/
flag_output.golden.yaml
160 lines (159 loc) · 4.21 KB
/
flag_output.golden.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: istiod
install.operator.istio.io/owning-resource: unknown
istio: pilot
istio.io/rev: default
operator.istio.io/component: Pilot
release: istio
name: istiod
namespace: istio-system
spec:
selector:
matchLabels:
istio: pilot
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
template:
metadata:
annotations:
ambient.istio.io/redirection: disabled
prometheus.io/port: "15014"
prometheus.io/scrape: "true"
sidecar.istio.io/inject: "false"
labels:
app: istiod
install.operator.istio.io/owning-resource: unknown
istio: pilot
istio.io/rev: default
operator.istio.io/component: Pilot
sidecar.istio.io/inject: "false"
spec:
containers:
- args:
- discovery
- --monitoringAddr=:15014
- --log_output_level=default:info
- --domain
- cluster.local
- --keepaliveMaxServerConnectionAge
- 30m
env:
- name: REVISION
value: default
- name: JWT_POLICY
value: third-party-jwt
- name: PILOT_CERT_PROVIDER
value: istiod
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: KUBECONFIG
value: /var/run/secrets/remote/config
- name: PILOT_TRACE_SAMPLING
value: "1"
- name: PILOT_ENABLE_ANALYSIS
value: "false"
- name: CLUSTER_ID
value: Kubernetes
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: PLATFORM
value: ""
image: gcr.io/istio-testing/pilot:latest
name: discovery
ports:
- containerPort: 8080
protocol: TCP
- containerPort: 15010
protocol: TCP
- containerPort: 15017
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 1
periodSeconds: 3
timeoutSeconds: 5
resources:
requests:
cpu: 500m
memory: 2048Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
volumeMounts:
- mountPath: /var/run/secrets/tokens
name: istio-token
readOnly: true
- mountPath: /var/run/secrets/istio-dns
name: local-certs
- mountPath: /etc/cacerts
name: cacerts
readOnly: true
- mountPath: /var/run/secrets/remote
name: istio-kubeconfig
readOnly: true
- mountPath: /var/run/secrets/istiod/tls
name: istio-csr-dns-cert
readOnly: true
- mountPath: /var/run/secrets/istiod/ca
name: istio-csr-ca-configmap
readOnly: true
serviceAccountName: istiod
volumes:
- emptyDir:
medium: Memory
name: local-certs
- name: istio-token
projected:
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- name: cacerts
secret:
optional: true
secretName: cacerts
- name: istio-kubeconfig
secret:
optional: true
secretName: istio-kubeconfig
- name: istio-csr-dns-cert
secret:
optional: true
secretName: istiod-tls
- configMap:
defaultMode: 420
name: istio-ca-root-cert
optional: true
name: istio-csr-ca-configmap
---