istio.io/istio@v0.0.0-20240520182934-d79c90f27776/operator/cmd/mesh/testdata/manifest-generate/output/helm_values_enablement.golden.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 labels: 5 app: istio-egressgateway 6 install.operator.istio.io/owning-resource: unknown 7 istio: egressgateway 8 istio.io/rev: default 9 operator.istio.io/component: EgressGateways 10 release: istio 11 name: istio-egressgateway 12 namespace: istio-system 13 spec: 14 selector: 15 matchLabels: 16 app: istio-egressgateway 17 istio: egressgateway 18 strategy: 19 rollingUpdate: 20 maxSurge: 100% 21 maxUnavailable: 25% 22 template: 23 metadata: 24 annotations: 25 istio.io/rev: default 26 prometheus.io/path: /stats/prometheus 27 prometheus.io/port: "15020" 28 prometheus.io/scrape: "true" 29 sidecar.istio.io/inject: "false" 30 labels: 31 app: istio-egressgateway 32 chart: gateways 33 heritage: Tiller 34 install.operator.istio.io/owning-resource: unknown 35 istio: egressgateway 36 istio.io/rev: default 37 operator.istio.io/component: EgressGateways 38 release: istio 39 service.istio.io/canonical-name: istio-egressgateway 40 service.istio.io/canonical-revision: latest 41 sidecar.istio.io/inject: "false" 42 spec: 43 affinity: 44 nodeAffinity: 45 preferredDuringSchedulingIgnoredDuringExecution: null 46 requiredDuringSchedulingIgnoredDuringExecution: null 47 containers: 48 - args: 49 - proxy 50 - router 51 - --domain 52 - $(POD_NAMESPACE).svc.cluster.local 53 - --proxyLogLevel=warning 54 - --proxyComponentLogLevel=misc:error 55 - --log_output_level=default:info 56 env: 57 - name: JWT_POLICY 58 value: third-party-jwt 59 - name: PILOT_CERT_PROVIDER 60 value: istiod 61 - name: CA_ADDR 62 value: istiod.istio-system.svc:15012 63 - name: NODE_NAME 64 valueFrom: 65 fieldRef: 66 apiVersion: v1 67 fieldPath: spec.nodeName 68 - name: POD_NAME 69 valueFrom: 70 fieldRef: 71 apiVersion: v1 72 fieldPath: metadata.name 73 - name: POD_NAMESPACE 74 valueFrom: 75 fieldRef: 76 apiVersion: v1 77 fieldPath: metadata.namespace 78 - name: INSTANCE_IP 79 valueFrom: 80 fieldRef: 81 apiVersion: v1 82 fieldPath: status.podIP 83 - name: HOST_IP 84 valueFrom: 85 fieldRef: 86 apiVersion: v1 87 fieldPath: status.hostIP 88 - name: ISTIO_CPU_LIMIT 89 valueFrom: 90 resourceFieldRef: 91 resource: limits.cpu 92 - name: SERVICE_ACCOUNT 93 valueFrom: 94 fieldRef: 95 fieldPath: spec.serviceAccountName 96 - name: ISTIO_META_WORKLOAD_NAME 97 value: istio-egressgateway 98 - name: ISTIO_META_OWNER 99 value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-egressgateway 100 - name: ISTIO_META_MESH_ID 101 value: cluster.local 102 - name: TRUST_DOMAIN 103 value: cluster.local 104 - name: ISTIO_META_UNPRIVILEGED_POD 105 value: "true" 106 - name: ISTIO_META_CLUSTER_ID 107 value: Kubernetes 108 - name: ISTIO_META_NODE_NAME 109 valueFrom: 110 fieldRef: 111 fieldPath: spec.nodeName 112 image: gcr.io/istio-testing/proxyv2:latest 113 name: istio-proxy 114 ports: 115 - containerPort: 8080 116 protocol: TCP 117 - containerPort: 8443 118 protocol: TCP 119 - containerPort: 15090 120 name: http-envoy-prom 121 protocol: TCP 122 readinessProbe: 123 failureThreshold: 30 124 httpGet: 125 path: /healthz/ready 126 port: 15021 127 scheme: HTTP 128 initialDelaySeconds: 1 129 periodSeconds: 2 130 successThreshold: 1 131 timeoutSeconds: 1 132 resources: 133 limits: 134 cpu: 2000m 135 memory: 1024Mi 136 requests: 137 cpu: 100m 138 memory: 128Mi 139 securityContext: 140 allowPrivilegeEscalation: false 141 capabilities: 142 drop: 143 - ALL 144 privileged: false 145 readOnlyRootFilesystem: true 146 volumeMounts: 147 - mountPath: /var/run/secrets/workload-spiffe-uds 148 name: workload-socket 149 - mountPath: /var/run/secrets/credential-uds 150 name: credential-socket 151 - mountPath: /var/run/secrets/workload-spiffe-credentials 152 name: workload-certs 153 - mountPath: /etc/istio/proxy 154 name: istio-envoy 155 - mountPath: /etc/istio/config 156 name: config-volume 157 - mountPath: /var/run/secrets/istio 158 name: istiod-ca-cert 159 - mountPath: /var/run/secrets/tokens 160 name: istio-token 161 readOnly: true 162 - mountPath: /var/lib/istio/data 163 name: istio-data 164 - mountPath: /etc/istio/pod 165 name: podinfo 166 - mountPath: /etc/istio/egressgateway-certs 167 name: egressgateway-certs 168 readOnly: true 169 - mountPath: /etc/istio/egressgateway-ca-certs 170 name: egressgateway-ca-certs 171 readOnly: true 172 securityContext: 173 runAsGroup: 1337 174 runAsNonRoot: true 175 runAsUser: 1337 176 serviceAccountName: istio-egressgateway-service-account 177 volumes: 178 - emptyDir: {} 179 name: workload-socket 180 - emptyDir: {} 181 name: credential-socket 182 - emptyDir: {} 183 name: workload-certs 184 - configMap: 185 name: istio-ca-root-cert 186 name: istiod-ca-cert 187 - downwardAPI: 188 items: 189 - fieldRef: 190 fieldPath: metadata.labels 191 path: labels 192 - fieldRef: 193 fieldPath: metadata.annotations 194 path: annotations 195 name: podinfo 196 - emptyDir: {} 197 name: istio-envoy 198 - emptyDir: {} 199 name: istio-data 200 - name: istio-token 201 projected: 202 sources: 203 - serviceAccountToken: 204 audience: istio-ca 205 expirationSeconds: 43200 206 path: istio-token 207 - configMap: 208 name: istio 209 optional: true 210 name: config-volume 211 - name: egressgateway-certs 212 secret: 213 optional: true 214 secretName: istio-egressgateway-certs 215 - name: egressgateway-ca-certs 216 secret: 217 optional: true 218 secretName: istio-egressgateway-ca-certs 219 220 --- 221 222 223 apiVersion: v1 224 kind: Service 225 metadata: 226 annotations: null 227 labels: 228 app: istio-egressgateway 229 install.operator.istio.io/owning-resource: unknown 230 istio: egressgateway 231 istio.io/rev: default 232 operator.istio.io/component: EgressGateways 233 release: istio 234 name: istio-egressgateway 235 namespace: istio-system 236 spec: 237 ports: 238 - name: http2 239 port: 80 240 protocol: TCP 241 targetPort: 8080 242 - name: https 243 port: 443 244 protocol: TCP 245 targetPort: 8443 246 selector: 247 app: istio-egressgateway 248 istio: egressgateway 249 type: ClusterIP 250 251 ---