| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| app: istiod |
| install.operator.istio.io/owning-resource: unknown |
| istio: pilot |
| istio.io/rev: default |
| operator.istio.io/component: Pilot |
| release: istio |
| name: istiod |
| namespace: istio-control |
| spec: |
| selector: |
| matchLabels: |
| istio: pilot |
| strategy: |
| rollingUpdate: |
| maxSurge: 100% |
| maxUnavailable: 30% |
| template: |
| metadata: |
| annotations: |
| prometheus.io/port: "15014" |
| prometheus.io/scrape: "true" |
| sidecar.istio.io/inject: "false" |
| labels: |
| app: istiod |
| install.operator.istio.io/owning-resource: unknown |
| istio: pilot |
| istio.io/rev: default |
| operator.istio.io/component: Pilot |
| sidecar.istio.io/inject: "false" |
| spec: |
| containers: |
| - args: |
| - discovery |
| - --monitoringAddr=:15014 |
| - --log_output_level=default:info |
| - --domain |
| - cluster.local |
| - --keepaliveMaxServerConnectionAge |
| - 30m |
| env: |
| - name: REVISION |
| value: default |
| - name: JWT_POLICY |
| value: third-party-jwt |
| - name: PILOT_CERT_PROVIDER |
| value: istiod |
| - name: POD_NAME |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: metadata.name |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: metadata.namespace |
| - name: SERVICE_ACCOUNT |
| valueFrom: |
| fieldRef: |
| apiVersion: v1 |
| fieldPath: spec.serviceAccountName |
| - name: KUBECONFIG |
| value: /var/run/secrets/remote/config |
| - name: PILOT_TRACE_SAMPLING |
| value: "1" |
| - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND |
| value: "true" |
| - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND |
| value: "true" |
| - name: ISTIOD_ADDR |
| value: istiod.istio-control.svc:15012 |
| - name: PILOT_ENABLE_ANALYSIS |
| value: "false" |
| - name: CLUSTER_ID |
| value: Kubernetes |
| image: docker.io/istio/dubbo-pilot:1.1.4 |
| name: discovery |
| ports: |
| - containerPort: 8080 |
| protocol: TCP |
| - containerPort: 15010 |
| protocol: TCP |
| - containerPort: 15017 |
| protocol: TCP |
| readinessProbe: |
| httpGet: |
| path: /ready |
| port: 8080 |
| initialDelaySeconds: 1 |
| periodSeconds: 3 |
| timeoutSeconds: 5 |
| resources: |
| requests: |
| cpu: 222m |
| memory: 333Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| readOnlyRootFilesystem: true |
| runAsGroup: 1337 |
| runAsNonRoot: true |
| runAsUser: 1337 |
| volumeMounts: |
| - mountPath: /var/run/secrets/tokens |
| name: istio-token |
| readOnly: true |
| - mountPath: /var/run/secrets/istio-dns |
| name: local-certs |
| - mountPath: /etc/cacerts |
| name: cacerts |
| readOnly: true |
| - mountPath: /var/run/secrets/remote |
| name: istio-kubeconfig |
| readOnly: true |
| nodeSelector: |
| node-name: test |
| securityContext: |
| fsGroup: 1337 |
| serviceAccountName: istiod |
| volumes: |
| - emptyDir: |
| medium: Memory |
| name: local-certs |
| - name: istio-token |
| projected: |
| sources: |
| - serviceAccountToken: |
| audience: istio-ca |
| expirationSeconds: 43200 |
| path: istio-token |
| - name: cacerts |
| secret: |
| optional: true |
| secretName: cacerts |
| - name: istio-kubeconfig |
| secret: |
| optional: true |
| secretName: istio-kubeconfig |
| --- |
| |
| |
| apiVersion: autoscaling/v2beta2 |
| kind: HorizontalPodAutoscaler |
| metadata: |
| labels: |
| app: istiod |
| install.operator.istio.io/owning-resource: unknown |
| istio.io/rev: default |
| operator.istio.io/component: Pilot |
| release: istio |
| name: istiod |
| namespace: istio-control |
| spec: |
| maxReplicas: 8 |
| metrics: |
| - resource: |
| name: cpu |
| target: |
| averageUtilization: 80 |
| type: Utilization |
| type: Resource |
| minReplicas: 2 |
| scaleTargetRef: |
| apiVersion: apps/v1 |
| kind: Deployment |
| name: istiod |
| --- |
