Created
February 28, 2023 00:25
-
-
Save Neutrollized/e7cf179359e043f03dc18acfe65ecce6 to your computer and use it in GitHub Desktop.
Medium: Getting started with Anthos Service Mesh for GKE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: istio-ingressgateway | |
spec: | |
replicas: 2 | |
selector: | |
matchLabels: | |
app: istio-ingressgateway | |
istio: ingressgateway | |
template: | |
metadata: | |
annotations: | |
# This is required to tell Anthos Service Mesh to inject the gateway with the | |
# required configuration. | |
inject.istio.io/templates: gateway | |
labels: | |
app: istio-ingressgateway | |
istio: ingressgateway | |
spec: | |
containers: | |
- name: istio-proxy | |
image: auto # The image will automatically update each time the pod starts. | |
resources: | |
limits: | |
cpu: 2000m | |
memory: 1024Mi | |
requests: | |
cpu: 100m | |
memory: 128Mi | |
serviceAccountName: istio-ingressgateway | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: istio-ingressgateway | |
labels: | |
app: istio-ingressgateway | |
istio: ingressgateway | |
spec: | |
ports: | |
# status-port exposes a /healthz/ready endpoint that can be used with GKE Ingress health checks | |
- name: status-port | |
port: 15021 | |
protocol: TCP | |
targetPort: 15021 | |
# Any ports exposed in Gateway resources should be exposed here. | |
- name: http2 | |
port: 80 | |
- name: https | |
port: 443 | |
selector: | |
istio: ingressgateway | |
app: istio-ingressgateway | |
type: LoadBalancer | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: istio-ingressgateway | |
--- | |
# Role and RoleBinding allow the gateway to access certificates | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
name: istio-ingressgateway | |
rules: | |
- apiGroups: [""] | |
resources: ["secrets"] | |
verbs: ["get", "watch", "list"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: istio-ingressgateway | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: istio-ingressgateway | |
subjects: | |
- kind: ServiceAccount | |
name: istio-ingressgateway |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment