dip
/
tenant-catalog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Repository for dip
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
17 Branches
0 Tags
3.2 MiB
Tag: Branch: Tree: 7b853ab70e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b853ab70e'
${ noResults }
tenant-catalog/kubeflow/common/istio-1-24/cluster-local-gateway/base/cluster-local-gateway.yaml

391 lines
11 KiB
Raw Blame History

apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: cluster-local-gateway
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio: cluster-local-gateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway-service-account
namespace: istio-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cluster-local-gateway
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio: cluster-local-gateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway
namespace: istio-system
spec:
selector:
matchLabels:
app: cluster-local-gateway
istio: cluster-local-gateway
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
template:
metadata:
annotations:
istio.io/rev: default
prometheus.io/path: /stats/prometheus
prometheus.io/port: '15020'
prometheus.io/scrape: 'true'
sidecar.istio.io/inject: 'false'
labels:
app: cluster-local-gateway
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
chart: gateways
helm.sh/chart: istio-ingress-1.24.3
heritage: Tiller
install.operator.istio.io/owning-resource: unknown
istio: cluster-local-gateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
service.istio.io/canonical-name: cluster-local-gateway
service.istio.io/canonical-revision: latest
sidecar.istio.io/inject: 'false'
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
requiredDuringSchedulingIgnoredDuringExecution:
containers:
- args:
- proxy
- router
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --proxyLogLevel=warning
- --proxyComponentLogLevel=misc:error
- --log_output_level=default:info
env:
- name: ISTIO_META_ROUTER_MODE
value: sni-dnat
- name: PILOT_CERT_PROVIDER
value: istiod
- name: CA_ADDR
value: istiod.istio-system.svc:15012
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: ISTIO_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ISTIO_META_WORKLOAD_NAME
value: cluster-local-gateway
- name: ISTIO_META_OWNER
value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
- name: ISTIO_META_MESH_ID
value: cluster.local
- name: TRUST_DOMAIN
value: cluster.local
- name: ISTIO_META_UNPRIVILEGED_POD
value: 'true'
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: ISTIO_META_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: gcr.io/istio-release/proxyv2:1.24.3
name: istio-proxy
ports:
- containerPort: 15020
protocol: TCP
- containerPort: 8080
protocol: TCP
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 2000m
memory: 1024Mi
requests:
cpu: 100m
memory: 128Mi
securityContext:
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /var/run/secrets/workload-spiffe-uds
name: workload-socket
- mountPath: /var/run/secrets/credential-uds
name: credential-socket
- mountPath: /var/run/secrets/workload-spiffe-credentials
name: workload-certs
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /etc/istio/config
name: config-volume
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /var/run/secrets/tokens
name: istio-token
readOnly: true
- mountPath: /var/lib/istio/data
name: istio-data
- mountPath: /etc/istio/pod
name: podinfo
- mountPath: /etc/istio/ingressgateway-certs
name: ingressgateway-certs
readOnly: true
- mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs
readOnly: true
securityContext:
runAsGroup: 1337
runAsNonRoot: true
runAsUser: 1337
serviceAccountName: cluster-local-gateway-service-account
volumes:
- emptyDir: {}
name: workload-socket
- emptyDir: {}
name: credential-socket
- emptyDir: {}
name: workload-certs
- configMap:
name: istio-ca-root-cert
name: istiod-ca-cert
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.labels
path: labels
- fieldRef:
fieldPath: metadata.annotations
path: annotations
name: podinfo
- emptyDir: {}
name: istio-envoy
- emptyDir: {}
name: istio-data
- name: istio-token
projected:
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- configMap:
name: istio
optional: true
name: config-volume
- name: ingressgateway-certs
secret:
optional: true
secretName: istio-ingressgateway-certs
- name: ingressgateway-ca-certs
secret:
optional: true
secretName: istio-ingressgateway-ca-certs
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app: cluster-local-gateway
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio: cluster-local-gateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway
namespace: istio-system
spec:
minAvailable: 1
selector:
matchLabels:
app: cluster-local-gateway
istio: cluster-local-gateway
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway-sds
namespace: istio-system
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- watch
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway-sds
namespace: istio-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cluster-local-gateway-sds
subjects:
- kind: ServiceAccount
name: cluster-local-gateway-service-account
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
labels:
app: cluster-local-gateway
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio: cluster-local-gateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway
namespace: istio-system
spec:
maxReplicas: 5
metrics:
- resource:
name: cpu
target:
averageUtilization: 80
type: Utilization
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: cluster-local-gateway
---
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
app: cluster-local-gateway
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: istio-ingressgateway
app.kubernetes.io/part-of: istio
app.kubernetes.io/version: 1.24.3
helm.sh/chart: istio-ingress-1.24.3
install.operator.istio.io/owning-resource: unknown
istio: cluster-local-gateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: cluster-local-gateway
namespace: istio-system
spec:
ports:
- name: status-port
port: 15020
targetPort: 15020
- name: http2
port: 80
targetPort: 8080
selector:
app: cluster-local-gateway
istio: cluster-local-gateway
type: ClusterIP