operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.golden.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
     app: istio-reader
     release: istio
   name: istio-reader-dubbo-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: istio-reader-dubbo-system
 subjects:
 - kind: ServiceAccount
   name: my-service-role
   namespace: dubbo-system
 ---


 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   labels:
     app: sidecar-injector
     install.operator.istio.io/owning-resource: unknown
     istio.io/rev: default
     operator.istio.io/component: Pilot
     release: istio
   name: istio-sidecar-injector-istio-control
 webhooks:
 - admissionReviewVersions:
   - v1beta1
   - v1
   clientConfig:
     service:
       name: istiod
       namespace: istio-control
       path: /inject
       port: 443
   failurePolicy: Fail
   name: rev.namespace.sidecar-injector.istio.io
   namespaceSelector:
     matchExpressions:
     - key: istio.io/rev
       operator: In
       values:
       - default
     - key: istio-injection
       operator: DoesNotExist
   objectSelector:
     matchExpressions:
     - key: sidecar.istio.io/inject
       operator: NotIn
       values:
       - "false"
   rules:
   - apiGroups:
     - ""
     apiVersions:
     - v1
     operations:
     - CREATE
     resources:
     - pods
   sideEffects: None
 - admissionReviewVersions:
   - v1beta1
   - v1
   clientConfig:
     service:
       name: istiod
       namespace: istio-control
       path: /inject
       port: 443
   failurePolicy: Fail
   name: rev.object.sidecar-injector.istio.io
   namespaceSelector:
     matchExpressions:
     - key: istio.io/rev
       operator: DoesNotExist
     - key: istio-injection
       operator: DoesNotExist
   objectSelector:
     matchExpressions:
     - key: sidecar.istio.io/inject
       operator: NotIn
       values:
       - "false"
     - key: istio.io/rev
       operator: In
       values:
       - default
   rules:
   - apiGroups:
     - ""
     apiVersions:
     - v1
     operations:
     - CREATE
     resources:
     - pods
   sideEffects: None
 - admissionReviewVersions:
   - v1beta1
   - v1
   clientConfig:
     service:
       name: foo
       namespace: istio-control
       path: /inject
       port: 443
   failurePolicy: Fail
   name: namespace.sidecar-injector.istio.io
   namespaceSelector:
     matchExpressions:
     - key: istio-injection
       operator: In
       values:
       - enabled
   objectSelector:
     matchExpressions:
     - key: sidecar.istio.io/inject
       operator: NotIn
       values:
       - "false"
   rules:
   - apiGroups:
     - ""
     apiVersions:
     - v1
     operations:
     - CREATE
     resources:
     - pods
   sideEffects: None
 - admissionReviewVersions:
   - v1beta1
   - v1
   clientConfig:
     service:
       name: istiod
       namespace: istio-control
       path: /inject
       port: 443
   failurePolicy: Fail
   name: object.sidecar-injector.istio.io
   namespaceSelector:
     matchExpressions:
     - key: istio-injection
       operator: DoesNotExist
     - key: istio.io/rev
       operator: DoesNotExist
   objectSelector:
     matchExpressions:
     - key: sidecar.istio.io/inject
       operator: In
       values:
       - "true"
     - key: istio.io/rev
       operator: DoesNotExist
   rules:
   - apiGroups:
     - ""
     apiVersions:
     - v1
     operations:
     - CREATE
     resources:
     - pods
   sideEffects: None
 ---


 apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
     app: istiod
     install.operator.istio.io/owning-resource: unknown
     istio: pilot
     istio.io/rev: default
     operator.istio.io/component: Pilot
     release: istio
   name: istiod
   namespace: istio-control
 spec:
   selector:
     matchLabels:
       istio: pilot
   strategy:
     rollingUpdate:
       maxSurge: 100%
       maxUnavailable: 25%
   template:
     metadata:
       annotations:
         prometheus.io/port: "15014"
         prometheus.io/scrape: "true"
         sidecar.istio.io/inject: "false"
       labels:
         app: istiod
         install.operator.istio.io/owning-resource: unknown
         istio: pilot
         istio.io/rev: default
         operator.istio.io/component: Pilot
         sidecar.istio.io/inject: "false"
     spec:
       containers:
       - args:
         - discovery
         - --monitoringAddr=:15014
         - --log_output_level=default:info
         - --domain
         - cluster.local
         - --keepaliveMaxServerConnectionAge
         - 60m
         env:
         - name: JWT_POLICY
           value: third-party-jwt
         - name: PILOT_CERT_PROVIDER
           value: istiod
         - name: POD_NAME
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.name
         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v2
               fieldPath: metadata.myPath
         - name: SERVICE_ACCOUNT
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: spec.serviceAccountName
         - name: KUBECONFIG
           value: /var/run/secrets/remote/config
         - name: PILOT_TRACE_SAMPLING
           value: "1"
         - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
           value: "true"
         - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
           value: "true"
         - name: ISTIOD_ADDR
           value: istiod.istio-control.svc:15012
         - name: PILOT_ENABLE_ANALYSIS
           value: "false"
         - name: CLUSTER_ID
           value: Kubernetes
         image: docker.io/istio/dubbo-pilot:1.1.4
         name: discovery
         ports:
         - containerPort: 1234
           protocol: TCP
         - containerPort: 15010
           protocol: TCP
         - containerPort: 15017
           protocol: TCP
         readinessProbe:
           httpGet:
             path: /ready
             port: 8080
           initialDelaySeconds: 1
           periodSeconds: 3
           timeoutSeconds: 5
         resources:
           requests:
             cpu: 123m
             memory: 2048Mi
         volumeMounts:
         - mountPath: /var/run/secrets/tokens
           name: istio-token
           readOnly: true
         - mountPath: /var/run/secrets/istio-dns
           name: local-certs
         - mountPath: /etc/cacerts
           name: cacerts
           readOnly: true
         - mountPath: /var/run/secrets/remote
           name: istio-kubeconfig
           readOnly: true
       securityContext:
         fsGroup: 1337
       serviceAccountName: istiod
       volumes:
       - emptyDir:
           medium: Memory
         name: local-certs
       - name: istio-token
         projected:
           sources:
           - serviceAccountToken:
               audience: istio-ca
               expirationSeconds: 43200
               path: istio-token
       - name: cacerts
         secret:
           optional: true
           secretName: cacerts
       - name: istio-kubeconfig
         secret:
           optional: true
           secretName: istio-kubeconfig
 ---


 apiVersion: v1
 kind: Service
 metadata:
   labels:
     app: istiod
     install.operator.istio.io/owning-resource: unknown
     istio: pilot
     istio.io/rev: default
     operator.istio.io/component: Pilot
     release: istio
   name: istiod
   namespace: istio-control
 spec:
   ports:
   - name: grpc-xds
     port: 15010
     protocol: TCP
   - name: https-dns
     port: 11111
     protocol: TCP
   - name: https-webhook
     port: 443
     protocol: TCP
     targetPort: 15017
   - name: http-monitoring
     port: 15014
     protocol: TCP
   selector:
     app: istiod
     istio: pilot
 ---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	labels:
	app: istio-reader
	release: istio
	name: istio-reader-dubbo-system
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: istio-reader-dubbo-system
	subjects:
	- kind: ServiceAccount
	name: my-service-role
	namespace: dubbo-system
	---


	apiVersion: admissionregistration.k8s.io/v1
	kind: MutatingWebhookConfiguration
	metadata:
	labels:
	app: sidecar-injector
	install.operator.istio.io/owning-resource: unknown
	istio.io/rev: default
	operator.istio.io/component: Pilot
	release: istio
	name: istio-sidecar-injector-istio-control
	webhooks:
	- admissionReviewVersions:
	- v1beta1
	- v1
	clientConfig:
	service:
	name: istiod
	namespace: istio-control
	path: /inject
	port: 443
	failurePolicy: Fail
	name: rev.namespace.sidecar-injector.istio.io
	namespaceSelector:
	matchExpressions:
	- key: istio.io/rev
	operator: In
	values:
	- default
	- key: istio-injection
	operator: DoesNotExist
	objectSelector:
	matchExpressions:
	- key: sidecar.istio.io/inject
	operator: NotIn
	values:
	- "false"
	rules:
	- apiGroups:
	- ""
	apiVersions:
	- v1
	operations:
	- CREATE
	resources:
	- pods
	sideEffects: None
	- admissionReviewVersions:
	- v1beta1
	- v1
	clientConfig:
	service:
	name: istiod
	namespace: istio-control
	path: /inject
	port: 443
	failurePolicy: Fail
	name: rev.object.sidecar-injector.istio.io
	namespaceSelector:
	matchExpressions:
	- key: istio.io/rev
	operator: DoesNotExist
	- key: istio-injection
	operator: DoesNotExist
	objectSelector:
	matchExpressions:
	- key: sidecar.istio.io/inject
	operator: NotIn
	values:
	- "false"
	- key: istio.io/rev
	operator: In
	values:
	- default
	rules:
	- apiGroups:
	- ""
	apiVersions:
	- v1
	operations:
	- CREATE
	resources:
	- pods
	sideEffects: None
	- admissionReviewVersions:
	- v1beta1
	- v1
	clientConfig:
	service:
	name: foo
	namespace: istio-control
	path: /inject
	port: 443
	failurePolicy: Fail
	name: namespace.sidecar-injector.istio.io
	namespaceSelector:
	matchExpressions:
	- key: istio-injection
	operator: In
	values:
	- enabled
	objectSelector:
	matchExpressions:
	- key: sidecar.istio.io/inject
	operator: NotIn
	values:
	- "false"
	rules:
	- apiGroups:
	- ""
	apiVersions:
	- v1
	operations:
	- CREATE
	resources:
	- pods
	sideEffects: None
	- admissionReviewVersions:
	- v1beta1
	- v1
	clientConfig:
	service:
	name: istiod
	namespace: istio-control
	path: /inject
	port: 443
	failurePolicy: Fail
	name: object.sidecar-injector.istio.io
	namespaceSelector:
	matchExpressions:
	- key: istio-injection
	operator: DoesNotExist
	- key: istio.io/rev
	operator: DoesNotExist
	objectSelector:
	matchExpressions:
	- key: sidecar.istio.io/inject
	operator: In
	values:
	- "true"
	- key: istio.io/rev
	operator: DoesNotExist
	rules:
	- apiGroups:
	- ""
	apiVersions:
	- v1
	operations:
	- CREATE
	resources:
	- pods
	sideEffects: None
	---


	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: istiod
	install.operator.istio.io/owning-resource: unknown
	istio: pilot
	istio.io/rev: default
	operator.istio.io/component: Pilot
	release: istio
	name: istiod
	namespace: istio-control
	spec:
	selector:
	matchLabels:
	istio: pilot
	strategy:
	rollingUpdate:
	maxSurge: 100%
	maxUnavailable: 25%
	template:
	metadata:
	annotations:
	prometheus.io/port: "15014"
	prometheus.io/scrape: "true"
	sidecar.istio.io/inject: "false"
	labels:
	app: istiod
	install.operator.istio.io/owning-resource: unknown
	istio: pilot
	istio.io/rev: default
	operator.istio.io/component: Pilot
	sidecar.istio.io/inject: "false"
	spec:
	containers:
	- args:
	- discovery
	- --monitoringAddr=:15014
	- --log_output_level=default:info
	- --domain
	- cluster.local
	- --keepaliveMaxServerConnectionAge
	- 60m
	env:
	- name: JWT_POLICY
	value: third-party-jwt
	- name: PILOT_CERT_PROVIDER
	value: istiod
	- name: POD_NAME
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: metadata.name
	- name: POD_NAMESPACE
	valueFrom:
	fieldRef:
	apiVersion: v2
	fieldPath: metadata.myPath
	- name: SERVICE_ACCOUNT
	valueFrom:
	fieldRef:
	apiVersion: v1
	fieldPath: spec.serviceAccountName
	- name: KUBECONFIG
	value: /var/run/secrets/remote/config
	- name: PILOT_TRACE_SAMPLING
	value: "1"
	- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND
	value: "true"
	- name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND
	value: "true"
	- name: ISTIOD_ADDR
	value: istiod.istio-control.svc:15012
	- name: PILOT_ENABLE_ANALYSIS
	value: "false"
	- name: CLUSTER_ID
	value: Kubernetes
	image: docker.io/istio/dubbo-pilot:1.1.4
	name: discovery
	ports:
	- containerPort: 1234
	protocol: TCP
	- containerPort: 15010
	protocol: TCP
	- containerPort: 15017
	protocol: TCP
	readinessProbe:
	httpGet:
	path: /ready
	port: 8080
	initialDelaySeconds: 1
	periodSeconds: 3
	timeoutSeconds: 5
	resources:
	requests:
	cpu: 123m
	memory: 2048Mi
	volumeMounts:
	- mountPath: /var/run/secrets/tokens
	name: istio-token
	readOnly: true
	- mountPath: /var/run/secrets/istio-dns
	name: local-certs
	- mountPath: /etc/cacerts
	name: cacerts
	readOnly: true
	- mountPath: /var/run/secrets/remote
	name: istio-kubeconfig
	readOnly: true
	securityContext:
	fsGroup: 1337
	serviceAccountName: istiod
	volumes:
	- emptyDir:
	medium: Memory
	name: local-certs
	- name: istio-token
	projected:
	sources:
	- serviceAccountToken:
	audience: istio-ca
	expirationSeconds: 43200
	path: istio-token
	- name: cacerts
	secret:
	optional: true
	secretName: cacerts
	- name: istio-kubeconfig
	secret:
	optional: true
	secretName: istio-kubeconfig
	---


	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: istiod
	install.operator.istio.io/owning-resource: unknown
	istio: pilot
	istio.io/rev: default
	operator.istio.io/component: Pilot
	release: istio
	name: istiod
	namespace: istio-control
	spec:
	ports:
	- name: grpc-xds
	port: 15010
	protocol: TCP
	- name: https-dns
	port: 11111
	protocol: TCP
	- name: https-webhook
	port: 443
	protocol: TCP
	targetPort: 15017
	- name: http-monitoring
	port: 15014
	protocol: TCP
	selector:
	app: istiod
	istio: pilot
	---