Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
apiVersion: v1
data:
config: |
policy: enabled
template: |-
initContainers:
- name: istio-init
image: docker.io/istio/proxy_init:0.6.0
args:
- "-p"
- {{ .MeshConfig.ProxyListenPort }}
- "-u"
- 1337
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add:
- NET_ADMIN
restartPolicy: Always
containers:
- name: istio-proxy
image: docker.io/istio/proxy:0.6.0
args:
- proxy
- sidecar
- --configPath
- {{ .ProxyConfig.ConfigPath }}
- --binaryPath
- {{ .ProxyConfig.BinaryPath }}
- --serviceCluster
{{ if ne "" (index .ObjectMeta.Labels "app") -}}
- {{ index .ObjectMeta.Labels "app" }}
{{ else -}}
- "istio-proxy"
{{ end -}}
- --drainDuration
- {{ formatDuration .ProxyConfig.DrainDuration }}
- --parentShutdownDuration
- {{ formatDuration .ProxyConfig.ParentShutdownDuration }}
- --discoveryAddress
- {{ .ProxyConfig.DiscoveryAddress }}
- --discoveryRefreshDelay
- {{ formatDuration .ProxyConfig.DiscoveryRefreshDelay }}
- --zipkinAddress
- {{ .ProxyConfig.ZipkinAddress }}
- --connectTimeout
- {{ formatDuration .ProxyConfig.ConnectTimeout }}
- --statsdUdpAddress
- {{ .ProxyConfig.StatsdUdpAddress }}
- --proxyAdminPort
- {{ .ProxyConfig.ProxyAdminPort }}
- --controlPlaneAuthPolicy
- {{ .ProxyConfig.ControlPlaneAuthPolicy }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
imagePullPolicy: IfNotPresent
securityContext:
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1337
restartPolicy: Always
volumeMounts:
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /etc/certs/
name: istio-certs
readOnly: true
volumes:
- emptyDir:
medium: Memory
name: istio-envoy
- name: istio-certs
secret:
optional: true
{{ if eq .Spec.ServiceAccountName "" -}}
secretName: istio.default
{{ else -}}
secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }}
{{ end -}}
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"v1","data":{"config":"policy: enabled\ntemplate: |-\n
initContainers:\n - name: istio-init\n image:
docker.io/istio/proxy_init:0.6.0\n args:\n - \"-p\"\n - {{
.MeshConfig.ProxyListenPort }}\n - \"-u\"\n - 1337\n
imagePullPolicy: IfNotPresent\n securityContext:\n
capabilities:\n add:\n - NET_ADMIN\n restartPolicy:
Always\n containers:\n - name: istio-proxy\n image:
docker.io/istio/proxy:0.6.0\n args:\n - proxy\n - sidecar\n -
--configPath\n - {{ .ProxyConfig.ConfigPath }}\n - --binaryPath\n
- {{ .ProxyConfig.BinaryPath }}\n - --serviceCluster\n {{ if ne \"\"
(index .ObjectMeta.Labels \"app\") -}}\n - {{ index .ObjectMeta.Labels
\"app\" }}\n {{ else -}}\n - \"istio-proxy\"\n {{ end -}}\n -
--drainDuration\n - {{ formatDuration .ProxyConfig.DrainDuration
}}\n - --parentShutdownDuration\n - {{ formatDuration
.ProxyConfig.ParentShutdownDuration }}\n - --discoveryAddress\n - {{
.ProxyConfig.DiscoveryAddress }}\n - --discoveryRefreshDelay\n - {{
formatDuration .ProxyConfig.DiscoveryRefreshDelay }}\n -
--zipkinAddress\n - {{ .ProxyConfig.ZipkinAddress }}\n -
--connectTimeout\n - {{ formatDuration .ProxyConfig.ConnectTimeout
}}\n - --statsdUdpAddress\n - {{ .ProxyConfig.StatsdUdpAddress
}}\n - --proxyAdminPort\n - {{ .ProxyConfig.ProxyAdminPort }}\n -
--controlPlaneAuthPolicy\n - {{ .ProxyConfig.ControlPlaneAuthPolicy
}}\n env:\n - name: POD_NAME\n valueFrom:\n
fieldRef:\n fieldPath: metadata.name\n - name:
POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath:
metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n
fieldRef:\n fieldPath: status.podIP\n imagePullPolicy:
IfNotPresent\n securityContext:\n privileged: false\n
readOnlyRootFilesystem: true\n runAsUser: 1337\n restartPolicy:
Always\n volumeMounts:\n - mountPath: /etc/istio/proxy\n name:
istio-envoy\n - mountPath: /etc/certs/\n name: istio-certs\n
readOnly: true\n volumes:\n - emptyDir:\n medium: Memory\n name:
istio-envoy\n - name: istio-certs\n secret:\n optional:
true\n {{ if eq .Spec.ServiceAccountName \"\" -}}\n secretName:
istio.default\n {{ else -}}\n secretName: {{ printf \"istio.%s\"
.Spec.ServiceAccountName }}\n {{ end
-}}\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-inject","namespace":"istio-system"}}
creationTimestamp: '2018-03-28T08:23:29Z'
name: istio-inject
namespace: istio-system
resourceVersion: '3931'
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-inject
uid: 4b8e3e89-3261-11e8-b93e-08002704ceae
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.