istio.io/istio@v0.0.0-20240520182934-d79c90f27776/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.golden.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 labels: 5 app: istiod 6 install.operator.istio.io/owning-resource: unknown 7 istio: pilot 8 istio.io/rev: default 9 operator.istio.io/component: Pilot 10 release: istio 11 name: istiod 12 namespace: istio-system 13 spec: 14 selector: 15 matchLabels: 16 istio: pilot 17 strategy: 18 rollingUpdate: 19 maxSurge: 100% 20 maxUnavailable: 25% 21 template: 22 metadata: 23 annotations: 24 ambient.istio.io/redirection: disabled 25 prometheus.io/port: "15014" 26 prometheus.io/scrape: "true" 27 sidecar.istio.io/inject: "false" 28 labels: 29 app: istiod 30 install.operator.istio.io/owning-resource: unknown 31 istio: pilot 32 istio.io/rev: default 33 operator.istio.io/component: Pilot 34 sidecar.istio.io/inject: "false" 35 spec: 36 containers: 37 - args: 38 - discovery 39 - --monitoringAddr=:15014 40 - --log_output_level=default:info 41 - --domain 42 - cluster.local 43 - --keepaliveMaxServerConnectionAge 44 - 30m 45 env: 46 - name: REVISION 47 value: default 48 - name: JWT_POLICY 49 value: third-party-jwt 50 - name: PILOT_CERT_PROVIDER 51 value: istiod 52 - name: POD_NAME 53 valueFrom: 54 fieldRef: 55 apiVersion: v1 56 fieldPath: metadata.name 57 - name: POD_NAMESPACE 58 valueFrom: 59 fieldRef: 60 apiVersion: v1 61 fieldPath: metadata.namespace 62 - name: SERVICE_ACCOUNT 63 valueFrom: 64 fieldRef: 65 apiVersion: v1 66 fieldPath: spec.serviceAccountName 67 - name: KUBECONFIG 68 value: /var/run/secrets/remote/config 69 - name: PILOT_TRACE_SAMPLING 70 value: "1" 71 - name: PILOT_ENABLE_ANALYSIS 72 value: "false" 73 - name: CLUSTER_ID 74 value: Kubernetes 75 - name: GOMEMLIMIT 76 valueFrom: 77 resourceFieldRef: 78 resource: limits.memory 79 - name: GOMAXPROCS 80 valueFrom: 81 resourceFieldRef: 82 resource: limits.cpu 83 - name: PLATFORM 84 value: "" 85 image: gcr.io/istio-testing/pilot:latest 86 name: discovery 87 ports: 88 - containerPort: 8080 89 protocol: TCP 90 - containerPort: 15010 91 protocol: TCP 92 - containerPort: 15017 93 protocol: TCP 94 readinessProbe: 95 httpGet: 96 path: /ready 97 port: 8080 98 initialDelaySeconds: 1 99 periodSeconds: 3 100 timeoutSeconds: 5 101 resources: 102 requests: 103 cpu: 500m 104 memory: 2048Mi 105 securityContext: 106 allowPrivilegeEscalation: false 107 capabilities: 108 drop: 109 - ALL 110 readOnlyRootFilesystem: true 111 runAsNonRoot: true 112 volumeMounts: 113 - mountPath: /var/run/secrets/tokens 114 name: istio-token 115 readOnly: true 116 - mountPath: /var/run/secrets/istio-dns 117 name: local-certs 118 - mountPath: /etc/cacerts 119 name: cacerts 120 readOnly: true 121 - mountPath: /var/run/secrets/remote 122 name: istio-kubeconfig 123 readOnly: true 124 - mountPath: /var/run/secrets/istiod/tls 125 name: istio-csr-dns-cert 126 readOnly: true 127 - mountPath: /var/run/secrets/istiod/ca 128 name: istio-csr-ca-configmap 129 readOnly: true 130 serviceAccountName: istiod 131 volumes: 132 - emptyDir: 133 medium: Memory 134 name: local-certs 135 - name: istio-token 136 projected: 137 sources: 138 - serviceAccountToken: 139 audience: istio-ca 140 expirationSeconds: 43200 141 path: istio-token 142 - name: cacerts 143 secret: 144 optional: true 145 secretName: cacerts 146 - name: istio-kubeconfig 147 secret: 148 optional: true 149 secretName: istio-kubeconfig 150 - name: istio-csr-dns-cert 151 secret: 152 optional: true 153 secretName: istiod-tls 154 - configMap: 155 defaultMode: 420 156 name: istio-ca-root-cert 157 optional: true 158 name: istio-csr-ca-configmap 159 160 ---