Neutrollized/istio-ingressgateway.yaml

## istio-ingressgateway.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: istio-ingressgateway
spec:
  replicas: 2
  selector:
    matchLabels:
      app: istio-ingressgateway
      istio: ingressgateway
  template:
    metadata:
      annotations:
        # This is required to tell Anthos Service Mesh to inject the gateway with the
        # required configuration.
        inject.istio.io/templates: gateway
      labels:
        app: istio-ingressgateway
        istio: ingressgateway
    spec:
      containers:
      - name: istio-proxy
        image: auto # The image will automatically update each time the pod starts.
        resources:
          limits:
            cpu: 2000m
            memory: 1024Mi
          requests:
            cpu: 100m
            memory: 128Mi
      serviceAccountName: istio-ingressgateway
---
apiVersion: v1
kind: Service
metadata:
  name: istio-ingressgateway
  labels:
    app: istio-ingressgateway
    istio: ingressgateway
spec:
  ports:
  # status-port exposes a /healthz/ready endpoint that can be used with GKE Ingress health checks
  - name: status-port
    port: 15021
    protocol: TCP
    targetPort: 15021
  # Any ports exposed in Gateway resources should be exposed here.
  - name: http2
    port: 80
  - name: https
    port: 443
  selector:
    istio: ingressgateway
    app: istio-ingressgateway
  type: LoadBalancer
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: istio-ingressgateway
---
# Role and RoleBinding allow the gateway to access certificates
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: istio-ingressgateway
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: istio-ingressgateway
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: istio-ingressgateway
subjects:
- kind: ServiceAccount
  name: istio-ingressgateway
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: istio-ingressgateway
	spec:
	replicas: 2
	selector:
	matchLabels:
	app: istio-ingressgateway
	istio: ingressgateway
	template:
	metadata:
	annotations:
	# This is required to tell Anthos Service Mesh to inject the gateway with the
	# required configuration.
	inject.istio.io/templates: gateway
	labels:
	app: istio-ingressgateway
	istio: ingressgateway
	spec:
	containers:
	- name: istio-proxy
	image: auto # The image will automatically update each time the pod starts.
	resources:
	limits:
	cpu: 2000m
	memory: 1024Mi
	requests:
	cpu: 100m
	memory: 128Mi
	serviceAccountName: istio-ingressgateway
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: istio-ingressgateway
	labels:
	app: istio-ingressgateway
	istio: ingressgateway
	spec:
	ports:
	# status-port exposes a /healthz/ready endpoint that can be used with GKE Ingress health checks
	- name: status-port
	port: 15021
	protocol: TCP
	targetPort: 15021
	# Any ports exposed in Gateway resources should be exposed here.
	- name: http2
	port: 80
	- name: https
	port: 443
	selector:
	istio: ingressgateway
	app: istio-ingressgateway
	type: LoadBalancer
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: istio-ingressgateway
	---
	# Role and RoleBinding allow the gateway to access certificates
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	name: istio-ingressgateway
	rules:
	- apiGroups: [""]
	resources: ["secrets"]
	verbs: ["get", "watch", "list"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: istio-ingressgateway
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: Role
	name: istio-ingressgateway
	subjects:
	- kind: ServiceAccount
	name: istio-ingressgateway