operator/cmd/mesh/testdata/manifest-generate/output/flag_output.golden.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: istiod
   namespace: dubbo-system
   labels:
     app: istiod
     istio.io/rev: default
     install.operator.istio.io/owning-resource: unknown
     operator.istio.io/component: "Pilot"
     istio: pilot
     release: istio
 spec:
   strategy:
     rollingUpdate:
       maxSurge: 100%
       maxUnavailable: 25%
   selector:
     matchLabels:
       istio: pilot
   template:
     metadata:
       labels:
         app: istiod
         istio.io/rev: default
         install.operator.istio.io/owning-resource: unknown
         sidecar.istio.io/inject: "false"
         operator.istio.io/component: "Pilot"
         istio: pilot
       annotations:
         prometheus.io/port: "15014"
         prometheus.io/scrape: "true"
         sidecar.istio.io/inject: "false"
     spec:
       serviceAccountName: istiod
       securityContext:
         fsGroup: 1337
       containers:
         - name: discovery
           image: "apache/dubbo-pilot:latest"
           args:
           - "discovery"
           - --monitoringAddr=:15014
           - --log_output_level=default:info
           - --domain
           - cluster.local
           - --keepaliveMaxServerConnectionAge
           - "30m"
           ports:
           - containerPort: 8080
             protocol: TCP
           - containerPort: 15010
             protocol: TCP
           - containerPort: 15017
             protocol: TCP
           readinessProbe:
             httpGet:
               path: /ready
               port: 8080
             initialDelaySeconds: 1
             periodSeconds: 3
             timeoutSeconds: 5
           env:
           - name: REVISION
             value: "default"
           - name: JWT_POLICY
             value: third-party-jwt
           - name: PILOT_CERT_PROVIDER
             value: istiod
           - name: POD_NAME
             valueFrom:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.name
           - name: POD_NAMESPACE
             valueFrom:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
           - name: SERVICE_ACCOUNT
             valueFrom:
               fieldRef:
                 apiVersion: v1
                 fieldPath: spec.serviceAccountName
           - name: KUBECONFIG
             value: /var/run/secrets/remote/config
           - name: PILOT_TRACE_SAMPLING
             value: "1"
           - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
             value: "true"
           - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
             value: "true"
           - name: ISTIOD_ADDR
             value: istiod.dubbo-system.svc:15012
           - name: PILOT_ENABLE_ANALYSIS
             value: "false"
           - name: CLUSTER_ID
             value: "Kubernetes"
           resources:
             requests:
               cpu: 500m
               memory: 2048Mi
           securityContext:
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: true
             runAsUser: 1337
             runAsGroup: 1337
             runAsNonRoot: true
             capabilities:
               drop:
               - ALL
           volumeMounts:
           - name: istio-token
             mountPath: /var/run/secrets/tokens
             readOnly: true
           - name: local-certs
             mountPath: /var/run/secrets/istio-dns
           - name: cacerts
             mountPath: /etc/cacerts
             readOnly: true
           - name: istio-kubeconfig
             mountPath: /var/run/secrets/remote
             readOnly: true
       volumes:
       # Technically not needed on this pod - but it helps debugging/testing SDS
       # Should be removed after everything works.
       - emptyDir:
           medium: Memory
         name: local-certs
       - name: istio-token
         projected:
           sources:
             - serviceAccountToken:
                 audience: istio-ca
                 expirationSeconds: 43200
                 path: istio-token
       # Optional: user-generated root
       - name: cacerts
         secret:
           secretName: cacerts
           optional: true
       - name: istio-kubeconfig
         secret:
           secretName: istio-kubeconfig
           optional: true
 ---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: istiod
	namespace: dubbo-system
	labels:
	app: istiod
	istio.io/rev: default
	install.operator.istio.io/owning-resource: unknown
	operator.istio.io/component: "Pilot"
	istio: pilot
	release: istio
	spec:
	strategy:
	rollingUpdate:
	maxSurge: 100%
	maxUnavailable: 25%
	selector:
	matchLabels:
	istio: pilot
	template:
	metadata:
	labels:
	app: istiod
	istio.io/rev: default
	install.operator.istio.io/owning-resource: unknown
	sidecar.istio.io/inject: "false"
	operator.istio.io/component: "Pilot"
	istio: pilot
	annotations:
	prometheus.io/port: "15014"
	prometheus.io/scrape: "true"
	sidecar.istio.io/inject: "false"
	spec:
	serviceAccountName: istiod
	securityContext:
	fsGroup: 1337
	containers:
	- name: discovery
	image: "apache/dubbo-pilot:latest"
	args:
	- "discovery"
	- --monitoringAddr=:15014
	- --log_output_level=default:info
	- --domain
	- cluster.local
	- --keepaliveMaxServerConnectionAge
	- "30m"
	ports:
	- containerPort: 8080
	protocol: TCP
	- containerPort: 15010
	protocol: TCP
	- containerPort: 15017
	protocol: TCP
	readinessProbe:
	httpGet:
	path: /ready
	port: 8080
	initialDelaySeconds: 1
	periodSeconds: 3
	timeoutSeconds: 5
	env:
	- name: REVISION
	value: "default"
	- name: JWT_POLICY
	value: third-party-jwt
	- name: PILOT_CERT_PROVIDER
	value: istiod
	- name: POD_NAME
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: metadata.name
	- name: POD_NAMESPACE
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: metadata.namespace
	- name: SERVICE_ACCOUNT
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: spec.serviceAccountName
	- name: KUBECONFIG
	value: /var/run/secrets/remote/config
	- name: PILOT_TRACE_SAMPLING
	value: "1"
	- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
	value: "true"
	- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
	value: "true"
	- name: ISTIOD_ADDR
	value: istiod.dubbo-system.svc:15012
	- name: PILOT_ENABLE_ANALYSIS
	value: "false"
	- name: CLUSTER_ID
	value: "Kubernetes"
	resources:
	requests:
	cpu: 500m
	memory: 2048Mi
	securityContext:
	allowPrivilegeEscalation: false
	readOnlyRootFilesystem: true
	runAsUser: 1337
	runAsGroup: 1337
	runAsNonRoot: true
	capabilities:
	drop:
	- ALL
	volumeMounts:
	- name: istio-token
	mountPath: /var/run/secrets/tokens
	readOnly: true
	- name: local-certs
	mountPath: /var/run/secrets/istio-dns
	- name: cacerts
	mountPath: /etc/cacerts
	readOnly: true
	- name: istio-kubeconfig
	mountPath: /var/run/secrets/remote
	readOnly: true
	volumes:
	# Technically not needed on this pod - but it helps debugging/testing SDS
	# Should be removed after everything works.
	- emptyDir:
	medium: Memory
	name: local-certs
	- name: istio-token
	projected:
	sources:
	- serviceAccountToken:
	audience: istio-ca
	expirationSeconds: 43200
	path: istio-token
	# Optional: user-generated root
	- name: cacerts
	secret:
	secretName: cacerts
	optional: true
	- name: istio-kubeconfig
	secret:
	secretName: istio-kubeconfig
	optional: true
	---