-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathexample-ig-deployment.yaml
188 lines (188 loc) · 5.26 KB
/
example-ig-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
app: example-ingressgateway
istio: example-ingressgateway
name: example-ingressgateway
namespace: istio-system
spec:
selector:
matchLabels:
app: example-ingressgateway
istio: example-ingressgateway
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
template:
metadata:
annotations:
sidecar.istio.io/inject: 'false'
labels:
app: example-ingressgateway
istio: example-ingressgateway
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- ppc64le
weight: 2
- preference:
matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- s390x
weight: 2
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- ppc64le
- s390x
containers:
- args:
- proxy
- router
- "--domain"
- "$(POD_NAMESPACE).svc.cluster.local"
- "--log_output_level=default:info"
- "--drainDuration"
- 45s
- "--parentShutdownDuration"
- 1m0s
- "--connectTimeout"
- 10s
- "--serviceCluster"
- istio-ingressgateway
- "--zipkinAddress"
- zipkin:9411
- "--proxyAdminPort"
- '15000'
- "--statusPort"
- '15020'
- "--controlPlaneAuthPolicy"
- NONE
- "--discoveryAddress"
- istio-pilot:15010
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ISTIO_META_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: ISTIO_META_CONFIG_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SDS_ENABLED
value: 'false'
- name: ISTIO_META_WORKLOAD_NAME
value: example-ingressgateway
- name: ISTIO_META_OWNER
value: kubernetes://api/apps/v1/namespaces/istio-system/deployments/example-ingressgateway
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
image: docker.io/istio/proxyv2:1.3.2
imagePullPolicy: IfNotPresent
name: example-ingressgateway
ports:
- containerPort: 15020
- containerPort: 80
- containerPort: 443
- containerPort: 31400
- containerPort: 15029
- containerPort: 15030
- containerPort: 15031
- containerPort: 15032
- containerPort: 15443
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: "/healthz/ready"
port: 15020
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: "/etc/certs"
name: istio-certs
readOnly: true
- mountPath: "/etc/istio/ingressgateway-certs"
name: example-ingressgateway-certs
readOnly: true
- mountPath: "/etc/istio/ingressgateway-ca-certs"
name: ingressgateway-ca-certs
readOnly: true
serviceAccountName: example-ingressgateway-service-account
volumes:
- name: istio-certs
secret:
optional: true
secretName: istio.istio-ingressgateway-service-account
- name: example-ingressgateway-certs
secret:
optional: true
secretName: istio-example-ingressgateway-certs
- name: ingressgateway-ca-certs
secret:
optional: true
secretName: istio-ingressgateway-ca-certs