istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/config/kube/gateway/testdata/deployment/manual-sa.yaml (about) 1 apiVersion: gateway.networking.k8s.io/v1beta1 2 kind: Gateway 3 metadata: 4 annotations: 5 gateway.istio.io/controller-version: "5" 6 --- 7 apiVersion: v1 8 kind: ServiceAccount 9 metadata: 10 annotations: {} 11 labels: 12 gateway.istio.io/managed: istio.io-gateway-controller 13 gateway.networking.k8s.io/gateway-name: default 14 istio.io/dataplane-mode: none 15 istio.io/gateway-name: default 16 name: custom-sa 17 namespace: default 18 ownerReferences: 19 - apiVersion: gateway.networking.k8s.io/v1beta1 20 kind: Gateway 21 name: default 22 uid: "" 23 --- 24 apiVersion: apps/v1 25 kind: Deployment 26 metadata: 27 annotations: {} 28 labels: 29 gateway.istio.io/managed: istio.io-gateway-controller 30 gateway.networking.k8s.io/gateway-name: default 31 istio.io/dataplane-mode: none 32 istio.io/gateway-name: default 33 name: default-istio 34 namespace: default 35 ownerReferences: 36 - apiVersion: gateway.networking.k8s.io/v1beta1 37 kind: Gateway 38 name: default 39 uid: "" 40 spec: 41 selector: 42 matchLabels: 43 gateway.networking.k8s.io/gateway-name: default 44 template: 45 metadata: 46 annotations: 47 istio.io/rev: default 48 prometheus.io/path: /stats/prometheus 49 prometheus.io/port: "15020" 50 prometheus.io/scrape: "true" 51 labels: 52 gateway.networking.k8s.io/gateway-name: default 53 istio.io/dataplane-mode: none 54 istio.io/gateway-name: default 55 service.istio.io/canonical-name: default-istio 56 service.istio.io/canonical-revision: latest 57 sidecar.istio.io/inject: "false" 58 spec: 59 containers: 60 - args: 61 - proxy 62 - router 63 - --domain 64 - $(POD_NAMESPACE).svc.<no value> 65 - --proxyLogLevel 66 - <nil> 67 - --proxyComponentLogLevel 68 - <nil> 69 - --log_output_level 70 - <nil> 71 env: 72 - name: PILOT_CERT_PROVIDER 73 value: <no value> 74 - name: CA_ADDR 75 value: istiod-<no value>.<no value>.svc:15012 76 - name: POD_NAME 77 valueFrom: 78 fieldRef: 79 fieldPath: metadata.name 80 - name: POD_NAMESPACE 81 valueFrom: 82 fieldRef: 83 fieldPath: metadata.namespace 84 - name: INSTANCE_IP 85 valueFrom: 86 fieldRef: 87 fieldPath: status.podIP 88 - name: SERVICE_ACCOUNT 89 valueFrom: 90 fieldRef: 91 fieldPath: spec.serviceAccountName 92 - name: HOST_IP 93 valueFrom: 94 fieldRef: 95 fieldPath: status.hostIP 96 - name: ISTIO_CPU_LIMIT 97 valueFrom: 98 resourceFieldRef: 99 resource: limits.cpu 100 - name: PROXY_CONFIG 101 value: | 102 {} 103 - name: ISTIO_META_POD_PORTS 104 value: '[]' 105 - name: ISTIO_META_APP_CONTAINERS 106 value: "" 107 - name: GOMEMLIMIT 108 valueFrom: 109 resourceFieldRef: 110 resource: limits.memory 111 - name: GOMAXPROCS 112 valueFrom: 113 resourceFieldRef: 114 resource: limits.cpu 115 - name: ISTIO_META_CLUSTER_ID 116 value: Kubernetes 117 - name: ISTIO_META_NODE_NAME 118 valueFrom: 119 fieldRef: 120 fieldPath: spec.nodeName 121 - name: ISTIO_META_INTERCEPTION_MODE 122 value: REDIRECT 123 - name: ISTIO_META_WORKLOAD_NAME 124 value: default-istio 125 - name: ISTIO_META_OWNER 126 value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio 127 - name: ISTIO_META_MESH_ID 128 value: cluster.local 129 - name: TRUST_DOMAIN 130 value: cluster.local 131 image: test/proxyv2:test 132 name: istio-proxy 133 ports: 134 - containerPort: 15021 135 name: status-port 136 protocol: TCP 137 - containerPort: 15090 138 name: http-envoy-prom 139 protocol: TCP 140 readinessProbe: 141 failureThreshold: 4 142 httpGet: 143 path: /healthz/ready 144 port: 15021 145 scheme: HTTP 146 initialDelaySeconds: 0 147 periodSeconds: 15 148 successThreshold: 1 149 timeoutSeconds: 1 150 securityContext: 151 allowPrivilegeEscalation: false 152 capabilities: 153 drop: 154 - ALL 155 privileged: false 156 readOnlyRootFilesystem: true 157 runAsGroup: 1337 158 runAsNonRoot: true 159 runAsUser: 1337 160 startupProbe: 161 failureThreshold: 30 162 httpGet: 163 path: /healthz/ready 164 port: 15021 165 scheme: HTTP 166 initialDelaySeconds: 1 167 periodSeconds: 1 168 successThreshold: 1 169 timeoutSeconds: 1 170 volumeMounts: 171 - mountPath: /var/run/secrets/workload-spiffe-uds 172 name: workload-socket 173 - mountPath: /var/run/secrets/credential-uds 174 name: credential-socket 175 - mountPath: /var/run/secrets/workload-spiffe-credentials 176 name: workload-certs 177 - mountPath: /var/lib/istio/data 178 name: istio-data 179 - mountPath: /etc/istio/proxy 180 name: istio-envoy 181 - mountPath: /var/run/secrets/tokens 182 name: istio-token 183 - mountPath: /etc/istio/pod 184 name: istio-podinfo 185 securityContext: 186 sysctls: 187 - name: net.ipv4.ip_unprivileged_port_start 188 value: "0" 189 serviceAccountName: custom-sa 190 volumes: 191 - emptyDir: {} 192 name: workload-socket 193 - emptyDir: {} 194 name: credential-socket 195 - emptyDir: {} 196 name: workload-certs 197 - emptyDir: 198 medium: Memory 199 name: istio-envoy 200 - emptyDir: {} 201 name: istio-data 202 - downwardAPI: 203 items: 204 - fieldRef: 205 fieldPath: metadata.labels 206 path: labels 207 - fieldRef: 208 fieldPath: metadata.annotations 209 path: annotations 210 name: istio-podinfo 211 - name: istio-token 212 projected: 213 sources: 214 - serviceAccountToken: 215 audience: <no value> 216 expirationSeconds: 43200 217 path: istio-token 218 --- 219 apiVersion: v1 220 kind: Service 221 metadata: 222 annotations: {} 223 labels: 224 gateway.istio.io/managed: istio.io-gateway-controller 225 gateway.networking.k8s.io/gateway-name: default 226 istio.io/dataplane-mode: none 227 istio.io/gateway-name: default 228 name: default-istio 229 namespace: default 230 ownerReferences: 231 - apiVersion: gateway.networking.k8s.io/v1beta1 232 kind: Gateway 233 name: default 234 uid: null 235 spec: 236 ports: 237 - appProtocol: tcp 238 name: status-port 239 port: 15021 240 protocol: TCP 241 selector: 242 gateway.networking.k8s.io/gateway-name: default 243 type: LoadBalancer 244 ---