Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: envoy
name: envoy
namespace: projectcontour
spec:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 10%
selector:
matchLabels:
app: envoy
template:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8002"
prometheus.io/path: "/stats/prometheus"
labels:
app: envoy
spec:
containers:
- args:
- -c
- /config/envoy.json
- --service-cluster $(CONTOUR_NAMESPACE)
- --service-node $(ENVOY_POD_NAME)
- --log-level info
command:
- envoy
image: docker.io/envoyproxy/envoy:v1.11.2
imagePullPolicy: IfNotPresent
name: envoy
env:
- name: CONTOUR_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ENVOY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
ports:
- containerPort: 80
hostPort: 80
name: http
protocol: TCP
- containerPort: 443
hostPort: 443
name: https
protocol: TCP
readinessProbe:
httpGet:
path: /ready
port: 8002
initialDelaySeconds: 3
periodSeconds: 3
volumeMounts:
- name: envoy-config
mountPath: /config
- name: envoycert
mountPath: /certs
- name: cacert
mountPath: /ca
lifecycle:
preStop:
exec:
command:
- bash
- -c
- --
- echo
- -ne
- "POST /healthcheck/fail HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n"
- '>/dev/tcp/localhost/9001'
initContainers:
- args:
- bootstrap
- /config/envoy.json
- --xds-address=contour
- --xds-port=8001
- --envoy-cafile=/ca/cacert.pem
- --envoy-cert-file=/certs/tls.crt
- --envoy-key-file=/certs/tls.key
command:
- contour
image: docker.io/projectcontour/contour:master
imagePullPolicy: Always
name: envoy-initconfig
volumeMounts:
- name: envoy-config
mountPath: /config
- name: envoycert
mountPath: /certs
readOnly: true
- name: cacert
mountPath: /ca
readOnly: true
env:
- name: CONTOUR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
automountServiceAccountToken: false
volumes:
- name: envoy-config
emptyDir: {}
- name: envoycert
secret:
secretName: envoycert
- name: cacert
secret:
secretName: cacert
restartPolicy: Always