istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/testdata/misannotated.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/testdata/misannotated.yaml (about)

     1  # K8s object with unknown Istio annotations
     2  apiVersion: v1
     3  kind: Service
     4  metadata:
     5    name: httpbin
     6    labels:
     7      app: httpbin
     8    annotations:
     9      # no such Istio annotation
    10      networking.istio.io/exportThree: bar
    11      # Valid Istio annotation
    12      networking.istio.io/exportTo: baz
    13  spec:
    14    ports:
    15    - name: http
    16      port: 8000
    17      targetPort: 80
    18    selector:
    19      app: httpbin
    20  ---
    21  # K8s object with invalid Istio annotations
    22  apiVersion: v1
    23  kind: Pod
    24  metadata:
    25    name: invalid-annotations
    26    annotations:
    27      # Validation checks this is an int - this should be invalid
    28      readiness.status.sidecar.istio.io/initialDelaySeconds: bar
    29      # Validation checks this is an int - this should be valid
    30      readiness.status.sidecar.istio.io/periodSeconds: "10"
    31  spec:
    32    containers:
    33      - name: "foo"
    34        command: ['curl']
    35  ---
    36  apiVersion: v1
    37  kind: Service
    38  metadata:
    39    name: details
    40    labels:
    41      app: details
    42    annotations:
    43      # Annotation that Istio doesn't know about, but isn't an Istio annotation, thus ignored
    44      kubernetes.io/psp: my-privileged-psp
    45  spec:
    46    ports:
    47    - name: http
    48      port: 80
    49      targetPort: 9080
    50    selector:
    51      app: details
    52  ---
    53  apiVersion: networking.k8s.io/v1
    54  kind: Ingress
    55  metadata:
    56    name: gateway
    57    annotations:
    58      # Not valid, should be kubernetes.io/ingress.class, the only non-istio.io annotation we document
    59      istio.io/ingress.class: "istio"
    60  spec:
    61    rules:
    62    - http:
    63        paths:
    64        - path: /productpage
    65          backend:
    66            serviceName: productpage
    67            servicePort: 8080
    68  ---
    69  apiVersion: v1
    70  kind: Pod
    71  metadata:
    72    name: grafana-test
    73    labels:
    74      app: grafana-test
    75      istio: grafana
    76    annotations:
    77      # valid here
    78      proxy.istio.io/config: "{}"
    79      # analyzer ignores, not ours
    80      helm.sh/hook: test-success
    81      # invalid here
    82      kubernetes.io/ingress.class: "istio"
    83      gateway.istio.io/controller-version: "5"
    84  spec:
    85    containers:
    86      - name: "grafana-test"
    87        command: ['curl']
    88        args: ['http://grafana:{{ .Values.grafana.service.externalPort }}']
    89    restartPolicy: Never
    90  ---
    91  apiVersion: v1
    92  kind: Pod
    93  metadata:
    94    name: annotation-set-by-default
    95    labels:
    96      app: annotation-set-by-default
    97    annotations:
    98      # annotations are set by default by istio-cni, will be ignored to avoid validation errors
    99      sidecar.istio.io/interceptionMode: REDIRECT
   100      traffic.sidecar.istio.io/excludeInboundPorts: "15020"
   101      traffic.sidecar.istio.io/includeInboundPorts: '*'
   102      traffic.sidecar.istio.io/includeOutboundIPRanges: '*'
   103      gateway.istio.io/controller-version: "5"
   104  spec:
   105    containers:
   106      - name: "grafana-test"
   107        command: ['curl']
   108        args: ['http://grafana:{{ .Values.grafana.service.externalPort }}']
   109        restartPolicy: Never
   110    initContainers:
   111      - name: istio-validation
   112  ---
   113  apiVersion: v1
   114  kind: Pod
   115  metadata:
   116    name: anno-not-set-by-default
   117    labels:
   118      app: anno-not-set-by-default
   119    annotations:
   120      # annotations are not set by default, will not ignore
   121      sidecar.istio.io/interceptionMode: REDIRECT
   122      traffic.sidecar.istio.io/excludeInboundPorts: "15020"
   123      traffic.sidecar.istio.io/includeInboundPorts: '*'
   124      traffic.sidecar.istio.io/includeOutboundIPRanges: '*'
   125      gateway.istio.io/controller-version: "5"
   126  spec:
   127    containers:
   128      - name: "grafana-test"
   129        command: ['curl']
   130        args: ['http://grafana:{{ .Values.grafana.service.externalPort }}']
   131    restartPolicy: Never
   132    initContainers:
   133      - name: istio-init
   134  ---
   135  apiVersion: apps/v1
   136  kind: Deployment
   137  metadata:
   138    name: fortio-deploy
   139    annotations:
   140       # This annotation belongs on the spec/template so it can be applied to a pod, not here
   141       sidecar.istio.io/statsInclusionPrefixes: cluster.outbound
   142  spec:
   143    replicas: 1
   144    selector:
   145      matchLabels:
   146        app: fortio
   147    template:
   148      metadata:
   149        annotations:
   150          # sidecar.istio.io/statsInclusionPrefixes should be here
   151        labels:
   152          app: fortio
   153      spec:
   154        containers:
   155        - name: fortio
   156  ---
   157  apiVersion: v1
   158  kind: Namespace
   159  metadata:
   160    name: staging
   161    annotations:
   162      # Annotation does not belong to Namespace
   163      kubernetes.io/ingress.class: "foo"
   164  spec: {}
   165  ---
   166  apiVersion: v1
   167  kind: Pod
   168  metadata:
   169    name: ignore-istio-annotations
   170    annotations:
   171      # annotations not set by user, should not warn
   172      istio.io/rev: rev
   173      ambient.istio.io/redirection: enabled
   174  spec:
   175    containers:
   176    - name: "foo"
   177      command: ['curl']