Created
March 28, 2018 10:07
-
-
Save geoand/b15f1f213de2cdd4edef0ee1645d5ed3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
data: | |
config: | | |
policy: enabled | |
template: |- | |
initContainers: | |
- name: istio-init | |
image: docker.io/istio/proxy_init:0.6.0 | |
args: | |
- "-p" | |
- {{ .MeshConfig.ProxyListenPort }} | |
- "-u" | |
- 1337 | |
imagePullPolicy: IfNotPresent | |
securityContext: | |
capabilities: | |
add: | |
- NET_ADMIN | |
restartPolicy: Always | |
containers: | |
- name: istio-proxy | |
image: docker.io/istio/proxy:0.6.0 | |
args: | |
- proxy | |
- sidecar | |
- --configPath | |
- {{ .ProxyConfig.ConfigPath }} | |
- --binaryPath | |
- {{ .ProxyConfig.BinaryPath }} | |
- --serviceCluster | |
{{ if ne "" (index .ObjectMeta.Labels "app") -}} | |
- {{ index .ObjectMeta.Labels "app" }} | |
{{ else -}} | |
- "istio-proxy" | |
{{ end -}} | |
- --drainDuration | |
- {{ formatDuration .ProxyConfig.DrainDuration }} | |
- --parentShutdownDuration | |
- {{ formatDuration .ProxyConfig.ParentShutdownDuration }} | |
- --discoveryAddress | |
- {{ .ProxyConfig.DiscoveryAddress }} | |
- --discoveryRefreshDelay | |
- {{ formatDuration .ProxyConfig.DiscoveryRefreshDelay }} | |
- --zipkinAddress | |
- {{ .ProxyConfig.ZipkinAddress }} | |
- --connectTimeout | |
- {{ formatDuration .ProxyConfig.ConnectTimeout }} | |
- --statsdUdpAddress | |
- {{ .ProxyConfig.StatsdUdpAddress }} | |
- --proxyAdminPort | |
- {{ .ProxyConfig.ProxyAdminPort }} | |
- --controlPlaneAuthPolicy | |
- {{ .ProxyConfig.ControlPlaneAuthPolicy }} | |
env: | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- name: INSTANCE_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
imagePullPolicy: IfNotPresent | |
securityContext: | |
privileged: false | |
readOnlyRootFilesystem: true | |
runAsUser: 1337 | |
restartPolicy: Always | |
volumeMounts: | |
- mountPath: /etc/istio/proxy | |
name: istio-envoy | |
- mountPath: /etc/certs/ | |
name: istio-certs | |
readOnly: true | |
volumes: | |
- emptyDir: | |
medium: Memory | |
name: istio-envoy | |
- name: istio-certs | |
secret: | |
optional: true | |
{{ if eq .Spec.ServiceAccountName "" -}} | |
secretName: istio.default | |
{{ else -}} | |
secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} | |
{{ end -}} | |
kind: ConfigMap | |
metadata: | |
annotations: | |
kubectl.kubernetes.io/last-applied-configuration: > | |
{"apiVersion":"v1","data":{"config":"policy: enabled\ntemplate: |-\n | |
initContainers:\n - name: istio-init\n image: | |
docker.io/istio/proxy_init:0.6.0\n args:\n - \"-p\"\n - {{ | |
.MeshConfig.ProxyListenPort }}\n - \"-u\"\n - 1337\n | |
imagePullPolicy: IfNotPresent\n securityContext:\n | |
capabilities:\n add:\n - NET_ADMIN\n restartPolicy: | |
Always\n containers:\n - name: istio-proxy\n image: | |
docker.io/istio/proxy:0.6.0\n args:\n - proxy\n - sidecar\n - | |
--configPath\n - {{ .ProxyConfig.ConfigPath }}\n - --binaryPath\n | |
- {{ .ProxyConfig.BinaryPath }}\n - --serviceCluster\n {{ if ne \"\" | |
(index .ObjectMeta.Labels \"app\") -}}\n - {{ index .ObjectMeta.Labels | |
\"app\" }}\n {{ else -}}\n - \"istio-proxy\"\n {{ end -}}\n - | |
--drainDuration\n - {{ formatDuration .ProxyConfig.DrainDuration | |
}}\n - --parentShutdownDuration\n - {{ formatDuration | |
.ProxyConfig.ParentShutdownDuration }}\n - --discoveryAddress\n - {{ | |
.ProxyConfig.DiscoveryAddress }}\n - --discoveryRefreshDelay\n - {{ | |
formatDuration .ProxyConfig.DiscoveryRefreshDelay }}\n - | |
--zipkinAddress\n - {{ .ProxyConfig.ZipkinAddress }}\n - | |
--connectTimeout\n - {{ formatDuration .ProxyConfig.ConnectTimeout | |
}}\n - --statsdUdpAddress\n - {{ .ProxyConfig.StatsdUdpAddress | |
}}\n - --proxyAdminPort\n - {{ .ProxyConfig.ProxyAdminPort }}\n - | |
--controlPlaneAuthPolicy\n - {{ .ProxyConfig.ControlPlaneAuthPolicy | |
}}\n env:\n - name: POD_NAME\n valueFrom:\n | |
fieldRef:\n fieldPath: metadata.name\n - name: | |
POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: | |
metadata.namespace\n - name: INSTANCE_IP\n valueFrom:\n | |
fieldRef:\n fieldPath: status.podIP\n imagePullPolicy: | |
IfNotPresent\n securityContext:\n privileged: false\n | |
readOnlyRootFilesystem: true\n runAsUser: 1337\n restartPolicy: | |
Always\n volumeMounts:\n - mountPath: /etc/istio/proxy\n name: | |
istio-envoy\n - mountPath: /etc/certs/\n name: istio-certs\n | |
readOnly: true\n volumes:\n - emptyDir:\n medium: Memory\n name: | |
istio-envoy\n - name: istio-certs\n secret:\n optional: | |
true\n {{ if eq .Spec.ServiceAccountName \"\" -}}\n secretName: | |
istio.default\n {{ else -}}\n secretName: {{ printf \"istio.%s\" | |
.Spec.ServiceAccountName }}\n {{ end | |
-}}\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"istio-inject","namespace":"istio-system"}} | |
creationTimestamp: '2018-03-28T08:23:29Z' | |
name: istio-inject | |
namespace: istio-system | |
resourceVersion: '3931' | |
selfLink: /api/v1/namespaces/istio-system/configmaps/istio-inject | |
uid: 4b8e3e89-3261-11e8-b93e-08002704ceae |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment