istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/config/kube/gateway/testdata/deployment/simple.yaml (about) 1 apiVersion: gateway.networking.k8s.io/v1beta1 2 kind: Gateway 3 metadata: 4 annotations: 5 gateway.istio.io/controller-version: "5" 6 --- 7 apiVersion: v1 8 kind: ServiceAccount 9 metadata: 10 annotations: 11 should: see 12 labels: 13 gateway.istio.io/managed: istio.io-gateway-controller 14 gateway.networking.k8s.io/gateway-name: default 15 istio.io/dataplane-mode: none 16 istio.io/gateway-name: default 17 should: see 18 name: default-istio 19 namespace: default 20 ownerReferences: 21 - apiVersion: gateway.networking.k8s.io/v1beta1 22 kind: Gateway 23 name: default 24 uid: "" 25 --- 26 apiVersion: apps/v1 27 kind: Deployment 28 metadata: 29 annotations: 30 should: see 31 labels: 32 gateway.istio.io/managed: istio.io-gateway-controller 33 gateway.networking.k8s.io/gateway-name: default 34 istio.io/dataplane-mode: none 35 istio.io/gateway-name: default 36 should: see 37 name: default-istio 38 namespace: default 39 ownerReferences: 40 - apiVersion: gateway.networking.k8s.io/v1beta1 41 kind: Gateway 42 name: default 43 uid: "" 44 spec: 45 selector: 46 matchLabels: 47 gateway.networking.k8s.io/gateway-name: default 48 template: 49 metadata: 50 annotations: 51 istio.io/rev: default 52 prometheus.io/path: /stats/prometheus 53 prometheus.io/port: "15020" 54 prometheus.io/scrape: "true" 55 should: see 56 labels: 57 gateway.networking.k8s.io/gateway-name: default 58 istio.io/dataplane-mode: none 59 istio.io/gateway-name: default 60 service.istio.io/canonical-name: default-istio 61 service.istio.io/canonical-revision: latest 62 should: see 63 sidecar.istio.io/inject: "false" 64 spec: 65 containers: 66 - args: 67 - proxy 68 - router 69 - --domain 70 - $(POD_NAMESPACE).svc.<no value> 71 - --proxyLogLevel 72 - <nil> 73 - --proxyComponentLogLevel 74 - <nil> 75 - --log_output_level 76 - <nil> 77 env: 78 - name: PILOT_CERT_PROVIDER 79 value: <no value> 80 - name: CA_ADDR 81 value: istiod-<no value>.<no value>.svc:15012 82 - name: POD_NAME 83 valueFrom: 84 fieldRef: 85 fieldPath: metadata.name 86 - name: POD_NAMESPACE 87 valueFrom: 88 fieldRef: 89 fieldPath: metadata.namespace 90 - name: INSTANCE_IP 91 valueFrom: 92 fieldRef: 93 fieldPath: status.podIP 94 - name: SERVICE_ACCOUNT 95 valueFrom: 96 fieldRef: 97 fieldPath: spec.serviceAccountName 98 - name: HOST_IP 99 valueFrom: 100 fieldRef: 101 fieldPath: status.hostIP 102 - name: ISTIO_CPU_LIMIT 103 valueFrom: 104 resourceFieldRef: 105 resource: limits.cpu 106 - name: PROXY_CONFIG 107 value: | 108 {} 109 - name: ISTIO_META_POD_PORTS 110 value: '[]' 111 - name: ISTIO_META_APP_CONTAINERS 112 value: "" 113 - name: GOMEMLIMIT 114 valueFrom: 115 resourceFieldRef: 116 resource: limits.memory 117 - name: GOMAXPROCS 118 valueFrom: 119 resourceFieldRef: 120 resource: limits.cpu 121 - name: ISTIO_META_CLUSTER_ID 122 value: Kubernetes 123 - name: ISTIO_META_NODE_NAME 124 valueFrom: 125 fieldRef: 126 fieldPath: spec.nodeName 127 - name: ISTIO_META_INTERCEPTION_MODE 128 value: REDIRECT 129 - name: ISTIO_META_WORKLOAD_NAME 130 value: default-istio 131 - name: ISTIO_META_OWNER 132 value: kubernetes://apis/apps/v1/namespaces/default/deployments/default-istio 133 - name: ISTIO_META_MESH_ID 134 value: cluster.local 135 - name: TRUST_DOMAIN 136 value: cluster.local 137 image: test/proxyv2:test 138 name: istio-proxy 139 ports: 140 - containerPort: 15021 141 name: status-port 142 protocol: TCP 143 - containerPort: 15090 144 name: http-envoy-prom 145 protocol: TCP 146 readinessProbe: 147 failureThreshold: 4 148 httpGet: 149 path: /healthz/ready 150 port: 15021 151 scheme: HTTP 152 initialDelaySeconds: 0 153 periodSeconds: 15 154 successThreshold: 1 155 timeoutSeconds: 1 156 securityContext: 157 allowPrivilegeEscalation: false 158 capabilities: 159 drop: 160 - ALL 161 privileged: false 162 readOnlyRootFilesystem: true 163 runAsGroup: 1337 164 runAsNonRoot: true 165 runAsUser: 1337 166 startupProbe: 167 failureThreshold: 30 168 httpGet: 169 path: /healthz/ready 170 port: 15021 171 scheme: HTTP 172 initialDelaySeconds: 1 173 periodSeconds: 1 174 successThreshold: 1 175 timeoutSeconds: 1 176 volumeMounts: 177 - mountPath: /var/run/secrets/workload-spiffe-uds 178 name: workload-socket 179 - mountPath: /var/run/secrets/credential-uds 180 name: credential-socket 181 - mountPath: /var/run/secrets/workload-spiffe-credentials 182 name: workload-certs 183 - mountPath: /var/lib/istio/data 184 name: istio-data 185 - mountPath: /etc/istio/proxy 186 name: istio-envoy 187 - mountPath: /var/run/secrets/tokens 188 name: istio-token 189 - mountPath: /etc/istio/pod 190 name: istio-podinfo 191 securityContext: 192 sysctls: 193 - name: net.ipv4.ip_unprivileged_port_start 194 value: "0" 195 serviceAccountName: default-istio 196 volumes: 197 - emptyDir: {} 198 name: workload-socket 199 - emptyDir: {} 200 name: credential-socket 201 - emptyDir: {} 202 name: workload-certs 203 - emptyDir: 204 medium: Memory 205 name: istio-envoy 206 - emptyDir: {} 207 name: istio-data 208 - downwardAPI: 209 items: 210 - fieldRef: 211 fieldPath: metadata.labels 212 path: labels 213 - fieldRef: 214 fieldPath: metadata.annotations 215 path: annotations 216 name: istio-podinfo 217 - name: istio-token 218 projected: 219 sources: 220 - serviceAccountToken: 221 audience: <no value> 222 expirationSeconds: 43200 223 path: istio-token 224 --- 225 apiVersion: v1 226 kind: Service 227 metadata: 228 annotations: 229 should: see 230 labels: 231 gateway.istio.io/managed: istio.io-gateway-controller 232 gateway.networking.k8s.io/gateway-name: default 233 istio.io/dataplane-mode: none 234 istio.io/gateway-name: default 235 should: see 236 name: default-istio 237 namespace: default 238 ownerReferences: 239 - apiVersion: gateway.networking.k8s.io/v1beta1 240 kind: Gateway 241 name: default 242 uid: null 243 spec: 244 ports: 245 - appProtocol: tcp 246 name: status-port 247 port: 15021 248 protocol: TCP 249 selector: 250 gateway.networking.k8s.io/gateway-name: default 251 type: LoadBalancer 252 ---