERVICE_ACCOUNT
95
          valueFrom:
96
            fieldRef:
97
              fieldPath: spec.serviceAccountName
98
        - name: HOST_IP
99
          valueFrom:
100
            fieldRef:
101
              fieldPath: status.hostIP
102
        - name: ISTIO_CPU_LIMIT
103
          valueFrom:
104
            resourceFieldRef:
105
              resource: limits.cpu
106
        - name: PROXY_CONFIG
107
          value: |
108
            {}
109
        - name: ISTIO_META_POD_PORTS
110
          value: '[]'
111
        - name: ISTIO_META_APP_CONTAINERS
112
          value: ""
113
        - name: GOMEMLIMIT
114
          valueFrom:
115
            resourceFieldRef:
116
              resource: limits.memory
117
        - name: GOMAXPROCS
118
          valueFrom:
119
            resourceFieldRef:
120
              resource: limits.cpu
121
        - name: ISTIO_META_CLUSTER_ID
122
          value: Kubernetes
123
        - name: ISTIO_META_NODE_NAME
124
          valueFrom:
125
            fieldRef:
126
              fieldPath: spec.nodeName
127
        - name: ISTIO_META_INTERCEPTION_MODE
128
          value: REDIRECT
129
        - name: ISTIO_META_WORKLOAD_NAME
130
          value: default-istio
131
        - name: ISTIO_META_OWNER
132
          value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio
133
        - name: ISTIO_META_MESH_ID
134
          value: cluster.local
135
        - name: TRUST_DOMAIN
136
          value: cluster.local
137
        image: test/proxyv2:test
138
        name: istio-proxy
139
        ports:
140
        - containerPort: 15021
141
          name: status-port
142
          protocol: TCP
143
        - containerPort: 15090
144
          name: http-envoy-prom
145
          protocol: TCP
146
        readinessProbe:
147
          failureThreshold: 4
148
          httpGet:
149
            path: /healthz/ready
150
            port: 15021
151
            scheme: HTTP
152
          initialDelaySeconds: 0
153
          periodSeconds: 15
154
          successThreshold: 1
155
          timeoutSeconds: 1
156
        securityContext:
157
          allowPrivilegeEscalation: false
158
          capabilities:
159
            drop:
160
            - ALL
161
          privileged: false
162
          readOnlyRootFilesystem: true
163
          runAsGroup: 1337
164
          runAsNonRoot: true
165
          runAsUser: 1337
166
        startupProbe:
167
          failureThreshold: 30
168
          httpGet:
169
            path: /healthz/ready
170
            port: 15021
171
            scheme: HTTP
172
          initialDelaySeconds: 1
173
          periodSeconds: 1
174
          successThreshold: 1
175
          timeoutSeconds: 1
176
        volumeMounts:
177
        - mountPath: /var/run/secrets/workload-spiffe-uds
178
          name: workload-socket
179
        - mountPath: /var/run/secrets/credential-uds
180
          name: credential-socket
181
        - mountPath: /var/run/secrets/workload-spiffe-credentials
182
          name: workload-certs
183
        - mountPath: /var/lib/istio/data
184
          name: istio-data
185
        - mountPath: /etc/istio/proxy
186
          name: istio-envoy
187
        - mountPath: /var/run/secrets/tokens
188
          name: istio-token
189
        - mountPath: /etc/istio/pod
190
          name: istio-podinfo
191
      securityContext:
192
        sysctls:
193
        - name: net.ipv4.ip_unprivileged_port_start
194
          value: "0"
195
      serviceAccountName: default-istio
196
      volumes:
197
      - emptyDir: {}
198
        name: workload-socket
199
      - emptyDir: {}
200
        name: credential-socket
201
      - emptyDir: {}
202
        name: workload-certs
203
      - emptyDir:
204
          medium: Memory
205
        name: istio-envoy
206
      - emptyDir: {}
207
        name: istio-data
208
      - downwardAPI:
209
          items:
210
          - fieldRef:
211
              fieldPath: metadata.labels
212
            path: labels
213
          - fieldRef:
214
              fieldPath: metadata.annotations
215
            path: annotations
216
        name: istio-podinfo
217
      - name: istio-token
218
        projected:
219
          sources:
220
          - serviceAccountToken:
221
              audience: <no value>
222
              expirationSeconds: 43200
223
              path: istio-token
224
---
225
apiVersion: v1
226
kind: Service
227
metadata:
228
  annotations:
229
    ambient.istio.io/redirection: disabled
230
    should: see
231
  labels:
232
    gateway.istio.io/managed: istio.io-gateway-controller
233
    gateway.networking.k8s.io/gateway-name: default
234
    istio.io/gateway-name: default
235
    should: see
236
  name: default-istio
237
  namespace: default
238
  ownerReferences:
239
  - apiVersion: gateway.networking.k8s.io/v1beta1
240
    kind: Gateway
241
    name: default
242
    uid: null
243
spec:
244
  ports:
245
  - appProtocol: tcp
246
    name: status-port
247
    port: 15021
248
    protocol: TCP
249
  selector:
250
    gateway.networking.k8s.io/gateway-name: default
251
  type: LoadBalancer
252
---
253