istio.io/istio@v0.0.0-20240520182934-d79c90f27776/operator/cmd/mesh/testdata/manifest-generate/output/ztunnel.golden.yaml (about) 1 apiVersion: apps/v1 2 kind: DaemonSet 3 metadata: 4 annotations: {} 5 labels: {} 6 name: ztunnel 7 namespace: istio-system 8 spec: 9 selector: 10 matchLabels: 11 app: ztunnel 12 template: 13 metadata: 14 annotations: 15 ambient.istio.io/redirection: disabled 16 cni.projectcalico.org/allowedSourcePrefixes: '["0.0.0.0/0"]' 17 prometheus.io/port: "15020" 18 prometheus.io/scrape: "true" 19 sidecar.istio.io/inject: "false" 20 labels: 21 app: ztunnel 22 sidecar.istio.io/inject: "false" 23 spec: 24 containers: 25 - args: 26 - proxy 27 - ztunnel 28 env: 29 - name: CA_ADDRESS 30 value: istiod.istio-system.svc:15012 31 - name: XDS_ADDRESS 32 value: istiod.istio-system.svc:15012 33 - name: ISTIO_META_CLUSTER_ID 34 value: Kubernetes 35 - name: POD_NAME 36 valueFrom: 37 fieldRef: 38 fieldPath: metadata.name 39 - name: POD_NAMESPACE 40 valueFrom: 41 fieldRef: 42 fieldPath: metadata.namespace 43 - name: NODE_NAME 44 valueFrom: 45 fieldRef: 46 fieldPath: spec.nodeName 47 - name: INSTANCE_IP 48 valueFrom: 49 fieldRef: 50 fieldPath: status.podIP 51 - name: SERVICE_ACCOUNT 52 valueFrom: 53 fieldRef: 54 fieldPath: spec.serviceAccountName 55 - name: ISTIO_META_ENABLE_HBONE 56 value: "true" 57 image: gcr.io/istio-testing/ztunnel:latest-distroless 58 name: istio-proxy 59 ports: 60 - containerPort: 15020 61 name: ztunnel-stats 62 protocol: TCP 63 readinessProbe: 64 httpGet: 65 path: /healthz/ready 66 port: 15021 67 resources: 68 limits: 69 cpu: 200m 70 memory: 200Mi 71 requests: 72 cpu: 100m 73 memory: 100Mi 74 securityContext: 75 allowPrivilegeEscalation: false 76 capabilities: 77 add: 78 - NET_ADMIN 79 drop: 80 - ALL 81 privileged: false 82 readOnlyRootFilesystem: true 83 runAsGroup: 1337 84 runAsNonRoot: false 85 runAsUser: 0 86 volumeMounts: 87 - mountPath: /var/run/secrets/istio 88 name: istiod-ca-cert 89 - mountPath: /var/run/secrets/tokens 90 name: istio-token 91 nodeSelector: 92 kubernetes.io/os: linux 93 priorityClassName: system-node-critical 94 serviceAccountName: ztunnel 95 terminationGracePeriodSeconds: 30 96 tolerations: 97 - effect: NoSchedule 98 operator: Exists 99 - key: CriticalAddonsOnly 100 operator: Exists 101 - effect: NoExecute 102 operator: Exists 103 volumes: 104 - name: istio-token 105 projected: 106 sources: 107 - serviceAccountToken: 108 audience: istio-ca 109 expirationSeconds: 43200 110 path: istio-token 111 - configMap: 112 name: istio-ca-root-cert 113 name: istiod-ca-cert 114 updateStrategy: 115 rollingUpdate: 116 maxSurge: 1 117 maxUnavailable: 0 118 119 ---