istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istio-control/istio-discovery/files/waypoint.yaml (about) 1 apiVersion: v1 2 kind: ServiceAccount 3 metadata: 4 name: {{.ServiceAccount | quote}} 5 namespace: {{.Namespace | quote}} 6 annotations: 7 {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} 8 labels: 9 {{- toJsonMap 10 .InfrastructureLabels 11 (strdict 12 "gateway.networking.k8s.io/gateway-name" .Name 13 "istio.io/gateway-name" .Name 14 ) | nindent 4 }} 15 {{- if ge .KubeVersion 128 }} 16 # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 17 ownerReferences: 18 - apiVersion: gateway.networking.k8s.io/v1beta1 19 kind: Gateway 20 name: "{{.Name}}" 21 uid: "{{.UID}}" 22 {{- end }} 23 --- 24 apiVersion: apps/v1 25 kind: Deployment 26 metadata: 27 name: {{.DeploymentName | quote}} 28 namespace: {{.Namespace | quote}} 29 annotations: 30 {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} 31 labels: 32 {{- toJsonMap 33 .InfrastructureLabels 34 (strdict 35 "gateway.networking.k8s.io/gateway-name" .Name 36 "istio.io/gateway-name" .Name 37 "gateway.istio.io/managed" "istio.io-mesh-controller" 38 ) | nindent 4 }} 39 ownerReferences: 40 - apiVersion: gateway.networking.k8s.io/v1beta1 41 kind: Gateway 42 name: "{{.Name}}" 43 uid: "{{.UID}}" 44 spec: 45 selector: 46 matchLabels: 47 "{{.GatewayNameLabel}}": "{{.Name}}" 48 template: 49 metadata: 50 annotations: 51 {{- toJsonMap 52 (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") 53 (strdict "istio.io/rev" (.Revision | default "default")) 54 (strdict 55 "prometheus.io/path" "/stats/prometheus" 56 "prometheus.io/port" "15020" 57 "prometheus.io/scrape" "true" 58 ) | nindent 8 }} 59 labels: 60 {{- toJsonMap 61 (strdict 62 "sidecar.istio.io/inject" "false" 63 "istio.io/dataplane-mode" "none" 64 "service.istio.io/canonical-name" .DeploymentName 65 "service.istio.io/canonical-revision" "latest" 66 ) 67 .InfrastructureLabels 68 (strdict 69 "gateway.networking.k8s.io/gateway-name" .Name 70 "istio.io/gateway-name" .Name 71 "gateway.istio.io/managed" "istio.io-mesh-controller" 72 ) | nindent 8}} 73 spec: 74 terminationGracePeriodSeconds: 2 75 serviceAccountName: {{.ServiceAccount | quote}} 76 containers: 77 - name: istio-proxy 78 ports: 79 - containerPort: 15021 80 name: status-port 81 protocol: TCP 82 - containerPort: 15090 83 protocol: TCP 84 name: http-envoy-prom 85 {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} 86 image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" 87 {{- else }} 88 image: "{{ .ProxyImage }}" 89 {{- end }} 90 {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} 91 args: 92 - proxy 93 - waypoint 94 - --domain 95 - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} 96 - --serviceCluster 97 - {{.ServiceAccount}}.$(POD_NAMESPACE) 98 - --proxyLogLevel 99 - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} 100 - --proxyComponentLogLevel 101 - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} 102 - --log_output_level 103 - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} 104 {{- if .Values.global.logAsJson }} 105 - --log_as_json 106 {{- end }} 107 env: 108 - name: ISTIO_META_SERVICE_ACCOUNT 109 valueFrom: 110 fieldRef: 111 fieldPath: spec.serviceAccountName 112 - name: ISTIO_META_NODE_NAME 113 valueFrom: 114 fieldRef: 115 fieldPath: spec.nodeName 116 - name: PILOT_CERT_PROVIDER 117 value: {{ .Values.global.pilotCertProvider }} 118 - name: CA_ADDR 119 {{- if .Values.global.caAddress }} 120 value: {{ .Values.global.caAddress }} 121 {{- else }} 122 value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 123 {{- end }} 124 - name: POD_NAME 125 valueFrom: 126 fieldRef: 127 fieldPath: metadata.name 128 - name: POD_NAMESPACE 129 valueFrom: 130 fieldRef: 131 fieldPath: metadata.namespace 132 - name: INSTANCE_IP 133 valueFrom: 134 fieldRef: 135 fieldPath: status.podIP 136 - name: SERVICE_ACCOUNT 137 valueFrom: 138 fieldRef: 139 fieldPath: spec.serviceAccountName 140 - name: HOST_IP 141 valueFrom: 142 fieldRef: 143 fieldPath: status.hostIP 144 - name: ISTIO_CPU_LIMIT 145 valueFrom: 146 resourceFieldRef: 147 resource: limits.cpu 148 - name: PROXY_CONFIG 149 value: | 150 {{ protoToJSON .ProxyConfig }} 151 {{- if .ProxyConfig.ProxyMetadata }} 152 {{- range $key, $value := .ProxyConfig.ProxyMetadata }} 153 - name: {{ $key }} 154 value: "{{ $value }}" 155 {{- end }} 156 {{- end }} 157 - name: GOMEMLIMIT 158 valueFrom: 159 resourceFieldRef: 160 resource: limits.memory 161 - name: GOMAXPROCS 162 valueFrom: 163 resourceFieldRef: 164 resource: limits.cpu 165 - name: ISTIO_META_CLUSTER_ID 166 value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" 167 {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} 168 {{- if $network }} 169 - name: ISTIO_META_NETWORK 170 value: "{{ $network }}" 171 {{- end }} 172 - name: ISTIO_META_INTERCEPTION_MODE 173 value: REDIRECT 174 - name: ISTIO_META_WORKLOAD_NAME 175 value: {{.DeploymentName}} 176 - name: ISTIO_META_OWNER 177 value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} 178 {{- if .Values.global.meshID }} 179 - name: ISTIO_META_MESH_ID 180 value: "{{ .Values.global.meshID }}" 181 {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} 182 - name: ISTIO_META_MESH_ID 183 value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" 184 {{- end }} 185 resources: 186 limits: 187 cpu: "2" 188 memory: 1Gi 189 requests: 190 cpu: 100m 191 memory: 128Mi 192 startupProbe: 193 failureThreshold: 30 194 httpGet: 195 path: /healthz/ready 196 port: 15021 197 scheme: HTTP 198 initialDelaySeconds: 1 199 periodSeconds: 1 200 successThreshold: 1 201 timeoutSeconds: 1 202 readinessProbe: 203 failureThreshold: 4 204 httpGet: 205 path: /healthz/ready 206 port: 15021 207 scheme: HTTP 208 initialDelaySeconds: 0 209 periodSeconds: 15 210 successThreshold: 1 211 timeoutSeconds: 1 212 securityContext: 213 privileged: false 214 runAsGroup: 1337 215 runAsUser: 0 216 capabilities: 217 drop: 218 - ALL 219 volumeMounts: 220 - name: workload-socket 221 mountPath: /var/run/secrets/workload-spiffe-uds 222 - mountPath: /var/run/secrets/istio 223 name: istiod-ca-cert 224 - mountPath: /var/lib/istio/data 225 name: istio-data 226 - mountPath: /etc/istio/proxy 227 name: istio-envoy 228 - mountPath: /var/run/secrets/tokens 229 name: istio-token 230 - mountPath: /etc/istio/pod 231 name: istio-podinfo 232 volumes: 233 - emptyDir: {} 234 name: workload-socket 235 - emptyDir: 236 medium: Memory 237 name: istio-envoy 238 - emptyDir: 239 medium: Memory 240 name: go-proxy-envoy 241 - emptyDir: {} 242 name: istio-data 243 - emptyDir: {} 244 name: go-proxy-data 245 - downwardAPI: 246 items: 247 - fieldRef: 248 fieldPath: metadata.labels 249 path: labels 250 - fieldRef: 251 fieldPath: metadata.annotations 252 path: annotations 253 name: istio-podinfo 254 - name: istio-token 255 projected: 256 sources: 257 - serviceAccountToken: 258 audience: istio-ca 259 expirationSeconds: 43200 260 path: istio-token 261 - configMap: 262 name: istio-ca-root-cert 263 name: istiod-ca-cert 264 {{- if .Values.global.imagePullSecrets }} 265 imagePullSecrets: 266 {{- range .Values.global.imagePullSecrets }} 267 - name: {{ . }} 268 {{- end }} 269 {{- end }} 270 --- 271 apiVersion: v1 272 kind: Service 273 metadata: 274 annotations: 275 {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} 276 labels: 277 {{- toJsonMap 278 .InfrastructureLabels 279 (strdict 280 "gateway.networking.k8s.io/gateway-name" .Name 281 "istio.io/gateway-name" .Name 282 ) | nindent 4 }} 283 name: {{.DeploymentName | quote}} 284 namespace: {{.Namespace | quote}} 285 ownerReferences: 286 - apiVersion: gateway.networking.k8s.io/v1beta1 287 kind: Gateway 288 name: "{{.Name}}" 289 uid: "{{.UID}}" 290 spec: 291 ports: 292 {{- range $key, $val := .Ports }} 293 - name: {{ $val.Name | quote }} 294 port: {{ $val.Port }} 295 protocol: TCP 296 appProtocol: {{ $val.AppProtocol }} 297 {{- end }} 298 selector: 299 "{{.GatewayNameLabel}}": "{{.Name}}" 300 {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} 301 loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} 302 {{- end }} 303 type: {{ .ServiceType | quote }} 304 ---