istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/test/framework/components/echo/kube/templates/deployment.yaml (about) 1 {{- $revVerMap := .Revisions }} 2 {{- $subsets := .Subsets }} 3 {{- $cluster := .Cluster }} 4 {{- range $i, $subset := $subsets }} 5 {{- range $revision, $version := $revVerMap }} 6 apiVersion: apps/v1 7 {{- if $.StatefulSet }} 8 kind: StatefulSet 9 {{- else }} 10 kind: Deployment 11 {{- end }} 12 metadata: 13 {{- if $.Compatibility }} 14 name: {{ $.Service }}-{{ $subset.Version }}-{{ $revision }} 15 {{- else }} 16 name: {{ $.Service }}-{{ $subset.Version }} 17 {{- end }} 18 spec: 19 {{- if $.StatefulSet }} 20 serviceName: {{ $.Service }} 21 {{- end }} 22 replicas: {{$subset.Replicas | default 1 }} 23 selector: 24 matchLabels: 25 app: {{ $.Service }} 26 version: {{ $subset.Version }} 27 {{- if ne $.Locality "" }} 28 istio-locality: {{ $.Locality }} 29 {{- end }} 30 template: 31 metadata: 32 labels: 33 app: {{ $.Service }} 34 version: {{ $subset.Version }} 35 test.istio.io/class: {{ $.WorkloadClass }} 36 {{- if $.Compatibility }} 37 istio.io/rev: {{ $revision }} 38 {{- end }} 39 {{- if ne $.Locality "" }} 40 istio-locality: {{ $.Locality }} 41 {{- end }} 42 {{- range $name, $value := $subset.Labels }} 43 {{$name}}: "{{$value}}" 44 {{- end }} 45 annotations: 46 prometheus.io/scrape: "true" 47 prometheus.io/port: "15014" 48 {{- range $name, $value := $subset.Annotations }} 49 {{ $name }}: {{ printf "%q" $value }} 50 {{- end }} 51 {{- if $.ProxylessGRPC }} 52 proxy.istio.io/config: '{"holdApplicationUntilProxyStarts": true}' 53 {{- end }} 54 spec: 55 {{- if $.Ambient }} 56 topologySpreadConstraints: 57 - topologyKey: "kubernetes.io/hostname" 58 whenUnsatisfiable: "ScheduleAnyway" 59 maxSkew: 1 60 labelSelector: 61 matchLabels: 62 app: {{ $.Service }} 63 {{- end }} 64 {{- if $.ServiceAccount }} 65 serviceAccountName: {{ $.Service }} 66 {{- end }} 67 {{- if $.DisableAutomountSAToken }} 68 automountServiceAccountToken: false 69 {{- end}} 70 {{- if ne $.ImagePullSecretName "" }} 71 imagePullSecrets: 72 - name: {{ $.ImagePullSecretName }} 73 {{- end }} 74 containers: 75 {{- if and 76 (ne (index $subset.Annotations "sidecar.istio.io/inject") "false") 77 (ne (index $subset.Annotations "inject.istio.io/templates") "grpc") 78 ($.OverlayIstioProxy) 79 }} 80 - name: istio-proxy 81 image: auto 82 imagePullPolicy: {{ $.ImagePullPolicy }} 83 securityContext: # to allow core dumps 84 readOnlyRootFilesystem: false 85 {{- end }} 86 {{- if $.IncludeExtAuthz }} 87 - name: ext-authz 88 image: {{ $.ImageHub }}/ext-authz:{{ $.ImageTag }} 89 imagePullPolicy: {{ $.ImagePullPolicy }} 90 ports: 91 - containerPort: 8000 92 - containerPort: 9000 93 {{- end }} 94 {{- range $i, $appContainer := $.AppContainers }} 95 - name: {{ $appContainer.Name }} 96 {{- if $appContainer.ImageFullPath }} 97 image: {{ $appContainer.ImageFullPath }} 98 {{- else }} 99 image: {{ $.ImageHub }}/app:{{ $.ImageTag }} 100 {{- end }} 101 imagePullPolicy: {{ $.ImagePullPolicy }} 102 args: 103 {{- if $appContainer.FallbackPort }} 104 - --forwarding_address=0.0.0.0:{{ $appContainer.FallbackPort }} 105 {{- end }} 106 - --metrics=15014 107 - --cluster={{ $cluster }} 108 {{- range $i, $p := $appContainer.ContainerPorts }} 109 {{- if and $p.XDSServer (eq .Protocol "GRPC") }} 110 - --xds-grpc-server={{ $p.Port }} 111 {{- else if eq .Protocol "GRPC" }} 112 - --grpc={{ $p.Port }} 113 {{- else if eq .Protocol "TCP" }} 114 - --tcp={{ $p.Port }} 115 {{- else }} 116 - --port={{ $p.Port }} 117 {{- end }} 118 {{- if $p.TLS }} 119 - --tls={{ $p.Port }} 120 {{- end }} 121 {{- if $p.ServerFirst }} 122 - --server-first={{ $p.Port }} 123 {{- end }} 124 {{- if $p.InstanceIP }} 125 - --bind-ip={{ $p.Port }} 126 {{- end }} 127 {{- if $p.LocalhostIP }} 128 - --bind-localhost={{ $p.Port }} 129 {{- end }} 130 {{- end }} 131 - --version={{ $subset.Version }} 132 - --istio-version={{ $version }} 133 {{- if $.TLSSettings }} 134 - --crt=/etc/certs/custom/cert-chain.pem 135 - --key=/etc/certs/custom/key.pem 136 {{- if $.TLSSettings.AcceptAnyALPN}} 137 - --disable-alpn 138 {{- end }} 139 {{- else }} 140 - --crt=/cert.crt 141 - --key=/cert.key 142 {{- end }} 143 ports: 144 {{- range $i, $p := $appContainer.ContainerPorts }} 145 - containerPort: {{ $p.Port }} 146 {{- if eq .Port 3333 }} 147 name: tcp-health-port 148 {{- else if and ($appContainer.ImageFullPath) (eq .Port 17171) }} 149 name: tcp-health-port 150 {{- end }} 151 {{- end }} 152 env: 153 - name: INSTANCE_IP 154 valueFrom: 155 fieldRef: 156 fieldPath: status.podIP 157 - name: NAMESPACE 158 valueFrom: 159 fieldRef: 160 fieldPath: metadata.namespace 161 {{- if $.ProxylessGRPC }} 162 - name: EXPOSE_GRPC_ADMIN 163 value: "true" 164 {{- end }} 165 readinessProbe: 166 {{- if $.ReadinessTCPPort }} 167 tcpSocket: 168 port: {{ $.ReadinessTCPPort }} 169 {{- else if $.ReadinessGRPCPort }} 170 grpc: 171 port: {{ $.ReadinessGRPCPort }} 172 {{- else if $appContainer.ImageFullPath }} 173 tcpSocket: 174 port: tcp-health-port 175 {{- else }} 176 httpGet: 177 path: / 178 port: 8080 179 {{- end }} 180 initialDelaySeconds: 1 181 periodSeconds: 2 182 failureThreshold: 10 183 livenessProbe: 184 tcpSocket: 185 port: tcp-health-port 186 initialDelaySeconds: 10 187 periodSeconds: 10 188 failureThreshold: 10 189 {{- if $.StartupProbe }} 190 startupProbe: 191 tcpSocket: 192 port: tcp-health-port 193 periodSeconds: 1 194 failureThreshold: 10 195 {{- end }} 196 {{- if $.TLSSettings }} 197 volumeMounts: 198 - mountPath: /etc/certs/custom 199 name: custom-certs 200 {{- end }} 201 {{- end }} 202 {{- if $.TLSSettings }} 203 volumes: 204 {{- if $.TLSSettings.ProxyProvision }} 205 - emptyDir: 206 medium: Memory 207 {{- else }} 208 - configMap: 209 name: {{ $.Service }}-certs 210 {{- end }} 211 name: custom-certs 212 {{- end }} 213 --- 214 {{- end }} 215 {{- end }} 216 {{- if .TLSSettings}}{{if not .TLSSettings.ProxyProvision }} 217 apiVersion: v1 218 kind: ConfigMap 219 metadata: 220 name: {{ $.Service }}-certs 221 data: 222 root-cert.pem: | 223 {{ .TLSSettings.RootCert | indent 4 }} 224 cert-chain.pem: | 225 {{ .TLSSettings.ClientCert | indent 4 }} 226 key.pem: | 227 {{.TLSSettings.Key | indent 4}} 228 --- 229 {{- end}}{{- end}}