Last active
February 20, 2019 15:04
-
-
Save marceldegraaf/0f36ca817a8dba45ac97bf6b310ca282 to your computer and use it in GitHub Desktop.
Kubernetes/Istio config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Name: istio-ingressgateway-56b648f9fb-d95ml | |
Namespace: istio-system | |
Priority: 0 | |
PriorityClassName: <none> | |
Node: gke-services-eu-west-4-default-pool-a41e4a6c-g71k/10.0.7.218 | |
Start Time: Mon, 18 Feb 2019 15:29:00 +0100 | |
Labels: app=istio-ingressgateway | |
istio=ingressgateway | |
pod-template-hash=1262049596 | |
Annotations: scheduler.alpha.kubernetes.io/critical-pod= | |
seccomp.security.alpha.kubernetes.io/pod=docker/default | |
sidecar.istio.io/inject=false | |
Status: Running | |
IP: 10.4.0.10 | |
Controlled By: ReplicaSet/istio-ingressgateway-56b648f9fb | |
Containers: | |
istio-proxy: | |
Container ID: docker://c3cfa6aa5b591951bca49a038a0bb04eac596667d317d42aa8f64b9aed40d243 | |
Image: gcr.io/gke-release/istio/proxyv2:1.0.3-gke.0 | |
Image ID: docker-pullable://gcr.io/gke-release/istio/proxyv2@sha256:26d33baeec371d5ea4d0ef0f4245db198dc159c22a5870b8afb33a9f7552cef0 | |
Ports: 80/TCP, 443/TCP, 31400/TCP, 15011/TCP, 8060/TCP, 853/TCP, 15030/TCP, 15031/TCP, 15090/TCP | |
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP | |
Args: | |
proxy | |
router | |
-v | |
2 | |
--discoveryRefreshDelay | |
1s | |
--drainDuration | |
45s | |
--parentShutdownDuration | |
1m0s | |
--connectTimeout | |
10s | |
--serviceCluster | |
istio-ingressgateway | |
--zipkinAddress | |
zipkin:9411 | |
--proxyAdminPort | |
15000 | |
--controlPlaneAuthPolicy | |
NONE | |
--discoveryAddress | |
istio-pilot:8080 | |
State: Running | |
Started: Wed, 20 Feb 2019 14:31:15 +0100 | |
Ready: True | |
Restart Count: 0 | |
Environment: | |
POD_NAME: istio-ingressgateway-56b648f9fb-d95ml (v1:metadata.name) | |
POD_NAMESPACE: istio-system (v1:metadata.namespace) | |
INSTANCE_IP: (v1:status.podIP) | |
ISTIO_META_POD_NAME: istio-ingressgateway-56b648f9fb-d95ml (v1:metadata.name) | |
Mounts: | |
/etc/certs from istio-certs (ro) | |
/etc/istio/ingressgateway-ca-certs from ingressgateway-ca-certs (ro) | |
/etc/istio/ingressgateway-certs from ingressgateway-certs (ro) | |
/var/run/secrets/kubernetes.io/serviceaccount from istio-ingressgateway-service-account-token-g6vq7 (ro) | |
Conditions: | |
Type Status | |
Initialized True | |
Ready True | |
ContainersReady True | |
PodScheduled True | |
Volumes: | |
istio-certs: | |
Type: Secret (a volume populated by a Secret) | |
SecretName: istio.istio-ingressgateway-service-account | |
Optional: true | |
ingressgateway-certs: | |
Type: Secret (a volume populated by a Secret) | |
SecretName: istio-ingressgateway-certs | |
Optional: true | |
ingressgateway-ca-certs: | |
Type: Secret (a volume populated by a Secret) | |
SecretName: istio-ingressgateway-ca-certs | |
Optional: true | |
istio-ingressgateway-service-account-token-g6vq7: | |
Type: Secret (a volume populated by a Secret) | |
SecretName: istio-ingressgateway-service-account-token-g6vq7 | |
Optional: false | |
QoS Class: BestEffort | |
Node-Selectors: <none> | |
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s | |
node.kubernetes.io/unreachable:NoExecute for 300s | |
Events: <none> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: website-nginx-conf | |
namespace: staging | |
data: | |
nginx_conf: | | |
server { | |
listen 80; | |
server_name staging.walterhq.com; | |
server_tokens off; | |
root /usr/share/nginx/html; | |
location /healthz { | |
access_log off; | |
return 200 "OK\n"; | |
} | |
location / { | |
if ($http_x_forwarded_proto = "http") { | |
return 301 https://$host$request_uri; | |
} | |
index index.html index.htm; | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root /usr/share/nginx/html; | |
} | |
} | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: website | |
tier: frontend | |
name: website | |
namespace: staging | |
spec: | |
progressDeadlineSeconds: 600 | |
replicas: 2 | |
revisionHistoryLimit: 10 | |
selector: | |
matchLabels: | |
app: website | |
strategy: | |
rollingUpdate: | |
maxSurge: 25% | |
maxUnavailable: 25% | |
type: RollingUpdate | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: website | |
phase: staging | |
tier: frontend | |
spec: | |
automountServiceAccountToken: true | |
containers: | |
- image: eu.gcr.io/walter-companies/website:%%TAG%% | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthz | |
port: 80 | |
scheme: HTTP | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
name: website | |
ports: | |
- containerPort: 80 | |
name: http | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /healthz | |
port: 80 | |
scheme: HTTP | |
periodSeconds: 10 | |
successThreshold: 1 | |
timeoutSeconds: 1 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 200Mi | |
requests: | |
cpu: 50m | |
memory: 50Mi | |
volumeMounts: | |
- mountPath: /etc/nginx/conf.d | |
name: config | |
readOnly: true | |
restartPolicy: Always | |
terminationGracePeriodSeconds: 30 | |
volumes: | |
- configMap: | |
defaultMode: 0 | |
items: | |
- key: nginx_conf | |
mode: 0 | |
path: default.conf | |
name: website-nginx-conf | |
name: config | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: website | |
namespace: staging | |
labels: | |
app: website | |
tier: frontend | |
spec: | |
ports: | |
- port: 8000 | |
targetPort: 80 | |
protocol: TCP | |
selector: | |
app: website | |
tier: frontend | |
--- | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: Gateway | |
metadata: | |
name: website-gateway | |
namespace: staging | |
labels: | |
version: v1 | |
spec: | |
selector: | |
istio: ingressgateway | |
servers: | |
- port: | |
number: 80 | |
name: http | |
protocol: HTTP | |
hosts: | |
- "*" | |
--- | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: VirtualService | |
metadata: | |
name: website | |
namespace: staging | |
spec: | |
hosts: | |
- "*" | |
gateways: | |
- website-gateway | |
http: | |
- match: | |
- uri: | |
prefix: / | |
route: | |
- destination: | |
host: website.staging.svc.cluster.local | |
subset: v1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment