kubelatte-ce
Форк от sbertech/kubelatte-ce
125 строк · 48.5 Кб
1package plugins
2
3import (
4"github.com/stretchr/testify/assert"
5"gitverse.ru/synapse/kubelatte/pkg/observability/logger/lib"
6"go.uber.org/zap"
7"sigs.k8s.io/yaml"
8"testing"
9)
10
11func TestManager_Start(t *testing.T) {
12lib.ZapLogger = zap.NewNop()
13DirExtra = "../../../config/plugins/"
14var m = &Manager{}
15m.Start()
16var mp = map[string]string{
17"name": "myname",
18}
19process, err := m.Process("Simple", mp)
20if err != nil {
21panic(err)
22}
23assert.Equal(t, "mychanged", process.(map[string]string)["name"])
24
25process, err = m.Process("Simple", mp)
26if err != nil {
27panic(err)
28}
29assert.Equal(t, "mychanged", process.(map[string]string)["name"])
30}
31
32func TestLogic(t *testing.T) {
33var data = "kind: Deployment\napiVersion: apps/v1\nmetadata:\n annotations:\n deployment.kubernetes.io/revision: '2'\n kubectl.kubernetes.io/last-applied-configuration: >\n {\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{},\"labels\":{\"platformv.sber.ru/componentCode\":\"KBLT\",\"platformv.sber.ru/productCode\":\"SSM\",\"platformv.sber.ru/releaseVersion\":\"3.6\"},\"name\":\"egressgateway-pub2-tribe-sy-kblt-dev\",\"namespace\":\"pub2-tribe-sy-kblt-dev\"},\"spec\":{\"progressDeadlineSeconds\":600,\"replicas\":1,\"revisionHistoryLimit\":10,\"selector\":{\"matchLabels\":{\"app\":\"egressgateway-pub2-tribe-sy-kblt-dev\",\"istio\":\"egressgateway-pub2-tribe-sy-kblt-dev\"}},\"strategy\":{\"rollingUpdate\":{\"maxSurge\":\"100%\",\"maxUnavailable\":\"25%\"},\"type\":\"RollingUpdate\"},\"template\":{\"metadata\":{\"annotations\":{\"openshift.io/scc\":\"restricted\",\"sidecar.istio.io/inject\":\"false\",\"vault.hashicorp.com/agent-init-first\":\"false\",\"vault.hashicorp.com/agent-inject\":\"true\",\"vault.hashicorp.com/agent-inject-secret-ca.crt\":\"true\",\"vault.hashicorp.com/agent-inject-secret-cert.crt\":\"true\",\"vault.hashicorp.com/agent-inject-secret-cert.key\":\"true\",\"vault.hashicorp.com/agent-inject-secret-tengri.key\":\"true\",\"vault.hashicorp.com/agent-inject-secret-tengri.pem\":\"true\",\"vault.hashicorp.com/agent-inject-secret-tengri_ca.cer\":\"true\",\"vault.hashicorp.com/agent-inject-template-ca.crt\":\"{{-\n with secret \\\"DEV_DZO/A/DEV/KBLT/KV/kblt-audit-secret\\\" -}}\\n {{ index\n .Data \\\"ca.crt\\\" | base64Decode }}\\n{{- end\n }}\\n\",\"vault.hashicorp.com/agent-inject-template-cert.crt\":\"{{- with\n secret \\\"DEV_DZO/A/DEV/KBLT/KV/kblt-audit-secret\\\" -}}\\n {{ index .Data\n \\\"cert.crt\\\" | base64Decode }}\\n{{- end\n }}\\n\",\"vault.hashicorp.com/agent-inject-template-cert.key\":\"{{- with\n secret \\\"DEV_DZO/A/DEV/KBLT/KV/kblt-audit-secret\\\" -}}\\n {{ index .Data\n \\\"cert.key\\\" | base64Decode }}\\n{{- end\n }}\\n\",\"vault.hashicorp.com/agent-inject-template-tengri.key\":\"{{- with\n secret \\\"DEV_DZO/A/DEV/KBLT/KV/tengri\\\" -}}\\n {{ index .Data\n \\\"tengri.key\\\" | base64Decode }}\\n{{- end\n }}\\n\",\"vault.hashicorp.com/agent-inject-template-tengri.pem\":\"{{- with\n secret \\\"DEV_DZO/A/DEV/KBLT/KV/tengri\\\" -}}\\n {{ index .Data\n \\\"tengri.pem\\\" | base64Decode }}\\n{{- end\n }}\\n\",\"vault.hashicorp.com/agent-inject-template-tengri_ca.cer\":\"{{- with\n secret \\\"DEV_DZO/A/DEV/KBLT/KV/tengri\\\" -}}\\n {{ index .Data\n \\\"tengri_ca.cer\\\" | base64Decode }}\\n{{- end\n }}\\n\",\"vault.hashicorp.com/agent-limits-cpu\":\"500m\",\"vault.hashicorp.com/agent-limits-mem\":\"128Mi\",\"vault.hashicorp.com/agent-pre-populate\":\"true\",\"vault.hashicorp.com/agent-pre-populate-only\":\"false\",\"vault.hashicorp.com/agent-requests-cpu\":\"250m\",\"vault.hashicorp.com/agent-requests-mem\":\"64Mi\",\"vault.hashicorp.com/namespace\":\"DEV_DZO\",\"vault.hashicorp.com/role\":\"role-ga-secman-kblt\",\"vault.hashicorp.com/secret-volume-path-ca.crt\":\"/etc/audit/ssl\",\"vault.hashicorp.com/secret-volume-path-cert.crt\":\"/etc/audit/ssl\",\"vault.hashicorp.com/secret-volume-path-cert.key\":\"/etc/audit/ssl\",\"vault.hashicorp.com/secret-volume-path-tengri.key\":\"/etc/config/ssl\",\"vault.hashicorp.com/secret-volume-path-tengri.pem\":\"/etc/config/ssl\",\"vault.hashicorp.com/secret-volume-path-tengri_ca.cer\":\"/etc/config/ssl\"},\"labels\":{\"app\":\"egressgateway-pub2-tribe-sy-kblt-dev\",\"chart\":\"gateways\",\"heritage\":\"Tiller\",\"istio\":\"egressgateway-pub2-tribe-sy-kblt-dev\",\"platformv.sber.ru/componentCode\":\"KBLT\",\"platformv.sber.ru/productCode\":\"SSM\",\"platformv.sber.ru/releaseVersion\":\"3.6\",\"release\":\"istio\",\"secman-injector\":\"enabled\"}},\"spec\":{\"affinity\":{\"nodeAffinity\":{\"preferredDuringSchedulingIgnoredDuringExecution\":[{\"preference\":{\"matchExpressions\":[{\"key\":\"beta.kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"amd64\"]}]},\"weight\":2},{\"preference\":{\"matchExpressions\":[{\"key\":\"beta.kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"ppc64le\"]}]},\"weight\":2},{\"preference\":{\"matchExpressions\":[{\"key\":\"beta.kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"s390x\"]}]},\"weight\":2}],\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"beta.kubernetes.io/arch\",\"operator\":\"In\",\"values\":[\"amd64\",\"ppc64le\",\"s390x\"]}]}]}}},\"containers\":[{\"args\":[\"proxy\",\"router\",\"--domain\",\"$(POD_NAMESPACE).svc.cluster.local\",\"--proxyLogLevel=warning\",\"--proxyComponentLogLevel=misc:error\",\"--log_output_level=default:info\",\"--serviceCluster\",\"pub2-tribe-sy-kblt-dev\",\"--trust-domain=cluster.local\"],\"env\":[{\"name\":\"JWT_POLICY\",\"value\":\"first-party-jwt\"},{\"name\":\"PROXY_CONFIG\",\"value\":\"{\\\"discoveryAddress\\\":\\\"istiod-basic.sbt-devpub-cp-07.svc:15012\\\",\\\"tracing\\\":{\\\"custom_tags\\\":{\\\"authority\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"authority-empty\\\",\\\"name\\\":\\\":authority\\\"}},\\\"content-type\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"content-type-empty\\\",\\\"name\\\":\\\"content-type\\\"}},\\\"grpc-accept-encoding\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"grpc-accept-encoding-empty\\\",\\\"name\\\":\\\"grpc-accept-encoding\\\"}},\\\"host\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"host-empty\\\",\\\"name\\\":\\\"host\\\"}},\\\"method\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"method-empty\\\",\\\"name\\\":\\\":method\\\"}},\\\"path\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"path-empty\\\",\\\"name\\\":\\\":path\\\"}},\\\"scheme\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"scheme-empty\\\",\\\"name\\\":\\\":scheme\\\"}},\\\"x-b3-parentspanid\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-b3-parentspanid-empty\\\",\\\"name\\\":\\\"x-b3-parentspanid\\\"}},\\\"x-b3-sampled\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-b3-sampled-empty\\\",\\\"name\\\":\\\"x-b3-sampled\\\"}},\\\"x-b3-spanid\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-b3-spanid-empty\\\",\\\"name\\\":\\\"x-b3-spanid\\\"}},\\\"x-b3-traceid\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-b3-traceid-empty\\\",\\\"name\\\":\\\"x-b3-traceid\\\"}},\\\"x-envoy-decorator-operation\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-envoy-decorator-operation-empty\\\",\\\"name\\\":\\\"x-envoy-decorator-operation\\\"}},\\\"x-envoy-internal\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-envoy-internal-empty\\\",\\\"name\\\":\\\"x-envoy-internal\\\"}},\\\"x-forwarded-proto\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-forwarded-proto-empty\\\",\\\"name\\\":\\\"x-forwarded-proto\\\"}},\\\"x-forwarded_for\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-forwarded-for-empty\\\",\\\"name\\\":\\\"x-forwarded-for\\\"}},\\\"x-request-id\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-request-id-empty\\\",\\\"name\\\":\\\"x-request-id\\\"}},\\\"x-synapse-corellationid\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-corellationid-empty\\\",\\\"name\\\":\\\"x-synapse-corellationid\\\"}},\\\"x-synapse-custom\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-custom-empty\\\",\\\"name\\\":\\\"x-synapse-custom\\\"}},\\\"x-synapse-from-pod-name\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-from-pod-name-empty\\\",\\\"name\\\":\\\"x-synapse-from-pod-name\\\"}},\\\"x-synapse-messageid\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-messageid-empty\\\",\\\"name\\\":\\\"x-synapse-messageid\\\"}},\\\"x-synapse-operationname\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-operationname-empty\\\",\\\"name\\\":\\\"x-synapse-operationname\\\"}},\\\"x-synapse-rqtm\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-rqtm-empty\\\",\\\"name\\\":\\\"x-synapse-rqtm\\\"}},\\\"x-synapse-rquid\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-rquid-empty\\\",\\\"name\\\":\\\"x-synapse-rquid\\\"}},\\\"x-synapse-scname\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-scname-empty\\\",\\\"name\\\":\\\"x-synapse-scname\\\"}},\\\"x-synapse-serviceversion\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-serviceversion-empty\\\",\\\"name\\\":\\\"x-synapse-serviceversion\\\"}},\\\"x-synapse-spname\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-spname-empty\\\",\\\"name\\\":\\\"x-synapse-spname\\\"}},\\\"x-synapse-status-code\\\":{\\\"header\\\":{\\\"defaultValue\\\":\\\"x-synapse-status-code-empty\\\",\\\"name\\\":\\\"x-synapse-status-code\\\"}}},\\\"zipkin\\\":{\\\"address\\\":\\\"synapse-tracer-svc.sbt-devpub-cp-07.svc.cluster.local:8788\\\"},\\\"tlsSettings\\\":{\\\"caCertificates\\\":\\\"/var/run/secrets/istio/root-cert.pem\\\",\\\"mode\\\":\\\"SIMPLE\\\",\\\"subjectAltNames\\\":[\\\"spiffe://cluster.local/ns/sbt-devpub-cp-07.svc/sa/default\\\"]}},\\\"proxyMetadata\\\":{\\\"DNS_AGENT\\\":\\\"\\\"}}\\n\"},{\"name\":\"TRUST_DOMAIN\",\"value\":\"cluster.local\"},{\"name\":\"PILOT_CERT_PROVIDER\",\"value\":\"istiod\"},{\"name\":\"CA_ADDR\",\"value\":\"istiod-basic.sbt-devpub-cp-07.svc:15012\"},{\"name\":\"NODE_NAME\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"spec.nodeName\"}}},{\"name\":\"POD_NAME\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.name\"}}},{\"name\":\"POD_NAMESPACE\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.namespace\"}}},{\"name\":\"INSTANCE_IP\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"status.podIP\"}}},{\"name\":\"HOST_IP\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"status.hostIP\"}}},{\"name\":\"SERVICE_ACCOUNT\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"spec.serviceAccountName\"}}},{\"name\":\"CANONICAL_SERVICE\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.labels['service.istio.io/canonical-name']\"}}},{\"name\":\"CANONICAL_REVISION\",\"valueFrom\":{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.labels['service.istio.io/canonical-revision']\"}}},{\"name\":\"ISTIO_META_WORKLOAD_NAME\",\"value\":\"egressgateway-pub2-tribe-sy-kblt-dev\"},{\"name\":\"ISTIO_META_OWNER\",\"value\":\"kubernetes://apis/apps/v1/namespaces/pub2-tribe-sy-kblt-dev/deployments/egressgateway-pub2-tribe-sy-kblt-dev\"},{\"name\":\"ISTIO_META_MESH_ID\",\"value\":\"cluster.local\"},{\"name\":\"ISTIO_META_ROUTER_MODE\",\"value\":\"sni-dnat\"},{\"name\":\"ISTIO_META_CLUSTER_ID\",\"value\":\"Kubernetes\"}],\"image\":\"dzo.sw.sbc.space/sbt/ci90000162_syigeg/istio/proxyv2@sha256:f9c01f40cb0ea0cf88a94ff21c1246491fdf42b935b40db7f619c71b1fe76587\",\"imagePullPolicy\":\"Always\",\"name\":\"istio-proxy\",\"ports\":[{\"containerPort\":15021,\"name\":\"status-port\",\"protocol\":\"TCP\"},{\"containerPort\":4443,\"name\":\"https-kube\",\"protocol\":\"TCP\"}],\"readinessProbe\":{\"failureThreshold\":30,\"httpGet\":{\"path\":\"/healthz/ready\",\"port\":15021,\"scheme\":\"HTTP\"},\"initialDelaySeconds\":1,\"periodSeconds\":2,\"successThreshold\":1,\"timeoutSeconds\":1},\"resources\":{\"limits\":{\"cpu\":\"300m\",\"ephemeral-storage\":\"500Mi\",\"memory\":\"500Mi\"},\"requests\":{\"cpu\":\"300m\",\"ephemeral-storage\":\"500Mi\",\"memory\":\"500Mi\"}},\"securityContext\":{\"allowPrivilegeEscalation\":false,\"capabilities\":{\"drop\":[\"ALL\"]},\"privileged\":false,\"readOnlyRootFilesystem\":true},\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"volumeMounts\":[{\"mountPath\":\"/var/lib/istio/data\",\"name\":\"istio-data\"},{\"mountPath\":\"/etc/istio/proxy\",\"name\":\"istio-envoy\"},{\"mountPath\":\"/var/run/secrets/istio\",\"name\":\"istiod-ca-cert\"},{\"mountPath\":\"/etc/istio/pod\",\"name\":\"podinfo\"},{\"mountPath\":\"/var/run/secrets/tokens\",\"name\":\"istio-token\",\"readOnly\":true}]}],\"dnsPolicy\":\"ClusterFirst\",\"restartPolicy\":\"Always\",\"schedulerName\":\"default-scheduler\",\"securityContext\":{\"runAsNonRoot\":true},\"terminationGracePeriodSeconds\":30,\"volumes\":[{\"emptyDir\":{},\"name\":\"istio-data\"},{\"downwardAPI\":{\"defaultMode\":256,\"items\":[{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.labels\"},\"path\":\"labels\"},{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.annotations\"},\"path\":\"annotations\"},{\"path\":\"cpu-limit\",\"resourceFieldRef\":{\"containerName\":\"istio-proxy\",\"divisor\":\"1m\",\"resource\":\"limits.cpu\"}},{\"path\":\"cpu-request\",\"resourceFieldRef\":{\"containerName\":\"istio-proxy\",\"divisor\":\"1m\",\"resource\":\"requests.cpu\"}}]},\"name\":\"istio-podinfo\"},{\"configMap\":{\"defaultMode\":256,\"name\":\"istio-ca-root-cert\"},\"name\":\"istiod-ca-cert\"},{\"downwardAPI\":{\"defaultMode\":256,\"items\":[{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.labels\"},\"path\":\"labels\"},{\"fieldRef\":{\"apiVersion\":\"v1\",\"fieldPath\":\"metadata.annotations\"},\"path\":\"annotations\"}]},\"name\":\"podinfo\"},{\"emptyDir\":{\"medium\":\"Memory\"},\"name\":\"istio-envoy\"},{\"name\":\"istio-token\",\"projected\":{\"defaultMode\":256,\"sources\":[{\"serviceAccountToken\":{\"audience\":\"istio-ca\",\"expirationSeconds\":43200,\"path\":\"istio-token\"}}]}}]}}}}\n resourceVersion: '612829536'\n name: egressgateway-pub2-tribe-sy-kblt-dev\n uid: 012716b8-8367-4e49-8296-c58a4452819a\n creationTimestamp: '2023-05-29T12:33:42Z'\n generation: 2\n managedFields:\n - manager: oc\n operation: Update\n apiVersion: apps/v1\n time: '2023-06-08T12:58:32Z'\n fieldsType: FieldsV1\n fieldsV1:\n 'f:metadata':\n 'f:annotations':\n .: {}\n 'f:kubectl.kubernetes.io/last-applied-configuration': {}\n 'f:labels':\n .: {}\n 'f:platformv.sber.ru/componentCode': {}\n 'f:platformv.sber.ru/productCode': {}\n 'f:platformv.sber.ru/releaseVersion': {}\n 'f:spec':\n 'f:progressDeadlineSeconds': {}\n 'f:replicas': {}\n 'f:revisionHistoryLimit': {}\n 'f:selector': {}\n 'f:strategy':\n 'f:rollingUpdate':\n .: {}\n 'f:maxSurge': {}\n 'f:maxUnavailable': {}\n 'f:type': {}\n 'f:template':\n 'f:metadata':\n 'f:annotations':\n 'f:vault.hashicorp.com/agent-inject': {}\n 'f:vault.hashicorp.com/secret-volume-path-ca.crt': {}\n 'f:vault.hashicorp.com/secret-volume-path-cert.key': {}\n 'f:vault.hashicorp.com/agent-inject-template-cert.crt': {}\n 'f:vault.hashicorp.com/agent-inject-secret-tengri.key': {}\n 'f:vault.hashicorp.com/agent-limits-cpu': {}\n 'f:vault.hashicorp.com/agent-init-first': {}\n 'f:vault.hashicorp.com/agent-pre-populate': {}\n 'f:vault.hashicorp.com/agent-inject-secret-cert.key': {}\n 'f:vault.hashicorp.com/agent-inject-secret-ca.crt': {}\n 'f:vault.hashicorp.com/secret-volume-path-cert.crt': {}\n 'f:vault.hashicorp.com/agent-inject-secret-cert.crt': {}\n .: {}\n 'f:vault.hashicorp.com/agent-requests-cpu': {}\n 'f:vault.hashicorp.com/agent-inject-secret-tengri_ca.cer': {}\n 'f:vault.hashicorp.com/agent-limits-mem': {}\n 'f:vault.hashicorp.com/agent-inject-template-tengri.pem': {}\n 'f:vault.hashicorp.com/secret-volume-path-tengri_ca.cer': {}\n 'f:openshift.io/scc': {}\n 'f:vault.hashicorp.com/namespace': {}\n 'f:vault.hashicorp.com/agent-pre-populate-only': {}\n 'f:vault.hashicorp.com/secret-volume-path-tengri.pem': {}\n 'f:sidecar.istio.io/inject': {}\n 'f:vault.hashicorp.com/agent-inject-template-tengri_ca.cer': {}\n 'f:vault.hashicorp.com/agent-inject-template-tengri.key': {}\n 'f:vault.hashicorp.com/agent-inject-secret-tengri.pem': {}\n 'f:vault.hashicorp.com/agent-inject-template-ca.crt': {}\n 'f:vault.hashicorp.com/agent-inject-template-cert.key': {}\n 'f:vault.hashicorp.com/agent-requests-mem': {}\n 'f:vault.hashicorp.com/role': {}\n 'f:vault.hashicorp.com/secret-volume-path-tengri.key': {}\n 'f:labels':\n 'f:platformv.sber.ru/productCode': {}\n 'f:secman-injector': {}\n 'f:platformv.sber.ru/releaseVersion': {}\n 'f:chart': {}\n 'f:app': {}\n .: {}\n 'f:platformv.sber.ru/componentCode': {}\n 'f:release': {}\n 'f:heritage': {}\n 'f:istio': {}\n 'f:spec':\n 'f:affinity':\n .: {}\n 'f:nodeAffinity':\n .: {}\n 'f:preferredDuringSchedulingIgnoredDuringExecution': {}\n 'f:requiredDuringSchedulingIgnoredDuringExecution':\n .: {}\n 'f:nodeSelectorTerms': {}\n 'f:containers':\n 'k:{\"name\":\"istio-proxy\"}':\n 'f:image': {}\n 'f:volumeMounts':\n .: {}\n 'k:{\"mountPath\":\"/etc/istio/pod\"}':\n .: {}\n 'f:mountPath': {}\n 'f:name': {}\n 'k:{\"mountPath\":\"/etc/istio/proxy\"}':\n .: {}\n 'f:mountPath': {}\n 'f:name': {}\n 'k:{\"mountPath\":\"/var/lib/istio/data\"}':\n .: {}\n 'f:mountPath': {}\n 'f:name': {}\n 'k:{\"mountPath\":\"/var/run/secrets/istio\"}':\n .: {}\n 'f:mountPath': {}\n 'f:name': {}\n 'k:{\"mountPath\":\"/var/run/secrets/tokens\"}':\n .: {}\n 'f:mountPath': {}\n 'f:name': {}\n 'f:readOnly': {}\n 'f:terminationMessagePolicy': {}\n .: {}\n 'f:resources':\n .: {}\n 'f:limits':\n .: {}\n 'f:cpu': {}\n 'f:ephemeral-storage': {}\n 'f:memory': {}\n 'f:requests':\n .: {}\n 'f:cpu': {}\n 'f:ephemeral-storage': {}\n 'f:memory': {}\n 'f:args': {}\n 'f:env':\n 'k:{\"name\":\"INSTANCE_IP\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"CA_ADDR\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"ISTIO_META_MESH_ID\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"POD_NAME\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"CANONICAL_REVISION\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"ISTIO_META_OWNER\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"ISTIO_META_WORKLOAD_NAME\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n .: {}\n 'k:{\"name\":\"JWT_POLICY\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"TRUST_DOMAIN\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"HOST_IP\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"ISTIO_META_ROUTER_MODE\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"POD_NAMESPACE\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"SERVICE_ACCOUNT\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"PILOT_CERT_PROVIDER\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"PROXY_CONFIG\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'k:{\"name\":\"NODE_NAME\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"CANONICAL_SERVICE\"}':\n .: {}\n 'f:name': {}\n 'f:valueFrom':\n .: {}\n 'f:fieldRef':\n .: {}\n 'f:apiVersion': {}\n 'f:fieldPath': {}\n 'k:{\"name\":\"ISTIO_META_CLUSTER_ID\"}':\n .: {}\n 'f:name': {}\n 'f:value': {}\n 'f:readinessProbe':\n .: {}\n 'f:failureThreshold': {}\n 'f:httpGet':\n .: {}\n 'f:path': {}\n 'f:port': {}\n 'f:scheme': {}\n 'f:initialDelaySeconds': {}\n 'f:periodSeconds': {}\n 'f:successThreshold': {}\n 'f:timeoutSeconds': {}\n 'f:securityContext':\n .: {}\n 'f:allowPrivilegeEscalation': {}\n 'f:capabilities':\n .: {}\n 'f:drop': {}\n 'f:privileged': {}\n 'f:readOnlyRootFilesystem': {}\n 'f:terminationMessagePath': {}\n 'f:imagePullPolicy': {}\n 'f:ports':\n .: {}\n 'k:{\"containerPort\":4443,\"protocol\":\"TCP\"}':\n .: {}\n 'f:containerPort': {}\n 'f:name': {}\n 'f:protocol': {}\n 'k:{\"containerPort\":15021,\"protocol\":\"TCP\"}':\n .: {}\n 'f:containerPort': {}\n 'f:name': {}\n 'f:protocol': {}\n 'f:name': {}\n 'f:dnsPolicy': {}\n 'f:restartPolicy': {}\n 'f:schedulerName': {}\n 'f:securityContext':\n .: {}\n 'f:runAsNonRoot': {}\n 'f:terminationGracePeriodSeconds': {}\n 'f:volumes':\n .: {}\n 'k:{\"name\":\"istio-data\"}':\n .: {}\n 'f:emptyDir': {}\n 'f:name': {}\n 'k:{\"name\":\"istio-envoy\"}':\n .: {}\n 'f:emptyDir':\n .: {}\n 'f:medium': {}\n 'f:name': {}\n 'k:{\"name\":\"istio-podinfo\"}':\n .: {}\n 'f:downwardAPI':\n .: {}\n 'f:defaultMode': {}\n 'f:items': {}\n 'f:name': {}\n 'k:{\"name\":\"istio-token\"}':\n .: {}\n 'f:name': {}\n 'f:projected':\n .: {}\n 'f:defaultMode': {}\n 'f:sources': {}\n 'k:{\"name\":\"istiod-ca-cert\"}':\n .: {}\n 'f:configMap':\n .: {}\n 'f:defaultMode': {}\n 'f:name': {}\n 'f:name': {}\n 'k:{\"name\":\"podinfo\"}':\n .: {}\n 'f:downwardAPI':\n .: {}\n 'f:defaultMode': {}\n 'f:items': {}\n 'f:name': {}\n - manager: kube-controller-manager\n operation: Update\n apiVersion: apps/v1\n time: '2023-06-08T12:58:42Z'\n fieldsType: FieldsV1\n fieldsV1:\n 'f:metadata':\n 'f:annotations':\n 'f:deployment.kubernetes.io/revision': {}\n 'f:status':\n 'f:availableReplicas': {}\n 'f:conditions':\n .: {}\n 'k:{\"type\":\"Available\"}':\n .: {}\n 'f:lastTransitionTime': {}\n 'f:lastUpdateTime': {}\n 'f:message': {}\n 'f:reason': {}\n 'f:status': {}\n 'f:type': {}\n 'k:{\"type\":\"Progressing\"}':\n .: {}\n 'f:lastTransitionTime': {}\n 'f:lastUpdateTime': {}\n 'f:message': {}\n 'f:reason': {}\n 'f:status': {}\n 'f:type': {}\n 'f:observedGeneration': {}\n 'f:readyReplicas': {}\n 'f:replicas': {}\n 'f:updatedReplicas': {}\n namespace: pub2-tribe-sy-kblt-dev\n labels:\n platformv.sber.ru/componentCode: KBLT\n platformv.sber.ru/productCode: SSM\n platformv.sber.ru/releaseVersion: '3.6'\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: egressgateway-pub2-tribe-sy-kblt-dev\n istio: egressgateway-pub2-tribe-sy-kblt-dev\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: egressgateway-pub2-tribe-sy-kblt-dev\n platformv.sber.ru/componentCode: KBLT\n release: istio\n istio: egressgateway-pub2-tribe-sy-kblt-dev\n platformv.sber.ru/releaseVersion: '3.6'\n platformv.sber.ru/productCode: SSM\n secman-injector: enabled\n chart: gateways\n heritage: Tiller\n annotations:\n openshift.io/scc: restricted\n vault.hashicorp.com/agent-inject-secret-tengri_ca.cer: 'true'\n vault.hashicorp.com/agent-inject-template-tengri.key: |\n {{- with secret \"DEV_DZO/A/DEV/KBLT/KV/tengri\" -}}\n {{ index .Data \"tengri.key\" | base64Decode }}\n {{- end }}\n vault.hashicorp.com/agent-inject-secret-tengri.pem: 'true'\n vault.hashicorp.com/agent-inject-template-ca.crt: |\n {{- with secret \"DEV_DZO/A/DEV/KBLT/KV/kblt-audit-secret\" -}}\n {{ index .Data \"ca.crt\" | base64Decode }}\n {{- end }}\n vault.hashicorp.com/agent-requests-mem: 64Mi\n vault.hashicorp.com/agent-inject-template-cert.key: |\n {{- with secret \"DEV_DZO/A/DEV/KBLT/KV/kblt-audit-secret\" -}}\n {{ index .Data \"cert.key\" | base64Decode }}\n {{- end }}\n vault.hashicorp.com/namespace: DEV_DZO\n vault.hashicorp.com/role: role-ga-secman-kblt\n vault.hashicorp.com/secret-volume-path-tengri.pem: /etc/config/ssl\n vault.hashicorp.com/agent-pre-populate-only: 'false'\n sidecar.istio.io/inject: 'false'\n vault.hashicorp.com/agent-inject-template-tengri_ca.cer: |\n {{- with secret \"DEV_DZO/A/DEV/KBLT/KV/tengri\" -}}\n {{ index .Data \"tengri_ca.cer\" | base64Decode }}\n {{- end }}\n vault.hashicorp.com/agent-inject: 'true'\n vault.hashicorp.com/agent-inject-template-cert.crt: |\n {{- with secret \"DEV_DZO/A/DEV/KBLT/KV/kblt-audit-secret\" -}}\n {{ index .Data \"cert.crt\" | base64Decode }}\n {{- end }}\n vault.hashicorp.com/agent-init-first: 'false'\n vault.hashicorp.com/agent-inject-secret-tengri.key: 'true'\n vault.hashicorp.com/agent-limits-cpu: 500m\n vault.hashicorp.com/agent-pre-populate: 'true'\n vault.hashicorp.com/agent-inject-secret-ca.crt: 'true'\n vault.hashicorp.com/secret-volume-path-tengri.key: /etc/config/ssl\n vault.hashicorp.com/agent-inject-secret-cert.key: 'true'\n vault.hashicorp.com/secret-volume-path-cert.key: /etc/audit/ssl\n vault.hashicorp.com/secret-volume-path-ca.crt: /etc/audit/ssl\n vault.hashicorp.com/agent-inject-secret-cert.crt: 'true'\n vault.hashicorp.com/agent-requests-cpu: 250m\n vault.hashicorp.com/secret-volume-path-cert.crt: /etc/audit/ssl\n vault.hashicorp.com/agent-limits-mem: 128Mi\n vault.hashicorp.com/agent-inject-template-tengri.pem: |\n {{- with secret \"DEV_DZO/A/DEV/KBLT/KV/tengri\" -}}\n {{ index .Data \"tengri.pem\" | base64Decode }}\n {{- end }}\n vault.hashicorp.com/secret-volume-path-tengri_ca.cer: /etc/config/ssl\n spec:\n volumes:\n - name: istio-data\n emptyDir: {}\n - name: istio-podinfo\n downwardAPI:\n items:\n - path: labels\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.labels\n - path: annotations\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.annotations\n - path: cpu-limit\n resourceFieldRef:\n containerName: istio-proxy\n resource: limits.cpu\n divisor: 1m\n - path: cpu-request\n resourceFieldRef:\n containerName: istio-proxy\n resource: requests.cpu\n divisor: 1m\n defaultMode: 256\n - name: istiod-ca-cert\n configMap:\n name: istio-ca-root-cert\n defaultMode: 256\n - name: podinfo\n downwardAPI:\n items:\n - path: labels\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.labels\n - path: annotations\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.annotations\n defaultMode: 256\n - name: istio-envoy\n emptyDir:\n medium: Memory\n - name: istio-token\n projected:\n sources:\n - serviceAccountToken:\n audience: istio-ca\n expirationSeconds: 43200\n path: istio-token\n defaultMode: 256\n containers:\n - resources:\n limits:\n cpu: 300m\n ephemeral-storage: 500Mi\n memory: 500Mi\n requests:\n cpu: 300m\n ephemeral-storage: 500Mi\n memory: 500Mi\n readinessProbe:\n httpGet:\n path: /healthz/ready\n port: 15021\n scheme: HTTP\n initialDelaySeconds: 1\n timeoutSeconds: 1\n periodSeconds: 2\n successThreshold: 1\n failureThreshold: 30\n terminationMessagePath: /dev/termination-log\n name: istio-proxy\n env:\n - name: JWT_POLICY\n value: first-party-jwt\n - name: PROXY_CONFIG\n value: >\n {\"discoveryAddress\":\"istiod-basic.sbt-devpub-cp-07.svc:15012\",\"tracing\":{\"custom_tags\":{\"authority\":{\"header\":{\"defaultValue\":\"authority-empty\",\"name\":\":authority\"}},\"content-type\":{\"header\":{\"defaultValue\":\"content-type-empty\",\"name\":\"content-type\"}},\"grpc-accept-encoding\":{\"header\":{\"defaultValue\":\"grpc-accept-encoding-empty\",\"name\":\"grpc-accept-encoding\"}},\"host\":{\"header\":{\"defaultValue\":\"host-empty\",\"name\":\"host\"}},\"method\":{\"header\":{\"defaultValue\":\"method-empty\",\"name\":\":method\"}},\"path\":{\"header\":{\"defaultValue\":\"path-empty\",\"name\":\":path\"}},\"scheme\":{\"header\":{\"defaultValue\":\"scheme-empty\",\"name\":\":scheme\"}},\"x-b3-parentspanid\":{\"header\":{\"defaultValue\":\"x-b3-parentspanid-empty\",\"name\":\"x-b3-parentspanid\"}},\"x-b3-sampled\":{\"header\":{\"defaultValue\":\"x-b3-sampled-empty\",\"name\":\"x-b3-sampled\"}},\"x-b3-spanid\":{\"header\":{\"defaultValue\":\"x-b3-spanid-empty\",\"name\":\"x-b3-spanid\"}},\"x-b3-traceid\":{\"header\":{\"defaultValue\":\"x-b3-traceid-empty\",\"name\":\"x-b3-traceid\"}},\"x-envoy-decorator-operation\":{\"header\":{\"defaultValue\":\"x-envoy-decorator-operation-empty\",\"name\":\"x-envoy-decorator-operation\"}},\"x-envoy-internal\":{\"header\":{\"defaultValue\":\"x-envoy-internal-empty\",\"name\":\"x-envoy-internal\"}},\"x-forwarded-proto\":{\"header\":{\"defaultValue\":\"x-forwarded-proto-empty\",\"name\":\"x-forwarded-proto\"}},\"x-forwarded_for\":{\"header\":{\"defaultValue\":\"x-forwarded-for-empty\",\"name\":\"x-forwarded-for\"}},\"x-request-id\":{\"header\":{\"defaultValue\":\"x-request-id-empty\",\"name\":\"x-request-id\"}},\"x-synapse-corellationid\":{\"header\":{\"defaultValue\":\"x-synapse-corellationid-empty\",\"name\":\"x-synapse-corellationid\"}},\"x-synapse-custom\":{\"header\":{\"defaultValue\":\"x-synapse-custom-empty\",\"name\":\"x-synapse-custom\"}},\"x-synapse-from-pod-name\":{\"header\":{\"defaultValue\":\"x-synapse-from-pod-name-empty\",\"name\":\"x-synapse-from-pod-name\"}},\"x-synapse-messageid\":{\"header\":{\"defaultValue\":\"x-synapse-messageid-empty\",\"name\":\"x-synapse-messageid\"}},\"x-synapse-operationname\":{\"header\":{\"defaultValue\":\"x-synapse-operationname-empty\",\"name\":\"x-synapse-operationname\"}},\"x-synapse-rqtm\":{\"header\":{\"defaultValue\":\"x-synapse-rqtm-empty\",\"name\":\"x-synapse-rqtm\"}},\"x-synapse-rquid\":{\"header\":{\"defaultValue\":\"x-synapse-rquid-empty\",\"name\":\"x-synapse-rquid\"}},\"x-synapse-scname\":{\"header\":{\"defaultValue\":\"x-synapse-scname-empty\",\"name\":\"x-synapse-scname\"}},\"x-synapse-serviceversion\":{\"header\":{\"defaultValue\":\"x-synapse-serviceversion-empty\",\"name\":\"x-synapse-serviceversion\"}},\"x-synapse-spname\":{\"header\":{\"defaultValue\":\"x-synapse-spname-empty\",\"name\":\"x-synapse-spname\"}},\"x-synapse-status-code\":{\"header\":{\"defaultValue\":\"x-synapse-status-code-empty\",\"name\":\"x-synapse-status-code\"}}},\"zipkin\":{\"address\":\"synapse-tracer-svc.sbt-devpub-cp-07.svc.cluster.local:8788\"},\"tlsSettings\":{\"caCertificates\":\"/var/run/secrets/istio/root-cert.pem\",\"mode\":\"SIMPLE\",\"subjectAltNames\":[\"spiffe://cluster.local/ns/sbt-devpub-cp-07.svc/sa/default\"]}},\"proxyMetadata\":{\"DNS_AGENT\":\"\"}}\n - name: TRUST_DOMAIN\n value: cluster.local\n - name: PILOT_CERT_PROVIDER\n value: istiod\n - name: CA_ADDR\n value: 'istiod-basic.sbt-devpub-cp-07.svc:15012'\n - name: NODE_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: POD_NAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.podIP\n - name: HOST_IP\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: status.hostIP\n - name: SERVICE_ACCOUNT\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.serviceAccountName\n - name: CANONICAL_SERVICE\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 'metadata.labels[''service.istio.io/canonical-name'']'\n - name: CANONICAL_REVISION\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 'metadata.labels[''service.istio.io/canonical-revision'']'\n - name: ISTIO_META_WORKLOAD_NAME\n value: egressgateway-pub2-tribe-sy-kblt-dev\n - name: ISTIO_META_OWNER\n value: >-\n kubernetes://apis/apps/v1/namespaces/pub2-tribe-sy-kblt-dev/deployments/egressgateway-pub2-tribe-sy-kblt-dev\n - name: ISTIO_META_MESH_ID\n value: cluster.local\n - name: ISTIO_META_ROUTER_MODE\n value: sni-dnat\n - name: ISTIO_META_CLUSTER_ID\n value: Kubernetes\n securityContext:\n capabilities:\n drop:\n - ALL\n privileged: false\n readOnlyRootFilesystem: true\n allowPrivilegeEscalation: false\n ports:\n - name: status-port\n containerPort: 15021\n protocol: TCP\n - name: https-kube\n containerPort: 4443\n protocol: TCP\n imagePullPolicy: Always\n volumeMounts:\n - name: istio-data\n mountPath: /var/lib/istio/data\n - name: istio-envoy\n mountPath: /etc/istio/proxy\n - name: istiod-ca-cert\n mountPath: /var/run/secrets/istio\n - name: podinfo\n mountPath: /etc/istio/pod\n - name: istio-token\n readOnly: true\n mountPath: /var/run/secrets/tokens\n terminationMessagePolicy: File\n image: >-\n dzo.sw.sbc.space/sbt/ci90000162_syigeg/istio/proxyv2@sha256:f9c01f40cb0ea0cf88a94ff21c1246491fdf42b935b40db7f619c71b1fe76587\n args:\n - proxy\n - router\n - '--domain'\n - $(POD_NAMESPACE).svc.cluster.local\n - '--proxyLogLevel=warning'\n - '--proxyComponentLogLevel=misc:error'\n - '--log_output_level=default:info'\n - '--serviceCluster'\n - pub2-tribe-sy-kblt-dev\n - '--trust-domain=cluster.local'\n restartPolicy: Always\n terminationGracePeriodSeconds: 30\n dnsPolicy: ClusterFirst\n securityContext:\n runAsNonRoot: true\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/arch\n operator: In\n values:\n - amd64\n - ppc64le\n - s390x\n preferredDuringSchedulingIgnoredDuringExecution:\n - weight: 2\n preference:\n matchExpressions:\n - key: beta.kubernetes.io/arch\n operator: In\n values:\n - amd64\n - weight: 2\n preference:\n matchExpressions:\n - key: beta.kubernetes.io/arch\n operator: In\n values:\n - ppc64le\n - weight: 2\n preference:\n matchExpressions:\n - key: beta.kubernetes.io/arch\n operator: In\n values:\n - s390x\n schedulerName: default-scheduler\n strategy:\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 25%\n maxSurge: 100%\n revisionHistoryLimit: 10\n progressDeadlineSeconds: 600\nstatus:\n observedGeneration: 2\n replicas: 1\n updatedReplicas: 1\n readyReplicas: 1\n availableReplicas: 1\n conditions:\n - type: Available\n status: 'True'\n lastUpdateTime: '2023-05-29T12:59:34Z'\n lastTransitionTime: '2023-05-29T12:59:34Z'\n reason: MinimumReplicasAvailable\n message: Deployment has minimum availability.\n - type: Progressing\n status: 'True'\n lastUpdateTime: '2023-06-08T12:58:42Z'\n lastTransitionTime: '2023-05-29T12:33:42Z'\n reason: NewReplicaSetAvailable\n message: >-\n ReplicaSet \"egressgateway-pub2-tribe-sy-kblt-dev-6b86c8cdd6\" has\n successfully progressed.\n"
34var renderObj map[string]interface{}
35_ = yaml.Unmarshal([]byte(data), &renderObj)
36_ = Logic(renderObj)
37}
38
39func Logic(object interface{}) interface{} {
40var metadata = object.(map[string]interface{})["metadata"]
41var spec = object.(map[string]interface{})["spec"]
42var template = spec.(map[string]interface{})["template"]
43var metadataPod = template.(map[string]interface{})["metadata"]
44var specPod = template.(map[string]interface{})["spec"]
45var containers = specPod.(map[string]interface{})["containers"].([]interface{})
46
47var annons = metadataPod.(map[string]interface{})["annotations"]
48annons.(map[string]interface{})["vault.hashicorp.com/agent-run-as-same-user"] = "true"
49
50for _, c := range containers {
51args := c.(map[string]interface{})["args"].([]interface{})
52
53for i := range args {
54if i > 1 {
55if args[i-1] == "--serviceCluster" {
56args[i] = "$(POD_NAMESPACE)"
57}
58}
59}
60
61env := c.(map[string]interface{})["env"].([]interface{})
62for _, e := range env {
63v, ok := e.(map[string]interface{})["name"]
64if ok {
65n := v.(string)
66if n == "JWT_POLICY" {
67e.(map[string]interface{})["value"] = "third-party-jwt"
68}
69if n == "PROXY_CONFIG" {
70e.(map[string]interface{})["value"] = "{\"discoveryAddress\":\"istiod.istio-system.svc:15012\",\"tracing\":{\"custom_tags\":{\"authority\":{\"header\":{\"defaultValue\":\"authority-empty\",\"name\":\":authority\"}},\"content-type\":{\"header\":{\"defaultValue\":\"content-type-empty\",\"name\":\"content-type\"}},\"grpc-accept-encoding\":{\"header\":{\"defaultValue\":\"grpc-accept-encoding-empty\",\"name\":\"grpc-accept-encoding\"}},\"host\":{\"header\":{\"defaultValue\":\"host-empty\",\"name\":\"host\"}},\"method\":{\"header\":{\"defaultValue\":\"method-empty\",\"name\":\":method\"}},\"path\":{\"header\":{\"defaultValue\":\"path-empty\",\"name\":\":path\"}},\"scheme\":{\"header\":{\"defaultValue\":\"scheme-empty\",\"name\":\":scheme\"}},\"x-b3-parentspanid\":{\"header\":{\"defaultValue\":\"x-b3-parentspanid-empty\",\"name\":\"x-b3-parentspanid\"}},\"x-b3-sampled\":{\"header\":{\"defaultValue\":\"x-b3-sampled-empty\",\"name\":\"x-b3-sampled\"}},\"x-b3-spanid\":{\"header\":{\"defaultValue\":\"x-b3-spanid-empty\",\"name\":\"x-b3-spanid\"}},\"x-b3-traceid\":{\"header\":{\"defaultValue\":\"x-b3-traceid-empty\",\"name\":\"x-b3-traceid\"}},\"x-envoy-decorator-operation\":{\"header\":{\"defaultValue\":\"x-envoy-decorator-operation-empty\",\"name\":\"x-envoy-decorator-operation\"}},\"x-envoy-internal\":{\"header\":{\"defaultValue\":\"x-envoy-internal-empty\",\"name\":\"x-envoy-internal\"}},\"x-forwarded-proto\":{\"header\":{\"defaultValue\":\"x-forwarded-proto-empty\",\"name\":\"x-forwarded-proto\"}},\"x-forwarded_for\":{\"header\":{\"defaultValue\":\"x-forwarded-for-empty\",\"name\":\"x-forwarded-for\"}},\"x-request-id\":{\"header\":{\"defaultValue\":\"x-request-id-empty\",\"name\":\"x-request-id\"}},\"x-synapse-corellationid\":{\"header\":{\"defaultValue\":\"x-synapse-corellationid-empty\",\"name\":\"x-synapse-corellationid\"}},\"x-synapse-custom\":{\"header\":{\"defaultValue\":\"x-synapse-custom-empty\",\"name\":\"x-synapse-custom\"}},\"x-synapse-from-pod-name\":{\"header\":{\"defaultValue\":\"x-synapse-from-pod-name-empty\",\"name\":\"x-synapse-from-pod-name\"}},\"x-synapse-messageid\":{\"header\":{\"defaultValue\":\"x-synapse-messageid-empty\",\"name\":\"x-synapse-messageid\"}},\"x-synapse-operationname\":{\"header\":{\"defaultValue\":\"x-synapse-operationname-empty\",\"name\":\"x-synapse-operationname\"}},\"x-synapse-rqtm\":{\"header\":{\"defaultValue\":\"x-synapse-rqtm-empty\",\"name\":\"x-synapse-rqtm\"}},\"x-synapse-rquid\":{\"header\":{\"defaultValue\":\"x-synapse-rquid-empty\",\"name\":\"x-synapse-rquid\"}},\"x-synapse-scname\":{\"header\":{\"defaultValue\":\"x-synapse-scname-empty\",\"name\":\"x-synapse-scname\"}},\"x-synapse-serviceversion\":{\"header\":{\"defaultValue\":\"x-synapse-serviceversion-empty\",\"name\":\"x-synapse-serviceversion\"}},\"x-synapse-spname\":{\"header\":{\"defaultValue\":\"x-synapse-spname-empty\",\"name\":\"x-synapse-spname\"}},\"x-synapse-status-code\":{\"header\":{\"defaultValue\":\"x-synapse-status-code-empty\",\"name\":\"x-synapse-status-code\"}}},\"zipkin\":{\"address\":\"synapse-tracer-svc.sbt-devpub-cp-07.svc.cluster.local:8788\"},\"tlsSettings\":{\"caCertificates\":\"/var/run/secrets/istio/root-cert.pem\",\"mode\":\"SIMPLE\",\"subjectAltNames\":[\"spiffe://cluster.local/ns/sbt-devpub-cp-07.svc/sa/default\"]}},\"proxyMetadata\":{\"DNS_AGENT\":\"\"}}"
71}
72if n == "CA_ADDR" {
73e.(map[string]interface{})["value"] = "istiod.istio-system.svc:15012"
74}
75}
76}
77
78c.(map[string]interface{})["image"] = "docker.io/istio/proxyv2:1.12.7"
79
80security, ok := c.(map[string]interface{})["securityContext"]
81if ok {
82security.(map[string]interface{})["runAsGroup"] = 1001050000
83security.(map[string]interface{})["runAsUser"] = 1001050000
84} else {
85var smap = map[string]interface{}{
86"runAsGroup": 1001050000,
87"runAsUser": 1001050000,
88}
89c.(map[string]interface{})["securityContext"] = smap
90}
91
92var vm = c.(map[string]interface{})["volumeMounts"].([]interface{})
93vm = append(vm, map[string]interface{}{
94"name": "workload-socket",
95"mountPath": "/var/run/secrets/workload-spiffe-uds",
96})
97vm = append(vm, map[string]interface{}{
98"name": "credential-socket",
99"mountPath": "/var/run/secrets/credential-uds",
100})
101vm = append(vm, map[string]interface{}{
102"name": "workload-certs",
103"mountPath": "/var/run/secrets/workload-spiffe-credentials",
104})
105c.(map[string]interface{})["volumeMounts"] = vm
106}
107
108var v = specPod.(map[string]interface{})["volumes"].([]interface{})
109v = append(v, map[string]interface{}{
110"name": "workload-socket",
111"emptyDir": map[string]interface{}{},
112})
113v = append(v, map[string]interface{}{
114"name": "credential-socket",
115"emptyDir": map[string]interface{}{},
116})
117v = append(v, map[string]interface{}{
118"name": "workload-certs",
119"emptyDir": map[string]interface{}{},
120})
121specPod.(map[string]interface{})["volumes"] = v
122
123metadata.(map[string]interface{})["name"] = "mychanged"
124return object
125}
126