kubelatte-ce

c1.yml
143 строки · 4.2 Кб
Перенос по словам
1
containers:
2
  - name: sidecarinjector-test/egress-container/istio-proxy
3
    args:
4
      - proxy
5
      - router
6
      - --domain
7
      - $(POD_NAMESPACE).svc.cluster.local
8
      - --proxyLogLevel=warning
9
      - --proxyComponentLogLevel=misc:error
10
      - --log_output_level=default:warn
11
      - --serviceCluster
12
      - istio-egressgateway
13
    env:
14
      - name: ISTIO_META_DNS_CAPTURE
15
        value: "true"
16
      - name: ISTIO_META_DNS_AUTO_ALLOCATE
17
        value: "true"
18
      - name: PROXY_XDS_VIA_AGENT
19
        value: "true"
20
      - name: ISTIO_META_UNPRIVILEGED_POD
21
        value: "true"
22
      - name: JWT_POLICY
23
        value: first-party-jwt
24
      - name: PILOT_CERT_PROVIDER
25
        value: istiod
26
      - name: CA_ADDR
27
        value: istiod-basic.maksim-istio-system-2-1.svc:15012
28
      - name: NODE_NAME
29
        valueFrom:
30
          fieldRef:
31
            apiVersion: v1
32
            fieldPath: spec.nodeName
33
      - name: POD_NAME
34
        valueFrom:
35
          fieldRef:
36
            apiVersion: v1
37
            fieldPath: metadata.name
38
      - name: POD_NAMESPACE
39
        valueFrom:
40
          fieldRef:
41
            apiVersion: v1
42
            fieldPath: metadata.namespace
43
      - name: INSTANCE_IP
44
        valueFrom:
45
          fieldRef:
46
            apiVersion: v1
47
            fieldPath: status.podIP
48
      - name: HOST_IP
49
        valueFrom:
50
          fieldRef:
51
            apiVersion: v1
52
            fieldPath: status.hostIP
53
      - name: SERVICE_ACCOUNT
54
        valueFrom:
55
          fieldRef:
56
            apiVersion: v1
57
            fieldPath: spec.serviceAccountName
58
      - name: CANONICAL_SERVICE
59
        valueFrom:
60
          fieldRef:
61
            apiVersion: v1
62
            fieldPath: metadata.labels['service.istio.io/canonical-name']
63
      - name: CANONICAL_REVISION
64
        valueFrom:
65
          fieldRef:
66
            apiVersion: v1
67
            fieldPath: metadata.labels['service.istio.io/canonical-revision']
68
      - name: ISTIO_META_WORKLOAD_NAME
69
        value: istio-egressgateway
70
      - name: ISTIO_META_OWNER
71
        value: kubernetes://apis/apps/v1/namespaces/maksim-istio-system-2-1/deployments/istio-egressgateway
72
      - name: ISTIO_META_ROUTER_MODE
73
        value: standard
74
      - name: ISTIO_META_CLUSTER_ID
75
        value: Kubernetes
76
      - name: TESTARG
77
        value: {% or (index .Annotations "vault.k8s-integration.sfdc.com/role") "Test" %}
78
    image: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:13f566dca713189e5bdb4c67c1754fafc1ebc3f8b9696ccb2093f927d186737f
79
    imagePullPolicy: IfNotPresent
80
    ports:
81
      - containerPort: {% or (index .Annotations "port/value") 1111 %}
82
        name: http2
83
        protocol: TCP
84
      - containerPort: 8443
85
        name: https
86
        protocol: TCP
87
      - containerPort: 15443
88
        name: tls
89
        protocol: TCP
90
      - containerPort: 15090
91
        name: http-envoy-prom
92
        protocol: TCP
93
    readinessProbe:
94
      failureThreshold: 30
95
      httpGet:
96
        path: /healthz/ready
97
        port: 15021
98
        scheme: HTTP
99
      initialDelaySeconds: 1
100
      periodSeconds: 2
101
      successThreshold: 1
102
      timeoutSeconds: 1
103
    resources:
104
      limits:
105
        cpu: 100m
106
        memory: 100m
107
      requests:
108
        cpu: 100m
109
        memory: 100m
110
    securityContext:
111
      allowPrivilegeEscalation: false
112
      capabilities:
113
        drop:
114
          - ALL
115
          - KILL
116
          - MKNOD
117
          - SETGID
118
          - SETUID
119
      privileged: false
120
      readOnlyRootFilesystem: true
121
      runAsUser: 1001530000
122
    terminationMessagePath: /dev/termination-log
123
    terminationMessagePolicy: File
124
    volumeMounts:
125
      - mountPath: /etc/istio/proxy
126
        name: istio-envoy
127
      - mountPath: /etc/istio/config
128
        name: config-volume
129
      - mountPath: /var/run/secrets/istio
130
        name: istiod-ca-cert
131
      - mountPath: /var/lib/istio/data
132
        name: istio-data
133
      - mountPath: /etc/istio/pod
134
        name: podinfo
135
      - mountPath: /etc/istio/egressgateway-certs
136
        name: egressgateway-certs
137
        readOnly: true
138
      - mountPath: /etc/istio/egressgateway-ca-certs
139
        name: egressgateway-ca-certs
140
        readOnly: true
141
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
142
        name: istio-egressgateway-service-account-token-bg47v
143
        readOnly: true
kubelatte-ce

Использование cookies
