| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| creationTimestamp: null |
| name: hello |
| spec: |
| replicas: 7 |
| selector: |
| matchLabels: |
| app: hello |
| tier: backend |
| track: stable |
| strategy: {} |
| template: |
| metadata: |
| annotations: |
| kubectl.kubernetes.io/default-container: hello |
| kubectl.kubernetes.io/default-logs-container: hello |
| prometheus.io/path: /stats/prometheus |
| prometheus.io/port: "15020" |
| prometheus.io/scrape: "true" |
| sidecar.istio.io/status: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["workload-socket","workload-certs","istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}' |
| traffic.sidecar.istio.io/kubevirtInterfaces: net1 |
| creationTimestamp: null |
| labels: |
| app: hello |
| security.istio.io/tlsMode: istio |
| service.istio.io/canonical-name: hello |
| service.istio.io/canonical-revision: latest |
| tier: backend |
| track: stable |
| spec: |
| containers: |
| - image: fake.docker.io/google-samples/hello-go-gke:1.0 |
| name: hello |
| ports: |
| - containerPort: 80 |
| name: http |
| resources: {} |
| - args: |
| - proxy |
| - sidecar |
| - --domain |
| - $(POD_NAMESPACE).svc.cluster.local |
| - --proxyLogLevel=warning |
| - --proxyComponentLogLevel=misc:error |
| - --log_output_level=default:info |
| - --concurrency |
| - "2" |
| env: |
| - name: JWT_POLICY |
| value: third-party-jwt |
| - name: PILOT_CERT_PROVIDER |
| value: istiod |
| - name: CA_ADDR |
| value: istiod.dubbo-system.svc:15012 |
| - name: POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: INSTANCE_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.podIP |
| - name: SERVICE_ACCOUNT |
| valueFrom: |
| fieldRef: |
| fieldPath: spec.serviceAccountName |
| - name: HOST_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.hostIP |
| - name: PROXY_CONFIG |
| value: | |
| {} |
| - name: ISTIO_META_POD_PORTS |
| value: |- |
| [ |
| {"name":"http","containerPort":80} |
| ] |
| - name: ISTIO_META_APP_CONTAINERS |
| value: hello |
| - name: ISTIO_META_CLUSTER_ID |
| value: Kubernetes |
| - name: ISTIO_META_INTERCEPTION_MODE |
| value: REDIRECT |
| - name: ISTIO_META_WORKLOAD_NAME |
| value: hello |
| - name: ISTIO_META_OWNER |
| value: kubernetes://apis/apps/v1/namespaces/default/deployments/hello |
| - name: ISTIO_META_MESH_ID |
| value: cluster.local |
| - name: TRUST_DOMAIN |
| value: cluster.local |
| image: apache/dubbo-agent:latest |
| name: istio-proxy |
| ports: |
| - containerPort: 15090 |
| name: http-envoy-prom |
| protocol: TCP |
| readinessProbe: |
| failureThreshold: 300 |
| httpGet: |
| path: /healthz/ready |
| port: 15021 |
| initialDelaySeconds: 100 |
| periodSeconds: 200 |
| timeoutSeconds: 3 |
| resources: |
| limits: |
| cpu: "2" |
| memory: 1Gi |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| drop: |
| - ALL |
| privileged: false |
| readOnlyRootFilesystem: true |
| runAsGroup: 1337 |
| runAsNonRoot: true |
| runAsUser: 1337 |
| volumeMounts: |
| - mountPath: /var/run/secrets/workload-spiffe-uds |
| name: workload-socket |
| - mountPath: /var/run/secrets/workload-spiffe-credentials |
| name: workload-certs |
| - mountPath: /var/run/secrets/istio |
| name: istiod-ca-cert |
| - mountPath: /var/lib/istio/data |
| name: istio-data |
| - mountPath: /etc/istio/proxy |
| name: istio-envoy |
| - mountPath: /var/run/secrets/tokens |
| name: istio-token |
| - mountPath: /etc/istio/pod |
| name: istio-podinfo |
| initContainers: |
| - args: |
| - istio-iptables |
| - -p |
| - "15001" |
| - -z |
| - "15006" |
| - -u |
| - "1337" |
| - -m |
| - REDIRECT |
| - -i |
| - '*' |
| - -x |
| - "" |
| - -b |
| - '*' |
| - -d |
| - 15090,15021,123 |
| - -k |
| - net1 |
| image: apache/dubbo-agent:latest |
| name: istio-init |
| resources: |
| limits: |
| cpu: "2" |
| memory: 1Gi |
| requests: |
| cpu: 100m |
| memory: 128Mi |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| add: |
| - NET_ADMIN |
| - NET_RAW |
| drop: |
| - ALL |
| privileged: false |
| readOnlyRootFilesystem: false |
| runAsGroup: 0 |
| runAsNonRoot: false |
| runAsUser: 0 |
| securityContext: |
| fsGroup: 1337 |
| volumes: |
| - name: workload-socket |
| - name: workload-certs |
| - emptyDir: |
| medium: Memory |
| name: istio-envoy |
| - emptyDir: {} |
| name: istio-data |
| - downwardAPI: |
| items: |
| - fieldRef: |
| fieldPath: metadata.labels |
| path: labels |
| - fieldRef: |
| fieldPath: metadata.annotations |
| path: annotations |
| name: istio-podinfo |
| - name: istio-token |
| projected: |
| sources: |
| - serviceAccountToken: |
| audience: istio-ca |
| expirationSeconds: 43200 |
| path: istio-token |
| - configMap: |
| name: istio-ca-root-cert |
| name: istiod-ca-cert |
| status: {} |
| --- |