kubelatte-ce
Форк от sbertech/kubelatte-ce
143 строки · 4.2 Кб
1containers:
2- name: sidecarinjector-test/egress-container/istio-proxy
3args:
4- proxy
5- router
6- --domain
7- $(POD_NAMESPACE).svc.cluster.local
8- --proxyLogLevel=warning
9- --proxyComponentLogLevel=misc:error
10- --log_output_level=default:warn
11- --serviceCluster
12- istio-egressgateway
13env:
14- name: ISTIO_META_DNS_CAPTURE
15value: "true"
16- name: ISTIO_META_DNS_AUTO_ALLOCATE
17value: "true"
18- name: PROXY_XDS_VIA_AGENT
19value: "true"
20- name: ISTIO_META_UNPRIVILEGED_POD
21value: "true"
22- name: JWT_POLICY
23value: first-party-jwt
24- name: PILOT_CERT_PROVIDER
25value: istiod
26- name: CA_ADDR
27value: istiod-basic.maksim-istio-system-2-1.svc:15012
28- name: NODE_NAME
29valueFrom:
30fieldRef:
31apiVersion: v1
32fieldPath: spec.nodeName
33- name: POD_NAME
34valueFrom:
35fieldRef:
36apiVersion: v1
37fieldPath: metadata.name
38- name: POD_NAMESPACE
39valueFrom:
40fieldRef:
41apiVersion: v1
42fieldPath: metadata.namespace
43- name: INSTANCE_IP
44valueFrom:
45fieldRef:
46apiVersion: v1
47fieldPath: status.podIP
48- name: HOST_IP
49valueFrom:
50fieldRef:
51apiVersion: v1
52fieldPath: status.hostIP
53- name: SERVICE_ACCOUNT
54valueFrom:
55fieldRef:
56apiVersion: v1
57fieldPath: spec.serviceAccountName
58- name: CANONICAL_SERVICE
59valueFrom:
60fieldRef:
61apiVersion: v1
62fieldPath: metadata.labels['service.istio.io/canonical-name']
63- name: CANONICAL_REVISION
64valueFrom:
65fieldRef:
66apiVersion: v1
67fieldPath: metadata.labels['service.istio.io/canonical-revision']
68- name: ISTIO_META_WORKLOAD_NAME
69value: istio-egressgateway
70- name: ISTIO_META_OWNER
71value: kubernetes://apis/apps/v1/namespaces/maksim-istio-system-2-1/deployments/istio-egressgateway
72- name: ISTIO_META_ROUTER_MODE
73value: standard
74- name: ISTIO_META_CLUSTER_ID
75value: Kubernetes
76- name: TESTARG
77value: {% or (index .Annotations "vault.k8s-integration.sfdc.com/role") "Test" %}
78image: registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:13f566dca713189e5bdb4c67c1754fafc1ebc3f8b9696ccb2093f927d186737f
79imagePullPolicy: IfNotPresent
80ports:
81- containerPort: {% or (index .Annotations "port/value") 1111 %}
82name: http2
83protocol: TCP
84- containerPort: 8443
85name: https
86protocol: TCP
87- containerPort: 15443
88name: tls
89protocol: TCP
90- containerPort: 15090
91name: http-envoy-prom
92protocol: TCP
93readinessProbe:
94failureThreshold: 30
95httpGet:
96path: /healthz/ready
97port: 15021
98scheme: HTTP
99initialDelaySeconds: 1
100periodSeconds: 2
101successThreshold: 1
102timeoutSeconds: 1
103resources:
104limits:
105cpu: 100m
106memory: 100m
107requests:
108cpu: 100m
109memory: 100m
110securityContext:
111allowPrivilegeEscalation: false
112capabilities:
113drop:
114- ALL
115- KILL
116- MKNOD
117- SETGID
118- SETUID
119privileged: false
120readOnlyRootFilesystem: true
121runAsUser: 1001530000
122terminationMessagePath: /dev/termination-log
123terminationMessagePolicy: File
124volumeMounts:
125- mountPath: /etc/istio/proxy
126name: istio-envoy
127- mountPath: /etc/istio/config
128name: config-volume
129- mountPath: /var/run/secrets/istio
130name: istiod-ca-cert
131- mountPath: /var/lib/istio/data
132name: istio-data
133- mountPath: /etc/istio/pod
134name: podinfo
135- mountPath: /etc/istio/egressgateway-certs
136name: egressgateway-certs
137readOnly: true
138- mountPath: /etc/istio/egressgateway-ca-certs
139name: egressgateway-ca-certs
140readOnly: true
141- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
142name: istio-egressgateway-service-account-token-bg47v
143readOnly: true