istio.io/istio@v0.0.0-20240520182934-d79c90f27776/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.golden.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 labels: 5 app: istio-ingressgateway 6 install.operator.istio.io/owning-resource: unknown 7 istio: ingressgateway 8 istio.io/rev: default 9 operator.istio.io/component: IngressGateways 10 release: istio 11 name: istio-ingressgateway 12 namespace: istio-system 13 spec: 14 selector: 15 matchLabels: 16 app: istio-ingressgateway 17 istio: ingressgateway 18 strategy: 19 rollingUpdate: 20 maxSurge: 100% 21 maxUnavailable: 25% 22 template: 23 metadata: 24 annotations: 25 istio.io/rev: default 26 prometheus.io/path: /stats/prometheus 27 prometheus.io/port: "15020" 28 prometheus.io/scrape: "true" 29 sidecar.istio.io/inject: "false" 30 labels: 31 app: istio-ingressgateway 32 chart: gateways 33 heritage: Tiller 34 install.operator.istio.io/owning-resource: unknown 35 istio: ingressgateway 36 istio.io/rev: default 37 operator.istio.io/component: IngressGateways 38 release: istio 39 service.istio.io/canonical-name: istio-ingressgateway 40 service.istio.io/canonical-revision: latest 41 sidecar.istio.io/inject: "false" 42 spec: 43 affinity: 44 nodeAffinity: 45 preferredDuringSchedulingIgnoredDuringExecution: null 46 requiredDuringSchedulingIgnoredDuringExecution: null 47 containers: 48 - args: 49 - proxy 50 - router 51 - --domain 52 - $(POD_NAMESPACE).svc.cluster.local 53 - --proxyLogLevel=warning 54 - --proxyComponentLogLevel=misc:error 55 - --log_output_level=default:info 56 env: 57 - name: JWT_POLICY 58 value: third-party-jwt 59 - name: PILOT_CERT_PROVIDER 60 value: istiod 61 - name: CA_ADDR 62 value: istiod.istio-system.svc:15012 63 - name: NODE_NAME 64 valueFrom: 65 fieldRef: 66 apiVersion: v1 67 fieldPath: spec.nodeName 68 - name: POD_NAME 69 valueFrom: 70 fieldRef: 71 apiVersion: v1 72 fieldPath: metadata.name 73 - name: POD_NAMESPACE 74 valueFrom: 75 fieldRef: 76 apiVersion: v1 77 fieldPath: metadata.namespace 78 - name: INSTANCE_IP 79 valueFrom: 80 fieldRef: 81 apiVersion: v1 82 fieldPath: status.podIP 83 - name: HOST_IP 84 valueFrom: 85 fieldRef: 86 apiVersion: v1 87 fieldPath: status.hostIP 88 - name: ISTIO_CPU_LIMIT 89 valueFrom: 90 resourceFieldRef: 91 resource: limits.cpu 92 - name: SERVICE_ACCOUNT 93 valueFrom: 94 fieldRef: 95 fieldPath: spec.serviceAccountName 96 - name: ISTIO_META_WORKLOAD_NAME 97 value: istio-ingressgateway 98 - name: ISTIO_META_OWNER 99 value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway 100 - name: ISTIO_META_MESH_ID 101 value: cluster.local 102 - name: TRUST_DOMAIN 103 value: cluster.local 104 - name: ISTIO_META_UNPRIVILEGED_POD 105 value: "true" 106 - name: ISTIO_META_CLUSTER_ID 107 value: Kubernetes 108 - name: ISTIO_META_NODE_NAME 109 valueFrom: 110 fieldRef: 111 fieldPath: spec.nodeName 112 image: gcr.io/istio-testing/mynewproxy:latest 113 name: istio-proxy 114 ports: 115 - containerPort: 15021 116 protocol: TCP 117 - containerPort: 8080 118 protocol: TCP 119 - containerPort: 8443 120 protocol: TCP 121 - containerPort: 15090 122 name: http-envoy-prom 123 protocol: TCP 124 readinessProbe: 125 failureThreshold: 30 126 httpGet: 127 path: /healthz/ready 128 port: 15021 129 scheme: HTTP 130 initialDelaySeconds: 1 131 periodSeconds: 2 132 successThreshold: 1 133 timeoutSeconds: 1 134 resources: 135 limits: 136 cpu: 2000m 137 memory: 1024Mi 138 requests: 139 cpu: 100m 140 memory: 128Mi 141 securityContext: 142 allowPrivilegeEscalation: false 143 capabilities: 144 drop: 145 - ALL 146 privileged: false 147 readOnlyRootFilesystem: true 148 volumeMounts: 149 - mountPath: /var/run/secrets/workload-spiffe-uds 150 name: workload-socket 151 - mountPath: /var/run/secrets/credential-uds 152 name: credential-socket 153 - mountPath: /var/run/secrets/workload-spiffe-credentials 154 name: workload-certs 155 - mountPath: /etc/istio/proxy 156 name: istio-envoy 157 - mountPath: /etc/istio/config 158 name: config-volume 159 - mountPath: /var/run/secrets/istio 160 name: istiod-ca-cert 161 - mountPath: /var/run/secrets/tokens 162 name: istio-token 163 readOnly: true 164 - mountPath: /var/lib/istio/data 165 name: istio-data 166 - mountPath: /etc/istio/pod 167 name: podinfo 168 - mountPath: /etc/istio/ingressgateway-certs 169 name: ingressgateway-certs 170 readOnly: true 171 - mountPath: /etc/istio/ingressgateway-ca-certs 172 name: ingressgateway-ca-certs 173 readOnly: true 174 securityContext: 175 runAsGroup: 1337 176 runAsNonRoot: true 177 runAsUser: 1337 178 serviceAccountName: istio-ingressgateway-service-account 179 volumes: 180 - emptyDir: {} 181 name: workload-socket 182 - emptyDir: {} 183 name: credential-socket 184 - emptyDir: {} 185 name: workload-certs 186 - configMap: 187 name: istio-ca-root-cert 188 name: istiod-ca-cert 189 - downwardAPI: 190 items: 191 - fieldRef: 192 fieldPath: metadata.labels 193 path: labels 194 - fieldRef: 195 fieldPath: metadata.annotations 196 path: annotations 197 name: podinfo 198 - emptyDir: {} 199 name: istio-envoy 200 - emptyDir: {} 201 name: istio-data 202 - name: istio-token 203 projected: 204 sources: 205 - serviceAccountToken: 206 audience: istio-ca 207 expirationSeconds: 43200 208 path: istio-token 209 - configMap: 210 name: istio 211 optional: true 212 name: config-volume 213 - name: ingressgateway-certs 214 secret: 215 optional: true 216 secretName: istio-ingressgateway-certs 217 - name: ingressgateway-ca-certs 218 secret: 219 optional: true 220 secretName: istio-ingressgateway-ca-certs 221 222 ---