istio
255 строк · 6.9 Кб
1apiVersion: gateway.networking.k8s.io/v1beta1
2kind: Gateway
3metadata:
4annotations:
5gateway.istio.io/controller-version: "5"
6---
7apiVersion: v1
8kind: ServiceAccount
9metadata:
10annotations: {}
11labels:
12gateway.istio.io/managed: istio.io-mesh-controller
13gateway.networking.k8s.io/gateway-name: namespace
14istio.io/gateway-name: namespace
15topology.istio.io/network: network-1
16name: namespace-istio-waypoint
17namespace: default
18ownerReferences:
19- apiVersion: gateway.networking.k8s.io/v1beta1
20kind: Gateway
21name: namespace
22uid: ""
23---
24apiVersion: apps/v1
25kind: Deployment
26metadata:
27annotations: {}
28labels:
29gateway.istio.io/managed: istio.io-mesh-controller
30gateway.networking.k8s.io/gateway-name: namespace
31istio.io/gateway-name: namespace
32topology.istio.io/network: network-1
33name: namespace-istio-waypoint
34namespace: default
35ownerReferences:
36- apiVersion: gateway.networking.k8s.io/v1beta1
37kind: Gateway
38name: namespace
39uid: ""
40spec:
41selector:
42matchLabels:
43gateway.networking.k8s.io/gateway-name: namespace
44template:
45metadata:
46annotations:
47ambient.istio.io/redirection: disabled
48istio.io/rev: default
49prometheus.io/path: /stats/prometheus
50prometheus.io/port: "15020"
51prometheus.io/scrape: "true"
52labels:
53gateway.istio.io/managed: istio.io-mesh-controller
54gateway.networking.k8s.io/gateway-name: namespace
55istio.io/gateway-name: namespace
56service.istio.io/canonical-name: namespace-istio-waypoint
57service.istio.io/canonical-revision: latest
58sidecar.istio.io/inject: "false"
59topology.istio.io/network: network-1
60spec:
61containers:
62- args:
63- proxy
64- waypoint
65- --domain
66- $(POD_NAMESPACE).svc.<no value>
67- --serviceCluster
68- namespace-istio-waypoint.$(POD_NAMESPACE)
69- --proxyLogLevel
70- <nil>
71- --proxyComponentLogLevel
72- <nil>
73- --log_output_level
74- <nil>
75env:
76- name: ISTIO_META_SERVICE_ACCOUNT
77valueFrom:
78fieldRef:
79fieldPath: spec.serviceAccountName
80- name: ISTIO_META_NODE_NAME
81valueFrom:
82fieldRef:
83fieldPath: spec.nodeName
84- name: PILOT_CERT_PROVIDER
85value: <no value>
86- name: CA_ADDR
87value: istiod-<no value>.<no value>.svc:15012
88- name: POD_NAME
89valueFrom:
90fieldRef:
91fieldPath: metadata.name
92- name: POD_NAMESPACE
93valueFrom:
94fieldRef:
95fieldPath: metadata.namespace
96- name: INSTANCE_IP
97valueFrom:
98fieldRef:
99fieldPath: status.podIP
100- name: SERVICE_ACCOUNT
101valueFrom:
102fieldRef:
103fieldPath: spec.serviceAccountName
104- name: HOST_IP
105valueFrom:
106fieldRef:
107fieldPath: status.hostIP
108- name: ISTIO_CPU_LIMIT
109valueFrom:
110resourceFieldRef:
111resource: limits.cpu
112- name: PROXY_CONFIG
113value: |
114{}
115- name: GOMEMLIMIT
116valueFrom:
117resourceFieldRef:
118resource: limits.memory
119- name: GOMAXPROCS
120valueFrom:
121resourceFieldRef:
122resource: limits.cpu
123- name: ISTIO_META_CLUSTER_ID
124value: Kubernetes
125- name: ISTIO_META_NETWORK
126value: network-1
127- name: ISTIO_META_INTERCEPTION_MODE
128value: REDIRECT
129- name: ISTIO_META_WORKLOAD_NAME
130value: namespace-istio-waypoint
131- name: ISTIO_META_OWNER
132value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace-istio-waypoint
133- name: ISTIO_META_MESH_ID
134value: cluster.local
135image: test/proxyv2:test
136name: istio-proxy
137ports:
138- containerPort: 15021
139name: status-port
140protocol: TCP
141- containerPort: 15090
142name: http-envoy-prom
143protocol: TCP
144readinessProbe:
145failureThreshold: 4
146httpGet:
147path: /healthz/ready
148port: 15021
149scheme: HTTP
150initialDelaySeconds: 0
151periodSeconds: 15
152successThreshold: 1
153timeoutSeconds: 1
154resources:
155limits:
156cpu: "2"
157memory: 1Gi
158requests:
159cpu: 100m
160memory: 128Mi
161securityContext:
162capabilities:
163drop:
164- ALL
165privileged: false
166runAsGroup: 1337
167runAsUser: 0
168startupProbe:
169failureThreshold: 30
170httpGet:
171path: /healthz/ready
172port: 15021
173scheme: HTTP
174initialDelaySeconds: 1
175periodSeconds: 1
176successThreshold: 1
177timeoutSeconds: 1
178volumeMounts:
179- mountPath: /var/run/secrets/workload-spiffe-uds
180name: workload-socket
181- mountPath: /var/run/secrets/istio
182name: istiod-ca-cert
183- mountPath: /var/lib/istio/data
184name: istio-data
185- mountPath: /etc/istio/proxy
186name: istio-envoy
187- mountPath: /var/run/secrets/tokens
188name: istio-token
189- mountPath: /etc/istio/pod
190name: istio-podinfo
191serviceAccountName: namespace-istio-waypoint
192terminationGracePeriodSeconds: 2
193volumes:
194- emptyDir: {}
195name: workload-socket
196- emptyDir:
197medium: Memory
198name: istio-envoy
199- emptyDir:
200medium: Memory
201name: go-proxy-envoy
202- emptyDir: {}
203name: istio-data
204- emptyDir: {}
205name: go-proxy-data
206- downwardAPI:
207items:
208- fieldRef:
209fieldPath: metadata.labels
210path: labels
211- fieldRef:
212fieldPath: metadata.annotations
213path: annotations
214name: istio-podinfo
215- name: istio-token
216projected:
217sources:
218- serviceAccountToken:
219audience: istio-ca
220expirationSeconds: 43200
221path: istio-token
222- configMap:
223name: istio-ca-root-cert
224name: istiod-ca-cert
225---
226apiVersion: v1
227kind: Service
228metadata:
229annotations: {}
230labels:
231gateway.istio.io/managed: istio.io-mesh-controller
232gateway.networking.k8s.io/gateway-name: namespace
233istio.io/gateway-name: namespace
234topology.istio.io/network: network-1
235name: namespace-istio-waypoint
236namespace: default
237ownerReferences:
238- apiVersion: gateway.networking.k8s.io/v1beta1
239kind: Gateway
240name: namespace
241uid: ""
242spec:
243ports:
244- appProtocol: tcp
245name: status-port
246port: 15021
247protocol: TCP
248- appProtocol: all
249name: mesh
250port: 15008
251protocol: TCP
252selector:
253gateway.networking.k8s.io/gateway-name: namespace
254type: ClusterIP
255---
256