Created
March 3, 2020 23:20
-
-
Save balamuru/1535fef9e4bbba8dd72f47f9e3be1a44 to your computer and use it in GitHub Desktop.
Egress Gateway with SNI Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Source: istio/charts/gateways/templates/serviceaccount.yaml | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: istio-egressgateway-with-sni-proxy-service-account | |
namespace: istio-system | |
labels: | |
app: istio-egressgateway-with-sni-proxy | |
chart: gateways | |
heritage: Tiller | |
release: istio-egressgateway-with-sni-proxy | |
--- | |
--- | |
# Source: istio/charts/gateways/templates/service.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: istio-egressgateway-with-sni-proxy | |
namespace: istio-system | |
annotations: | |
labels: | |
chart: gateways | |
heritage: Tiller | |
release: istio-egressgateway-with-sni-proxy | |
app: istio-egressgateway-with-sni-proxy | |
istio: egressgateway-with-sni-proxy | |
spec: | |
type: ClusterIP | |
selector: | |
release: istio-egressgateway-with-sni-proxy | |
app: istio-egressgateway-with-sni-proxy | |
istio: egressgateway-with-sni-proxy | |
ports: | |
- | |
name: https | |
port: 443 | |
--- | |
--- | |
# Source: istio/charts/gateways/templates/deployment.yaml | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: istio-egressgateway-with-sni-proxy | |
namespace: istio-system | |
labels: | |
app: istio-egressgateway-with-sni-proxy | |
chart: gateways | |
heritage: Tiller | |
istio: egressgateway-with-sni-proxy | |
release: istio-egressgateway-with-sni-proxy | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: istio-egressgateway-with-sni-proxy | |
istio: egressgateway-with-sni-proxy | |
strategy: | |
rollingUpdate: | |
maxSurge: | |
maxUnavailable: | |
template: | |
metadata: | |
labels: | |
app: istio-egressgateway-with-sni-proxy | |
chart: gateways | |
heritage: Tiller | |
istio: egressgateway-with-sni-proxy | |
release: istio-egressgateway-with-sni-proxy | |
annotations: | |
sidecar.istio.io/inject: "false" | |
spec: | |
serviceAccountName: istio-egressgateway-with-sni-proxy-service-account | |
containers: | |
- name: istio-proxy | |
image: "docker.io/istio/proxyv2:1.4.5" | |
imagePullPolicy: IfNotPresent | |
ports: | |
- containerPort: 443 | |
- containerPort: 15090 | |
protocol: TCP | |
name: http-envoy-prom | |
args: | |
- proxy | |
- router | |
- --domain | |
- $(POD_NAMESPACE).svc.cluster.local | |
- --log_output_level=default:info | |
- --drainDuration | |
- '45s' #drainDuration | |
- --parentShutdownDuration | |
- '1m0s' #parentShutdownDuration | |
- --connectTimeout | |
- '10s' #connectTimeout | |
- --serviceCluster | |
- istio-egressgateway-with-sni-proxy | |
- --zipkinAddress | |
- zipkin.istio-system:9411 | |
- --proxyAdminPort | |
- "15000" | |
- --statusPort | |
- "15020" | |
- --controlPlaneAuthPolicy | |
- NONE | |
- --discoveryAddress | |
- istio-pilot.istio-system:15010 | |
readinessProbe: | |
failureThreshold: 30 | |
httpGet: | |
path: /healthz/ready | |
port: 15020 | |
scheme: HTTP | |
initialDelaySeconds: 1 | |
periodSeconds: 2 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
requests: | |
cpu: 10m | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.podIP | |
- name: HOST_IP | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: status.hostIP | |
- name: SERVICE_ACCOUNT | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.serviceAccountName | |
- name: ISTIO_META_POD_NAME | |
valueFrom: | |
fieldRef: | |
apiVersion: v1 | |
fieldPath: metadata.name | |
- name: ISTIO_META_CONFIG_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: ISTIO_METAJSON_LABELS | |
value: | | |
{"app":"istio-egressgateway-with-sni-proxy","chart":"gateways","heritage":"Tiller","istio":"egressgateway-with-sni-proxy","release":"istio-egressgateway-with-sni-proxy"} | |
- name: ISTIO_META_CLUSTER_ID | |
value: "Kubernetes" | |
- name: SDS_ENABLED | |
value: "false" | |
- name: ISTIO_META_WORKLOAD_NAME | |
value: istio-egressgateway-with-sni-proxy | |
- name: ISTIO_META_OWNER | |
value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-egressgateway-with-sni-proxy | |
volumeMounts: | |
- name: istio-certs | |
mountPath: /etc/certs | |
readOnly: true | |
- name: egressgateway-certs | |
mountPath: "/etc/istio/egressgateway-certs" | |
readOnly: true | |
- name: egressgateway-ca-certs | |
mountPath: "/etc/istio/egressgateway-ca-certs" | |
readOnly: true | |
- image: nginx | |
name: sni-proxy | |
volumeMounts: | |
- mountPath: /etc/nginx | |
name: sni-proxy-config | |
readOnly: true | |
volumes: | |
- name: istio-certs | |
secret: | |
secretName: istio.istio-egressgateway-with-sni-proxy-service-account | |
optional: true | |
- name: egressgateway-certs | |
secret: | |
secretName: "istio-egressgateway-certs" | |
optional: true | |
- name: egressgateway-ca-certs | |
secret: | |
secretName: "istio-egressgateway-ca-certs" | |
optional: true | |
- name: sni-proxy-config | |
configMap: | |
name: "egress-sni-proxy-configmap" | |
optional: true | |
affinity: | |
nodeAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- "amd64" | |
- "ppc64le" | |
- "s390x" | |
preferredDuringSchedulingIgnoredDuringExecution: | |
- weight: 2 | |
preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- "amd64" | |
- weight: 2 | |
preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- "ppc64le" | |
- weight: 2 | |
preference: | |
matchExpressions: | |
- key: beta.kubernetes.io/arch | |
operator: In | |
values: | |
- "s390x" | |
--- | |
--- | |
# Source: istio/charts/gateways/templates/autoscale.yaml | |
--- | |
# Source: istio/charts/gateways/templates/role.yaml | |
--- | |
# Source: istio/charts/gateways/templates/rolebindings.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment