github.com/replicatedcom/ship@v0.50.0/integration/init/istio/expected/base/sidecar-injector-configmap.yaml (about) 1 --- 2 # Source: istio/templates/sidecar-injector-configmap.yaml 3 4 apiVersion: v1 5 kind: ConfigMap 6 metadata: 7 name: istio-sidecar-injector 8 namespace: default 9 labels: 10 app: istio 11 chart: istio-1.1.0 12 heritage: Tiller 13 release: istio 14 istio: sidecar-injector 15 data: 16 config: |- 17 policy: enabled 18 template: |- 19 initContainers: 20 - name: istio-init 21 image: "gcr.io/istio-release/proxy_init:master-latest-daily" 22 args: 23 - "-p" 24 - [[ .MeshConfig.ProxyListenPort ]] 25 - "-u" 26 - 1337 27 - "-m" 28 - [[ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode ]] 29 - "-i" 30 - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` "*" ]]" 31 - "-x" 32 - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` "" ]]" 33 - "-b" 34 - "[[ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) ]]" 35 - "-d" 36 - "[[ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` "" ) ]]" 37 imagePullPolicy: IfNotPresent 38 resources: 39 requests: 40 cpu: 10m 41 memory: 10Mi 42 limits: 43 cpu: 10m 44 memory: 10Mi 45 securityContext: 46 capabilities: 47 add: 48 - NET_ADMIN 49 restartPolicy: Always 50 51 containers: 52 - name: istio-proxy 53 image: [[ annotation .ObjectMeta `sidecar.istio.io/proxyImage` "gcr.io/istio-release/proxyv2:master-latest-daily" ]] 54 55 ports: 56 - containerPort: 15090 57 protocol: TCP 58 name: http-envoy-prom 59 60 args: 61 - proxy 62 - sidecar 63 - --configPath 64 - [[ .ProxyConfig.ConfigPath ]] 65 - --binaryPath 66 - [[ .ProxyConfig.BinaryPath ]] 67 - --serviceCluster 68 [[ if ne "" (index .ObjectMeta.Labels "app") -]] 69 - [[ index .ObjectMeta.Labels "app" ]].[[ valueOrDefault .DeploymentMeta.Namespace "default" ]] 70 [[ else -]] 71 - [[ valueOrDefault .DeploymentMeta.Name "istio-proxy" ]].[[ valueOrDefault .DeploymentMeta.Namespace "default" ]] 72 [[ end -]] 73 - --drainDuration 74 - [[ formatDuration .ProxyConfig.DrainDuration ]] 75 - --parentShutdownDuration 76 - [[ formatDuration .ProxyConfig.ParentShutdownDuration ]] 77 - --discoveryAddress 78 - [[ .ProxyConfig.DiscoveryAddress ]] 79 - --zipkinAddress 80 - [[ .ProxyConfig.GetTracing.GetZipkin.GetAddress ]] 81 - --connectTimeout 82 - [[ formatDuration .ProxyConfig.ConnectTimeout ]] 83 - --proxyAdminPort 84 - [[ .ProxyConfig.ProxyAdminPort ]] 85 [[ if gt .ProxyConfig.Concurrency 0 -]] 86 - --concurrency 87 - [[ .ProxyConfig.Concurrency ]] 88 [[ end -]] 89 - --controlPlaneAuthPolicy 90 - [[ annotation .ObjectMeta `sidecar.istio.io/controlPlaneAuthPolicy` .ProxyConfig.ControlPlaneAuthPolicy ]] 91 [[- if (ne (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ) "0") ]] 92 - --statusPort 93 - [[ annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ]] 94 - --applicationPorts 95 - "[[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) ]]" 96 [[- end ]] 97 env: 98 - name: POD_NAME 99 valueFrom: 100 fieldRef: 101 fieldPath: metadata.name 102 - name: POD_NAMESPACE 103 valueFrom: 104 fieldRef: 105 fieldPath: metadata.namespace 106 - name: INSTANCE_IP 107 valueFrom: 108 fieldRef: 109 fieldPath: status.podIP 110 - name: ISTIO_META_POD_NAME 111 valueFrom: 112 fieldRef: 113 fieldPath: metadata.name 114 - name: ISTIO_META_INTERCEPTION_MODE 115 value: [[ or (index .ObjectMeta.Annotations "sidecar.istio.io/interceptionMode") .ProxyConfig.InterceptionMode.String ]] 116 [[ if .ObjectMeta.Annotations ]] 117 - name: ISTIO_METAJSON_ANNOTATIONS 118 value: | 119 [[ toJSON .ObjectMeta.Annotations ]] 120 [[ end ]] 121 [[ range $k,$v := .ObjectMeta.Labels ]] 122 - name: ISTIO_META_[[ $k ]] 123 value: "[[ $v ]]" 124 [[ end ]] 125 imagePullPolicy: IfNotPresent 126 [[ if (ne (annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ) "0") ]] 127 readinessProbe: 128 httpGet: 129 path: /healthz/ready 130 port: [[ annotation .ObjectMeta `status.sidecar.istio.io/port` 15020 ]] 131 initialDelaySeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` 1 ]] 132 periodSeconds: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` 2 ]] 133 failureThreshold: [[ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` 30 ]] 134 [[ end -]]securityContext: 135 136 readOnlyRootFilesystem: true 137 [[ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) "TPROXY" -]] 138 capabilities: 139 add: 140 - NET_ADMIN 141 runAsGroup: 1337 142 [[ else -]] 143 runAsUser: 1337 144 [[- end ]] 145 resources: 146 [[ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -]] 147 requests: 148 cpu: "[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` ]]" 149 memory: "[[ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` ]]" 150 [[ else -]] 151 requests: 152 cpu: 10m 153 154 [[ end -]] 155 volumeMounts: 156 - mountPath: /etc/istio/proxy 157 name: istio-envoy 158 - mountPath: /etc/certs/ 159 name: istio-certs 160 readOnly: true 161 162 163 volumes: 164 165 166 - emptyDir: 167 medium: Memory 168 name: istio-envoy 169 - name: istio-certs 170 secret: 171 optional: true 172 [[ if eq .Spec.ServiceAccountName "" -]] 173 secretName: istio.default 174 [[ else -]] 175 secretName: [[ printf "istio.%s" .Spec.ServiceAccountName ]] 176 [[ end -]]