istio

1
apiVersion: gateway.networking.k8s.io/v1beta1
2
kind: Gateway
3
metadata:
4
  annotations:
5
    gateway.istio.io/controller-version: "5"
6
---
7
apiVersion: v1
8
kind: ServiceAccount
9
metadata:
10
  annotations: {}
11
  labels:
12
    gateway.istio.io/managed: istio.io-mesh-controller
13
    gateway.networking.k8s.io/gateway-name: namespace
14
    istio.io/gateway-name: namespace
15
    topology.istio.io/network: network-1
16
  name: namespace-istio-waypoint
17
  namespace: default
18
  ownerReferences:
19
  - apiVersion: gateway.networking.k8s.io/v1beta1
20
    kind: Gateway
21
    name: namespace
22
    uid: ""
23
---
24
apiVersion: apps/v1
25
kind: Deployment
26
metadata:
27
  annotations: {}
28
  labels:
29
    gateway.istio.io/managed: istio.io-mesh-controller
30
    gateway.networking.k8s.io/gateway-name: namespace
31
    istio.io/gateway-name: namespace
32
    topology.istio.io/network: network-1
33
  name: namespace-istio-waypoint
34
  namespace: default
35
  ownerReferences:
36
  - apiVersion: gateway.networking.k8s.io/v1beta1
37
    kind: Gateway
38
    name: namespace
39
    uid: ""
40
spec:
41
  selector:
42
    matchLabels:
43
      gateway.networking.k8s.io/gateway-name: namespace
44
  template:
45
    metadata:
46
      annotations:
47
        ambient.istio.io/redirection: disabled
48
        istio.io/rev: default
49
        prometheus.io/path: /stats/prometheus
50
        prometheus.io/port: "15020"
51
        prometheus.io/scrape: "true"
52
      labels:
53
        gateway.istio.io/managed: istio.io-mesh-controller
54
        gateway.networking.k8s.io/gateway-name: namespace
55
        istio.io/gateway-name: namespace
56
        service.istio.io/canonical-name: namespace-istio-waypoint
57
        service.istio.io/canonical-revision: latest
58
        sidecar.istio.io/inject: "false"
59
        topology.istio.io/network: network-1
60
    spec:
61
      containers:
62
      - args:
63
        - proxy
64
        - waypoint
65
        - --domain
66
        - $(POD_NAMESPACE).svc.<no value>
67
        - --serviceCluster
68
        - namespace-istio-waypoint.$(POD_NAMESPACE)
69
        - --proxyLogLevel
70
        - <nil>
71
        - --proxyComponentLogLevel
72
        - <nil>
73
        - --log_output_level
74
        - <nil>
75
        env:
76
        - name: ISTIO_META_SERVICE_ACCOUNT
77
          valueFrom:
78
            fieldRef:
79
              fieldPath: spec.serviceAccountName
80
        - name: ISTIO_META_NODE_NAME
81
          valueFrom:
82
            fieldRef:
83
              fieldPath: spec.nodeName
84
        - name: PILOT_CERT_PROVIDER
85
          value: <no value>
86
        - name: CA_ADDR
87
          value: istiod-<no value>.<no value>.svc:15012
88
        - name: POD_NAME
89
          valueFrom:
90
            fieldRef:
91
              fieldPath: metadata.name
92
        - name: POD_NAMESPACE
93
          valueFrom:
94
            fieldRef:
95
              fieldPath: metadata.namespace
96
        - name: INSTANCE_IP
97
          valueFrom:
98
            fieldRef:
99
              fieldPath: status.podIP
100
        - name: SERVICE_ACCOUNT
101
          valueFrom:
102
            fieldRef:
103
              fieldPath: spec.serviceAccountName
104
        - name: HOST_IP
105
          valueFrom:
106
            fieldRef:
107
              fieldPath: status.hostIP
108
        - name: ISTIO_CPU_LIMIT
109
          valueFrom:
110
            resourceFieldRef:
111
              resource: limits.cpu
112
        - name: PROXY_CONFIG
113
          value: |
114
            {}
115
        - name: GOMEMLIMIT
116
          valueFrom:
117
            resourceFieldRef:
118
              resource: limits.memory
119
        - name: GOMAXPROCS
120
          valueFrom:
121
            resourceFieldRef:
122
              resource: limits.cpu
123
        - name: ISTIO_META_CLUSTER_ID
124
          value: Kubernetes
125
        - name: ISTIO_META_NETWORK
126
          value: network-1
127
        - name: ISTIO_META_INTERCEPTION_MODE
128
          value: REDIRECT
129
        - name: ISTIO_META_WORKLOAD_NAME
130
          value: namespace-istio-waypoint
131
        - name: ISTIO_META_OWNER
132
          value: kubernetes://apis/apps/v1/namespaces/default/deployments/namespace-istio-waypoint
133
        - name: ISTIO_META_MESH_ID
134
          value: cluster.local
135
        image: test/proxyv2:test
136
        name: istio-proxy
137
        ports:
138
        - containerPort: 15021
139
          name: status-port
140
          protocol: TCP
141
        - containerPort: 15090
142
          name: http-envoy-prom
143
          protocol: TCP
144
        readinessProbe:
145
          failureThreshold: 4
146
          httpGet:
147
            path: /healthz/ready
148
            port: 15021
149
            scheme: HTTP
150
          initialDelaySeconds: 0
151
          periodSeconds: 15
152
          successThreshold: 1
153
          timeoutSeconds: 1
154
        resources:
155
          limits:
156
            cpu: "2"
157
            memory: 1Gi
158
          requests:
159
            cpu: 100m
160
            memory: 128Mi
161
        securityContext:
162
          capabilities:
163
            drop:
164
            - ALL
165
          privileged: false
166
          runAsGroup: 1337
167
          runAsUser: 0
168
        startupProbe:
169
          failureThreshold: 30
170
          httpGet:
171
            path: /healthz/ready
172
            port: 15021
173
            scheme: HTTP
174
          initialDelaySeconds: 1
175
          periodSeconds: 1
176
          successThreshold: 1
177
          timeoutSeconds: 1
178
        volumeMounts:
179
        - mountPath: /var/run/secrets/workload-spiffe-uds
180
          name: workload-socket
181
        - mountPath: /var/run/secrets/istio
182
          name: istiod-ca-cert
183
        - mountPath: /var/lib/istio/data
184
          name: istio-data
185
        - mountPath: /etc/istio/proxy
186
          name: istio-envoy
187
        - mountPath: /var/run/secrets/tokens
188
          name: istio-token
189
        - mountPath: /etc/istio/pod
190
          name: istio-podinfo
191
      serviceAccountName: namespace-istio-waypoint
192
      terminationGracePeriodSeconds: 2
193
      volumes:
194
      - emptyDir: {}
195
        name: workload-socket
196
      - emptyDir:
197
          medium: Memory
198
        name: istio-envoy
199
      - emptyDir:
200
          medium: Memory
201
        name: go-proxy-envoy
202
      - emptyDir: {}
203
        name: istio-data
204
      - emptyDir: {}
205
        name: go-proxy-data
206
      - downwardAPI:
207
          items:
208
          - fieldRef:
209
              fieldPath: metadata.labels
210
            path: labels
211
          - fieldRef:
212
              fieldPath: metadata.annotations
213
            path: annotations
214
        name: istio-podinfo
215
      - name: istio-token
216
        projected:
217
          sources:
218
          - serviceAccountToken:
219
              audience: istio-ca
220
              expirationSeconds: 43200
221
              path: istio-token
222
      - configMap:
223
          name: istio-ca-root-cert
224
        name: istiod-ca-cert
225
---
226
apiVersion: v1
227
kind: Service
228
metadata:
229
  annotations: {}
230
  labels:
231
    gateway.istio.io/managed: istio.io-mesh-controller
232
    gateway.networking.k8s.io/gateway-name: namespace
233
    istio.io/gateway-name: namespace
234
    topology.istio.io/network: network-1
235
  name: namespace-istio-waypoint
236
  namespace: default
237
  ownerReferences:
238
  - apiVersion: gateway.networking.k8s.io/v1beta1
239
    kind: Gateway
240
    name: namespace
241
    uid: ""
242
spec:
243
  ports:
244
  - appProtocol: tcp
245
    name: status-port
246
    port: 15021
247
    protocol: TCP
248
  - appProtocol: all
249
    name: mesh
250
    port: 15008
251
    protocol: TCP
252
  selector:
253
    gateway.networking.k8s.io/gateway-name: namespace
254
  type: ClusterIP
255
---
256