github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/pilot/templates/deployment.yaml (about) 1 apiVersion: extensions/v1beta1 2 kind: Deployment 3 metadata: 4 name: istio-pilot 5 namespace: {{ .Release.Namespace }} 6 # TODO: default template doesn't have this, which one is right ? 7 labels: 8 app: istio-pilot 9 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 10 release: {{ .Release.Name }} 11 heritage: {{ .Release.Service }} 12 istio: pilot 13 annotations: 14 checksum/config-volume: {{ template "istio.configmap.checksum" . }} 15 spec: 16 replicas: {{ .Values.replicaCount }} 17 template: 18 metadata: 19 labels: 20 istio: pilot 21 app: pilot 22 annotations: 23 sidecar.istio.io/inject: "false" 24 scheduler.alpha.kubernetes.io/critical-pod: "" 25 spec: 26 serviceAccountName: istio-pilot-service-account 27 {{- if .Values.global.priorityClassName }} 28 priorityClassName: "{{ .Values.global.priorityClassName }}" 29 {{- end }} 30 containers: 31 - name: discovery 32 {{- if contains "/" .Values.image }} 33 image: "{{ .Values.image }}" 34 {{- else }} 35 image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}" 36 {{- end }} 37 imagePullPolicy: {{ .Values.global.imagePullPolicy }} 38 args: 39 - "discovery" 40 {{- if .Values.global.oneNamespace }} 41 - "-a" 42 - {{ .Release.Namespace }} 43 {{- end }} 44 {{- if not .Values.sidecar }} 45 - --secureGrpcAddr 46 - ":15011" 47 {{- end }} 48 ports: 49 - containerPort: 8080 50 - containerPort: 15010 51 {{- if not .Values.sidecar }} 52 - containerPort: 15011 53 {{- end }} 54 readinessProbe: 55 httpGet: 56 path: /ready 57 port: 8080 58 initialDelaySeconds: 5 59 periodSeconds: 30 60 timeoutSeconds: 5 61 env: 62 - name: POD_NAME 63 valueFrom: 64 fieldRef: 65 apiVersion: v1 66 fieldPath: metadata.name 67 - name: POD_NAMESPACE 68 valueFrom: 69 fieldRef: 70 apiVersion: v1 71 fieldPath: metadata.namespace 72 - name: PILOT_CACHE_SQUASH 73 value: "5" 74 {{- if .Values.env }} 75 {{- range $key, $val := .Values.env }} 76 - name: {{ $key }} 77 value: "{{ $val }}" 78 {{- end }} 79 {{- end }} 80 {{- if .Values.traceSampling }} 81 - name: PILOT_TRACE_SAMPLING 82 value: "{{ .Values.traceSampling }}" 83 {{- end }} 84 resources: 85 {{- if .Values.resources }} 86 {{ toYaml .Values.resources | indent 12 }} 87 {{- else }} 88 {{ toYaml .Values.global.defaultResources | indent 12 }} 89 {{- end }} 90 volumeMounts: 91 - name: config-volume 92 mountPath: /etc/istio/config 93 - name: istio-certs 94 mountPath: /etc/certs 95 readOnly: true 96 {{- if .Values.sidecar }} 97 - name: istio-proxy 98 image: "{{ .Values.global.hub }}/proxyv2:{{ .Values.global.tag }}" 99 imagePullPolicy: {{ .Values.global.imagePullPolicy }} 100 ports: 101 - containerPort: 15003 102 - containerPort: 15005 103 - containerPort: 15007 104 - containerPort: 15011 105 args: 106 - proxy 107 - --serviceCluster 108 - istio-pilot 109 - --templateFile 110 - /etc/istio/proxy/envoy_pilot.yaml.tmpl 111 {{- if $.Values.global.controlPlaneSecurityEnabled}} 112 - --controlPlaneAuthPolicy 113 - MUTUAL_TLS 114 {{- else }} 115 - --controlPlaneAuthPolicy 116 - NONE 117 {{- end }} 118 env: 119 - name: POD_NAME 120 valueFrom: 121 fieldRef: 122 apiVersion: v1 123 fieldPath: metadata.name 124 - name: POD_NAMESPACE 125 valueFrom: 126 fieldRef: 127 apiVersion: v1 128 fieldPath: metadata.namespace 129 - name: INSTANCE_IP 130 valueFrom: 131 fieldRef: 132 apiVersion: v1 133 fieldPath: status.podIP 134 resources: 135 {{- if .Values.global.proxy.resources }} 136 {{ toYaml .Values.global.proxy.resources | indent 12 }} 137 {{- else }} 138 {{ toYaml .Values.global.defaultResources | indent 12 }} 139 {{- end }} 140 volumeMounts: 141 - name: istio-certs 142 mountPath: /etc/certs 143 readOnly: true 144 {{- end }} 145 volumes: 146 - name: config-volume 147 configMap: 148 name: istio 149 - name: istio-certs 150 secret: 151 secretName: istio.istio-pilot-service-account 152 optional: true 153 affinity: 154 {{- include "nodeaffinity" . | indent 6 }}