| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| creationTimestamp: null |
| name: hello |
| spec: |
| selector: |
| matchLabels: |
| app: hello |
| strategy: {} |
| template: |
| metadata: |
| annotations: |
| kubectl.kubernetes.io/default-container: hello |
| kubectl.kubernetes.io/default-logs-container: hello |
| prometheus.io/path: /stats/prometheus |
| prometheus.io/port: "15020" |
| prometheus.io/scrape: "true" |
| proxy.istio.io/overrides: '{"containers":[{"name":"istio-proxy","resources":{"requests":{"cpu":"123m"}},"volumeMounts":[{"name":"certs","mountPath":"/etc/certs"}],"livenessProbe":{"httpGet":{"path":"/healthz/ready","port":15021},"initialDelaySeconds":10,"timeoutSeconds":3,"periodSeconds":2,"failureThreshold":30},"lifecycle":{"preStop":{"exec":{"command":["sleep","10"]}}},"terminationMessagePath":"/foo/bar","securityContext":{"readOnlyRootFilesystem":false,"allowPrivilegeEscalation":true},"tty":true}],"initContainers":[{"name":"istio-init","image":"fake/custom-image","args":["my","custom","args"],"resources":{}}]}' |
| sidecar.istio.io/status: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["workload-socket","workload-certs","istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}' |
| creationTimestamp: null |
| labels: |
| app: hello |
| security.istio.io/tlsMode: istio |
| service.istio.io/canonical-name: hello |
| service.istio.io/canonical-revision: latest |
| spec: |
| containers: |
| - image: fake.docker.io/google-samples/hello-go-gke:1.0 |
| name: hello |
| resources: {} |
| - args: |
| - proxy |
| - sidecar |
| - --domain |
| - $(POD_NAMESPACE).svc.cluster.local |
| - --proxyLogLevel=warning |
| - --proxyComponentLogLevel=misc:error |
| - --log_output_level=default:info |
| - --concurrency |
| - "2" |
| env: |
| - name: JWT_POLICY |
| value: third-party-jwt |
| - name: PILOT_CERT_PROVIDER |
| value: istiod |
| - name: CA_ADDR |
| value: istiod.dubbo-system.svc:15012 |
| - name: POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: INSTANCE_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.podIP |
| - name: SERVICE_ACCOUNT |
| valueFrom: |
| fieldRef: |
| fieldPath: spec.serviceAccountName |
| - name: HOST_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.hostIP |
| - name: PROXY_CONFIG |
| value: | |
| {} |
| - name: ISTIO_META_POD_PORTS |
| value: |- |
| [ |
| ] |
| - name: ISTIO_META_APP_CONTAINERS |
| value: hello |
| - name: ISTIO_META_CLUSTER_ID |
| value: Kubernetes |
| - name: ISTIO_META_INTERCEPTION_MODE |
| value: REDIRECT |
| - name: ISTIO_META_WORKLOAD_NAME |
| value: hello |
| - name: ISTIO_META_OWNER |
| value: kubernetes://apis/apps/v1/namespaces/default/deployments/hello |
| - name: ISTIO_META_MESH_ID |
| value: cluster.local |
| - name: TRUST_DOMAIN |
| value: cluster.local |
| image: apache/dubbo-agent:latest |
| lifecycle: |
| preStop: |
| exec: |
| command: |
| - sleep |
| - "10" |
| livenessProbe: |
| failureThreshold: 30 |
| httpGet: |
| path: /healthz/ready |
| port: 15021 |
| initialDelaySeconds: 10 |
| periodSeconds: 2 |
| timeoutSeconds: 3 |
| name: istio-proxy |
| ports: |
| - containerPort: 15090 |
| name: http-envoy-prom |
| protocol: TCP |
| readinessProbe: |
| failureThreshold: 30 |
| httpGet: |
| path: /healthz/ready |
| port: 15021 |
| initialDelaySeconds: 1 |
| periodSeconds: 2 |
| timeoutSeconds: 3 |
| resources: |
| limits: |
| cpu: "2" |
| memory: 1Gi |
| requests: |
| cpu: 123m |
| memory: 128Mi |
| securityContext: |
| allowPrivilegeEscalation: true |
| capabilities: |
| drop: |
| - ALL |
| privileged: false |
| readOnlyRootFilesystem: false |
| runAsGroup: 1337 |
| runAsNonRoot: true |
| runAsUser: 1337 |
| terminationMessagePath: /foo/bar |
| tty: true |
| volumeMounts: |
| - mountPath: /var/run/secrets/workload-spiffe-uds |
| name: workload-socket |
| - mountPath: /var/run/secrets/workload-spiffe-credentials |
| name: workload-certs |
| - mountPath: /var/run/secrets/istio |
| name: istiod-ca-cert |
| - mountPath: /var/lib/istio/data |
| name: istio-data |
| - mountPath: /etc/istio/proxy |
| name: istio-envoy |
| - mountPath: /var/run/secrets/tokens |
| name: istio-token |
| - mountPath: /etc/istio/pod |
| name: istio-podinfo |
| - mountPath: /etc/certs |
| name: certs |
| initContainers: |
| - args: |
| - my |
| - custom |
| - args |
| image: fake/custom-image |
| name: istio-init |
| resources: |
| limits: |
| cpu: "2" |
| memory: 1Gi |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| add: |
| - NET_ADMIN |
| - NET_RAW |
| drop: |
| - ALL |
| privileged: false |
| readOnlyRootFilesystem: false |
| runAsGroup: 0 |
| runAsNonRoot: false |
| runAsUser: 0 |
| securityContext: |
| fsGroup: 1337 |
| volumes: |
| - name: workload-socket |
| - name: workload-certs |
| - emptyDir: |
| medium: Memory |
| name: istio-envoy |
| - emptyDir: {} |
| name: istio-data |
| - downwardAPI: |
| items: |
| - fieldRef: |
| fieldPath: metadata.labels |
| path: labels |
| - fieldRef: |
| fieldPath: metadata.annotations |
| path: annotations |
| name: istio-podinfo |
| - name: istio-token |
| projected: |
| sources: |
| - serviceAccountToken: |
| audience: istio-ca |
| expirationSeconds: 43200 |
| path: istio-token |
| - configMap: |
| name: istio-ca-root-cert |
| name: istiod-ca-cert |
| - name: certs |
| secret: |
| secretName: istio-certs |
| status: {} |
| --- |