istio.io/istio@v0.0.0-20240520182934-d79c90f27776/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.golden.yaml (about) 1 apiVersion: v1 2 kind: ServiceAccount 3 metadata: 4 labels: 5 app: istio-reader 6 release: istio 7 name: istio-reader-service-account 8 namespace: istio-system 9 spec: 10 automountServiceAccountToken: false 11 12 --- 13 14 15 apiVersion: admissionregistration.k8s.io/v1 16 kind: MutatingWebhookConfiguration 17 metadata: 18 labels: 19 app: sidecar-injector 20 install.operator.istio.io/owning-resource: unknown 21 istio.io/rev: default 22 operator.istio.io/component: Pilot 23 release: istio 24 name: istio-sidecar-injector-istio-control 25 webhooks: 26 - admissionReviewVersions: 27 - v1beta1 28 - v1 29 clientConfig: 30 service: 31 name: istiod 32 namespace: istio-control 33 path: /inject 34 port: 443 35 failurePolicy: Fail 36 name: rev.namespace.sidecar-injector.istio.io 37 namespaceSelector: 38 matchExpressions: 39 - key: istio.io/rev 40 operator: In 41 values: 42 - default 43 - key: istio-injection 44 operator: DoesNotExist 45 objectSelector: 46 matchExpressions: 47 - key: sidecar.istio.io/inject 48 operator: NotIn 49 values: 50 - "false" 51 reinvocationPolicy: Never 52 rules: 53 - apiGroups: 54 - "" 55 apiVersions: 56 - v1 57 operations: 58 - CREATE 59 resources: 60 - pods 61 sideEffects: None 62 - admissionReviewVersions: 63 - v1beta1 64 - v1 65 clientConfig: 66 service: 67 name: istiod 68 namespace: istio-control 69 path: /inject 70 port: 443 71 failurePolicy: Fail 72 name: rev.object.sidecar-injector.istio.io 73 namespaceSelector: 74 matchExpressions: 75 - key: istio.io/rev 76 operator: DoesNotExist 77 - key: istio-injection 78 operator: DoesNotExist 79 objectSelector: 80 matchExpressions: 81 - key: sidecar.istio.io/inject 82 operator: NotIn 83 values: 84 - "false" 85 - key: istio.io/rev 86 operator: In 87 values: 88 - default 89 reinvocationPolicy: Never 90 rules: 91 - apiGroups: 92 - "" 93 apiVersions: 94 - v1 95 operations: 96 - CREATE 97 resources: 98 - pods 99 sideEffects: None 100 - admissionReviewVersions: 101 - v1beta1 102 - v1 103 clientConfig: 104 service: 105 name: foo 106 namespace: istio-control 107 path: /inject 108 port: 443 109 failurePolicy: Fail 110 name: namespace.sidecar-injector.istio.io 111 namespaceSelector: 112 matchExpressions: 113 - key: istio-injection 114 operator: In 115 values: 116 - enabled 117 objectSelector: 118 matchExpressions: 119 - key: sidecar.istio.io/inject 120 operator: NotIn 121 values: 122 - "false" 123 reinvocationPolicy: Never 124 rules: 125 - apiGroups: 126 - "" 127 apiVersions: 128 - v1 129 operations: 130 - CREATE 131 resources: 132 - pods 133 sideEffects: None 134 - admissionReviewVersions: 135 - v1beta1 136 - v1 137 clientConfig: 138 service: 139 name: istiod 140 namespace: istio-control 141 path: /inject 142 port: 443 143 failurePolicy: Fail 144 name: object.sidecar-injector.istio.io 145 namespaceSelector: 146 matchExpressions: 147 - key: istio-injection 148 operator: DoesNotExist 149 - key: istio.io/rev 150 operator: DoesNotExist 151 objectSelector: 152 matchExpressions: 153 - key: sidecar.istio.io/inject 154 operator: In 155 values: 156 - "true" 157 - key: istio.io/rev 158 operator: DoesNotExist 159 reinvocationPolicy: Never 160 rules: 161 - apiGroups: 162 - "" 163 apiVersions: 164 - v1 165 operations: 166 - CREATE 167 resources: 168 - pods 169 sideEffects: None 170 171 --- 172 173 174 apiVersion: apps/v1 175 kind: Deployment 176 metadata: 177 labels: 178 app: istiod 179 install.operator.istio.io/owning-resource: unknown 180 istio: pilot 181 istio.io/rev: default 182 operator.istio.io/component: Pilot 183 release: istio 184 name: istiod 185 namespace: istio-control 186 spec: 187 selector: 188 matchLabels: 189 istio: pilot 190 strategy: 191 rollingUpdate: 192 maxSurge: 100% 193 maxUnavailable: 25% 194 template: 195 metadata: 196 annotations: 197 ambient.istio.io/redirection: disabled 198 prometheus.io/port: "15014" 199 prometheus.io/scrape: "true" 200 sidecar.istio.io/inject: "false" 201 labels: 202 app: istiod 203 install.operator.istio.io/owning-resource: unknown 204 istio: pilot 205 istio.io/rev: default 206 operator.istio.io/component: Pilot 207 sidecar.istio.io/inject: "false" 208 spec: 209 containers: 210 - args: 211 - discovery 212 - --monitoringAddr=:15014 213 - --log_output_level=default:info 214 - --domain 215 - cluster.local 216 - --keepaliveMaxServerConnectionAge 217 - 60m 218 env: 219 - name: JWT_POLICY 220 value: third-party-jwt 221 - name: PILOT_CERT_PROVIDER 222 value: istiod 223 - name: POD_NAME 224 valueFrom: 225 fieldRef: 226 apiVersion: v1 227 fieldPath: metadata.name 228 - name: POD_NAMESPACE 229 valueFrom: 230 fieldRef: 231 apiVersion: v2 232 fieldPath: metadata.myPath 233 - name: SERVICE_ACCOUNT 234 valueFrom: 235 fieldRef: 236 apiVersion: v1 237 fieldPath: spec.serviceAccountName 238 - name: KUBECONFIG 239 value: /var/run/secrets/remote/config 240 - name: PILOT_TRACE_SAMPLING 241 value: "1" 242 - name: PILOT_ENABLE_ANALYSIS 243 value: "false" 244 - name: CLUSTER_ID 245 value: Kubernetes 246 - name: GOMEMLIMIT 247 valueFrom: 248 resourceFieldRef: 249 resource: limits.memory 250 - name: GOMAXPROCS 251 valueFrom: 252 resourceFieldRef: 253 resource: limits.cpu 254 - name: PLATFORM 255 value: "" 256 image: docker.io/istio/pilot:1.1.4 257 name: discovery 258 ports: 259 - containerPort: 1234 260 protocol: TCP 261 - containerPort: 15010 262 protocol: TCP 263 - containerPort: 15017 264 protocol: TCP 265 readinessProbe: 266 httpGet: 267 path: /ready 268 port: 8080 269 initialDelaySeconds: 1 270 periodSeconds: 3 271 timeoutSeconds: 5 272 resources: 273 requests: 274 cpu: 123m 275 memory: 2048Mi 276 volumeMounts: 277 - mountPath: /var/run/secrets/tokens 278 name: istio-token 279 readOnly: true 280 - mountPath: /var/run/secrets/istio-dns 281 name: local-certs 282 - mountPath: /etc/cacerts 283 name: cacerts 284 readOnly: true 285 - mountPath: /var/run/secrets/remote 286 name: istio-kubeconfig 287 readOnly: true 288 - mountPath: /var/run/secrets/istiod/tls 289 name: istio-csr-dns-cert 290 readOnly: true 291 - mountPath: /var/run/secrets/istiod/ca 292 name: istio-csr-ca-configmap 293 readOnly: true 294 serviceAccountName: istiod 295 volumes: 296 - emptyDir: 297 medium: Memory 298 name: local-certs 299 - name: istio-token 300 projected: 301 sources: 302 - serviceAccountToken: 303 audience: istio-ca 304 expirationSeconds: 43200 305 path: istio-token 306 - name: cacerts 307 secret: 308 optional: true 309 secretName: cacerts 310 - name: istio-kubeconfig 311 secret: 312 optional: true 313 secretName: istio-kubeconfig 314 - name: istio-csr-dns-cert 315 secret: 316 optional: true 317 secretName: istiod-tls 318 - configMap: 319 defaultMode: 420 320 name: istio-ca-root-cert 321 optional: true 322 name: istio-csr-ca-configmap 323 324 --- 325 326 327 apiVersion: v1 328 kind: Service 329 metadata: 330 labels: 331 app: istiod 332 install.operator.istio.io/owning-resource: unknown 333 istio: pilot 334 istio.io/rev: default 335 operator.istio.io/component: Pilot 336 release: istio 337 name: istiod 338 namespace: istio-control 339 spec: 340 ports: 341 - name: grpc-xds 342 port: 15010 343 protocol: TCP 344 - name: https-dns 345 port: 11111 346 protocol: TCP 347 - name: https-webhook 348 port: 443 349 protocol: TCP 350 targetPort: 15017 351 - name: http-monitoring 352 port: 15014 353 protocol: TCP 354 selector: 355 app: istiod 356 istio: pilot 357 358 ---