github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/base/sidecar-injector-configmap.yaml (about) 1 --- 2 # Source: istio/templates/sidecar-injector-configmap.yaml 3 4 apiVersion: v1 5 kind: ConfigMap 6 metadata: 7 name: istio-sidecar-injector 8 namespace: default 9 labels: 10 app: istio 11 chart: istio-1.0.3 12 release: istio 13 heritage: Tiller 14 istio: sidecar-injector 15 data: 16 config: |- 17 policy: enabled 18 template: |- 19 initContainers: 20 - name: istio-init 21 image: "gcr.io/istio-release/proxy_init:release-1.0-latest-daily" 22 args: 23 - "-p" 24 - [[ .MeshConfig.ProxyListenPort ]] 25 - "-u" 26 - 1337 27 - "-m" 28 - [[ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode ]] 29 - "-i" 30 - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` "*" ]]" 31 - "-x" 32 - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` "" ]]" 33 - "-b" 34 - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) ]]" 35 - "-d" 36 - "[[ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` 0 ) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` "" ) ]]" 37 imagePullPolicy: IfNotPresent 38 securityContext: 39 capabilities: 40 add: 41 - NET_ADMIN 42 privileged: true 43 restartPolicy: Always 44 containers: 45 - name: istio-proxy 46 image: [[ annotation .ObjectMeta `sidecar.istio.io/proxyImage` "gcr.io/istio-release/proxyv2:release-1.0-latest-daily" ]] 47 48 ports: 49 - containerPort: 15090 50 protocol: TCP 51 name: http-envoy-prom 52 53 args: 54 - proxy 55 - sidecar 56 - --configPath 57 - [[ .ProxyConfig.ConfigPath ]] 58 - --binaryPath 59 - [[ .ProxyConfig.BinaryPath ]] 60 - --serviceCluster 61 [[ if ne "" (index .ObjectMeta.Labels "app") -]] 62 - [[ index .ObjectMeta.Labels "app" ]] 63 [[ else -]] 64 - "istio-proxy" 65 [[ end -]] 66 - --drainDuration 67 - [[ formatDuration .ProxyConfig.DrainDuration ]] 68 - --parentShutdownDuration 69 - [[ formatDuration .ProxyConfig.ParentShutdownDuration ]] 70 - --discoveryAddress 71 - [[ .ProxyConfig.DiscoveryAddress ]] 72 - --discoveryRefreshDelay 73 - [[ formatDuration .ProxyConfig.DiscoveryRefreshDelay ]] 74 - --zipkinAddress 75 - [[ .ProxyConfig.ZipkinAddress ]] 76 - --connectTimeout 77 - [[ formatDuration .ProxyConfig.ConnectTimeout ]] 78 - --proxyAdminPort 79 - [[ .ProxyConfig.ProxyAdminPort ]] 80 [[ if gt .ProxyConfig.Concurrency 0 -]] 81 - --concurrency 82 - [[ .ProxyConfig.Concurrency ]] 83 [[ end -]] 84 - --controlPlaneAuthPolicy 85 - [[ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy ]] 86 [[- if (ne (annotation .ObjectMeta `status.sidecar.istio.io/port` 0 ) "0") ]] 87 - --statusPort 88 - [[ annotation .ObjectMeta `status.sidecar.istio.io/port` 0 ]] 89 - --applicationPorts 90 - "[[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) ]]" 91 [[- end ]] 92 env: 93 - name: POD_NAME 94 valueFrom: 95 fieldRef: 96 fieldPath: metadata.name 97 - name: POD_NAMESPACE 98 valueFrom: 99 fieldRef: 100 fieldPath: metadata.namespace 101 - name: INSTANCE_IP 102 valueFrom: 103 fieldRef: 104 fieldPath: status.podIP 105 - name: ISTIO_META_POD_NAME 106 valueFrom: 107 fieldRef: 108 fieldPath: metadata.name 109 - name: ISTIO_META_INTERCEPTION_MODE 110 value: [[ or (index .ObjectMeta.Annotations "sidecar.istio.io/interceptionMode") .ProxyConfig.InterceptionMode.String ]] 111 [[ if .ObjectMeta.Annotations ]] 112 - name: ISTIO_METAJSON_ANNOTATIONS 113 value: | 114 [[ toJson .ObjectMeta.Annotations ]] 115 [[ end ]] 116 [[ range $k,$v := .ObjectMeta.Labels ]] 117 - name: ISTIO_META_[[ $k ]] 118 value: "[[ $v ]]" 119 [[ end ]] 120 imagePullPolicy: IfNotPresent 121 [[ if (ne (annotation .ObjectMeta `status.sidecar.istio.io/port` 0 ) "0") ]] 122 readinessProbe: 123 httpGet: 124 path: /healthz/ready 125 port: [[ annotation .ObjectMeta `status.sidecar.istio.io/port` 0 ]] 126 initialDelaySeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` 1 ]] 127 periodSeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` 2 ]] 128 failureThreshold: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` 30 ]] 129 [[ end -]]securityContext: 130 131 readOnlyRootFilesystem: true 132 [[ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) "TPROXY" -]] 133 capabilities: 134 add: 135 - NET_ADMIN 136 runAsGroup: 1337 137 [[ else -]] 138 runAsUser: 1337 139 [[ end -]] 140 restartPolicy: Always 141 resources: 142 [[ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -]] 143 requests: 144 cpu: "[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` ]]" 145 memory: "[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` ]]" 146 [[ else -]] 147 requests: 148 cpu: 10m 149 150 [[ end -]] 151 volumeMounts: 152 - mountPath: /etc/istio/proxy 153 name: istio-envoy 154 - mountPath: /etc/certs/ 155 name: istio-certs 156 readOnly: true 157 volumes: 158 - emptyDir: 159 medium: Memory 160 name: istio-envoy 161 - name: istio-certs 162 secret: 163 optional: true 164 [[ if eq .Spec.ServiceAccountName "" -]] 165 secretName: istio.default 166 [[ else -]] 167 secretName: [[ printf "istio.%s" .Spec.ServiceAccountName ]] 168 [[ end -]]