istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/testdata/common/sidecar-injector-configmap.yaml (about) 1 apiVersion: v1 2 data: 3 config: |- 4 policy: enabled 5 alwaysInjectSelector: 6 [] 7 neverInjectSelector: 8 [] 9 template: | 10 rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} 11 {{- if or (not .Values.pilot.cni.enabled) (not .Values.istio_cni.enabled) .Values.global.proxy.enableCoreDump }} 12 initContainers: 13 {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} 14 {{- if not (or .Values.pilot.cni.enabled .Values.istio_cni.enabled) }} 15 - name: istio-init 16 {{- if contains "/" .Values.global.proxy_init.image }} 17 image: "{{ .Values.global.proxy_init.image }}" 18 {{- else }} 19 image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" 20 {{- end }} 21 command: 22 - istio-iptables 23 - "-p" 24 - 15001 25 - "-z" 26 - "15006" 27 - "-u" 28 - 1337 29 - "-m" 30 - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" 31 - "-i" 32 - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" 33 - "-x" 34 - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" 35 - "-b" 36 - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" 37 - "-d" 38 - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" 39 {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} 40 - "-q" 41 - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" 42 {{ end -}} 43 {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} 44 - "-o" 45 - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" 46 {{ end -}} 47 {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} 48 - "-k" 49 - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" 50 {{ end -}} 51 imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" 52 {{- if .Values.global.proxy_init.resources }} 53 resources: 54 {{ toYaml .Values.global.proxy_init.resources | indent 4 }} 55 {{- else }} 56 resources: {} 57 {{- end }} 58 securityContext: 59 runAsUser: 0 60 runAsNonRoot: false 61 capabilities: 62 add: 63 - NET_ADMIN 64 {{- if .Values.global.proxy.privileged }} 65 privileged: true 66 {{- end }} 67 restartPolicy: Always 68 {{- end }} 69 {{ end -}} 70 {{- if eq .Values.global.proxy.enableCoreDump true }} 71 - name: enable-core-dump 72 args: 73 - -c 74 - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited 75 command: 76 - /bin/sh 77 {{- if contains "/" .Values.global.proxy_init.image }} 78 image: "{{ .Values.global.proxy_init.image }}" 79 {{- else }} 80 image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" 81 {{- end }} 82 imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" 83 resources: {} 84 securityContext: 85 runAsUser: 0 86 runAsNonRoot: false 87 privileged: true 88 {{ end }} 89 {{- end }} 90 containers: 91 - name: istio-proxy 92 {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} 93 image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" 94 {{- else }} 95 image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" 96 {{- end }} 97 ports: 98 - containerPort: 15090 99 protocol: TCP 100 name: http-envoy-prom 101 args: 102 - proxy 103 - sidecar 104 - --domain 105 - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} 106 - --configPath 107 - "/etc/istio/proxy" 108 - --binaryPath 109 - "/usr/local/bin/envoy" 110 - --serviceCluster 111 {{ if ne "" (index .ObjectMeta.Labels "app") -}} 112 - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" 113 {{ else -}} 114 - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" 115 {{ end -}} 116 - --drainDuration 117 - "{{ formatDuration .ProxyConfig.DrainDuration }}" 118 - --discoveryAddress 119 - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" 120 {{- if eq .Values.global.proxy.tracer "lightstep" }} 121 - --lightstepAddress 122 - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" 123 - --lightstepAccessToken 124 - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" 125 - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} 126 - --lightstepCacertPath 127 - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" 128 {{- else if eq .Values.global.proxy.tracer "zipkin" }} 129 - --zipkinAddress 130 - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" 131 {{- else if eq .Values.global.proxy.tracer "datadog" }} 132 - --datadogAgentAddress 133 - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" 134 {{- end }} 135 - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel}} 136 - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel}} 137 - --connectTimeout 138 - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" 139 {{- if .Values.global.proxy.envoyStatsd.enabled }} 140 - --statsdUdpAddress 141 - "{{ .ProxyConfig.StatsdUdpAddress }}" 142 {{- end }} 143 {{- if .Values.global.proxy.envoyMetricsService.enabled }} 144 - --envoyMetricsServiceAddress 145 - "{{ .ProxyConfig.GetEnvoyMetricsService.GetAddress }}" 146 {{- end }} 147 {{- if .Values.global.proxy.envoyAccessLogService.enabled }} 148 - --envoyAccessLogServiceAddress 149 - "{{ .ProxyConfig.GetEnvoyAccessLogService.GetAddress }}" 150 {{- end }} 151 - --proxyAdminPort 152 - "{{ .ProxyConfig.ProxyAdminPort }}" 153 {{ if gt .ProxyConfig.Concurrency 0 -}} 154 - --concurrency 155 - "{{ .ProxyConfig.Concurrency }}" 156 {{ end -}} 157 {{- if .Values.global.controlPlaneSecurityEnabled }} 158 - --controlPlaneAuthPolicy 159 - MUTUAL_TLS 160 {{- else }} 161 - --controlPlaneAuthPolicy 162 - NONE 163 {{- end }} 164 - --dnsRefreshRate 165 - {{ valueOrDefault .Values.global.proxy.dnsRefreshRate "300s" }} 166 {{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} 167 - --statusPort 168 - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" 169 - --applicationPorts 170 - "{{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/applicationPorts` (applicationPorts .Spec.Containers) }}" 171 {{- end }} 172 {{- if .Values.global.logAsJson }} 173 - --log_as_json 174 {{- end }} 175 {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} 176 - --templateFile=/etc/istio/custom-bootstrap/envoy_bootstrap.json 177 {{- end }} 178 env: 179 - name: POD_NAME 180 valueFrom: 181 fieldRef: 182 fieldPath: metadata.name 183 - name: POD_NAMESPACE 184 valueFrom: 185 fieldRef: 186 fieldPath: metadata.namespace 187 - name: INSTANCE_IP 188 valueFrom: 189 fieldRef: 190 fieldPath: status.podIP 191 - name: SERVICE_ACCOUNT 192 valueFrom: 193 fieldRef: 194 fieldPath: spec.serviceAccountName 195 - name: HOST_IP 196 valueFrom: 197 fieldRef: 198 fieldPath: status.hostIP 199 {{- if eq .Values.global.proxy.tracer "datadog" }} 200 {{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} 201 {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} 202 - name: {{ $key }} 203 value: "{{ $value }}" 204 {{- end }} 205 {{- end }} 206 {{- end }} 207 - name: ISTIO_META_POD_PORTS 208 value: |- 209 [ 210 {{- $first := true }} 211 {{- range $index1, $c := .Spec.Containers }} 212 {{- range $index2, $p := $c.Ports }} 213 {{- if (structToJSON $p) }} 214 {{if not $first}},{{end}}{{ structToJSON $p }} 215 {{- $first = false }} 216 {{- end }} 217 {{- end}} 218 {{- end}} 219 ] 220 - name: ISTIO_META_CLUSTER_ID 221 value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" 222 - name: ISTIO_META_NODE_NAME 223 valueFrom: 224 fieldRef: 225 fieldPath: spec.nodeName 226 - name: ISTIO_META_POD_NAME 227 valueFrom: 228 fieldRef: 229 fieldPath: metadata.name 230 - name: ISTIO_META_CONFIG_NAMESPACE 231 valueFrom: 232 fieldRef: 233 fieldPath: metadata.namespace 234 - name: SDS_ENABLED 235 value: "{{ .Values.global.sds.enabled }}" 236 - name: ISTIO_META_INTERCEPTION_MODE 237 value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" 238 - name: ISTIO_META_INCLUDE_INBOUND_PORTS 239 value: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (applicationPorts .Spec.Containers) }}" 240 {{- if .Values.global.network }} 241 - name: ISTIO_META_NETWORK 242 value: "{{ .Values.global.network }}" 243 {{- end }} 244 {{ if .ObjectMeta.Labels }} 245 - name: ISTIO_METAJSON_LABELS 246 value: | 247 {{ toJSON .ObjectMeta.Labels }} 248 {{ end }} 249 {{- if .DeploymentMeta.Name }} 250 - name: ISTIO_META_WORKLOAD_NAME 251 value: {{ .DeploymentMeta.Name }} 252 {{ end }} 253 {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} 254 - name: ISTIO_META_OWNER 255 value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} 256 {{- end}} 257 {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} 258 - name: ISTIO_BOOTSTRAP_OVERRIDE 259 value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" 260 {{- end }} 261 {{- if .Values.global.sds.customTokenDirectory }} 262 - name: ISTIO_META_SDS_TOKEN_PATH 263 value: "{{ .Values.global.sds.customTokenDirectory -}}/sdstoken" 264 {{- end }} 265 {{- if .Values.global.meshID }} 266 - name: ISTIO_META_MESH_ID 267 value: "{{ .Values.global.meshID }}" 268 {{- else if .Values.global.trustDomain }} 269 - name: ISTIO_META_MESH_ID 270 value: "{{ .Values.global.trustDomain }}" 271 {{- end }} 272 {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} 273 {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} 274 - name: {{ $key }} 275 value: "{{ $value }}" 276 {{- end }} 277 {{- end }} 278 imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" 279 {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} 280 readinessProbe: 281 httpGet: 282 path: /healthz/ready 283 port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} 284 initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} 285 periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} 286 failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} 287 {{ end -}} 288 securityContext: 289 {{- if .Values.global.proxy.privileged }} 290 privileged: true 291 {{- end }} 292 {{- if ne .Values.global.proxy.enableCoreDump true }} 293 readOnlyRootFilesystem: true 294 {{- end }} 295 {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} 296 capabilities: 297 add: 298 - NET_ADMIN 299 runAsGroup: 1337 300 {{ else -}} 301 {{ if .Values.global.sds.enabled }} 302 runAsGroup: 1337 303 {{- end }} 304 runAsUser: 1337 305 {{- end }} 306 resources: 307 {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} 308 requests: 309 {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} 310 cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" 311 {{ end}} 312 {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} 313 memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" 314 {{ end }} 315 {{ else -}} 316 {{- if .Values.global.proxy.resources }} 317 {{ toYaml .Values.global.proxy.resources | indent 4 }} 318 {{- end }} 319 {{ end -}} 320 volumeMounts: 321 {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} 322 - mountPath: /etc/istio/custom-bootstrap 323 name: custom-bootstrap-volume 324 {{- end }} 325 - mountPath: /etc/istio/proxy 326 name: istio-envoy 327 {{- if .Values.global.sds.enabled }} 328 - mountPath: /var/run/sds 329 name: sds-uds-path 330 readOnly: true 331 - mountPath: /var/run/secrets/tokens 332 name: istio-token 333 {{- if .Values.global.sds.customTokenDirectory }} 334 - mountPath: "{{ .Values.global.sds.customTokenDirectory -}}" 335 name: custom-sds-token 336 readOnly: true 337 {{- end }} 338 {{- else }} 339 - mountPath: /etc/certs/ 340 name: istio-certs 341 readOnly: true 342 {{- end }} 343 {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} 344 - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} 345 name: lightstep-certs 346 readOnly: true 347 {{- end }} 348 {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} 349 {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} 350 - name: "{{ $index }}" 351 {{ toYaml $value | indent 4 }} 352 {{ end }} 353 {{- end }} 354 volumes: 355 {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} 356 - name: custom-bootstrap-volume 357 configMap: 358 name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} 359 {{- end }} 360 - emptyDir: 361 medium: Memory 362 name: istio-envoy 363 {{- if .Values.global.sds.enabled }} 364 - name: sds-uds-path 365 hostPath: 366 path: /var/run/sds 367 - name: istio-token 368 projected: 369 sources: 370 - serviceAccountToken: 371 path: istio-token 372 expirationSeconds: 43200 373 audience: {{ .Values.global.sds.token.aud }} 374 {{- if .Values.global.sds.customTokenDirectory }} 375 - name: custom-sds-token 376 secret: 377 secretName: sdstokensecret 378 {{- end }} 379 {{- else }} 380 - name: istio-certs 381 secret: 382 optional: true 383 {{ if eq .Spec.ServiceAccountName "" }} 384 secretName: istio.default 385 {{ else -}} 386 secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} 387 {{ end -}} 388 {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} 389 {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} 390 - name: "{{ $index }}" 391 {{ toYaml $value | indent 2 }} 392 {{ end }} 393 {{ end }} 394 {{- end }} 395 {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} 396 - name: lightstep-certs 397 secret: 398 optional: true 399 secretName: lightstep.cacert 400 {{- end }} 401 {{- if .Values.global.podDNSSearchNamespaces }} 402 dnsConfig: 403 searches: 404 {{- range .Values.global.podDNSSearchNamespaces }} 405 - {{ render . }} 406 {{- end }} 407 {{- end }} 408 injectedAnnotations: 409 values: '{"certmanager":{"enabled":false,"hub":"quay.io/jetstack","image":"cert-manager-controller","namespace":"istio-system","tag":"v0.6.2"},"cni":{"namespace":"istio-system"},"galley":{"enableAnalysis":false,"enabled":true,"image":"galley","namespace":"istio-system"},"gateways":{"istio-egressgateway":{"autoscaleEnabled":true,"enabled":false,"namespace":"istio-system","ports":[{"name":"http2","port":80},{"name":"https","port":443},{"name":"tls","port":15443,"targetPort":15443}],"secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"type":"ClusterIP","zvpn":{"enabled":true,"suffix":"global"}},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"debug":"info","domain":"","enabled":true,"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"namespace":"istio-system","ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","port":80,"targetPort":80},{"name":"https","port":443},{"name":"kiali","port":15029,"targetPort":15029},{"name":"prometheus","port":15030,"targetPort":15030},{"name":"grafana","port":15031,"targetPort":15031},{"name":"tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"sds":{"enabled":false,"image":"node-agent-k8s","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}},"secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"type":"LoadBalancer","zvpn":{"enabled":true,"suffix":"global"}}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configNamespace":"istio-system","configValidation":true,"controlPlaneSecurityEnabled":true,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"enabled":true,"hub":"docker.io/istio","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"istioNamespace":"istio-system","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshNetworks":{},"mtls":{"auto":false,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"namespace":"istio-system","network":"","omitSidecarInjectorConfigMap":false,"oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"policyCheckFailOpen":false,"policyNamespace":"istio-system","priorityClassName":"","prometheusNamespace":"istio-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false},"envoyMetricsService":{"enabled":false,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"mode":"DISABLE","subjectAltNames":[]}},"envoyStatsd":{"enabled":false},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"securityNamespace":"istio-system","tag":"1.3.1","telemetryNamespace":"istio-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"cluster.local","useMCP":true},"grafana":{"accessMode":"ReadWriteMany","contextPath":"/grafana","dashboardProviders":{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":false,"folder":"istio","name":"istio","options":{"path":"/var/lib/grafana/dashboards/istio"},"orgId":1,"type":"file"}]}},"datasources":{"datasources.yaml":{"apiVersion":1}},"enabled":false,"env":{},"envSecrets":{},"image":{"repository":"grafana/grafana","tag":"6.4.3"},"ingress":{"enabled":false,"hosts":["grafana.local"]},"namespace":"istio-system","nodeSelector":{},"persist":false,"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"security":{"enabled":false,"passphraseKey":"passphrase","secretName":"grafana","usernameKey":"username"},"service":{"annotations":{},"externalPort":3000,"name":"http","type":"ClusterIP"},"storageClassName":"","tolerations":[]},"istio_cni":{"enabled":false},"istiocoredns":{"coreDNSImage":"coredns/coredns","coreDNSPluginImage":"istio/coredns-plugin:0.2-istio-1.1","coreDNSTag":"1.6.2","enabled":false,"namespace":"istio-system"},"kiali":{"contextPath":"/kiali","createDemoSecret":false,"dashboard":{"passphraseKey":"passphrase","secretName":"kiali","usernameKey":"username","viewOnlyMode":false},"enabled":false,"hub":"quay.io/kiali","ingress":{"enabled":false,"hosts":["kiali.local"]},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"security":{"cert_file":"/kiali-cert/cert-chain.pem","enabled":false,"private_key_file":"/kiali-cert/key.pem"},"tag":"v1.9"},"mixer":{"adapters":{"kubernetesenv":{"enabled":true},"prometheus":{"enabled":true,"metricsExpiryDuration":"10m"},"stackdriver":{"auth":{"apiKey":"","appCredentials":false,"serviceAccountPath":""},"enabled":false,"tracer":{"enabled":false,"sampleProbability":1}},"stdio":{"enabled":false,"outputAsJson":false},"useAdapterCRDs":false},"policy":{"adapters":{"kubernetesenv":{"enabled":true},"useAdapterCRDs":false},"autoscaleEnabled":true,"enabled":true,"image":"mixer","namespace":"istio-system","sessionAffinityEnabled":false},"telemetry":{"autoscaleEnabled":true,"enabled":true,"env":{"GOMAXPROCS":"6"},"image":"mixer","loadshedding":{"latencyThreshold":"100ms","mode":"enforce"},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"reportBatchMaxEntries":100,"reportBatchMaxTime":"1s","sessionAffinityEnabled":false,"tolerations":[],"useMCP":true}},"nodeagent":{"enabled":false,"image":"node-agent-k8s","namespace":"istio-system"},"pilot":{"appNamespaces":[],"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"configMap":true,"configNamespace":"istio-config","cpu":{"targetAverageUtilization":80},"enableProtocolSniffingForInbound":false,"enableProtocolSniffingForOutbound":true,"enabled":true,"env":{},"image":"pilot","ingress":{"ingressClass":"istio","ingressControllerMode":"OFF","ingressService":"istio-ingressgateway"},"keepaliveMaxServerConnectionAge":"30m","meshNetworks":{"networks":{}},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"policy":{"enabled":false},"replicaCount":1,"tolerations":[],"traceSampling":1,"useMCP":true},"prometheus":{"contextPath":"/prometheus","enabled":true,"hub":"docker.io/prom","ingress":{"enabled":false,"hosts":["prometheus.local"]},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"retention":"6h","scrapeInterval":"15s","security":{"enabled":true},"tag":"v2.12.0","tolerations":[]},"security":{"dnsCerts":{"istio-pilot-service-account.istio-control":"istio-pilot.istio-control"},"enableNamespacesByDefault":true,"enabled":true,"image":"citadel","namespace":"istio-system","selfSigned":true,"trustDomain":"cluster.local"},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableNamespacesByDefault":false,"enabled":true,"image":"sidecar_injector","injectLabel":"istio-injection","injectedAnnotations":{},"namespace":"istio-system","neverInjectSelector":[],"nodeSelector":{},"objectSelector":{"autoInject":true,"enabled":false},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"resources":{},"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":false,"tolerations":[]},"telemetry":{"enabled":true,"v1":{"enabled":true},"v2":{"enabled":false,"prometheus":{"enabled":true},"stackdriver":{"configOverride":{},"enabled":false,"logging":false,"monitoring":false,"topology":false}}},"tracing":{"enabled":false,"ingress":{"enabled":false},"jaeger":{"accessMode":"ReadWriteMany","enabled":false,"hub":"docker.io/jaegertracing","memory":{"max_traces":50000},"namespace":"istio-system","persist":false,"spanStorageType":"badger","storageClassName":"","tag":"1.20"},"nodeSelector":{},"opencensus":{"exporters":{"stackdriver":{"enable_tracing":true}},"hub":"docker.io/omnition","resources":{"limits":{"cpu":"1","memory":"2Gi"},"requests":{"cpu":"200m","memory":"400Mi"}},"tag":"0.1.9"},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"provider":"jaeger","service":{"annotations":{},"externalPort":9411,"name":"http-query","type":"ClusterIP"},"zipkin":{"hub":"docker.io/openzipkin","javaOptsHeap":700,"maxSpans":500000,"node":{"cpus":2},"probeStartupDelay":200,"queryPort":9411,"resources":{"limits":{"cpu":"300m","memory":"900Mi"},"requests":{"cpu":"150m","memory":"900Mi"}},"tag":"2.14.2"}},"version":""}' 410 kind: ConfigMap 411 metadata: 412 labels: 413 app: sidecar-injector 414 istio: sidecar-injector 415 operator.istio.io/component: Injector 416 operator.istio.io/managed: Reconcile 417 operator.istio.io/version: 1.3.1 418 release: istio 419 name: istio-sidecar-injector 420 namespace: istio-system