github.phpd.cn/cilium/cilium@v1.6.12/examples/kubernetes-istio/istio-sidecar-injector-configmap-debug.yaml (about) 1 kind: ConfigMap 2 metadata: 3 name: istio-inject 4 namespace: istio-system 5 apiVersion: v1 6 data: 7 config: | 8 policy: enabled 9 template: |- 10 initContainers: 11 - name: istio-init 12 image: docker.io/cilium/istio_proxy_init:1.1.2 13 args: 14 - "-p" 15 - {{ .MeshConfig.ProxyListenPort }} 16 - "-u" 17 - 1337 18 - "-t" 19 - "-b" 20 - "*" 21 - "-i" 22 - "*" 23 imagePullPolicy: Always 24 securityContext: 25 capabilities: 26 add: 27 - NET_ADMIN 28 privileged: true 29 restartPolicy: Always 30 - args: 31 - -c 32 #/etc/istio/proxy value here matches ConfigPathDir const in context.go 33 - sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c 34 unlimited 35 command: 36 - /bin/sh 37 image: docker.io/library/alpine 38 imagePullPolicy: Always 39 name: enable-core-dump 40 resources: {} 41 securityContext: 42 privileged: true 43 containers: 44 - name: istio-proxy 45 # cilium/istio_proxy_debug:1.1.2 image currently not available 46 image: docker.io/cilium/istio_proxy:1.1.3 47 args: 48 - proxy 49 - sidecar 50 - --configPath 51 - {{ .ProxyConfig.ConfigPath }} 52 - --binaryPath 53 - {{ .ProxyConfig.BinaryPath }} 54 - --serviceCluster 55 {{ if ne "" (index .ObjectMeta.Labels "app") -}} 56 - {{ index .ObjectMeta.Labels "app" }} 57 {{ else -}} 58 - "istio-proxy" 59 {{ end -}} 60 - --drainDuration 61 - {{ formatDuration .ProxyConfig.DrainDuration }} 62 - --parentShutdownDuration 63 - {{ formatDuration .ProxyConfig.ParentShutdownDuration }} 64 - --discoveryAddress 65 - {{ .ProxyConfig.DiscoveryAddress }} 66 - --discoveryRefreshDelay 67 - {{ formatDuration .ProxyConfig.DiscoveryRefreshDelay }} 68 - --zipkinAddress 69 - {{ .ProxyConfig.ZipkinAddress }} 70 - --connectTimeout 71 - {{ formatDuration .ProxyConfig.ConnectTimeout }} 72 - --statsdUdpAddress 73 - {{ .ProxyConfig.StatsdUdpAddress }} 74 - --proxyAdminPort 75 - {{ .ProxyConfig.ProxyAdminPort }} 76 - --controlPlaneAuthPolicy 77 - {{ .ProxyConfig.ControlPlaneAuthPolicy }} 78 env: 79 - name: POD_NAME 80 valueFrom: 81 fieldRef: 82 fieldPath: metadata.name 83 - name: POD_NAMESPACE 84 valueFrom: 85 fieldRef: 86 fieldPath: metadata.namespace 87 - name: INSTANCE_IP 88 valueFrom: 89 fieldRef: 90 fieldPath: status.podIP 91 imagePullPolicy: Always 92 securityContext: 93 privileged: true 94 readOnlyRootFilesystem: false 95 restartPolicy: Always 96 volumeMounts: 97 - mountPath: /etc/istio/proxy 98 name: istio-envoy 99 - mountPath: /etc/certs/ 100 name: istio-certs 101 readOnly: true 102 volumes: 103 - emptyDir: 104 medium: Memory 105 name: istio-envoy 106 - name: istio-certs 107 secret: 108 optional: true 109 {{ if eq .Spec.ServiceAccountName "" -}} 110 secretName: istio.default 111 {{ else -}} 112 secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} 113 {{ end -}}