| apiVersion: apps/v1 |
| kind: ReplicaSet |
| metadata: |
| creationTimestamp: null |
| name: hello |
| spec: |
| replicas: 7 |
| selector: |
| matchLabels: |
| app: hello |
| template: |
| metadata: |
| annotations: |
| sidecar.istio.io/interceptionMode: REDIRECT |
| sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-certs"],"imagePullSecrets":null}' |
| traffic.sidecar.istio.io/excludeInboundPorts: "15020" |
| traffic.sidecar.istio.io/includeInboundPorts: "80" |
| traffic.sidecar.istio.io/includeOutboundIPRanges: '*' |
| creationTimestamp: null |
| labels: |
| app: hello |
| spec: |
| containers: |
| - image: fake.docker.io/google-samples/hello-go-gke:1.0 |
| name: hello |
| ports: |
| - containerPort: 80 |
| name: http |
| resources: {} |
| - args: |
| - proxy |
| - sidecar |
| - --domain |
| - $(POD_NAMESPACE).svc.cluster.local |
| - --configPath |
| - /etc/istio/proxy |
| - --binaryPath |
| - /usr/local/bin/envoy |
| - --serviceCluster |
| - hello.$(POD_NAMESPACE) |
| - --drainDuration |
| - 45s |
| - --parentShutdownDuration |
| - 1m0s |
| - --discoveryAddress |
| - istio-pilot:15010 |
| - --dnsRefreshRate |
| - 300s |
| - --connectTimeout |
| - 1s |
| - --proxyAdminPort |
| - "15000" |
| - --controlPlaneAuthPolicy |
| - NONE |
| - --statusPort |
| - "15020" |
| - --applicationPorts |
| - "80" |
| - --concurrency |
| - "2" |
| env: |
| - name: POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: INSTANCE_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.podIP |
| - name: ISTIO_META_POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: ISTIO_META_CONFIG_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: ISTIO_META_INTERCEPTION_MODE |
| value: REDIRECT |
| - name: ISTIO_META_INCLUDE_INBOUND_PORTS |
| value: "80" |
| - name: ISTIO_METAJSON_LABELS |
| value: | |
| {"app":"hello"} |
| image: docker.io/istio/proxyv2:unittest |
| imagePullPolicy: IfNotPresent |
| name: istio-proxy |
| ports: |
| - containerPort: 15090 |
| name: http-envoy-prom |
| protocol: TCP |
| readinessProbe: |
| failureThreshold: 30 |
| httpGet: |
| path: /healthz/ready |
| port: 15020 |
| initialDelaySeconds: 1 |
| periodSeconds: 2 |
| resources: |
| limits: |
| cpu: "2" |
| memory: 1Gi |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| privileged: false |
| readOnlyRootFilesystem: true |
| runAsGroup: 1337 |
| runAsNonRoot: true |
| runAsUser: 1337 |
| volumeMounts: |
| - mountPath: /etc/istio/proxy |
| name: istio-envoy |
| - mountPath: /etc/certs/ |
| name: istio-certs |
| readOnly: true |
| initContainers: |
| - args: |
| - -p |
| - "15001" |
| - -u |
| - "1337" |
| - -m |
| - REDIRECT |
| - -i |
| - '*' |
| - -x |
| - "" |
| - -b |
| - "80" |
| - -d |
| - "15090,15020" |
| image: docker.io/istio/proxy_init:unittest |
| imagePullPolicy: IfNotPresent |
| name: istio-init |
| resources: |
| limits: |
| cpu: 100m |
| memory: 50Mi |
| requests: |
| cpu: 10m |
| memory: 10Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| add: |
| - NET_ADMIN |
| - NET_RAW |
| drop: |
| - ALL |
| privileged: false |
| readOnlyRootFilesystem: false |
| runAsGroup: 0 |
| runAsNonRoot: false |
| runAsUser: 0 |
| volumes: |
| - emptyDir: |
| medium: Memory |
| name: istio-envoy |
| - name: istio-certs |
| secret: |
| optional: true |
| secretName: istio.default |
| status: |
| replicas: 0 |
| --- |