github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/test/k8sT/manifests/bookinfo-v1-istio.yaml (about) 1 # Copyright 2017 Istio Authors 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 ################################################################################################## 16 # Details service 17 ################################################################################################## 18 apiVersion: v1 19 kind: Service 20 metadata: 21 name: details 22 labels: 23 app: details 24 spec: 25 ports: 26 - port: 9080 27 name: http 28 selector: 29 app: details 30 --- 31 apiVersion: apps/v1 32 kind: Deployment 33 metadata: 34 creationTimestamp: null 35 name: details-v1 36 spec: 37 replicas: 1 38 selector: 39 matchLabels: 40 app: details 41 track: stable 42 version: v1 43 zgroup: bookinfo 44 strategy: {} 45 template: 46 metadata: 47 annotations: 48 sidecar.istio.io/interceptionMode: TPROXY 49 sidecar.istio.io/status: '{"version":"45fd8869cfbf8375ea44be15a0156f5850b1789428501a78c16a8490fd325b06","initContainers":["sleep","istio-init"],"containers":["istio-proxy"],"volumes":["cilium-unix-sock-dir","istio-envoy","istio-certs"],"imagePullSecrets":null}' 50 traffic.sidecar.istio.io/excludeInboundPorts: "15020" 51 traffic.sidecar.istio.io/includeInboundPorts: "9080" 52 traffic.sidecar.istio.io/includeOutboundIPRanges: '*' 53 creationTimestamp: null 54 labels: 55 app: details 56 security.istio.io/tlsMode: istio 57 track: stable 58 version: v1 59 zgroup: bookinfo 60 spec: 61 containers: 62 - image: docker.io/istio/examples-bookinfo-details-v1:1.6.0 63 imagePullPolicy: IfNotPresent 64 name: details 65 ports: 66 - containerPort: 9080 67 resources: {} 68 - args: 69 - proxy 70 - sidecar 71 - --domain 72 - $(POD_NAMESPACE).svc.cluster.local 73 - --configPath 74 - /etc/istio/proxy 75 - --binaryPath 76 - /usr/local/bin/envoy 77 - --serviceCluster 78 - details.$(POD_NAMESPACE) 79 - --drainDuration 80 - 45s 81 - --parentShutdownDuration 82 - 1m0s 83 - --discoveryAddress 84 - istio-pilot.istio-system:15011 85 - --zipkinAddress 86 - zipkin.istio-system:9411 87 - --dnsRefreshRate 88 - 300s 89 - --connectTimeout 90 - 10s 91 - --proxyAdminPort 92 - "15000" 93 - --concurrency 94 - "2" 95 - --controlPlaneAuthPolicy 96 - MUTUAL_TLS 97 - --statusPort 98 - "15020" 99 - --applicationPorts 100 - "9080" 101 env: 102 - name: POD_NAME 103 valueFrom: 104 fieldRef: 105 fieldPath: metadata.name 106 - name: ISTIO_META_POD_PORTS 107 value: |- 108 [ 109 {"containerPort":9080} 110 ] 111 - name: ISTIO_META_CLUSTER_ID 112 value: Kubernetes 113 - name: POD_NAMESPACE 114 valueFrom: 115 fieldRef: 116 fieldPath: metadata.namespace 117 - name: INSTANCE_IP 118 valueFrom: 119 fieldRef: 120 fieldPath: status.podIP 121 - name: SERVICE_ACCOUNT 122 valueFrom: 123 fieldRef: 124 fieldPath: spec.serviceAccountName 125 - name: ISTIO_META_POD_NAME 126 valueFrom: 127 fieldRef: 128 fieldPath: metadata.name 129 - name: ISTIO_META_CONFIG_NAMESPACE 130 valueFrom: 131 fieldRef: 132 fieldPath: metadata.namespace 133 - name: SDS_ENABLED 134 value: "false" 135 - name: ISTIO_META_INTERCEPTION_MODE 136 value: TPROXY 137 - name: ISTIO_META_INCLUDE_INBOUND_PORTS 138 value: "9080" 139 - name: ISTIO_METAJSON_LABELS 140 value: | 141 {"app":"details","track":"stable","version":"v1","zgroup":"bookinfo"} 142 - name: ISTIO_META_WORKLOAD_NAME 143 value: details-v1 144 - name: ISTIO_META_OWNER 145 value: kubernetes://apis/apps/v1/namespaces/default/deployments/details-v1 146 image: docker.io/cilium/istio_proxy:1.4.6 147 imagePullPolicy: IfNotPresent 148 name: istio-proxy 149 ports: 150 - containerPort: 15090 151 name: http-envoy-prom 152 protocol: TCP 153 readinessProbe: 154 failureThreshold: 30 155 httpGet: 156 path: /healthz/ready 157 port: 15020 158 initialDelaySeconds: 1 159 periodSeconds: 2 160 resources: 161 limits: 162 cpu: "2" 163 memory: 1Gi 164 requests: 165 cpu: 100m 166 memory: 128Mi 167 securityContext: 168 allowPrivilegeEscalation: false 169 capabilities: 170 add: 171 - NET_ADMIN 172 drop: 173 - ALL 174 privileged: false 175 readOnlyRootFilesystem: true 176 runAsGroup: 1337 177 runAsNonRoot: false 178 runAsUser: 0 179 volumeMounts: 180 - mountPath: /var/run/cilium 181 name: cilium-unix-sock-dir 182 - mountPath: /etc/istio/proxy 183 name: istio-envoy 184 - mountPath: /etc/certs/ 185 name: istio-certs 186 readOnly: true 187 initContainers: 188 - command: 189 - sh 190 - -c 191 - 'max=120; i=0; until nslookup kube-dns.kube-system.svc.cluster.local; do 192 i=$((i + 1)); if [ $i -eq $max ]; then echo timed-out; exit 1; else sleep 193 1; fi done ' 194 image: busybox:1.28.4 195 imagePullPolicy: IfNotPresent 196 name: sleep 197 resources: {} 198 - command: 199 - istio-iptables 200 - -p 201 - "15001" 202 - -z 203 - "15006" 204 - -u 205 - "1337" 206 - -m 207 - TPROXY 208 - -i 209 - '*' 210 - -x 211 - "" 212 - -b 213 - '*' 214 - -d 215 - "15020" 216 image: docker.io/cilium/istio_proxy:1.4.6 217 imagePullPolicy: IfNotPresent 218 name: istio-init 219 resources: 220 limits: 221 cpu: 100m 222 memory: 50Mi 223 requests: 224 cpu: 10m 225 memory: 10Mi 226 securityContext: 227 allowPrivilegeEscalation: false 228 capabilities: 229 add: 230 - NET_ADMIN 231 - NET_RAW 232 drop: 233 - ALL 234 privileged: false 235 readOnlyRootFilesystem: false 236 runAsGroup: 0 237 runAsNonRoot: false 238 runAsUser: 0 239 terminationGracePeriodSeconds: 0 240 volumes: 241 - hostPath: 242 path: /var/run/cilium 243 name: cilium-unix-sock-dir 244 - emptyDir: 245 medium: Memory 246 name: istio-envoy 247 - name: istio-certs 248 secret: 249 optional: true 250 secretName: istio.default 251 status: {} 252 --- 253 ################################################################################################## 254 # Reviews service 255 ################################################################################################## 256 apiVersion: v1 257 kind: Service 258 metadata: 259 name: reviews 260 labels: 261 app: reviews 262 spec: 263 ports: 264 - port: 9080 265 name: http 266 selector: 267 app: reviews 268 --- 269 apiVersion: apps/v1 270 kind: Deployment 271 metadata: 272 creationTimestamp: null 273 name: reviews-v1 274 spec: 275 replicas: 1 276 selector: 277 matchLabels: 278 app: reviews 279 track: stable 280 version: v1 281 zgroup: bookinfo 282 strategy: {} 283 template: 284 metadata: 285 annotations: 286 sidecar.istio.io/interceptionMode: TPROXY 287 sidecar.istio.io/status: '{"version":"45fd8869cfbf8375ea44be15a0156f5850b1789428501a78c16a8490fd325b06","initContainers":["sleep","istio-init"],"containers":["istio-proxy"],"volumes":["cilium-unix-sock-dir","istio-envoy","istio-certs"],"imagePullSecrets":null}' 288 traffic.sidecar.istio.io/excludeInboundPorts: "15020" 289 traffic.sidecar.istio.io/includeInboundPorts: "9080" 290 traffic.sidecar.istio.io/includeOutboundIPRanges: '*' 291 creationTimestamp: null 292 labels: 293 app: reviews 294 security.istio.io/tlsMode: istio 295 track: stable 296 version: v1 297 zgroup: bookinfo 298 spec: 299 containers: 300 - image: docker.io/istio/examples-bookinfo-reviews-v1:1.6.0 301 imagePullPolicy: IfNotPresent 302 name: reviews 303 ports: 304 - containerPort: 9080 305 resources: {} 306 - args: 307 - proxy 308 - sidecar 309 - --domain 310 - $(POD_NAMESPACE).svc.cluster.local 311 - --configPath 312 - /etc/istio/proxy 313 - --binaryPath 314 - /usr/local/bin/envoy 315 - --serviceCluster 316 - reviews.$(POD_NAMESPACE) 317 - --drainDuration 318 - 45s 319 - --parentShutdownDuration 320 - 1m0s 321 - --discoveryAddress 322 - istio-pilot.istio-system:15011 323 - --zipkinAddress 324 - zipkin.istio-system:9411 325 - --dnsRefreshRate 326 - 300s 327 - --connectTimeout 328 - 10s 329 - --proxyAdminPort 330 - "15000" 331 - --concurrency 332 - "2" 333 - --controlPlaneAuthPolicy 334 - MUTUAL_TLS 335 - --statusPort 336 - "15020" 337 - --applicationPorts 338 - "9080" 339 env: 340 - name: POD_NAME 341 valueFrom: 342 fieldRef: 343 fieldPath: metadata.name 344 - name: ISTIO_META_POD_PORTS 345 value: |- 346 [ 347 {"containerPort":9080} 348 ] 349 - name: ISTIO_META_CLUSTER_ID 350 value: Kubernetes 351 - name: POD_NAMESPACE 352 valueFrom: 353 fieldRef: 354 fieldPath: metadata.namespace 355 - name: INSTANCE_IP 356 valueFrom: 357 fieldRef: 358 fieldPath: status.podIP 359 - name: SERVICE_ACCOUNT 360 valueFrom: 361 fieldRef: 362 fieldPath: spec.serviceAccountName 363 - name: ISTIO_META_POD_NAME 364 valueFrom: 365 fieldRef: 366 fieldPath: metadata.name 367 - name: ISTIO_META_CONFIG_NAMESPACE 368 valueFrom: 369 fieldRef: 370 fieldPath: metadata.namespace 371 - name: SDS_ENABLED 372 value: "false" 373 - name: ISTIO_META_INTERCEPTION_MODE 374 value: TPROXY 375 - name: ISTIO_META_INCLUDE_INBOUND_PORTS 376 value: "9080" 377 - name: ISTIO_METAJSON_LABELS 378 value: | 379 {"app":"reviews","track":"stable","version":"v1","zgroup":"bookinfo"} 380 - name: ISTIO_META_WORKLOAD_NAME 381 value: reviews-v1 382 - name: ISTIO_META_OWNER 383 value: kubernetes://apis/apps/v1/namespaces/default/deployments/reviews-v1 384 image: docker.io/cilium/istio_proxy:1.4.6 385 imagePullPolicy: IfNotPresent 386 name: istio-proxy 387 ports: 388 - containerPort: 15090 389 name: http-envoy-prom 390 protocol: TCP 391 readinessProbe: 392 failureThreshold: 30 393 httpGet: 394 path: /healthz/ready 395 port: 15020 396 initialDelaySeconds: 1 397 periodSeconds: 2 398 resources: 399 limits: 400 cpu: "2" 401 memory: 1Gi 402 requests: 403 cpu: 100m 404 memory: 128Mi 405 securityContext: 406 allowPrivilegeEscalation: false 407 capabilities: 408 add: 409 - NET_ADMIN 410 drop: 411 - ALL 412 privileged: false 413 readOnlyRootFilesystem: true 414 runAsGroup: 1337 415 runAsNonRoot: false 416 runAsUser: 0 417 volumeMounts: 418 - mountPath: /var/run/cilium 419 name: cilium-unix-sock-dir 420 - mountPath: /etc/istio/proxy 421 name: istio-envoy 422 - mountPath: /etc/certs/ 423 name: istio-certs 424 readOnly: true 425 initContainers: 426 - command: 427 - sh 428 - -c 429 - 'max=120; i=0; until nslookup kube-dns.kube-system.svc.cluster.local; do 430 i=$((i + 1)); if [ $i -eq $max ]; then echo timed-out; exit 1; else sleep 431 1; fi done ' 432 image: busybox:1.28.4 433 imagePullPolicy: IfNotPresent 434 name: sleep 435 resources: {} 436 - command: 437 - istio-iptables 438 - -p 439 - "15001" 440 - -z 441 - "15006" 442 - -u 443 - "1337" 444 - -m 445 - TPROXY 446 - -i 447 - '*' 448 - -x 449 - "" 450 - -b 451 - '*' 452 - -d 453 - "15020" 454 image: docker.io/cilium/istio_proxy:1.4.6 455 imagePullPolicy: IfNotPresent 456 name: istio-init 457 resources: 458 limits: 459 cpu: 100m 460 memory: 50Mi 461 requests: 462 cpu: 10m 463 memory: 10Mi 464 securityContext: 465 allowPrivilegeEscalation: false 466 capabilities: 467 add: 468 - NET_ADMIN 469 - NET_RAW 470 drop: 471 - ALL 472 privileged: false 473 readOnlyRootFilesystem: false 474 runAsGroup: 0 475 runAsNonRoot: false 476 runAsUser: 0 477 terminationGracePeriodSeconds: 0 478 volumes: 479 - hostPath: 480 path: /var/run/cilium 481 name: cilium-unix-sock-dir 482 - emptyDir: 483 medium: Memory 484 name: istio-envoy 485 - name: istio-certs 486 secret: 487 optional: true 488 secretName: istio.default 489 status: {} 490 --- 491 ################################################################################################## 492 # Productpage service 493 ################################################################################################## 494 apiVersion: v1 495 kind: Service 496 metadata: 497 name: productpage 498 labels: 499 app: productpage 500 spec: 501 ports: 502 - port: 9080 503 name: http 504 selector: 505 app: productpage 506 --- 507 apiVersion: apps/v1 508 kind: Deployment 509 metadata: 510 creationTimestamp: null 511 name: productpage-v1 512 spec: 513 replicas: 1 514 selector: 515 matchLabels: 516 app: productpage 517 track: stable 518 version: v1 519 zgroup: bookinfo 520 strategy: {} 521 template: 522 metadata: 523 annotations: 524 sidecar.istio.io/interceptionMode: TPROXY 525 sidecar.istio.io/status: '{"version":"45fd8869cfbf8375ea44be15a0156f5850b1789428501a78c16a8490fd325b06","initContainers":["sleep","istio-init"],"containers":["istio-proxy"],"volumes":["cilium-unix-sock-dir","istio-envoy","istio-certs"],"imagePullSecrets":null}' 526 traffic.sidecar.istio.io/excludeInboundPorts: "15020" 527 traffic.sidecar.istio.io/includeInboundPorts: "9080" 528 traffic.sidecar.istio.io/includeOutboundIPRanges: '*' 529 creationTimestamp: null 530 labels: 531 app: productpage 532 security.istio.io/tlsMode: istio 533 track: stable 534 version: v1 535 zgroup: bookinfo 536 spec: 537 containers: 538 - image: docker.io/istio/examples-bookinfo-productpage-v1:0.2.3 539 imagePullPolicy: IfNotPresent 540 name: productpage 541 ports: 542 - containerPort: 9080 543 resources: {} 544 - args: 545 - proxy 546 - sidecar 547 - --domain 548 - $(POD_NAMESPACE).svc.cluster.local 549 - --configPath 550 - /etc/istio/proxy 551 - --binaryPath 552 - /usr/local/bin/envoy 553 - --serviceCluster 554 - productpage.$(POD_NAMESPACE) 555 - --drainDuration 556 - 45s 557 - --parentShutdownDuration 558 - 1m0s 559 - --discoveryAddress 560 - istio-pilot.istio-system:15011 561 - --zipkinAddress 562 - zipkin.istio-system:9411 563 - --dnsRefreshRate 564 - 300s 565 - --connectTimeout 566 - 10s 567 - --proxyAdminPort 568 - "15000" 569 - --concurrency 570 - "2" 571 - --controlPlaneAuthPolicy 572 - MUTUAL_TLS 573 - --statusPort 574 - "15020" 575 - --applicationPorts 576 - "9080" 577 env: 578 - name: POD_NAME 579 valueFrom: 580 fieldRef: 581 fieldPath: metadata.name 582 - name: ISTIO_META_POD_PORTS 583 value: |- 584 [ 585 {"containerPort":9080} 586 ] 587 - name: ISTIO_META_CLUSTER_ID 588 value: Kubernetes 589 - name: POD_NAMESPACE 590 valueFrom: 591 fieldRef: 592 fieldPath: metadata.namespace 593 - name: INSTANCE_IP 594 valueFrom: 595 fieldRef: 596 fieldPath: status.podIP 597 - name: SERVICE_ACCOUNT 598 valueFrom: 599 fieldRef: 600 fieldPath: spec.serviceAccountName 601 - name: ISTIO_META_POD_NAME 602 valueFrom: 603 fieldRef: 604 fieldPath: metadata.name 605 - name: ISTIO_META_CONFIG_NAMESPACE 606 valueFrom: 607 fieldRef: 608 fieldPath: metadata.namespace 609 - name: SDS_ENABLED 610 value: "false" 611 - name: ISTIO_META_INTERCEPTION_MODE 612 value: TPROXY 613 - name: ISTIO_META_INCLUDE_INBOUND_PORTS 614 value: "9080" 615 - name: ISTIO_METAJSON_LABELS 616 value: | 617 {"app":"productpage","track":"stable","version":"v1","zgroup":"bookinfo"} 618 - name: ISTIO_META_WORKLOAD_NAME 619 value: productpage-v1 620 - name: ISTIO_META_OWNER 621 value: kubernetes://apis/apps/v1/namespaces/default/deployments/productpage-v1 622 image: docker.io/cilium/istio_proxy:1.4.6 623 imagePullPolicy: IfNotPresent 624 name: istio-proxy 625 ports: 626 - containerPort: 15090 627 name: http-envoy-prom 628 protocol: TCP 629 readinessProbe: 630 failureThreshold: 30 631 httpGet: 632 path: /healthz/ready 633 port: 15020 634 initialDelaySeconds: 1 635 periodSeconds: 2 636 resources: 637 limits: 638 cpu: "2" 639 memory: 1Gi 640 requests: 641 cpu: 100m 642 memory: 128Mi 643 securityContext: 644 allowPrivilegeEscalation: false 645 capabilities: 646 add: 647 - NET_ADMIN 648 drop: 649 - ALL 650 privileged: false 651 readOnlyRootFilesystem: true 652 runAsGroup: 1337 653 runAsNonRoot: false 654 runAsUser: 0 655 volumeMounts: 656 - mountPath: /var/run/cilium 657 name: cilium-unix-sock-dir 658 - mountPath: /etc/istio/proxy 659 name: istio-envoy 660 - mountPath: /etc/certs/ 661 name: istio-certs 662 readOnly: true 663 initContainers: 664 - command: 665 - sh 666 - -c 667 - 'max=120; i=0; until nslookup kube-dns.kube-system.svc.cluster.local; do 668 i=$((i + 1)); if [ $i -eq $max ]; then echo timed-out; exit 1; else sleep 669 1; fi done ' 670 image: busybox:1.28.4 671 imagePullPolicy: IfNotPresent 672 name: sleep 673 resources: {} 674 - command: 675 - istio-iptables 676 - -p 677 - "15001" 678 - -z 679 - "15006" 680 - -u 681 - "1337" 682 - -m 683 - TPROXY 684 - -i 685 - '*' 686 - -x 687 - "" 688 - -b 689 - '*' 690 - -d 691 - "15020" 692 image: docker.io/cilium/istio_proxy:1.4.6 693 imagePullPolicy: IfNotPresent 694 name: istio-init 695 resources: 696 limits: 697 cpu: 100m 698 memory: 50Mi 699 requests: 700 cpu: 10m 701 memory: 10Mi 702 securityContext: 703 allowPrivilegeEscalation: false 704 capabilities: 705 add: 706 - NET_ADMIN 707 - NET_RAW 708 drop: 709 - ALL 710 privileged: false 711 readOnlyRootFilesystem: false 712 runAsGroup: 0 713 runAsNonRoot: false 714 runAsUser: 0 715 terminationGracePeriodSeconds: 0 716 volumes: 717 - hostPath: 718 path: /var/run/cilium 719 name: cilium-unix-sock-dir 720 - emptyDir: 721 medium: Memory 722 name: istio-envoy 723 - name: istio-certs 724 secret: 725 optional: true 726 secretName: istio.default 727 status: {} 728 ---