istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/config/kube/gateway/testdata/deployment/cluster-ip.yaml (about) 1 apiVersion: gateway.networking.k8s.io/v1beta1 2 kind: Gateway 3 metadata: 4 annotations: 5 gateway.istio.io/controller-version: "5" 6 --- 7 apiVersion: v1 8 kind: ServiceAccount 9 metadata: 10 annotations: 11 networking.istio.io/service-type: ClusterIP 12 labels: 13 gateway.istio.io/managed: istio.io-gateway-controller 14 gateway.networking.k8s.io/gateway-name: default 15 istio.io/dataplane-mode: none 16 istio.io/gateway-name: default 17 name: default-istio 18 namespace: default 19 ownerReferences: 20 - apiVersion: gateway.networking.k8s.io/v1beta1 21 kind: Gateway 22 name: default 23 uid: "" 24 --- 25 apiVersion: apps/v1 26 kind: Deployment 27 metadata: 28 annotations: 29 networking.istio.io/service-type: ClusterIP 30 labels: 31 gateway.istio.io/managed: istio.io-gateway-controller 32 gateway.networking.k8s.io/gateway-name: default 33 istio.io/dataplane-mode: none 34 istio.io/gateway-name: default 35 name: default 36 namespace: default 37 ownerReferences: 38 - apiVersion: gateway.networking.k8s.io/v1beta1 39 kind: Gateway 40 name: default 41 uid: "" 42 spec: 43 selector: 44 matchLabels: 45 gateway.networking.k8s.io/gateway-name: default 46 template: 47 metadata: 48 annotations: 49 istio.io/rev: default 50 networking.istio.io/service-type: ClusterIP 51 prometheus.io/path: /stats/prometheus 52 prometheus.io/port: "15020" 53 prometheus.io/scrape: "true" 54 labels: 55 gateway.networking.k8s.io/gateway-name: default 56 istio.io/dataplane-mode: none 57 istio.io/gateway-name: default 58 service.istio.io/canonical-name: default 59 service.istio.io/canonical-revision: latest 60 sidecar.istio.io/inject: "false" 61 spec: 62 containers: 63 - args: 64 - proxy 65 - router 66 - --domain 67 - $(POD_NAMESPACE).svc.<no value> 68 - --proxyLogLevel 69 - <nil> 70 - --proxyComponentLogLevel 71 - <nil> 72 - --log_output_level 73 - <nil> 74 env: 75 - name: PILOT_CERT_PROVIDER 76 value: <no value> 77 - name: CA_ADDR 78 value: istiod-<no value>.<no value>.svc:15012 79 - name: POD_NAME 80 valueFrom: 81 fieldRef: 82 fieldPath: metadata.name 83 - name: POD_NAMESPACE 84 valueFrom: 85 fieldRef: 86 fieldPath: metadata.namespace 87 - name: INSTANCE_IP 88 valueFrom: 89 fieldRef: 90 fieldPath: status.podIP 91 - name: SERVICE_ACCOUNT 92 valueFrom: 93 fieldRef: 94 fieldPath: spec.serviceAccountName 95 - name: HOST_IP 96 valueFrom: 97 fieldRef: 98 fieldPath: status.hostIP 99 - name: ISTIO_CPU_LIMIT 100 valueFrom: 101 resourceFieldRef: 102 resource: limits.cpu 103 - name: PROXY_CONFIG 104 value: | 105 {} 106 - name: ISTIO_META_POD_PORTS 107 value: '[]' 108 - name: ISTIO_META_APP_CONTAINERS 109 value: "" 110 - name: GOMEMLIMIT 111 valueFrom: 112 resourceFieldRef: 113 resource: limits.memory 114 - name: GOMAXPROCS 115 valueFrom: 116 resourceFieldRef: 117 resource: limits.cpu 118 - name: ISTIO_META_CLUSTER_ID 119 value: Kubernetes 120 - name: ISTIO_META_NODE_NAME 121 valueFrom: 122 fieldRef: 123 fieldPath: spec.nodeName 124 - name: ISTIO_META_INTERCEPTION_MODE 125 value: REDIRECT 126 - name: ISTIO_META_WORKLOAD_NAME 127 value: default 128 - name: ISTIO_META_OWNER 129 value: kubernetes://apis/apps/v1/namespaces/default/deployments/default 130 - name: ISTIO_META_MESH_ID 131 value: cluster.local 132 - name: TRUST_DOMAIN 133 value: cluster.local 134 image: test/proxyv2:test 135 name: istio-proxy 136 ports: 137 - containerPort: 15021 138 name: status-port 139 protocol: TCP 140 - containerPort: 15090 141 name: http-envoy-prom 142 protocol: TCP 143 readinessProbe: 144 failureThreshold: 4 145 httpGet: 146 path: /healthz/ready 147 port: 15021 148 scheme: HTTP 149 initialDelaySeconds: 0 150 periodSeconds: 15 151 successThreshold: 1 152 timeoutSeconds: 1 153 securityContext: 154 allowPrivilegeEscalation: false 155 capabilities: 156 drop: 157 - ALL 158 privileged: false 159 readOnlyRootFilesystem: true 160 runAsGroup: 1337 161 runAsNonRoot: true 162 runAsUser: 1337 163 startupProbe: 164 failureThreshold: 30 165 httpGet: 166 path: /healthz/ready 167 port: 15021 168 scheme: HTTP 169 initialDelaySeconds: 1 170 periodSeconds: 1 171 successThreshold: 1 172 timeoutSeconds: 1 173 volumeMounts: 174 - mountPath: /var/run/secrets/workload-spiffe-uds 175 name: workload-socket 176 - mountPath: /var/run/secrets/credential-uds 177 name: credential-socket 178 - mountPath: /var/run/secrets/workload-spiffe-credentials 179 name: workload-certs 180 - mountPath: /var/lib/istio/data 181 name: istio-data 182 - mountPath: /etc/istio/proxy 183 name: istio-envoy 184 - mountPath: /var/run/secrets/tokens 185 name: istio-token 186 - mountPath: /etc/istio/pod 187 name: istio-podinfo 188 securityContext: 189 sysctls: 190 - name: net.ipv4.ip_unprivileged_port_start 191 value: "0" 192 serviceAccountName: default-istio 193 volumes: 194 - emptyDir: {} 195 name: workload-socket 196 - emptyDir: {} 197 name: credential-socket 198 - emptyDir: {} 199 name: workload-certs 200 - emptyDir: 201 medium: Memory 202 name: istio-envoy 203 - emptyDir: {} 204 name: istio-data 205 - downwardAPI: 206 items: 207 - fieldRef: 208 fieldPath: metadata.labels 209 path: labels 210 - fieldRef: 211 fieldPath: metadata.annotations 212 path: annotations 213 name: istio-podinfo 214 - name: istio-token 215 projected: 216 sources: 217 - serviceAccountToken: 218 audience: <no value> 219 expirationSeconds: 43200 220 path: istio-token 221 --- 222 apiVersion: v1 223 kind: Service 224 metadata: 225 annotations: 226 networking.istio.io/service-type: ClusterIP 227 labels: 228 gateway.istio.io/managed: istio.io-gateway-controller 229 gateway.networking.k8s.io/gateway-name: default 230 istio.io/dataplane-mode: none 231 istio.io/gateway-name: default 232 name: default 233 namespace: default 234 ownerReferences: 235 - apiVersion: gateway.networking.k8s.io/v1beta1 236 kind: Gateway 237 name: default 238 uid: null 239 spec: 240 ports: 241 - appProtocol: tcp 242 name: status-port 243 port: 15021 244 protocol: TCP 245 - appProtocol: http 246 name: http 247 port: 80 248 protocol: TCP 249 selector: 250 gateway.networking.k8s.io/gateway-name: default 251 type: ClusterIP 252 ---