tests/testdata/networking/sidecar-without-service/configs.yaml - dubbo-go-pixiu - Git at Google

 apiVersion: networking.istio.io/v1alpha3
 kind: Sidecar
 metadata:
   name: default-sidecar-scope
   namespace: istio-config
 spec:
   egress:
   - hosts:
     - "./*"
 ---
 # Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh.
 apiVersion: security.istio.io/v1beta1
 kind: PeerAuthentication
 metadata:
   name: default
   namespace: istio-config
 spec:
   mtls:
     mode: STRICT
 ---
 # Corresponding destination rule to configure client side to use mutual TLS when talking to
 # any service (host) in the mesh.
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: default
   namespace: istio-config
 spec:
   host: "*.local"
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
 ---
 # Services and configs in ns1 namespace
 apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
 metadata:
   name: http1
   namespace: ns1
 spec:
   hosts:
   - http1.ns1.svc.cluster.local
   addresses:
   - 2.1.1.1
   ports:
   - number: 8081
     name: http
     protocol: HTTP2
   location: MESH_INTERNAL
   resolution: STATIC
   endpoints:
   - address: 100.1.1.1
     labels:
       version: v1
     ports:
       http: 8080
 ---
 # Services and configs in ns1 namespace
 apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
 metadata:
   name: http2
   namespace: ns2
 spec:
   hosts:
   - http2.ns2.svc.cluster.local
   addresses:
   - 2.1.1.2
   ports:
   - number: 8082
     name: http
     protocol: HTTP2
   location: MESH_INTERNAL
   resolution: STATIC
   endpoints:
   - address: 100.2.1.1
     ports:
       http: 8080
 ---
 # The sidecar for the consumer only application
 apiVersion: networking.istio.io/v1alpha3
 kind: Sidecar
 metadata:
   name: consumerapp
   namespace: consumerns
 spec:
   egress:
     - hosts:
         - "ns1/*"
   ingress:
     - port:
         number: 9080
         protocol: HTTP
         name: http-admin
       defaultEndpoint: 127.0.0.1:8080
       captureMode: IPTABLES
   workloadSelector:
     labels:
       app: consumeronly
	apiVersion: networking.istio.io/v1alpha3
	kind: Sidecar
	metadata:
	name: default-sidecar-scope
	namespace: istio-config
	spec:
	egress:
	- hosts:
	- "./*"
	---
	# Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh.
	apiVersion: security.istio.io/v1beta1
	kind: PeerAuthentication
	metadata:
	name: default
	namespace: istio-config
	spec:
	mtls:
	mode: STRICT
	---
	# Corresponding destination rule to configure client side to use mutual TLS when talking to
	# any service (host) in the mesh.
	apiVersion: networking.istio.io/v1alpha3
	kind: DestinationRule
	metadata:
	name: default
	namespace: istio-config
	spec:
	host: "*.local"
	trafficPolicy:
	tls:
	mode: ISTIO_MUTUAL
	---
	# Services and configs in ns1 namespace
	apiVersion: networking.istio.io/v1alpha3
	kind: ServiceEntry
	metadata:
	name: http1
	namespace: ns1
	spec:
	hosts:
	- http1.ns1.svc.cluster.local
	addresses:
	- 2.1.1.1
	ports:
	- number: 8081
	name: http
	protocol: HTTP2
	location: MESH_INTERNAL
	resolution: STATIC
	endpoints:
	- address: 100.1.1.1
	labels:
	version: v1
	ports:
	http: 8080
	---
	# Services and configs in ns1 namespace
	apiVersion: networking.istio.io/v1alpha3
	kind: ServiceEntry
	metadata:
	name: http2
	namespace: ns2
	spec:
	hosts:
	- http2.ns2.svc.cluster.local
	addresses:
	- 2.1.1.2
	ports:
	- number: 8082
	name: http
	protocol: HTTP2
	location: MESH_INTERNAL
	resolution: STATIC
	endpoints:
	- address: 100.2.1.1
	ports:
	http: 8080
	---
	# The sidecar for the consumer only application
	apiVersion: networking.istio.io/v1alpha3
	kind: Sidecar
	metadata:
	name: consumerapp
	namespace: consumerns
	spec:
	egress:
	- hosts:
	- "ns1/*"
	ingress:
	- port:
	number: 9080
	protocol: HTTP
	name: http-admin
	defaultEndpoint: 127.0.0.1:8080
	captureMode: IPTABLES
	workloadSelector:
	labels:
	app: consumeronly